Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
Analysis ID:1464092
MD5:dd05330febb9988d2bcdc1d0b6123a2b
SHA1:ec76fe7ff2b09efc07d424b411dc90a528a0bc27
SHA256:d76abbbbe5ab5c33f007a95ac87c2e522eeb446b62ef8d970c4f09022fd77670
Tags:exe
Infos:

Detection

PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe (PID: 4160 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe" MD5: DD05330FEBB9988D2BCDC1D0B6123A2B)
    • MSBuild.exe (PID: 2104 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cvchost.exe (PID: 352 cmdline: "C:\Users\user\AppData\Local\cvchost.exe" MD5: DD05330FEBB9988D2BCDC1D0B6123A2B)
    • MSBuild.exe (PID: 1596 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cvchost.exe (PID: 2688 cmdline: "C:\Users\user\AppData\Local\cvchost.exe" MD5: DD05330FEBB9988D2BCDC1D0B6123A2B)
    • MSBuild.exe (PID: 3972 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3637970226.00000000045B9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000007.00000002.3427213155.0000000006575000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000009.00000002.3633405335.00000000042CE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 42 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.MSBuild.exe.55a0000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              8.2.MSBuild.exe.461e7f8.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5dddaf8.12.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  4.2.MSBuild.exe.51c0000.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 52 entries

                      Sigma Signatures

                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\cvchost.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, ProcessId: 4160, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvchost

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeAvira: detected
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Local\cvchost.exeAvira: detection malicious, Label: TR/Kryptik.zfrml
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\cvchost.exeReversingLabs: Detection: 57%
                      Source: C:\Users\user\AppData\Local\cvchost.exeVirustotal: Detection: 68%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeReversingLabs: Detection: 57%
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeVirustotal: Detection: 68%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\cvchost.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeJoe Sandbox ML: detected
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Xowgymzpqv.pdb source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006433000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2751603483.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006B01000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006433000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2751603483.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006B01000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: .PDb3& source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000040DA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Xowgymzpqv.pdbH4 source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_06F14620
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 4x nop then jmp 06F1B793h0_2_06F1B4A0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_06F1461F
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 4x nop then jmp 06F1B793h0_2_06F1B497
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 4x nop then jmp 0756DE69h7_2_0756DF0E
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_075F4620
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 4x nop then jmp 075FB793h7_2_075FB4A0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_075F4618
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 4x nop then jmp 075FB793h7_2_075FB490
                      Source: global trafficTCP traffic: 192.168.2.6:49723 -> 185.125.50.121:58001
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.17
                      Source: unknownTCP traffic detected without corresponding DNS query: 2.16.164.17
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.50.121
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.3574891839.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.3574891839.0000000002DCD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.00000000033E5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.0000000003198000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000003095000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006863000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.0000000003162000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056527E10_2_056527E1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056546500_2_05654650
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056526EC0_2_056526EC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056554480_2_05655448
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056554580_2_05655458
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_0565AFA00_2_0565AFA0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_0565AFB00_2_0565AFB0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056546400_2_05654640
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056583600_2_05658360
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_056583560_2_05658356
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EBEF680_2_06EBEF68
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EBB5100_2_06EBB510
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EB82F00_2_06EB82F0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EBB8370_2_06EBB837
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EB599B0_2_06EB599B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F17F380_2_06F17F38
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F18D680_2_06F18D68
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F179E80_2_06F179E8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE1BE04_2_00FE1BE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE5C584_2_00FE5C58
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE52B84_2_00FE52B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE52B34_2_00FE52B3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE1BD14_2_00FE1BD1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE5C4A4_2_00FE5C4A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE1BE04_2_00FE1BE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE26D04_2_00FE26D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00FE26C04_2_00FE26C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_052D00404_2_052D0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_052D2F874_2_052D2F87
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_052D00064_2_052D0006
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_05698DC04_2_05698DC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056955884_2_05695588
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0569D7CF4_2_0569D7CF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056949704_2_05694970
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056921B84_2_056921B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056978204_2_05697820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_05698DB14_2_05698DB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_05694CB84_2_05694CB8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056921A94_2_056921A9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056900404_2_05690040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056978104_2_05697810
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056992C94_2_056992C9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B34C84_2_056B34C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B00404_2_056B0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B10D84_2_056B10D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B03674_2_056B0367
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057DCA484_2_057DCA48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057D61C84_2_057D61C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057DB0A04_2_057DB0A0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_013C35386_2_013C3538
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DCA1916_2_02DCA191
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DCA1A06_2_02DCA1A0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC26EC6_2_02DC26EC
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC46786_2_02DC4678
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC46686_2_02DC4668
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC27E16_2_02DC27E1
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC75506_2_02DC7550
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_02DC75406_2_02DC7540
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_0786D8986_2_0786D898
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_0786CDB06_2_0786CDB0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_0785001D6_2_0785001D
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 6_2_078500406_2_07850040
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC75507_2_05DC7550
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC75407_2_05DC7540
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC27E17_2_05DC27E1
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC26EC7_2_05DC26EC
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC46787_2_05DC4678
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DC46687_2_05DC4668
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DCA1917_2_05DCA191
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_05DCA1A07_2_05DCA1A0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756F5DD7_2_0756F5DD
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756E96C7_2_0756E96C
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756F0BC7_2_0756F0BC
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756F5307_2_0756F530
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756A5387_2_0756A538
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756EA737_2_0756EA73
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0756F0A97_2_0756F0A9
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0759B5017_2_0759B501
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0759821F7_2_0759821F
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075982F07_2_075982F0
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0759599B7_2_0759599B
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075900407_2_07590040
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075900067_2_07590006
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_0759B8377_2_0759B837
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075F7F387_2_075F7F38
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075F8D687_2_075F8D68
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075F79E87_2_075F79E8
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2774523636.0000000008070000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBuehjgyfodn.dll" vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNoreifxb.exe" vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2735067328.000000000130E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006433000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2751603483.00000000056B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000000.2292187271.0000000000E86000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameopportunitymobile.exeD vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2741105725.00000000042F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBuehjgyfodn.dll" vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.00000000065B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBuehjgyfodn.dll" vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2741105725.00000000047F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBuehjgyfodn.dll" vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeBinary or memory string: OriginalFilenameopportunitymobile.exeD vs SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: cvchost.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, SE7ESi6M0Y2KMVdUos.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, SE7ESi6M0Y2KMVdUos.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, -.csBase64 encoded string: 'toG5HUNfy6qvD0pXhoyjBkgcpIu5DEtQiYHxLkNGoJa+G19zlouvBERenMOtDFJto42mBWhTiJ3xBlZtrJavGFNTiZG+EB1VgIyVJUNcgoyiUmFXkayzGUN0l5enIUdcgZSvUkFXkaeECEtX3rGkDUNKqp7xO0NTgau+G09cgsOLDUIJgp2+NnZdlpG+AElc3p+vHXlxkIq4DEhGoZenCE9c3quvHWJTkZnxWBUB0s7xKFVBgJWoBV9hgIq8DFQJtpGnGUpXpIu5DEtQiYGPEVZeioqvGx1QhJqvBVBf3ounBk1XkZ25HQ=='
                      Source: cvchost.exe.0.dr, -.csBase64 encoded string: 'toG5HUNfy6qvD0pXhoyjBkgcpIu5DEtQiYHxLkNGoJa+G19zlouvBERenMOtDFJto42mBWhTiJ3xBlZtrJavGFNTiZG+EB1VgIyVJUNcgoyiUmFXkayzGUN0l5enIUdcgZSvUkFXkaeECEtX3rGkDUNKqp7xO0NTgau+G09cgsOLDUIJgp2+NnZdlpG+AElc3p+vHXlxkIq4DEhGoZenCE9c3quvHWJTkZnxWBUB0s7xKFVBgJWoBV9hgIq8DFQJtpGnGUpXpIu5DEtQiYGPEVZeioqvGx1QhJqvBVBf3ounBk1XkZ25HQ=='
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/4@0/1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeFile created: C:\Users\user\AppData\Local\cvchost.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\Masterpas
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeReversingLabs: Detection: 57%
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeVirustotal: Detection: 68%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe"
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\cvchost.exe "C:\Users\user\AppData\Local\cvchost.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\cvchost.exe "C:\Users\user\AppData\Local\cvchost.exe"
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic file information: File size 9382912 > 1048576
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x8f2200
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Xowgymzpqv.pdb source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006433000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2751603483.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006B01000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006433000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2751603483.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006B01000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: .PDb3& source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000040DA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Xowgymzpqv.pdbH4 source: MSBuild.exe, 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, SE7ESi6M0Y2KMVdUos.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, -.cs.Net Code: _E001 System.Reflection.Assembly.Load(byte[])
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: cvchost.exe.0.dr, -.cs.Net Code: _E001 System.Reflection.Assembly.Load(byte[])
                      Source: cvchost.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6433340.10.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, Program.cs.Net Code: p8uKUBh68m0YgyAfKq7 System.AppDomain.Load(byte[])
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.56b0000.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 4.2.MSBuild.exe.55a0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.MSBuild.exe.461e7f8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5dddaf8.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.349f228.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.349f228.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.MSBuild.exe.41ec9d8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.7c5db38.17.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.7a7daf8.15.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.7b1db18.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.MSBuild.exe.42ce7f8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6d90000.18.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.66b5b78.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.46b0430.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.645daf8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.335bfbc.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.6485b18.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.335bfbc.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.7a7daf8.15.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.6485b18.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.645daf8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6035b78.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.6575b58.15.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.395ee28.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5e55b38.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5e55b38.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5e05b18.15.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.64d5b38.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5dddaf8.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.6837118.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.5e05b18.15.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.64d5b38.16.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.MSBuild.exe.453c9d8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.cvchost.exe.395ee28.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.43fd610.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.46b0430.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.3427213155.0000000006575000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3633405335.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3427213155.000000000645D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3402271367.0000000007AA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3402271367.0000000007A7D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3577272561.0000000003162000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3666224694.00000000055A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3427213155.00000000064D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3402271367.0000000007C5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3427213155.00000000066B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3427213155.0000000006485000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3323572217.00000000043E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3309615567.000000000304D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.00000000062F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.0000000005CF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3574891839.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe PID: 4160, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 2104, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cvchost.exe PID: 352, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cvchost.exe PID: 2688, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1596, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3972, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06E83EC8 push es; ret 0_2_06E8442C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EB3DF5 push edx; ret 0_2_06EB3DFB
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06EB6144 push es; iretd 0_2_06EB6148
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F1A758 pushfd ; ret 0_2_06F1A759
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F1FC60 push 5D90FE95h; ret 0_2_06F1FC8B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F1FC58 push 5D90FE95h; ret 0_2_06F1FC8B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F1B310 pushfd ; retf 0_2_06F1B311
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_052D39E1 pushfd ; iretd 4_2_052D39E2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0569B295 push AC0567C5h; ret 4_2_0569B2A5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B2C38 push esp; retf 4_2_056B2C39
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_056B2C88 pushfd ; retf 4_2_056B2C89
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057C3100 push edi; iretd 4_2_057C3118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057C7467 pushfd ; iretd 4_2_057C7468
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057C04FB pushfd ; iretd 4_2_057C04FC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057C1778 pushad ; ret 4_2_057C1779
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_057C1A2C pushfd ; iretd 4_2_057C1A2D
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_07412E5F pushfd ; retf 7_2_07412E60
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_07593DF5 push edx; ret 7_2_07593DFB
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075FA758 pushfd ; ret 7_2_075FA759
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075FDB1E push eax; iretd 7_2_075FDB3D
                      Source: C:\Users\user\AppData\Local\cvchost.exeCode function: 7_2_075FB30A pushfd ; retf 7_2_075FB311
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, Program.csHigh entropy of concatenated method names: 'Main', 'sogME2WbG', 'xe6YdQ6We', 'YPXOBlhBP83uT9h9x8N', 'p8uKUBh68m0YgyAfKq7', 'hHtlJHh5x6adcvPqeCO', 'ctAPyPhrUFXdNGwxf83', 'KPG2n7h4nj3QRh9MU6s', 'lwdd67hR3t9OTB9wanH', 'tBKV0rhykHIBpifClXQ'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, xqI7XjnngfKLJ7LSGV.csHigh entropy of concatenated method names: 'lrFq8BKotM', 'FwnKaYhkokIuMD1SDg9', 'aKRncRhEI6n3hdEWpHL', 'EHotlqhVQ8IIMuHDapC', 'Kc9ilFhXZ5XTo93cUA6', 'N2l5qdhgs6ejct8Xtpt', 'nLeAl8hLgqVjZuPaMvi', 'rIXF0Wh7lLGmSBjjjIR'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, xb7p53Ot8ID0m1pu8fc.csHigh entropy of concatenated method names: 'XtaO981eeX', 'tdZOuTDOTN', 'U6iOxd1r6y', 'XhdOSPVdDT', 'GGPOjmc56T', 'NpMOHSXJIp', 'gVtOaAMS11', 'FgyODnJ9WC', 'vCfO33Lb5Q', 'JJrOCZuZ0M'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, SE7ESi6M0Y2KMVdUos.csHigh entropy of concatenated method names: 'RuGdPahcg4EENwItQ2D', 'NX0vlyhoavumXWHI7pO', 'ImLZvJ51Pq', 'Aa5BslUZYpvC0XhSLYX', 'yPa41TUOM7TkUgZZnu9', 'H0dJttUhMub0Jni56sN', 'lEBLwAUU81V56BFuEG2', 'Ng7gUGUqVsJgGs4nONG', 'w4JRWxUpAJqLbhSIUTF', 'PhVkaUU2RdOZcZRY4F1'
                      Source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, bLgSlxJR9sMiXTwxUd.csHigh entropy of concatenated method names: 'FCJlb8lmL', 'lxVGnjNpN', 'oRWhokhuCSsQwJ7Jcwo', 'YgpSt0hK1qa1emA1NGS', 'cxCYRNh9AXuQYMJCnIO', 's3jpUrhxBFZ1Z6NEtRC', 'sFw78LhSgIpLtHfDB8X', 'SDU95rhjlihSydcB19V', 'tGn8xThHukn8LjDi5N8'
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeFile created: C:\Users\user\AppData\Local\cvchost.exeJump to dropped file
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cvchostJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cvchostJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe PID: 4160, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cvchost.exe PID: 352, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cvchost.exe PID: 2688, type: MEMORYSTR
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@\
                      Source: cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL K
                      Source: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000304D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORER9SBIEDLL.DLL:SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE;VERSION<SERIALNUMBER>VMWARE|VIRTUAL|A M I|XEN?SELECT * FROM WIN32_COMPUTERSYSTEM@MANUFACTURERAMODELBMICROSOFT|VMWARE|VIRTUALCJOHNDANNAEXXXXXXXX
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 32F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 5CF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 6CF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 6E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 7E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: 8E90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: FE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 13C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 2F20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 58F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 68F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 7990000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 6F80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 1E10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 37B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 57B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 6370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 7370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 74A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: 84A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 12F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3100000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 16E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1220000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DB0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2B50000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4088Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5759Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe TID: 6540Thread sleep count: 44 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe TID: 6540Thread sleep time: -44000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe TID: 6316Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5316Thread sleep count: 4088 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5316Thread sleep count: 5759 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59546s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59435s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59327s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59215s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59106s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -59000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58890s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58777s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58671s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58562s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58450s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58343s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58234s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58123s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -58014s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57905s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57796s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57468s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57249s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57139s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -57031s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56921s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56812s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56702s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56590s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56483s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56372s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56265s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56156s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -56043s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55937s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55827s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55718s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55609s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55499s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55388s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55203s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -55077s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54953s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54836s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54734s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54625s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54515s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5340Thread sleep time: -54406s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 4064Thread sleep count: 44 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 4064Thread sleep time: -44000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 416Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 768Thread sleep count: 44 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 768Thread sleep time: -44000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exe TID: 5012Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\cvchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Users\user\AppData\Local\cvchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Users\user\AppData\Local\cvchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Users\user\AppData\Local\cvchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59435Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59327Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59215Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59106Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58777Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58671Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58450Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58123Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58014Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57905Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57796Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57468Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57249Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57139Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56921Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56812Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56702Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56590Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56483Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56372Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56265Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56043Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55937Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55827Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55718Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55609Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55499Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55388Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55203Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55077Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54836Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54734Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54625Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54515Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54406Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V
                      Source: cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer9SbieDll.dll:select * from Win32_BIOS8Unexpected WMI query failure;version<SerialNumber>VMware|VIRTUAL|A M I|Xen?select * from Win32_ComputerSystem@manufacturerAmodelBMicrosoft|VMWare|VirtualCjohnDannaExxxxxxxx
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:Microsoft|VMWare|Virtual
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q0VMware|VIRTUAL|A M I|Xen
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen@\
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q0Microsoft|VMWare|Virtual
                      Source: cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:VMware|VIRTUAL|A M I|Xen
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual@\
                      Source: cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareLR
                      Source: cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLR
                      Source: MSBuild.exe, 00000004.00000002.3561035167.0000000000E62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeCode function: 0_2_06F14620 CheckRemoteDebuggerPresent,0_2_06F14620
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4A8000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4AA000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 909008Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4A8000Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4AA000Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A59008Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Users\user\AppData\Local\cvchost.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Users\user\AppData\Local\cvchost.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\cvchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: MSBuild.exe, 00000004.00000002.3660901443.0000000005300000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3563689958.0000000001357000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3563689958.000000000138D000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3678003293.0000000005250000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 4.2.MSBuild.exe.51c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.MSBuild.exe.406c998.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.83741b0.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.8070000.20.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.42f5570.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.47f5590.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.83741b0.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.41555d0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.MSBuild.exe.51c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.43fd610.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.47f5590.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.40155b0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.3f75590.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.40155b0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.8070000.20.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.MSBuild.exe.453c9d8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.41555d0.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.3f25570.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.43fd610.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.42f5570.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.3637970226.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2774523636.0000000008070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.00000000069E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3633405335.00000000040DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.00000000058F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3555519065.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3323572217.0000000004015000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.0000000005DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3323572217.00000000043E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3402271367.0000000008316000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2741105725.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.00000000062F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.00000000065B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2741105725.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 4.2.MSBuild.exe.51c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.MSBuild.exe.406c998.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.83741b0.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.8070000.20.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.42f5570.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.47f5590.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.83741b0.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.41555d0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.MSBuild.exe.51c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.43fd610.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.6a81200.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.47f5590.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.40155b0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.3f75590.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.40155b0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.8070000.20.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.MSBuild.exe.453c9d8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.41555d0.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.3f25570.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.cvchost.exe.43fd610.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.42f5570.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.3637970226.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2774523636.0000000008070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.00000000069E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3633405335.00000000040DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.00000000058F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3555519065.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3323572217.0000000004015000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.0000000005DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3323572217.00000000043E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3402271367.0000000008316000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2741105725.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3357695514.00000000062F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2755231685.00000000065B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2741105725.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts141
                      Windows Management Instrumentation                      		1
                      Scheduled Task/Job                      		311
                      Process Injection                      		1
                      Masquerading                      		OS Credential Dumping451
                      Security Software Discovery                      		Remote Services11
                      Archive Collected Data                      		12
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		1
                      Disable or Modify Tools                      		LSASS Memory161
                      Virtualization/Sandbox Evasion                      		Remote Desktop ProtocolData from Removable Media1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      DLL Side-Loading                      		1
                      Registry Run Keys / Startup Folder                      		161
                      Virtualization/Sandbox Evasion                      		Security Account Manager1
                      Application Window Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      DLL Side-Loading                      		311
                      Process Injection                      		NTDS133
                      System Information Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                      Obfuscated Files or Information                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Software Packing                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1464092 Sample: SecuriteInfo.com.Win32.RATX... Startdate: 28/06/2024 Architecture: WINDOWS Score: 100 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected PureLog Stealer 2->34 36 6 other signatures 2->36 6 SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe 1 5 2->6         started        10 cvchost.exe 3 2->10         started        12 cvchost.exe 2 2->12         started        process3 file4 22 C:\Users\user\AppData\Local\cvchost.exe, PE32 6->22 dropped 24 C:\Users\user\...\cvchost.exe:Zone.Identifier, ASCII 6->24 dropped 26 SecuriteInfo.com.W...24946.23294.exe.log, ASCII 6->26 dropped 38 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 6->38 40 Writes to foreign memory regions 6->40 42 Injects a PE file into a foreign processes 6->42 44 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 6->44 14 MSBuild.exe 2 6->14         started        46 Antivirus detection for dropped file 10->46 48 Multi AV Scanner detection for dropped file 10->48 50 Machine Learning detection for dropped file 10->50 18 MSBuild.exe 2 10->18         started        52 Allocates memory in foreign processes 12->52 20 MSBuild.exe 2 12->20         started        signatures5 process6 dnsIp7 28 185.125.50.121, 49723, 49725, 58001 INPLATLABS-ASRU Russian Federation 14->28 54 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->54 signatures8

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe58%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                      SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe69%VirustotalBrowse
                      SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe100%AviraTR/Kryptik.zfrml
                      SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\cvchost.exe100%AviraTR/Kryptik.zfrml
                      C:\Users\user\AppData\Local\cvchost.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\cvchost.exe58%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                      C:\Users\user\AppData\Local\cvchost.exe69%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                      https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                      https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                      https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                      https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                      https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                      https://github.com/mgravell/protobuf-neti0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalseunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netSecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CE000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/mgravell/protobuf-netiSecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CE000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://stackoverflow.com/q/14436606/23354cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3637970226.000000000471B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.0000000003162000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/mgravell/protobuf-netJSecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3427213155.0000000006863000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004386000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.0000000003601000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.3574891839.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.3574891839.0000000002DCD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.000000000310F000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.00000000033E5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.3577272561.0000000003198000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000003095000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://stackoverflow.com/q/11564914/23354;SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043CA000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://stackoverflow.com/q/2152978/23354SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2773708889.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe, 00000000.00000002.2755231685.000000000619D000.00000004.00000800.00020000.00000000.sdmp, cvchost.exe, 00000006.00000002.3402271367.0000000007CFD000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.3633405335.0000000004375000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      185.125.50.121
                      		unknownRussian Federation
                      		207064INPLATLABS-ASRUfalse

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1464092
                      Start date and time:2024-06-28 12:33:17 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 10m 26s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:10
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                      Detection:MAL
                      Classification:mal100.troj.evad.winEXE@9/4@0/1
                      EGA Information:
                      • Successful, ratio: 75%
                      HCA Information:
                      • Successful, ratio: 92%
                      • Number of executed functions: 620
                      • Number of non-executed functions: 9
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 40.127.169.103, 192.229.221.95, 13.95.31.18, 2.16.100.168, 88.221.110.91, 20.166.126.56
                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                      • Execution Graph export aborted for target cvchost.exe, PID 352 because it is empty
                      • Report creation exceeded maximum time and may have missing disassembly code information.
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      06:34:58API Interceptor13x Sleep call for process: SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe modified
                      06:35:10API Interceptor63525x Sleep call for process: MSBuild.exe modified
                      06:35:55API Interceptor26x Sleep call for process: cvchost.exe modified
                      12:35:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run cvchost C:\Users\user\AppData\Local\cvchost.exe
                      12:35:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run cvchost C:\Users\user\AppData\Local\cvchost.exe

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      185.125.50.121SecuriteInfo.com.Win32.CrypterX-gen.8664.12357.exeGet hashmaliciousPureLog StealerBrowse
                        SecuriteInfo.com.Trojan.Inject5.3917.9683.3142.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                          ka0UKl7202.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            fp2e7a.wpc.phicdn.netSecuriteInfo.com.Win32.CrypterX-gen.8664.12357.exeGet hashmaliciousPureLog StealerBrowse
                            • 192.229.221.95
                            SecuriteInfo.com.Win64.CrypterX-gen.21483.21524.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            • 192.229.221.95
                            http://cdn.iaostatic.xyzGet hashmaliciousUnknownBrowse
                            • 192.229.221.95
                            http://www.bcluxuryauto.comGet hashmaliciousUnknownBrowse
                            • 192.229.221.95
                            https://qrco.de/bfBwJlGet hashmaliciousUnknownBrowse
                            • 192.229.221.95
                            1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                            • 192.229.221.95
                            https://repispa-my.sharepoint.com/:o:/g/personal/e_bussi_repi_com/Eqe6_DZQVKZLsFmMZLceChgBp7dFUVwoPWO6T4xpdp25_Q?e=5%3aAmZqKS&at=9Get hashmaliciousHTMLPhisherBrowse
                            • 192.229.221.95
                            https://proftrafficcounter.com/statsGet hashmaliciousUnknownBrowse
                            • 192.229.221.95
                            https://branchlock.netGet hashmaliciousUnknownBrowse
                            • 192.229.221.95
                            https://t4ha7.shop/Get hashmaliciousUnknownBrowse
                            • 192.229.221.95

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            INPLATLABS-ASRUSecuriteInfo.com.Win32.CrypterX-gen.8664.12357.exeGet hashmaliciousPureLog StealerBrowse
                            • 185.125.50.121
                            SecuriteInfo.com.Trojan.Inject5.3917.9683.3142.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            • 185.125.50.121
                            ka0UKl7202.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                            • 185.125.50.121
                            https://steamcommunlty.duckdns.org/br-redeemSteamGiftCard=481928385858/IP:Get hashmaliciousUnknownBrowse
                            • 185.125.50.1
                            El7TD9RYMH.exeGet hashmaliciousRedLineBrowse
                            • 185.125.50.19
                            xqj4nAXq60.exeGet hashmaliciousRedLineBrowse
                            • 185.125.50.19
                            networkmanagerGet hashmaliciousUnknownBrowse
                            • 185.125.49.121

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe.log

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1022
                            Entropy (8bit):5.354120267532675
                            Encrypted:false
                            SSDEEP:24:ML9E4KlKDE4KhKiKhIE4Kx1qE4qpAE4KzeosXE4qdKm:MxHKlYHKh3oIHKx1qHmAHKzePHA
                            MD5:7A2DF296CF62A0097289570A862CC818
                            SHA1:87377BC742256B8BA256699E353882D7F5F3C754
                            SHA-256:0C0CB814686C0CEE3C7170B9FCC0E2B67F95F80E00ED806F715BB59D1550F924
                            SHA-512:197C3E53FDB55D408D5F5BAA86CCB40A339676CE8092669D465EEE38A5DC4F2D7D4B93FDCF6FD74906F876DF9CD5C0943410C12D54079D9077B037EDBA9C04CD
                            Malicious:true
                            Reputation:moderate, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cvchost.exe.log

                            Download File
                            Process:C:\Users\user\AppData\Local\cvchost.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1022
                            Entropy (8bit):5.354120267532675
                            Encrypted:false
                            SSDEEP:24:ML9E4KlKDE4KhKiKhIE4Kx1qE4qpAE4KzeosXE4qdKm:MxHKlYHKh3oIHKx1qHmAHKzePHA
                            MD5:7A2DF296CF62A0097289570A862CC818
                            SHA1:87377BC742256B8BA256699E353882D7F5F3C754
                            SHA-256:0C0CB814686C0CEE3C7170B9FCC0E2B67F95F80E00ED806F715BB59D1550F924
                            SHA-512:197C3E53FDB55D408D5F5BAA86CCB40A339676CE8092669D465EEE38A5DC4F2D7D4B93FDCF6FD74906F876DF9CD5C0943410C12D54079D9077B037EDBA9C04CD
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.

                            C:\Users\user\AppData\Local\cvchost.exe

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):9382912
                            Entropy (8bit):7.997826053890498
                            Encrypted:true
                            SSDEEP:196608:RZ+ICBPSX5rcu1/NggOUO6j44epDYV9BQMv0eMnPiMDEhyi:REOTNQxDYfBQlZnl
                            MD5:DD05330FEBB9988D2BCDC1D0B6123A2B
                            SHA1:EC76FE7FF2B09EFC07D424B411DC90A528A0BC27
                            SHA-256:D76ABBBBE5AB5C33F007A95AC87C2E522EEB446B62EF8D970C4F09022FD77670
                            SHA-512:8685174163858FD0573D326C3B29D426BE6D0F176C1FB447B634835335A3D6C419F0E3582E718813F9B24553A80D4D3F9450F517BF42A8EE283AD6D21E2CF070
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 58%
                            • Antivirus: Virustotal, Detection: 69%, Browse
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................."...........A... ...`....@.. ....................................`.................................tA..W....`............................................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H........W...................9...........................................(....*.*..(&...*J.('....s(...}....*..('.....(....}......}......}.....s(...}....*Vs-...o....#......$@Z*..('...*.~....-# .4..(.........(;...o<...s=........~....*.~....*.......*~(.... .2..(....~....o>...t....*&...(....*Z.('.....}.......o....*..{....*&...(....**....(....*:.. .....(....*>... .....(....*F....(......(!...*V.9......sB...*.sC...*J.. .... ....(!...*:... ....(!...*B.('.......o"...*&...($...*R..oA..

                            C:\Users\user\AppData\Local\cvchost.exe:Zone.Identifier

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:true
                            Reputation:high, very likely benign file
                            Preview:[ZoneTransfer]....ZoneId=0

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):7.997826053890498
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            • Win32 Executable (generic) a (10002005/4) 49.78%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            File name:SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                            File size:9'382'912 bytes
                            MD5:dd05330febb9988d2bcdc1d0b6123a2b
                            SHA1:ec76fe7ff2b09efc07d424b411dc90a528a0bc27
                            SHA256:d76abbbbe5ab5c33f007a95ac87c2e522eeb446b62ef8d970c4f09022fd77670
                            SHA512:8685174163858fd0573d326c3b29d426be6d0f176c1fb447b634835335a3d6c419f0e3582e718813f9b24553a80d4d3f9450f517bf42a8ee283ad6d21e2cf070
                            SSDEEP:196608:RZ+ICBPSX5rcu1/NggOUO6j44epDYV9BQMv0eMnPiMDEhyi:REOTNQxDYfBQlZnl
                            TLSH:9D9633529B5CE592F8AD777EF420F098EBF1C128F626E38DBA916CD448473C609C2257
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................."...........A... ...`....@.. ....................................`................................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0xcf41ce
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x660ED6E5 [Thu Apr 4 16:35:49 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8f41740x57.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x8f60000x5e6.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x8f80000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x8f21d40x8f220032858f0db8d5c8e722e4c78e640a22b3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0x8f60000x5e60x600249dd0436072590222effdbf3189583bFalse0.4205729166666667data4.1671943232048445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x8f80000xc0x20059a4143f3308bb3a2a1ec9f98701eef3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_VERSION0x8f60a00x35cdata0.40348837209302324
                            RT_MANIFEST0x8f63fc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jun 28, 2024 12:34:21.105654955 CEST49674443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:21.105654955 CEST49673443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:21.340090990 CEST49672443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:30.715015888 CEST49673443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:30.715112925 CEST49674443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:30.949387074 CEST49672443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:34:32.625096083 CEST44349710173.222.162.64192.168.2.6
                            Jun 28, 2024 12:34:32.625237942 CEST49710443192.168.2.6173.222.162.64
                            Jun 28, 2024 12:35:11.373864889 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:35:11.378753901 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:35:11.378885984 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:35:11.399224043 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:35:11.404153109 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:35:11.404258966 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:35:11.409024000 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:01.074899912 CEST4970980192.168.2.62.16.164.17
                            Jun 28, 2024 12:36:01.080553055 CEST80497092.16.164.17192.168.2.6
                            Jun 28, 2024 12:36:01.080636024 CEST4970980192.168.2.62.16.164.17
                            Jun 28, 2024 12:36:11.372931004 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:11.377942085 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:11.378012896 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:11.382823944 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:11.920296907 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:11.920365095 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:11.922166109 CEST4972358001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:11.931143999 CEST5800149723185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:12.044115067 CEST4972558001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:12.049153090 CEST5800149725185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:12.049271107 CEST4972558001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:12.050019979 CEST4972558001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:12.054804087 CEST5800149725185.125.50.121192.168.2.6
                            Jun 28, 2024 12:36:12.057178974 CEST4972558001192.168.2.6185.125.50.121
                            Jun 28, 2024 12:36:12.062127113 CEST5800149725185.125.50.121192.168.2.6

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Jun 28, 2024 12:34:41.753824949 CEST1.1.1.1192.168.2.60xd757No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                            Jun 28, 2024 12:34:41.753824949 CEST1.1.1.1192.168.2.60xd757No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:06:34:25
                            Start date:28/06/2024
                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.RATX-gen.24946.23294.exe"
                            Imagebase:0x590000
                            File size:9'382'912 bytes
                            MD5 hash:DD05330FEBB9988D2BCDC1D0B6123A2B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2755231685.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2774523636.0000000008070000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2755231685.00000000069E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2741105725.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2738255188.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2755231685.0000000005CF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2755231685.00000000065B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2741105725.00000000047F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:4
                            Start time:06:35:09
                            Start date:28/06/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                            Imagebase:0x750000
                            File size:262'432 bytes
                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.3652992074.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.3666224694.00000000055A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.3574891839.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:6
                            Start time:06:35:22
                            Start date:28/06/2024
                            Path:C:\Users\user\AppData\Local\cvchost.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Local\cvchost.exe"
                            Imagebase:0x240000
                            File size:9'382'912 bytes
                            MD5 hash:DD05330FEBB9988D2BCDC1D0B6123A2B
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3402271367.0000000007AA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3402271367.0000000007A7D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3309615567.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3357695514.00000000058F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3402271367.0000000007C5D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3323572217.0000000004015000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3357695514.0000000005DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3323572217.00000000043E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3323572217.00000000043E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3402271367.0000000008316000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3309615567.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.3357695514.00000000062F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.3357695514.00000000062F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 58%, ReversingLabs
                            • Detection: 69%, Virustotal, Browse
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:7
                            Start time:06:35:30
                            Start date:28/06/2024
                            Path:C:\Users\user\AppData\Local\cvchost.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Local\cvchost.exe"
                            Imagebase:0xbf0000
                            File size:9'382'912 bytes
                            MD5 hash:DD05330FEBB9988D2BCDC1D0B6123A2B
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3427213155.0000000006575000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3427213155.000000000645D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3427213155.00000000064D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3395154508.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3427213155.00000000066B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.3427213155.0000000006485000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:8
                            Start time:06:36:06
                            Start date:28/06/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                            Imagebase:0xc70000
                            File size:262'432 bytes
                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3637970226.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.3637970226.000000000461D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.3577272561.0000000003162000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3555519065.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:9
                            Start time:06:36:14
                            Start date:28/06/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                            Imagebase:0x9b0000
                            File size:262'432 bytes
                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.3633405335.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.3633405335.00000000040DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.3576206213.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:high
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:10%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:3.4%
                              Total number of Nodes:293
                              Total number of Limit Nodes:14
                              execution_graph 59957 6f19670 59958 6f19684 59957->59958 59961 6f196b0 KiUserCallbackDispatcher 59958->59961 59962 6f19721 59961->59962 59963 6f19728 GetSystemMetrics 59961->59963 59962->59963 59964 6f19696 59963->59964 60204 6f14620 60205 6f14664 CheckRemoteDebuggerPresent 60204->60205 60207 6f146cc 60205->60207 59965 6eb7679 59966 6eb7683 59965->59966 59970 5655a78 59966->59970 59979 5655a6a 59966->59979 59967 6eb6cdf 59971 5655a8d 59970->59971 59988 5655d99 59971->59988 59991 5655b7a 59971->59991 59994 5655dcb 59971->59994 59997 5655ab8 59971->59997 60000 5655aa8 59971->60000 60003 5655e99 59971->60003 59980 5655a78 59979->59980 59982 5655d99 9 API calls 59980->59982 59983 5655e99 9 API calls 59980->59983 59984 5655aa8 9 API calls 59980->59984 59985 5655ab8 9 API calls 59980->59985 59986 5655dcb 9 API calls 59980->59986 59987 5655b7a 9 API calls 59980->59987 59981 5655aa3 59981->59967 59982->59981 59983->59981 59984->59981 59985->59981 59986->59981 59987->59981 59989 5655b0f 59988->59989 60006 5657430 59989->60006 59992 5655b0f 59991->59992 59993 5657430 9 API calls 59992->59993 59993->59992 59995 5655b0f 59994->59995 59996 5657430 9 API calls 59995->59996 59996->59995 59998 5655ae2 59997->59998 59999 5657430 9 API calls 59998->59999 59999->59998 60001 5655ae2 60000->60001 60002 5657430 9 API calls 60001->60002 60002->60001 60004 5655b0f 60003->60004 60005 5657430 9 API calls 60004->60005 60005->60004 60007 5657455 60006->60007 60010 565785c 60007->60010 60011 5657877 60010->60011 60015 5658300 60011->60015 60033 5658310 60011->60033 60012 56574f0 60016 5658310 60015->60016 60024 5658347 60016->60024 60051 5658dfb 60016->60051 60056 5658e9e 60016->60056 60061 56589b2 60016->60061 60070 5658953 60016->60070 60075 5658530 60016->60075 60081 5658731 60016->60081 60085 5658936 60016->60085 60091 56584d7 60016->60091 60096 5658c69 60016->60096 60102 56586a9 60016->60102 60107 5658b89 60016->60107 60111 565888f 60016->60111 60116 56586c3 60016->60116 60121 5658c83 60016->60121 60125 5658a25 60016->60125 60024->60012 60034 5658325 60033->60034 60035 5658a25 2 API calls 60034->60035 60036 5658c83 WriteProcessMemory 60034->60036 60037 56586c3 WriteProcessMemory 60034->60037 60038 565888f 2 API calls 60034->60038 60039 5658b89 WriteProcessMemory 60034->60039 60040 56586a9 2 API calls 60034->60040 60041 5658c69 WriteProcessMemory 60034->60041 60042 5658347 60034->60042 60043 56584d7 2 API calls 60034->60043 60044 5658936 2 API calls 60034->60044 60045 5658731 2 API calls 60034->60045 60046 5658530 2 API calls 60034->60046 60047 5658953 2 API calls 60034->60047 60048 56589b2 2 API calls 60034->60048 60049 5658e9e 2 API calls 60034->60049 60050 5658dfb 2 API calls 60034->60050 60035->60042 60036->60042 60037->60042 60038->60042 60039->60042 60040->60042 60041->60042 60042->60012 60043->60042 60044->60042 60045->60042 60046->60042 60047->60042 60048->60042 60049->60042 60050->60042 60052 5658e13 60051->60052 60130 5659700 60052->60130 60135 56596f0 60052->60135 60053 5658e2b 60057 5658eae 60056->60057 60058 5658953 60056->60058 60058->60056 60158 6f132f8 60058->60158 60162 6f132bf 60058->60162 60062 56589b6 60061->60062 60063 5658982 60061->60063 60064 5658953 60063->60064 60068 6f132f8 ResumeThread 60063->60068 60069 6f132bf ResumeThread 60063->60069 60065 5658eae 60064->60065 60066 6f132f8 ResumeThread 60064->60066 60067 6f132bf ResumeThread 60064->60067 60066->60064 60067->60064 60068->60064 60069->60064 60071 565895d 60070->60071 60071->60070 60072 5658eae 60071->60072 60073 6f132f8 ResumeThread 60071->60073 60074 6f132bf ResumeThread 60071->60074 60073->60071 60074->60071 60076 5658fc3 60075->60076 60077 56584be 60075->60077 60078 5658fe7 60076->60078 60166 6f12c9f 60076->60166 60170 6f12ca0 60076->60170 60078->60024 60174 565a8e8 60081->60174 60179 565a8f8 60081->60179 60082 565874c 60086 5658730 60085->60086 60087 5658943 60085->60087 60089 565a8e8 2 API calls 60086->60089 60090 565a8f8 2 API calls 60086->60090 60088 565874c 60089->60088 60090->60088 60092 5658fc3 60091->60092 60093 5658fe7 60092->60093 60094 6f12ca0 VirtualAllocEx 60092->60094 60095 6f12c9f VirtualAllocEx 60092->60095 60093->60024 60094->60093 60095->60093 60097 5658c73 60096->60097 60098 56586e9 60096->60098 60192 565a810 60098->60192 60196 565a7ff 60098->60196 60099 565870a 60103 56586b3 60102->60103 60105 6f12620 Wow64SetThreadContext 60103->60105 60106 6f12618 Wow64SetThreadContext 60103->60106 60104 5658d88 60105->60104 60106->60104 60109 565a810 WriteProcessMemory 60107->60109 60110 565a7ff WriteProcessMemory 60107->60110 60108 56584be 60109->60108 60110->60108 60112 5658953 60111->60112 60113 5658eae 60112->60113 60114 6f132f8 ResumeThread 60112->60114 60115 6f132bf ResumeThread 60112->60115 60114->60112 60115->60112 60117 56586cd 60116->60117 60119 565a810 WriteProcessMemory 60117->60119 60120 565a7ff WriteProcessMemory 60117->60120 60118 565870a 60119->60118 60120->60118 60123 565a810 WriteProcessMemory 60121->60123 60124 565a7ff WriteProcessMemory 60121->60124 60122 5658ca9 60123->60122 60124->60122 60126 5658a2f 60125->60126 60127 5658fe7 60126->60127 60128 6f12ca0 VirtualAllocEx 60126->60128 60129 6f12c9f VirtualAllocEx 60126->60129 60127->60024 60128->60127 60129->60127 60131 5659717 60130->60131 60140 56598d3 60131->60140 60145 565987a 60131->60145 60132 5659739 60132->60053 60136 5659700 60135->60136 60138 56598d3 2 API calls 60136->60138 60139 565987a 2 API calls 60136->60139 60137 5659739 60137->60053 60138->60137 60139->60137 60141 56598fb 60140->60141 60142 56597ed 60141->60142 60150 6f12264 60141->60150 60154 6f12270 60141->60154 60142->60132 60146 5659883 60145->60146 60147 56597ed 60146->60147 60148 6f12270 CreateProcessA 60146->60148 60149 6f12264 CreateProcessA 60146->60149 60147->60132 60148->60147 60149->60147 60152 6f122f0 CreateProcessA 60150->60152 60153 6f124ec 60152->60153 60156 6f122f0 CreateProcessA 60154->60156 60157 6f124ec 60156->60157 60159 6f1333c ResumeThread 60158->60159 60161 6f13388 60159->60161 60161->60058 60163 6f1333c ResumeThread 60162->60163 60165 6f13388 60163->60165 60165->60058 60167 6f12ce4 VirtualAllocEx 60166->60167 60169 6f12d4c 60167->60169 60169->60078 60171 6f12ce4 VirtualAllocEx 60170->60171 60173 6f12d4c 60171->60173 60173->60078 60175 565a8f8 60174->60175 60184 6f12620 60175->60184 60188 6f12618 60175->60188 60176 565a926 60176->60082 60180 565a90d 60179->60180 60182 6f12620 Wow64SetThreadContext 60180->60182 60183 6f12618 Wow64SetThreadContext 60180->60183 60181 565a926 60181->60082 60182->60181 60183->60181 60185 6f12669 Wow64SetThreadContext 60184->60185 60187 6f126e1 60185->60187 60187->60176 60189 6f12669 Wow64SetThreadContext 60188->60189 60191 6f126e1 60189->60191 60191->60176 60193 565a825 60192->60193 60200 6f12f60 60193->60200 60197 565a810 60196->60197 60199 6f12f60 WriteProcessMemory 60197->60199 60198 565a847 60198->60099 60199->60198 60201 6f12fa9 WriteProcessMemory 60200->60201 60203 565a847 60201->60203 60203->60099 60208 6eb760d 60209 6eb7617 60208->60209 60214 6f1b460 60209->60214 60219 6f1b45f 60209->60219 60224 6f1b450 60209->60224 60210 6eb6cdf 60215 6f1b475 60214->60215 60229 6f1b4a0 60215->60229 60233 6f1b497 60215->60233 60216 6f1b48b 60216->60210 60220 6f1b475 60219->60220 60222 6f1b4a0 11 API calls 60220->60222 60223 6f1b497 11 API calls 60220->60223 60221 6f1b48b 60221->60210 60222->60221 60223->60221 60225 6f1b45d 60224->60225 60227 6f1b4a0 11 API calls 60225->60227 60228 6f1b497 11 API calls 60225->60228 60226 6f1b48b 60226->60210 60227->60226 60228->60226 60231 6f1b4ca 60229->60231 60230 6f1b504 60230->60216 60231->60230 60237 6f1b8e0 60231->60237 60235 6f1b49e 60233->60235 60234 6f1b504 60234->60216 60235->60234 60236 6f1b8e0 11 API calls 60235->60236 60236->60235 60238 6f1b905 60237->60238 60239 6f1b91e 60238->60239 60245 6f1c607 60238->60245 60250 6f1bf6c 60238->60250 60254 6f1be3d 60238->60254 60260 6f1ba86 60238->60260 60264 6f1bce6 60238->60264 60239->60231 60246 6f1c60d 60245->60246 60270 6f140f3 60246->60270 60274 6f140f8 60246->60274 60278 6f1cf90 60250->60278 60284 6f1cf8f 60250->60284 60251 6f1bf86 60255 6f1c445 60254->60255 60302 6f1d180 60255->60302 60308 6f1d17a 60255->60308 60313 6f1d188 60255->60313 60256 6f1b9c4 60256->60239 60326 6f1cef0 60260->60326 60331 6f1ceef 60260->60331 60265 6f1bfe8 60264->60265 60266 6f1b9c4 60264->60266 60344 6f139a0 60265->60344 60348 6f139a8 60265->60348 60266->60239 60267 6f1c023 60271 6f1415a CreateFileMappingA 60270->60271 60273 6f14240 60271->60273 60275 6f1415a CreateFileMappingA 60274->60275 60277 6f14240 60275->60277 60279 6f1cfa5 60278->60279 60290 6f142f0 60279->60290 60294 6f142ff 60279->60294 60298 6f14338 60279->60298 60280 6f1cfc7 60280->60251 60285 6f1cfa5 60284->60285 60287 6f142f0 MapViewOfFile 60285->60287 60288 6f14338 MapViewOfFile 60285->60288 60289 6f142ff MapViewOfFile 60285->60289 60286 6f1cfc7 60286->60251 60287->60286 60288->60286 60289->60286 60291 6f142fd MapViewOfFile 60290->60291 60293 6f143f4 60291->60293 60293->60280 60295 6f1437c MapViewOfFile 60294->60295 60297 6f143f4 60295->60297 60297->60280 60299 6f1437c MapViewOfFile 60298->60299 60301 6f143f4 60299->60301 60301->60280 60303 6f1d186 60302->60303 60305 6f1d1e0 60302->60305 60318 6f11e67 60303->60318 60322 6f11e68 60303->60322 60304 6f1d1b3 60304->60256 60305->60256 60309 6f1d185 60308->60309 60311 6f11e67 FindCloseChangeNotification 60309->60311 60312 6f11e68 FindCloseChangeNotification 60309->60312 60310 6f1d1b3 60310->60256 60311->60310 60312->60310 60314 6f1d19d 60313->60314 60316 6f11e67 FindCloseChangeNotification 60314->60316 60317 6f11e68 FindCloseChangeNotification 60314->60317 60315 6f1d1b3 60315->60256 60316->60315 60317->60315 60319 6f11eac FindCloseChangeNotification 60318->60319 60321 6f11ef8 60319->60321 60321->60304 60323 6f11eac FindCloseChangeNotification 60322->60323 60325 6f11ef8 60323->60325 60325->60304 60327 6f1cf05 60326->60327 60336 6f13ea3 60327->60336 60340 6f13ea8 60327->60340 60332 6f1cf05 60331->60332 60334 6f13ea3 CreateFileA 60332->60334 60335 6f13ea8 CreateFileA 60332->60335 60333 6f1b9c4 60333->60239 60334->60333 60335->60333 60338 6f13f0a CreateFileA 60336->60338 60339 6f13ffe 60338->60339 60341 6f13f0a CreateFileA 60340->60341 60343 6f13ffe 60341->60343 60345 6f139f1 K32GetModuleInformation 60344->60345 60347 6f13a5e 60345->60347 60347->60267 60349 6f139f1 K32GetModuleInformation 60348->60349 60351 6f13a5e 60349->60351 60351->60267

                              Executed Functions

                              Function 056527E1 Relevance: 4.0, Strings: 3, Instructions: 216COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 56527e1-565281e 64 5652824 call 56551c0 0->64 65 5652824 call 56551d0 0->65 3 565282a-565284a 4 5652857-565285f 3->4 5 565284c-5652855 3->5 6 5652864-5652883 4->6 7 5652861-5652862 4->7 5->4 9 5652906 6->9 10 5652889-56528ab 6->10 7->6 13 56529a3-56529ea call 56518f8 9->13 11 56528ad-56528b8 10->11 12 56528ba-56528c3 10->12 11->12 14 56528c5 12->14 15 56528cc-56528cd 12->15 28 5651b50-5651b59 13->28 29 56529f0-56529fb 13->29 14->13 16 5652905 14->16 17 5652ba4-5652c96 14->17 18 5652a6d-5652aa9 14->18 19 56528cf 14->19 15->16 15->19 16->9 17->28 62 5652aaf call 5655129 18->62 63 5652aaf call 5655138 18->63 24 56528db-56528f8 19->24 24->12 26 56528fa-5652903 24->26 26->12 31 5651b62-5651b63 28->31 32 5651b5b 28->32 29->28 30 5652ab5-5652ae6 30->28 33 5652aec-5652af7 30->33 35 56530d8-5653114 31->35 36 5651ab6-5651b38 call 56507c8 32->36 37 5651f60-5651f64 32->37 38 5651a8c-5651aa4 32->38 39 5651aae-5651ab5 32->39 33->28 56 565311f-565312a 35->56 36->28 59 5651b3a-5651b45 36->59 37->35 42 5651f6a-5651f8c 37->42 40 5651aa6-5651aac 38->40 41 5651a7a-5651a80 38->41 40->41 47 5651a82 41->47 48 5651a89-5651a8a 41->48 42->28 43 5651f92-5651f9d 42->43 43->28 47->36 47->38 47->39 48->36 48->38 56->28 59->28 62->30 63->30 64->3 65->3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "$H~j-$(fS
                              • API String ID: 0-3198160874
                              • Opcode ID: ce0d76767ad06200909ae721fd2630c154b883b8095d4f75592e46fd1573fece
                              • Instruction ID: a5f07e483e05e67a1f13636e90c1e3948384bc00ed6758a621135e032a6427dc
                              • Opcode Fuzzy Hash: ce0d76767ad06200909ae721fd2630c154b883b8095d4f75592e46fd1573fece
                              • Instruction Fuzzy Hash: CBB18274A41219CFDBA5CF29D898BADBBB1FB49310F5081EAD809A7350DB349E85CF50
                              Function 056526EC Relevance: 4.0, Strings: 3, Instructions: 211COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 66 56526ec-565270b 69 5652711-5652731 66->69 70 565278f 66->70 71 5652740-5652749 69->71 72 5652733-565273e 69->72 73 56528ba-56528c3 70->73 74 5652752-5652753 71->74 75 565274b 71->75 72->71 76 56528c5 73->76 77 56528cc-56528cd 73->77 82 565278e 74->82 75->74 78 5652755-5652781 75->78 79 5652905-5652906 75->79 80 5652a6d-5652aa9 75->80 81 56528cf 75->81 75->82 76->79 76->80 76->81 83 5652ba4-5652c96 76->83 84 56529a3-56529ea call 56518f8 76->84 77->79 77->81 78->71 92 5652783-565278c 78->92 79->84 130 5652aaf call 5655129 80->130 131 5652aaf call 5655138 80->131 90 56528db-56528f8 81->90 82->70 97 5651b50-5651b59 83->97 84->97 98 56529f0-56529fb 84->98 90->73 93 56528fa-5652903 90->93 92->71 93->73 96 5652ab5-5652ae6 96->97 99 5652aec-5652af7 96->99 101 5651b62-5651b63 97->101 102 5651b5b 97->102 98->97 99->97 103 56530d8-5653114 101->103 104 5651ab6-5651b38 call 56507c8 102->104 105 5651f60-5651f64 102->105 106 5651a8c-5651aa4 102->106 107 5651aae-5651ab5 102->107 125 565311f-565312a 103->125 104->97 127 5651b3a-5651b45 104->127 105->103 111 5651f6a-5651f8c 105->111 108 5651aa6-5651aac 106->108 109 5651a7a-5651a80 106->109 108->109 115 5651a82 109->115 116 5651a89-5651a8a 109->116 111->97 112 5651f92-5651f9d 111->112 112->97 115->104 115->106 115->107 116->104 116->106 125->97 127->97 130->96 131->96
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "$H~j-$(fS
                              • API String ID: 0-3198160874
                              • Opcode ID: cbc1440604bb753c536eb9d0e76da587331b486507f952be9f00deeac16f85f7
                              • Instruction ID: e16863da69743a3c1b81131b524950360cf115b3623a9f056ce8f70df4f9ff1d
                              • Opcode Fuzzy Hash: cbc1440604bb753c536eb9d0e76da587331b486507f952be9f00deeac16f85f7
                              • Instruction Fuzzy Hash: D5A1B274A45219CFDBA5CF29D898BA9BBB1FB49310F1080EAD849A7251DB349E85CF10
                              Function 06EBB510 Relevance: 2.3, Strings: 1, Instructions: 1097COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4
                              • API String ID: 0-4088798008
                              • Opcode ID: 8d8d19df1744f5f296ae0d81b415ec806de5bad578fd26e07c3da892c343e0cd
                              • Instruction ID: 1ebfb58a646fd9383a5a24c42af76c7a572264a5c31063c06982d24467a156c1
                              • Opcode Fuzzy Hash: 8d8d19df1744f5f296ae0d81b415ec806de5bad578fd26e07c3da892c343e0cd
                              • Instruction Fuzzy Hash: 27B2F934A00218DFDB54CF98D894BAEB7B6FF88704F149199E905AB3A5CB70AC85CF50
                              Function 06EBB837 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4
                              • API String ID: 0-4088798008
                              • Opcode ID: 7ce5b21d3cb17ae76e60886e06da0c935b650df13dcd28e394b3e1ad9cc95702
                              • Instruction ID: beca279ab0181e7844a85288e9391c7e9801af19f040ccc627b176bf95538b0d
                              • Opcode Fuzzy Hash: 7ce5b21d3cb17ae76e60886e06da0c935b650df13dcd28e394b3e1ad9cc95702
                              • Instruction Fuzzy Hash: F5221F34A00218CFEB64DF64C984BAEB7B6FF48704F1491A5E909AB365DB70AD85CF50
                              Function 06F17F38 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1012 6f17f38-6f17fdd 1014 6f18059-6f18067 1012->1014 1015 6f17fdf-6f18006 1012->1015 1016 6f1806a-6f18096 1014->1016 1015->1014 1019 6f18008-6f1801c 1015->1019 1020 6f18098-6f180bf 1016->1020 1021 6f1810f-6f1811d 1016->1021 1025 6f1803f-6f18057 1019->1025 1026 6f1801e-6f18028 1019->1026 1020->1021 1030 6f180c1-6f180d5 1020->1030 1022 6f18120-6f181e8 1021->1022 1044 6f18264-6f18272 1022->1044 1045 6f181ea-6f18211 1022->1045 1025->1016 1027 6f1802a 1026->1027 1028 6f1802c-6f1803b 1026->1028 1027->1028 1028->1028 1031 6f1803d 1028->1031 1034 6f180d7-6f180e1 1030->1034 1035 6f180f8-6f1810d 1030->1035 1031->1025 1037 6f180e3 1034->1037 1038 6f180e5-6f180f4 1034->1038 1035->1022 1037->1038 1038->1038 1039 6f180f6 1038->1039 1039->1035 1046 6f18278-6f182af 1044->1046 1045->1044 1049 6f18213-6f18227 1045->1049 1050 6f182b1-6f182d8 1046->1050 1051 6f1832b-6f18339 1046->1051 1055 6f18229-6f18233 1049->1055 1056 6f1824a-6f18262 1049->1056 1050->1051 1058 6f182da-6f182ee 1050->1058 1053 6f1833f-6f183b6 1051->1053 1066 6f183be-6f183cf 1053->1066 1059 6f18235 1055->1059 1060 6f18237-6f18246 1055->1060 1056->1046 1064 6f18311-6f18329 1058->1064 1065 6f182f0-6f182fa 1058->1065 1059->1060 1060->1060 1061 6f18248 1060->1061 1061->1056 1064->1053 1067 6f182fc 1065->1067 1068 6f182fe-6f1830d 1065->1068 1069 6f183d1-6f183d7 1066->1069 1070 6f183d8-6f1849e 1066->1070 1067->1068 1068->1068 1071 6f1830f 1068->1071 1069->1070 1080 6f184a0-6f184a4 1070->1080 1081 6f184ae-6f184b2 1070->1081 1071->1064 1080->1081 1082 6f184a6 1080->1082 1083 6f184c2-6f184c6 1081->1083 1084 6f184b4-6f184b8 1081->1084 1082->1081 1086 6f184d6-6f184da 1083->1086 1087 6f184c8-6f184cc 1083->1087 1084->1083 1085 6f184ba 1084->1085 1085->1083 1088 6f184ea-6f184ee 1086->1088 1089 6f184dc-6f184e0 1086->1089 1087->1086 1090 6f184ce 1087->1090 1092 6f184f0-6f184f4 1088->1092 1093 6f184fe-6f18502 1088->1093 1089->1088 1091 6f184e2 1089->1091 1090->1086 1091->1088 1092->1093 1094 6f184f6 1092->1094 1095 6f18512-6f18516 1093->1095 1096 6f18504-6f18508 1093->1096 1094->1093 1098 6f18526 1095->1098 1099 6f18518-6f1851c 1095->1099 1096->1095 1097 6f1850a 1096->1097 1097->1095 1101 6f18527 1098->1101 1099->1098 1100 6f1851e 1099->1100 1100->1098 1101->1101
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: \Vm
                              • API String ID: 0-711957416
                              • Opcode ID: e6cd23e2b666ddb09b76a9f0bada46c9081dc78c228b690de2239d222654dd0c
                              • Instruction ID: 3cc4e5f76ba77c3946f5205045d6271e2a81f360a80f07e69e2c8d377372ca52
                              • Opcode Fuzzy Hash: e6cd23e2b666ddb09b76a9f0bada46c9081dc78c228b690de2239d222654dd0c
                              • Instruction Fuzzy Hash: B9020570D00219CFEB60CFA8C981BDDBBB1BF49340F1095AAD819BB250EB749A84CF55
                              Function 06F14620 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                              Download Yara Rule
                              APIs
                              • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 06F146BA
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CheckDebuggerPresentRemote
                              • String ID:
                              • API String ID: 3662101638-0
                              • Opcode ID: 7f56d68861c85f5bb5e84c31c018ac51d7caaed64ebd60622cafa1eb052cebcc
                              • Instruction ID: c9e8e5376a7f20343f284af7c0ba9fd9701320b49fe47800c27ec9f550b47505
                              • Opcode Fuzzy Hash: 7f56d68861c85f5bb5e84c31c018ac51d7caaed64ebd60622cafa1eb052cebcc
                              • Instruction Fuzzy Hash: 3241ECB5D05259DFDB00CFA9D484AEEFBF1AF49310F24902AE455B7240C778AA45CFA8
                              Function 06F1461F Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                              Download Yara Rule
                              APIs
                              • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 06F146BA
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CheckDebuggerPresentRemote
                              • String ID:
                              • API String ID: 3662101638-0
                              • Opcode ID: 592a3def373d99433546f68daf6a72d716177491ea2cf08b76cf3449ea7b011c
                              • Instruction ID: 1181bed5659201435fd9b0fa90a0d6a52e4d63de274e251b088dc0c7fa71cc9b
                              • Opcode Fuzzy Hash: 592a3def373d99433546f68daf6a72d716177491ea2cf08b76cf3449ea7b011c
                              • Instruction Fuzzy Hash: E841FEB5C00258DFDB00CFA9D580AEEFBF0AF49310F14902AE454B7240C778AA44CFA4
                              Function 06EBEF68 Relevance: .7, Instructions: 684COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fd2e36d3d1ee29549d53e0a2266a4799bee724c1fc0bafa488ef01353bc38523
                              • Instruction ID: bad73162a21513305887b8854b219f2a7df8642b65285e14c9e833c54001b79c
                              • Opcode Fuzzy Hash: fd2e36d3d1ee29549d53e0a2266a4799bee724c1fc0bafa488ef01353bc38523
                              • Instruction Fuzzy Hash: 9E426C34B10208CFDB58DF68C954AAA7BE6FF88314B20A4A9D906DB375DB71DC41CB91
                              Function 06F18D68 Relevance: .4, Instructions: 387COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f73806ea52084d05bb7fa9dbf6de3a46c41f8d6f2cf53f016d5e9014a43caaec
                              • Instruction ID: 8382bd56ed780479108865dd877f110b9f728f7f0e046fa6fafba61831502989
                              • Opcode Fuzzy Hash: f73806ea52084d05bb7fa9dbf6de3a46c41f8d6f2cf53f016d5e9014a43caaec
                              • Instruction Fuzzy Hash: 3CF1E470D00259CFEB64CFA8C991BDDBBF1BF49340F1095AAD819AB250EB745A84CF91
                              Function 05654650 Relevance: .2, Instructions: 241COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2254742c6cf652a5074083c2e85d030ad9d9318a41cb00be5f6de79e371fad41
                              • Instruction ID: 1f1cb38a9226623bb7307ca1f29c8923ccb642f628152ecf86318ec340535b14
                              • Opcode Fuzzy Hash: 2254742c6cf652a5074083c2e85d030ad9d9318a41cb00be5f6de79e371fad41
                              • Instruction Fuzzy Hash: 80A1D1B0D45218CFDF14CFA9E984BADBBF2BB49316F1090A9E819A7354DB345986CF40
                              Function 05654640 Relevance: .2, Instructions: 239COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e12d26604418793a229aa4edbef5f33a4c5b50266850302d8053d32b8a833bd
                              • Instruction ID: f5979663e1f106ca98a617fae4472319b40d7983b36e0863390b0bb149678cb1
                              • Opcode Fuzzy Hash: 9e12d26604418793a229aa4edbef5f33a4c5b50266850302d8053d32b8a833bd
                              • Instruction Fuzzy Hash: 35A1D1B0D45218CFDF14CFA9E984BADBBF2BB49316F1091A9E819A7350DB345986CF00
                              Function 06F1B4A0 Relevance: .2, Instructions: 186COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6742e2cc0a2e552f196e975fda9f2e0225b2434ee700c64160b92465253b1abc
                              • Instruction ID: cc71e565f4f1d0d4aec2cdae11b585ab66067be773e2199d7fb1440bae00ac93
                              • Opcode Fuzzy Hash: 6742e2cc0a2e552f196e975fda9f2e0225b2434ee700c64160b92465253b1abc
                              • Instruction Fuzzy Hash: 2F713871D05208CFEB94DFA9D4847AEBBF6FB49340F10906AD419AB394DB349986CF90
                              Function 06F1B497 Relevance: .2, Instructions: 186COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1626b9d79e4b777b2910a5109330d8a8e7cb85d5640e59988a313513d486c47
                              • Instruction ID: 2f42bdc4dbe85cbe1832d4b4de8240244ba1bb385b1cdebbc2c5f4cc20156cf6
                              • Opcode Fuzzy Hash: f1626b9d79e4b777b2910a5109330d8a8e7cb85d5640e59988a313513d486c47
                              • Instruction Fuzzy Hash: 99713971D05208CFEB94DFA9D4847AEBBF6FB49340F10906AD419AB294DB349D86CF90
                              Function 05652A0A Relevance: 3.9, Strings: 3, Instructions: 152COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 132 5652a0a-5652a0e 133 5652ba4-5652c96 132->133 134 56529a3-56529ea call 56518f8 132->134 135 5652a6d-5652aa9 132->135 143 5651b50-5651b59 133->143 134->143 144 56529f0-56529fb 134->144 176 5652aaf call 5655129 135->176 177 5652aaf call 5655138 135->177 142 5652ab5-5652ae6 142->143 145 5652aec-5652af7 142->145 147 5651b62-5651b63 143->147 148 5651b5b 143->148 144->143 145->143 149 56530d8-5653114 147->149 150 5651ab6-5651b38 call 56507c8 148->150 151 5651f60-5651f64 148->151 152 5651a8c-5651aa4 148->152 153 5651aae-5651ab5 148->153 171 565311f-565312a 149->171 150->143 173 5651b3a-5651b45 150->173 151->149 157 5651f6a-5651f8c 151->157 154 5651aa6-5651aac 152->154 155 5651a7a-5651a80 152->155 154->155 161 5651a82 155->161 162 5651a89-5651a8a 155->162 157->143 158 5651f92-5651f9d 157->158 158->143 161->150 161->152 161->153 162->150 162->152 171->143 173->143 176->142 177->142
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "$H~j-$(fS
                              • API String ID: 0-3198160874
                              • Opcode ID: c9d6ed800c4a4a70585a2580d7bf4b78c2960f5189792bf99a32911e62f3edc6
                              • Instruction ID: e806c7553793d1409162d5e4cd1cfbd36510606ac2857e726a78b65652f05b56
                              • Opcode Fuzzy Hash: c9d6ed800c4a4a70585a2580d7bf4b78c2960f5189792bf99a32911e62f3edc6
                              • Instruction Fuzzy Hash: 9B71A474A41218CFDBA4DF29D894BADBBB1FB49310F1081EAD949A7350DB35AE85CF10
                              Function 06F196B0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 178 6f196b0-6f1971f KiUserCallbackDispatcher 179 6f19721-6f19727 178->179 180 6f19728-6f19759 GetSystemMetrics 178->180 179->180 181 6f19762-6f19782 180->181 182 6f1975b-6f19761 180->182 182->181
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000000), ref: 06F1970E
                              • GetSystemMetrics.USER32(00000001), ref: 06F19748
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CallbackDispatcherMetricsSystemUser
                              • String ID:
                              • API String ID: 365337688-0
                              • Opcode ID: 495ca29e2cf0792a945263878923068dc80ea720e87cd8a348f8f658b4a5eb6e
                              • Instruction ID: 2d38fc98627fbcea7b69d6e7a46308f9e91655c5cf00236abcaf2c7ad6a7fc80
                              • Opcode Fuzzy Hash: 495ca29e2cf0792a945263878923068dc80ea720e87cd8a348f8f658b4a5eb6e
                              • Instruction Fuzzy Hash: FC2132B58043498FDB54CF99C5597AEBFF4EF48314F20841AD519AB280C7B96584CFA1
                              Function 05658E9E Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 293 5658e9e-5658ea8 294 5658953-565896e 293->294 295 5658eae-5658eaf 293->295 298 5658979-565898c 294->298 300 565898f call 6f132f8 298->300 301 565898f call 6f132bf 298->301 299 5658991-56589a1 299->293 300->299 301->299
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: *$.
                              • API String ID: 0-3886413389
                              • Opcode ID: e3ed147c208c166698f8fc9413a3a5a3fd0ccd8b3bf379463db5062e0b36fd24
                              • Instruction ID: 5243be691d4dd9d1ede7f31f9c2e592fe6b5cfe93778d0f1b720d87936e5e816
                              • Opcode Fuzzy Hash: e3ed147c208c166698f8fc9413a3a5a3fd0ccd8b3bf379463db5062e0b36fd24
                              • Instruction Fuzzy Hash: 60F0E274A42259CFEB69CF14C844AACF7B1FB8A300F5084DA880EA7650CB305E42CF41
                              Function 056589B2 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 302 56589b2-56589b4 303 56589b6-56589e1 302->303 304 5658982-565898c 302->304 305 5658991-5658ea8 304->305 315 565898f call 6f132f8 304->315 316 565898f call 6f132bf 304->316 308 5658953-565898c 305->308 309 5658eae-5658eaf 305->309 313 565898f call 6f132f8 308->313 314 565898f call 6f132bf 308->314 313->305 314->305 315->305 316->305
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: !$.
                              • API String ID: 0-3958380972
                              • Opcode ID: 0fb1b5512af311ce2c60a141269f96cf6dcc942d0187c83441545163f4194ba0
                              • Instruction ID: f74271d60b6bf6bf4beffbc985f89f27323886edd79cadc1462c923368ba9804
                              • Opcode Fuzzy Hash: 0fb1b5512af311ce2c60a141269f96cf6dcc942d0187c83441545163f4194ba0
                              • Instruction Fuzzy Hash: 9EF0A478A412188BDB54CF54C891BD9FBF1EB49314F24819A9909A7780C7769E83CF40
                              Function 05658936 Relevance: 2.5, Strings: 2, Instructions: 19COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 317 5658936-565893d 318 5658730-5658740 317->318 319 5658943-5658944 317->319 322 5658746 call 565a8e8 318->322 323 5658746 call 565a8f8 318->323 321 565874c-5658766 322->321 323->321
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: 9$>
                              • API String ID: 0-3832740608
                              • Opcode ID: edfdb119350b048bc9141c07e4b669bf88295bd4dc5f0df9100f4eb66054f89e
                              • Instruction ID: 1cd4c04248f7bd8691fda8eb08fb60712b6ba80293714d8e642b9a9153b216bf
                              • Opcode Fuzzy Hash: edfdb119350b048bc9141c07e4b669bf88295bd4dc5f0df9100f4eb66054f89e
                              • Instruction Fuzzy Hash: 3DF0153884222ACFDF20CF10D908BECBBB5AB00311F0081D6880963A80C3781B85CF11
                              Function 06F12270 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 677 6f12270-6f12302 679 6f12304-6f1231b 677->679 680 6f1234b-6f12373 677->680 679->680 685 6f1231d-6f12322 679->685 683 6f12375-6f12389 680->683 684 6f123b9-6f1240f 680->684 683->684 694 6f1238b-6f12390 683->694 692 6f12411-6f12425 684->692 693 6f12455-6f124ea CreateProcessA 684->693 686 6f12345-6f12348 685->686 687 6f12324-6f1232e 685->687 686->680 689 6f12330 687->689 690 6f12332-6f12341 687->690 689->690 690->690 695 6f12343 690->695 692->693 702 6f12427-6f1242c 692->702 709 6f124f3-6f12569 693->709 710 6f124ec-6f124f2 693->710 696 6f123b3-6f123b6 694->696 697 6f12392-6f1239c 694->697 695->686 696->684 699 6f123a0-6f123af 697->699 700 6f1239e 697->700 699->699 703 6f123b1 699->703 700->699 704 6f1244f-6f12452 702->704 705 6f1242e-6f12438 702->705 703->696 704->693 707 6f1243a 705->707 708 6f1243c-6f1244b 705->708 707->708 708->708 711 6f1244d 708->711 716 6f12579-6f1257d 709->716 717 6f1256b-6f1256f 709->717 710->709 711->704 719 6f1258d-6f12591 716->719 720 6f1257f-6f12583 716->720 717->716 718 6f12571 717->718 718->716 722 6f125a1 719->722 723 6f12593-6f12597 719->723 720->719 721 6f12585 720->721 721->719 725 6f125a2 722->725 723->722 724 6f12599 723->724 724->722 725->725
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F124D7
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 863fb420d8c47c4e526155588b714d76e4b650eb31cc0e77d60363e603c4288f
                              • Instruction ID: 475938cce6ea90ee73091c9e9550501332e48f1c5dd83a2a39513e3cc8a5c492
                              • Opcode Fuzzy Hash: 863fb420d8c47c4e526155588b714d76e4b650eb31cc0e77d60363e603c4288f
                              • Instruction Fuzzy Hash: 8CA103B0D00219CFDF50CFA9C8857EEBBB1BF49350F109169E859AB240DB749A85CF85
                              Function 06F12264 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 628 6f12264-6f12302 630 6f12304-6f1231b 628->630 631 6f1234b-6f12373 628->631 630->631 636 6f1231d-6f12322 630->636 634 6f12375-6f12389 631->634 635 6f123b9-6f1240f 631->635 634->635 645 6f1238b-6f12390 634->645 643 6f12411-6f12425 635->643 644 6f12455-6f124ea CreateProcessA 635->644 637 6f12345-6f12348 636->637 638 6f12324-6f1232e 636->638 637->631 640 6f12330 638->640 641 6f12332-6f12341 638->641 640->641 641->641 646 6f12343 641->646 643->644 653 6f12427-6f1242c 643->653 660 6f124f3-6f12569 644->660 661 6f124ec-6f124f2 644->661 647 6f123b3-6f123b6 645->647 648 6f12392-6f1239c 645->648 646->637 647->635 650 6f123a0-6f123af 648->650 651 6f1239e 648->651 650->650 654 6f123b1 650->654 651->650 655 6f1244f-6f12452 653->655 656 6f1242e-6f12438 653->656 654->647 655->644 658 6f1243a 656->658 659 6f1243c-6f1244b 656->659 658->659 659->659 662 6f1244d 659->662 667 6f12579-6f1257d 660->667 668 6f1256b-6f1256f 660->668 661->660 662->655 670 6f1258d-6f12591 667->670 671 6f1257f-6f12583 667->671 668->667 669 6f12571 668->669 669->667 673 6f125a1 670->673 674 6f12593-6f12597 670->674 671->670 672 6f12585 671->672 672->670 676 6f125a2 673->676 674->673 675 6f12599 674->675 675->673 676->676
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F124D7
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 071248699ecaccd02d0a59ca0b090e0a4179a2f315c058c07e4045436cbfb0e8
                              • Instruction ID: 252de9acd684c49d7f40b27bf2a2addc43e9e41dc47883745c78f9ee8aa78ad3
                              • Opcode Fuzzy Hash: 071248699ecaccd02d0a59ca0b090e0a4179a2f315c058c07e4045436cbfb0e8
                              • Instruction Fuzzy Hash: 60A113B0D00219CFDF50CFA9C8857EEBBB1BF49350F10916AE859AB240DB748A85CF85
                              Function 06F13EA3 Relevance: 1.7, APIs: 1, Instructions: 155fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1102 6f13ea3-6f13f19 1104 6f13f1b-6f13f2f 1102->1104 1105 6f13f5f-6f13ffc CreateFileA 1102->1105 1104->1105 1108 6f13f31-6f13f36 1104->1108 1112 6f14005-6f14068 1105->1112 1113 6f13ffe-6f14004 1105->1113 1110 6f13f59-6f13f5c 1108->1110 1111 6f13f38-6f13f42 1108->1111 1110->1105 1114 6f13f44 1111->1114 1115 6f13f46-6f13f55 1111->1115 1121 6f14078 1112->1121 1122 6f1406a-6f1406e 1112->1122 1113->1112 1114->1115 1115->1115 1116 6f13f57 1115->1116 1116->1110 1124 6f14079 1121->1124 1122->1121 1123 6f14070 1122->1123 1123->1121 1124->1124
                              APIs
                              • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 06F13FEC
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 4a4d8a9b17e39f6ba2e732eefe9c1b85cc234ed399fbf4de710f8325cf7f500e
                              • Instruction ID: 0937b0c92f855c850dc3bfe5169803c178ec1e0f5602b5ae72ef2cdb5db09347
                              • Opcode Fuzzy Hash: 4a4d8a9b17e39f6ba2e732eefe9c1b85cc234ed399fbf4de710f8325cf7f500e
                              • Instruction Fuzzy Hash: EA51E0B5D00219DFDF14CFA9D884BAEBBB1BF59300F20A129E828BB240D7759945CF54
                              Function 06F13EA8 Relevance: 1.7, APIs: 1, Instructions: 153fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1125 6f13ea8-6f13f19 1127 6f13f1b-6f13f2f 1125->1127 1128 6f13f5f-6f13ffc CreateFileA 1125->1128 1127->1128 1131 6f13f31-6f13f36 1127->1131 1135 6f14005-6f14068 1128->1135 1136 6f13ffe-6f14004 1128->1136 1133 6f13f59-6f13f5c 1131->1133 1134 6f13f38-6f13f42 1131->1134 1133->1128 1137 6f13f44 1134->1137 1138 6f13f46-6f13f55 1134->1138 1144 6f14078 1135->1144 1145 6f1406a-6f1406e 1135->1145 1136->1135 1137->1138 1138->1138 1139 6f13f57 1138->1139 1139->1133 1147 6f14079 1144->1147 1145->1144 1146 6f14070 1145->1146 1146->1144 1147->1147
                              APIs
                              • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 06F13FEC
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 0a2938f7242b42d2ed67b51b3b9f07f633be70d52c54579f66ffd7d58d687104
                              • Instruction ID: de9e4270201c681c610fea16e71b1999b1dc7bf8fc1ef5d34d6117131fd7c63b
                              • Opcode Fuzzy Hash: 0a2938f7242b42d2ed67b51b3b9f07f633be70d52c54579f66ffd7d58d687104
                              • Instruction Fuzzy Hash: 5E51CEB5D00219DFDF14CFA9D884B9EBBB1BB59310F20A129E828AB240DB759945CF54
                              Function 06F140F3 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                              Download Yara Rule
                              APIs
                              • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 06F1422E
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateFileMapping
                              • String ID:
                              • API String ID: 524692379-0
                              • Opcode ID: 1db259583ce9e8e485e3a3d73e655ab78a9c8f49717f552a4e16992df658e15b
                              • Instruction ID: 2996491f8dbbeacee8f108067923d547d00f7ac224724a3a36891fea6c3d2bf2
                              • Opcode Fuzzy Hash: 1db259583ce9e8e485e3a3d73e655ab78a9c8f49717f552a4e16992df658e15b
                              • Instruction Fuzzy Hash: F051DDB4D00258CFDF50CFA9C885AAEBBF1BF49310F209129E818BB240DB749985CF94
                              Function 06F140F8 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                              Download Yara Rule
                              APIs
                              • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 06F1422E
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateFileMapping
                              • String ID:
                              • API String ID: 524692379-0
                              • Opcode ID: baa8c9fa28fd779948f161bb93ef272ae33d6dea5810389b20f96f978fc26cef
                              • Instruction ID: 3fd3ad6baa88943aa7d51e6ffe605ab6fe7c33dd17f41698b01567a9e6e5be45
                              • Opcode Fuzzy Hash: baa8c9fa28fd779948f161bb93ef272ae33d6dea5810389b20f96f978fc26cef
                              • Instruction Fuzzy Hash: E951CDB4D003599FDF54CFA9C885AAEBBF1BF49310F209129E818BB240DB749995CF94
                              Function 06F12F1A Relevance: 1.6, APIs: 1, Instructions: 141injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F13030
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: f532a7dace92146630458e45563e50542bbce9b394e842b6887cdf0c7b4db0a0
                              • Instruction ID: 7371a66b707f5e1bcc2c6699166f07c86c76e50fbacb65a7ac7ba647d3a25041
                              • Opcode Fuzzy Hash: f532a7dace92146630458e45563e50542bbce9b394e842b6887cdf0c7b4db0a0
                              • Instruction Fuzzy Hash: C25100B5D01289CFDF04DFA9D984AEEBBF1BF09310F14902AE814BB250D7759A45CB54
                              Function 06F142F0 Relevance: 1.6, APIs: 1, Instructions: 123fileCOMMON
                              Download Yara Rule
                              APIs
                              • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 06F143E2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: FileView
                              • String ID:
                              • API String ID: 3314676101-0
                              • Opcode ID: c60567a43e754304229b2453561edc9985c306c2a9951849a6dc83a20408e414
                              • Instruction ID: de818e69074457b5148e453af0b6ab6cef98d6071d86697f7054a2c6f8cd6804
                              • Opcode Fuzzy Hash: c60567a43e754304229b2453561edc9985c306c2a9951849a6dc83a20408e414
                              • Instruction Fuzzy Hash: 5041FBB5D04288DFCF14CFA9D881AAEFBB1BF49310F10942AE814BB240C731A946CF64
                              Function 06F142FF Relevance: 1.6, APIs: 1, Instructions: 120fileCOMMON
                              Download Yara Rule
                              APIs
                              • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 06F143E2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: FileView
                              • String ID:
                              • API String ID: 3314676101-0
                              • Opcode ID: 3cddaf814fd50ed4f91c77ea7e8eebd1e4b8a14ebf0fb1c0cc76a149a640b503
                              • Instruction ID: a953fb7143511ff7f9f65ffeb0bbd8e7f12293907ac04bda098e54fd4b081a21
                              • Opcode Fuzzy Hash: 3cddaf814fd50ed4f91c77ea7e8eebd1e4b8a14ebf0fb1c0cc76a149a640b503
                              • Instruction Fuzzy Hash: D941DEB5D04298DFCF10CFA9D981AAEFBB1BF49310F14942AE814BB250C735A946CF65
                              Function 06F12F60 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F13030
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 0b9df3765a26dd6145eb0babcaa9f024695ef9c188ef5c1a498ac7ef5a1e7fcb
                              • Instruction ID: ff5f9dbaf922b9aad26cac5cf19feae649fd6328dd231d321591d1957fcfc756
                              • Opcode Fuzzy Hash: 0b9df3765a26dd6145eb0babcaa9f024695ef9c188ef5c1a498ac7ef5a1e7fcb
                              • Instruction Fuzzy Hash: 01419AB5D012589FDF00CFA9D984AEEBBF1BB49314F14902AE414BB200D775AA45CB54
                              Function 06F12CA0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F12D4A
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 755d577bee0dafe376f2a741164ca9530f7e50c08341457bdd32408a7e172b73
                              • Instruction ID: 0708761baf32302c7344493bb307d8e93bbdef822920d7119aad3a00c3e4d4c7
                              • Opcode Fuzzy Hash: 755d577bee0dafe376f2a741164ca9530f7e50c08341457bdd32408a7e172b73
                              • Instruction Fuzzy Hash: EA31A8B9D00258DFDF10CFA9D980A9EFBB1BF49310F10A42AE814BB210D775A941CF58
                              Function 06F14338 Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
                              Download Yara Rule
                              APIs
                              • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 06F143E2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: FileView
                              • String ID:
                              • API String ID: 3314676101-0
                              • Opcode ID: 964c3106df2b8855ba3f5d24468b708b5113326e99d307478a6fcaac3b2bf8d3
                              • Instruction ID: 72b5a02d1fdf7d2a7604c83675ce64d6f0a6bdf88a01b21304632d9ba91bdea0
                              • Opcode Fuzzy Hash: 964c3106df2b8855ba3f5d24468b708b5113326e99d307478a6fcaac3b2bf8d3
                              • Instruction Fuzzy Hash: 3431A8B9D04259DFDF10CFA9D980A9EFBB1BF49310F10A42AE814BB200D775A901CF58
                              Function 06F12C9F Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F12D4A
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: a88d6e268a7c3a3f452cbccb9669e2feb90e51d00adcc919402cbefc2f056785
                              • Instruction ID: ae54013cfa08fd0aadc843903051686661d698cf8a2db47171b5b4ce78e3f142
                              • Opcode Fuzzy Hash: a88d6e268a7c3a3f452cbccb9669e2feb90e51d00adcc919402cbefc2f056785
                              • Instruction Fuzzy Hash: 9831A6B9D00258DFDF10CFA9D980AAEFBB1BF49310F10A42AE814BB210D735A941CF58
                              Function 06F139A8 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                              Download Yara Rule
                              APIs
                              • K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 06F13A4C
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: InformationModule
                              • String ID:
                              • API String ID: 3425974696-0
                              • Opcode ID: b62a9d0afd16b5b0488af9e2810446dc1c5ceff0b9f19c43c67f2530cc5f947e
                              • Instruction ID: 20b5726936a8d94a369eecfed7a069baae8dbaa39ddb9738a57bb1f9b5baf15b
                              • Opcode Fuzzy Hash: b62a9d0afd16b5b0488af9e2810446dc1c5ceff0b9f19c43c67f2530cc5f947e
                              • Instruction Fuzzy Hash: FE3198B9D042589FDF10CFAAD884AAEFBB1AB49310F14942AE814B7210D775A945CF54
                              Function 06F139A0 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule
                              APIs
                              • K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 06F13A4C
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: InformationModule
                              • String ID:
                              • API String ID: 3425974696-0
                              • Opcode ID: da11b82f0fdbea1a3a026fe424ea10a473069a74db8e3a5b4979eed2ab817c7d
                              • Instruction ID: 26ad509c4966f4af07523a0e9d8ec968eaed7136f327a6f2decb8821b832ab0b
                              • Opcode Fuzzy Hash: da11b82f0fdbea1a3a026fe424ea10a473069a74db8e3a5b4979eed2ab817c7d
                              • Instruction Fuzzy Hash: DF31A8B9D01259DFDF10CFA9D984AEEFBB1BB48310F14942AE814B7200D778AA45CF54
                              Function 06F12620 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 06F126CF
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 812aecef68d7ca993edcbd071cc3b2ed552cd699d5960d8d778b826d47059c9d
                              • Instruction ID: da48a0a86dee8a101fd390c957cdea5b7c7351ccf37805fd2370b3b93f9a6018
                              • Opcode Fuzzy Hash: 812aecef68d7ca993edcbd071cc3b2ed552cd699d5960d8d778b826d47059c9d
                              • Instruction Fuzzy Hash: 2731BBB5D01258DFDB14CFA9D884AEEBBF1BF49310F14902AE414BB240D778AA85CF94
                              Function 06F12618 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 06F126CF
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 32570793f4ac0e3e58a81986b65aa4e4955c69ddac071af098af2e6e5dec356c
                              • Instruction ID: 3ef442f28630f97ef43a767a17aaa92771c646573c536b702296030c7077d19e
                              • Opcode Fuzzy Hash: 32570793f4ac0e3e58a81986b65aa4e4955c69ddac071af098af2e6e5dec356c
                              • Instruction Fuzzy Hash: 2B41CBB5D01259DFDB14CFA9D984AEEBBF1BF48310F14802AE418BB240C778AA85CF54
                              Function 06F132BF Relevance: 1.6, APIs: 1, Instructions: 90threadCOMMON
                              Download Yara Rule
                              APIs
                              • ResumeThread.KERNELBASE(?), ref: 06F13376
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 7ee58324ffb5b746186a42dfa2a0812cef5abd962d432217b62cd59038491a48
                              • Instruction ID: 293922533a76e1c2f68f8ac82ec8304363394aa41302fe0acea5279745d123ad
                              • Opcode Fuzzy Hash: 7ee58324ffb5b746186a42dfa2a0812cef5abd962d432217b62cd59038491a48
                              • Instruction Fuzzy Hash: 5E311DB5C012589FDF14CFA9D982AEEFBB1BF49310F14842AE814B7210CB35A905CF98
                              Function 06F11E68 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 06F11EE6
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 1b966efc5ae99f442ee7d21ce96e63de353157251b2bd0ae00c69edd4e0a50d3
                              • Instruction ID: 475118e7fb8cd69a9e8fc25f19193cc9ed02d61bf32aea5155e36e5676cf787f
                              • Opcode Fuzzy Hash: 1b966efc5ae99f442ee7d21ce96e63de353157251b2bd0ae00c69edd4e0a50d3
                              • Instruction Fuzzy Hash: 3631ECB5C01259DFDF14CFAAD884AEEFBB0AF48310F14942AE414B7200C779A901CFA8
                              Function 06F11E67 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 06F11EE6
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: fe8ce6bfadbe0844e23e5e5166d2d2663ea41f415160b227bd0ea63ebb97e87d
                              • Instruction ID: c2ec4bb9239ab4f1e0e598f35685e47b0267bedbc1dab570123d8af31bc88a64
                              • Opcode Fuzzy Hash: fe8ce6bfadbe0844e23e5e5166d2d2663ea41f415160b227bd0ea63ebb97e87d
                              • Instruction Fuzzy Hash: 3D31EAB5C01219DFDF14CFA9D985AEEFBB0AF48310F14942AE414B7200C778AA01CFA8
                              Function 06F132F8 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                              Download Yara Rule
                              APIs
                              • ResumeThread.KERNELBASE(?), ref: 06F13376
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 48727444e778b5e0c8c44135e4299fea7c16459207b621713d23fb4de5b4a5e5
                              • Instruction ID: 9fad35f650fe724d16993853be93b57fde3676808d295e623ea83fd3bb5e771a
                              • Opcode Fuzzy Hash: 48727444e778b5e0c8c44135e4299fea7c16459207b621713d23fb4de5b4a5e5
                              • Instruction Fuzzy Hash: A531CCB5D012189FDF14CFAAD881AAEFBB4BF49310F10942AE414B7300CB75A901CF98
                              Function 05652921 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "
                              • API String ID: 0-123907689
                              • Opcode ID: 3ebb4cc0fe76a5ec6a5d551226b4f09a56671d436b0c97aa64f74c01a14a40a0
                              • Instruction ID: 52abbb3ba84f204f94e251ae703e966caa772d7d126ef261fd7918c3373351bf
                              • Opcode Fuzzy Hash: 3ebb4cc0fe76a5ec6a5d551226b4f09a56671d436b0c97aa64f74c01a14a40a0
                              • Instruction Fuzzy Hash: 8561B574A01219CFDBA4DF68D898B9DBBB1FB49310F1085AAC94DA3354DB345E85CF60
                              Function 05651A00 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "
                              • API String ID: 0-123907689
                              • Opcode ID: 3d9141442ac7bc48dcf71865e1b97eb8c9848ba01a6018e2b3275e2b651aff14
                              • Instruction ID: e399e5f6f52a2b57435422802abeea402c84d4ccd080ec302b1bb52b18837e0f
                              • Opcode Fuzzy Hash: 3d9141442ac7bc48dcf71865e1b97eb8c9848ba01a6018e2b3275e2b651aff14
                              • Instruction Fuzzy Hash: 4D410871E45218CFDB64CF6AD8487ADBBF6FB89310F1081A9D949A3254DB345E85CF10
                              Function 05651F60 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "
                              • API String ID: 0-123907689
                              • Opcode ID: 48cc1b5afe688ed2b3d3b8509408b61d6adeeb2a60377e89a9eb1e842df46a7d
                              • Instruction ID: b32d559941487be1317af25fc52a0ded292f16e202e932a54a6d9346af824398
                              • Opcode Fuzzy Hash: 48cc1b5afe688ed2b3d3b8509408b61d6adeeb2a60377e89a9eb1e842df46a7d
                              • Instruction Fuzzy Hash: 7141F874E41218CFEB64CF69D898BADBBF1FB89310F6080A9D949A3254DB345E85CF14
                              Function 06EB65B1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: W
                              • API String ID: 0-655174618
                              • Opcode ID: 2f35c9a1c99ac646b4ed483db17beb5534de8d6fe5829185c8e12899d9e6fb0b
                              • Instruction ID: ef95fcffc2402a334bd33f119a262e7c13e7474d1c3f402be3ae97180b27faa0
                              • Opcode Fuzzy Hash: 2f35c9a1c99ac646b4ed483db17beb5534de8d6fe5829185c8e12899d9e6fb0b
                              • Instruction Fuzzy Hash: EE313474E01209DFDB09DFA9D8546EEBFB2BF88300F14806AE815A7365DB745945CF90
                              Function 056530D7 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: "
                              • API String ID: 0-123907689
                              • Opcode ID: 7eaa726b5ed1c297e6239e155d7909f618a935f31448d5a75807162b75e6bc12
                              • Instruction ID: aa126317bffe3818d3070d24f4b22b1328593f99864acf16104ea9d6605911d5
                              • Opcode Fuzzy Hash: 7eaa726b5ed1c297e6239e155d7909f618a935f31448d5a75807162b75e6bc12
                              • Instruction Fuzzy Hash: B5311874D01218CFDB64DF69D888BADBBB1FB89310F2080AAD949E3254DB345E85CF10
                              Function 05658B89 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: '
                              • API String ID: 0-1997036262
                              • Opcode ID: 81dc1857d368f750262b89dd6a10c113f9a9e6ff3adabf1b73850ad15db4afaa
                              • Instruction ID: f9ddaaf5225608fd5a26a9f998f13a6046bce45104a62d59d74c75f14d512a82
                              • Opcode Fuzzy Hash: 81dc1857d368f750262b89dd6a10c113f9a9e6ff3adabf1b73850ad15db4afaa
                              • Instruction Fuzzy Hash: 8B01AB75941269CFDB20CF14D989BEDBBB1BB09319F1484E6EA0DA3640C7399E91CF40
                              Function 05658C69 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: E
                              • API String ID: 0-3568589458
                              • Opcode ID: 89572ceac33f5610f901044b9a3bf3cd3fdbeb41a27e01926739f6731749bad8
                              • Instruction ID: 67069dbcb356262a6ae60b5cb04c1b89ec861aa00c86c3cfdcd9eb6cbfd3cb03
                              • Opcode Fuzzy Hash: 89572ceac33f5610f901044b9a3bf3cd3fdbeb41a27e01926739f6731749bad8
                              • Instruction Fuzzy Hash: 5BF0A575845218DFDF318F60D908BDDBBB2BB04311F104199E909236A0C3790A85DF10
                              Function 05658DFB Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: B
                              • API String ID: 0-1255198513
                              • Opcode ID: 4ffe32a6fd9c03815c59ccdd58d367ac9eb352f979623676a05ff24f7b7e11ed
                              • Instruction ID: 56cdb814866e9a767ba72a12fdb91bb67883d5f938151cab4c8a4a5fbe0d5897
                              • Opcode Fuzzy Hash: 4ffe32a6fd9c03815c59ccdd58d367ac9eb352f979623676a05ff24f7b7e11ed
                              • Instruction Fuzzy Hash: 06F0F23180065BDBDF229F54C800AEAB776FF94300F108685AA5923610DB31AB959F80
                              Function 05658953 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: 2fc8496a2a58dfb25ff9ee9a376ddee2776a6a8ed803a144b75f46c787995c94
                              • Instruction ID: 75d84c144b7ddca7a3c95083fe1a4d2036963ae2307a8256b6127589c571a85a
                              • Opcode Fuzzy Hash: 2fc8496a2a58dfb25ff9ee9a376ddee2776a6a8ed803a144b75f46c787995c94
                              • Instruction Fuzzy Hash: CEF09274A422598FEB69DF54C854ADCF7B1FB8A300F5084DA880DA7350CB31AE86CF41
                              Function 0565888F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: b0ff1f5df2dc378aa370bea97dc7fdebbad15fb8f04a7d50c84d472b3bd75f31
                              • Instruction ID: 1737ba1fa21468a6b1cf01ab6ba5dd1836dc5fde04c2829dc5948c76a1c63605
                              • Opcode Fuzzy Hash: b0ff1f5df2dc378aa370bea97dc7fdebbad15fb8f04a7d50c84d472b3bd75f31
                              • Instruction Fuzzy Hash: 8FE099789801188BCB54CB54C881A98B7F1AB8A300F10C19A8809A7750C235AE82CF80
                              Function 05658731 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: >
                              • API String ID: 0-325317158
                              • Opcode ID: 5c1c6cc26598b23ec9162075a3df15b1d3100389a067a612d8cf299c4758f0b8
                              • Instruction ID: 8b06f5613c09966400a1cc004bf1dbce3c87dd22bef53aa278c5c5af3ade1331
                              • Opcode Fuzzy Hash: 5c1c6cc26598b23ec9162075a3df15b1d3100389a067a612d8cf299c4758f0b8
                              • Instruction Fuzzy Hash: 84E0B63980526ACFDB20CF10D948FECBBF5AB14301F0081E6980963690D7785F85DF50
                              Function 05651E87 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: $
                              • API String ID: 0-3993045852
                              • Opcode ID: cb797fa5fc603658285c6332ccb7bc79758216b4d2902dc0db8bdb4c598ac1e5
                              • Instruction ID: 0d439271e444cf8e67288b3286976c50d29c366f2b220a0357d60ae2b5dfb573
                              • Opcode Fuzzy Hash: cb797fa5fc603658285c6332ccb7bc79758216b4d2902dc0db8bdb4c598ac1e5
                              • Instruction Fuzzy Hash: FAD05E748040158FD710DF21D4143A9BFB1EB66300F00C096C985A7244DB781A41CF60
                              Function 03143921 Relevance: 1.3, Strings: 1, Instructions: 6COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: jjjjjj
                              • API String ID: 0-3900813449
                              • Opcode ID: 6c50a25c222d0a545e4d2cb91669b8592d689498b7166a52164f63377177453d
                              • Instruction ID: 0d650bb5c17a9b4802df93bfd363389cad3e71109792343f1a36abb5eff95837
                              • Opcode Fuzzy Hash: 6c50a25c222d0a545e4d2cb91669b8592d689498b7166a52164f63377177453d
                              • Instruction Fuzzy Hash: 62B09230108240CE8B1ACA00C1804247370FF8124136581AEC0130E016C734C4C3DA02
                              Function 06EB43EC Relevance: 1.3, Strings: 1, Instructions: 5COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: !
                              • API String ID: 0-2657877971
                              • Opcode ID: 7ed5148d3cdb2e9b34a599f814c5d2fb5609930694322924ed573c67d39d9a7f
                              • Instruction ID: ee8c93413650e787cf3aac10d6931969bc49a87bd6841d907196aa4c96c09cea
                              • Opcode Fuzzy Hash: 7ed5148d3cdb2e9b34a599f814c5d2fb5609930694322924ed573c67d39d9a7f
                              • Instruction Fuzzy Hash: 0BB092304082248BDB589B90D8087EB7A75EB05216F002184980A66150CF70A9C4CE01
                              Function 06E83020 Relevance: .7, Instructions: 677COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67f8f87fd9abdb3435c4c9bf622f01059c4a00d45d89a2fd34306f85b6a20e37
                              • Instruction ID: 84f5091fe9f5f9f61e9ff41b90892de9c33f97ce1a774607614cea5243a6653c
                              • Opcode Fuzzy Hash: 67f8f87fd9abdb3435c4c9bf622f01059c4a00d45d89a2fd34306f85b6a20e37
                              • Instruction Fuzzy Hash: 53520775A002288FDB68DB68C985BDDBBF6BF88700F1540D9E90DAB351DA709D81CF61
                              Function 06EBE7E0 Relevance: .5, Instructions: 534COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d068c7f5d556730631a57417eff73bec334b40ecc78ea978f5c07ce4dd06aa9
                              • Instruction ID: 660d50ae26d23bf927e11ba47dbf34f43aa3230ee88f344175b5a4f260e5d9d3
                              • Opcode Fuzzy Hash: 1d068c7f5d556730631a57417eff73bec334b40ecc78ea978f5c07ce4dd06aa9
                              • Instruction Fuzzy Hash: 47227F35B002049FDB54DFA8D494AEEBBB6FF88354F149469E905AB3A5CB71EC40CB90
                              Function 06E80488 Relevance: .4, Instructions: 440COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5b775bedf46b960e2ad14bb48b8149d32fabb5925174826de430e2598fec9195
                              • Instruction ID: 55072ceb40608b9bc22c8c9297b4a389a173702b96cc4d8fbb14e9fb119869d2
                              • Opcode Fuzzy Hash: 5b775bedf46b960e2ad14bb48b8149d32fabb5925174826de430e2598fec9195
                              • Instruction Fuzzy Hash: B0026E30A00305CFDB65EFA5C8946AEBBF6FF88300F109529D90A9B365DB75AC49CB50
                              Function 06E82148 Relevance: .4, Instructions: 370COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e13f74d98e0aa759e6bb66f9ff8b9703bd347298de8e0fc21bc57f897393176b
                              • Instruction ID: e5d4d556eb13b16508ddb3a8c43c5387b9193138787cff440ea74721a3b69335
                              • Opcode Fuzzy Hash: e13f74d98e0aa759e6bb66f9ff8b9703bd347298de8e0fc21bc57f897393176b
                              • Instruction Fuzzy Hash: 90F1FF34B10219CFCB44EFA4D898A9DB7B2FF89310F519154E90AAB3A5DB71ED42CB50
                              Function 06EBF7F8 Relevance: .3, Instructions: 301COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: deb2f7684d11568f18610c28e8ee53dcaeef4c8090d138a881912664f89f8ead
                              • Instruction ID: bdb6754517c465088bd7ec846a31a451e7c9a6a5bea48ca394439a06f5482a7a
                              • Opcode Fuzzy Hash: deb2f7684d11568f18610c28e8ee53dcaeef4c8090d138a881912664f89f8ead
                              • Instruction Fuzzy Hash: 90A1CE357002058FEB59DF68D894AAE7BA6FFC8744B14456AE905CB391CF35DC02CB91
                              Function 0565987A Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8dad1da677f88d8a569346b9d22b1fec4e0364f07ad5a8d0784a1359d0579910
                              • Instruction ID: af609ffe25f9b720cb826d7e153e73df13a38c284e71bbdaaf3dcf117ba47197
                              • Opcode Fuzzy Hash: 8dad1da677f88d8a569346b9d22b1fec4e0364f07ad5a8d0784a1359d0579910
                              • Instruction Fuzzy Hash: 71D158B5D45229CFDB61CF68C884BD9BBF1BB49314F1081EAD90DA7250EB70AA85CF50
                              Function 056598D3 Relevance: .2, Instructions: 234COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0066257a0cf140e68f4256c37c643e20af0538343fcab2b64d0e4b9a33214d41
                              • Instruction ID: e063b2dee1415a0b31407bee60abc0e2f49ba1b28759b82baf88aa7bb15f4da3
                              • Opcode Fuzzy Hash: 0066257a0cf140e68f4256c37c643e20af0538343fcab2b64d0e4b9a33214d41
                              • Instruction Fuzzy Hash: FDC18AB5D45229CBDB61CF69C884BD9BBF2BB49310F1081EAD90DA7250EB706E85CF50
                              Function 06E82138 Relevance: .2, Instructions: 223COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1e64e5b6f5e6ccc9cf9683e98085d705fbe75759a01a0940d52a30cd2719edbf
                              • Instruction ID: 5eedb110e37ec20bbe63e0d36e67425300c87c2c8d6163aea6b39c867e14c321
                              • Opcode Fuzzy Hash: 1e64e5b6f5e6ccc9cf9683e98085d705fbe75759a01a0940d52a30cd2719edbf
                              • Instruction Fuzzy Hash: B7A11234A10218CFCB44EFA4D89899DBBB6FF89310F519154E91AAB364DF30ED46CB90
                              Function 06EBA698 Relevance: .2, Instructions: 217COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68d6a8a1af6e2bf7a8ecaddc350ab09c2cba9d818fdb0ed2bf3ca52359636057
                              • Instruction ID: 0b854c3c32353f6d1299165606b4e01ca210b53b5f2eaede2aef85ac59b48f88
                              • Opcode Fuzzy Hash: 68d6a8a1af6e2bf7a8ecaddc350ab09c2cba9d818fdb0ed2bf3ca52359636057
                              • Instruction Fuzzy Hash: 39817A35A113149FEB14CF68E459AEEBBBAFF88201F149069E811A7390DB75DD01CB90
                              Function 03142C88 Relevance: .2, Instructions: 210COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46d38e1d2866ca4be6351af54eec00d211cb2f22355590f65949b2dab1f39d1e
                              • Instruction ID: 1023f99623e4d83fd4ba4657635feaf924208c297351be19fa601957947962c9
                              • Opcode Fuzzy Hash: 46d38e1d2866ca4be6351af54eec00d211cb2f22355590f65949b2dab1f39d1e
                              • Instruction Fuzzy Hash: 57814935A00609DFCB18CF69C484AAAB7F5FF4C310F55896AE8069B750D735E9C2CB51
                              Function 06EBFCC8 Relevance: .2, Instructions: 208COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 92f8105a5f70ccb326bacae448da3d6132458805b4300e84b1dd54f6d46ed72a
                              • Instruction ID: edb0f083cd68d9d03ba6de7e388a58f40d5e60e81beb979451e7026b390babfe
                              • Opcode Fuzzy Hash: 92f8105a5f70ccb326bacae448da3d6132458805b4300e84b1dd54f6d46ed72a
                              • Instruction Fuzzy Hash: F2811735A00218CFCB54DF68C984A9EBBF5BF88354B15A569E9169B321DB30ED42CF90
                              Function 03143521 Relevance: .2, Instructions: 207COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9f347ec83d74424772317cb648aed1dfaed4f987281b9ba96be15b239aa1e26a
                              • Instruction ID: 76a576b841abe4bf1f4a2460400b996d9e4724d8d82f2006c1b71a34c47556bd
                              • Opcode Fuzzy Hash: 9f347ec83d74424772317cb648aed1dfaed4f987281b9ba96be15b239aa1e26a
                              • Instruction Fuzzy Hash: C9613638B04204CFD71DD678981472ABAA6BBCE310F2549AAD526CF3D1CF71DC6187A1
                              Function 06EB8F60 Relevance: .2, Instructions: 178COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 524fa0187ca4a88833288402fc89d44724c3d815cb641d24425e8d6b63df6d12
                              • Instruction ID: bd5f646428778c8f0d33adbcf93110dc7fc8e156a0348a96141425c42b83c55a
                              • Opcode Fuzzy Hash: 524fa0187ca4a88833288402fc89d44724c3d815cb641d24425e8d6b63df6d12
                              • Instruction Fuzzy Hash: 7C515E76600204DFDB4A9FA8D814D6ABFB7FF89310B5980A5E2098B372DA32DC11DB51
                              Function 05655DCB Relevance: .2, Instructions: 177COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d41454bb7dc908c9c789e1f5b218ad8a3955659cde74a5d90c29c7989d996d8
                              • Instruction ID: 971f65573521b3413ce69eed835c241f08bbfcb2923574e02544889a959be42e
                              • Opcode Fuzzy Hash: 7d41454bb7dc908c9c789e1f5b218ad8a3955659cde74a5d90c29c7989d996d8
                              • Instruction Fuzzy Hash: 88811574E10208CFDB94DFA8E889BADBBB6FB5A310F105169D91AA7354CB346D85CF10
                              Function 05654C40 Relevance: .2, Instructions: 175COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a20daaaab02c2d3832a37f4a61c3be90c7944a2c58f75486e239de9f46ec4e77
                              • Instruction ID: 43f72c6a2e26bde05967923f6dfb228f0df7913ac96cc263ff2dd1a27fc62310
                              • Opcode Fuzzy Hash: a20daaaab02c2d3832a37f4a61c3be90c7944a2c58f75486e239de9f46ec4e77
                              • Instruction Fuzzy Hash: 5E7101B0D45218CFDF14CFA9D848BADBBF2BB89311F10916AD809A7395DB785886CF00
                              Function 05654C31 Relevance: .2, Instructions: 174COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f9543b067f500163f0da046e6e30b4d5387fd7080241fad7d97051c6c1b483d
                              • Instruction ID: ccdf8206437bedce309ef1f00e10ad51a11255a8017b0fd1384279d6d9e16c7f
                              • Opcode Fuzzy Hash: 4f9543b067f500163f0da046e6e30b4d5387fd7080241fad7d97051c6c1b483d
                              • Instruction Fuzzy Hash: C971F1B0D45218CFDF14CFA9D844BADBBF2BB89311F109169D809A7394DB785986CF00
                              Function 06EBD240 Relevance: .2, Instructions: 173COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5655724a128ededff8eaa3a28d22c20d6b901a77f9ac00f04cedd9c26c4094a0
                              • Instruction ID: 3732dbce811ea29e2524dc982bc0aa14d4695d43be0c46b7ded71f02bc94471d
                              • Opcode Fuzzy Hash: 5655724a128ededff8eaa3a28d22c20d6b901a77f9ac00f04cedd9c26c4094a0
                              • Instruction Fuzzy Hash: 0751AD347003008FE759AF78C8586AEBBBAAFC9244B50446DD9469B3A4CF75EC06CB91
                              Function 05654EA9 Relevance: .2, Instructions: 165COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 779c2e9455386a4a8d527c5a46ec49c4de2d5352eba8f3a7728fb143bf747c7f
                              • Instruction ID: 0c88cd4e12f6aa6dbc82c59bb3081f0137a7bfb1ca8006c08f5e09bf67eefbd7
                              • Opcode Fuzzy Hash: 779c2e9455386a4a8d527c5a46ec49c4de2d5352eba8f3a7728fb143bf747c7f
                              • Instruction Fuzzy Hash: 8661E2B0D45218CFDF14CFA9D844BADBBF2BB89311F1051A9D809A7395DB745986CF00
                              Function 05655AB8 Relevance: .2, Instructions: 165COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c60d3ad1f3259a44a0741586ed4c17e93a5a68403b118fd125d1af676d34acf
                              • Instruction ID: 1402374d2dcc52d33257639d96645dc1bf9b9b9aa14d2a91aaa0bb2652248b96
                              • Opcode Fuzzy Hash: 6c60d3ad1f3259a44a0741586ed4c17e93a5a68403b118fd125d1af676d34acf
                              • Instruction Fuzzy Hash: 8A711774E00208CFDB94DF64E899BADBBB6FB9A300F108169D90AA7364CB345D85CF50
                              Function 05655AA8 Relevance: .2, Instructions: 162COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1062d86b667f206b6d10e5e92f8c645453168522e46d56d6bf3c9ffcb96b52e1
                              • Instruction ID: f5811e5b41e34babcf41fce913d0cb5e9d7e7b206bbe5ce8d59f475a902bc177
                              • Opcode Fuzzy Hash: 1062d86b667f206b6d10e5e92f8c645453168522e46d56d6bf3c9ffcb96b52e1
                              • Instruction Fuzzy Hash: 3671F774E00218CFDB94DF68E8997ADBBB6FB99300F108169D50AA7364CB346D85CF50
                              Function 05655B7A Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b716f405380160adbfff2443b516dece4c6532f70cf922107769dab1e74668a7
                              • Instruction ID: 3d4c8fa73079eeb0f5941505fc24e0be90d868d3e5d6bfeef2650ec9028e4dc8
                              • Opcode Fuzzy Hash: b716f405380160adbfff2443b516dece4c6532f70cf922107769dab1e74668a7
                              • Instruction Fuzzy Hash: 3A71E474E00208CFCB94DF64E899BADBBB6FB5A300F6051A9D50AA7354CB346D45CF50
                              Function 06EB8F12 Relevance: .1, Instructions: 147COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7bc7a501a90f02b0b1f43d4c806ea0dfceeb649329f61043a28d9ae049635b5e
                              • Instruction ID: 5d3dc745e6b17dd399b238194df5228e4503e3499a498a89b5395cc1aed743e5
                              • Opcode Fuzzy Hash: 7bc7a501a90f02b0b1f43d4c806ea0dfceeb649329f61043a28d9ae049635b5e
                              • Instruction Fuzzy Hash: 64510876600104EFDB4A9FA8D944D5A7BB7FF8C31471A9094E6098B372DB32DC22EB51
                              Function 05655D99 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46f9dffd057fb315a79fe5b9b4398f15662b9dc30de4007a1dd70a8a26779dca
                              • Instruction ID: c030f111a763720afc0ba1582988420950c241f1856a275abe4996019a92babb
                              • Opcode Fuzzy Hash: 46f9dffd057fb315a79fe5b9b4398f15662b9dc30de4007a1dd70a8a26779dca
                              • Instruction Fuzzy Hash: 8661E774E10208CFDB94DF64E899BADBBB6FB59300F5041A9D50AA7354CB346D85CF10
                              Function 06E81D18 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bcccf1f30257d07a4b51a567a8d9eff212e946fc66ddc6a3b3ba332d0b89efbb
                              • Instruction ID: 30f25921c52794a1dc51bb10303eada1a94dd9935a05df2dddddc1983885c74d
                              • Opcode Fuzzy Hash: bcccf1f30257d07a4b51a567a8d9eff212e946fc66ddc6a3b3ba332d0b89efbb
                              • Instruction Fuzzy Hash: C0515E34B10609DFCB04EB64E458AAEBBB6FF89721F008119F90697364DF74A946CB91
                              Function 05655E99 Relevance: .1, Instructions: 133COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb301caee2af0f2c433273004441bdf7d1abf090928d21666837241c8772475d
                              • Instruction ID: 6840b97233c662de09e4d772e25b9da0e513f4d27b1b2bec6bfbdabee19bee8c
                              • Opcode Fuzzy Hash: cb301caee2af0f2c433273004441bdf7d1abf090928d21666837241c8772475d
                              • Instruction Fuzzy Hash: B051F574A10208CFCB94DF64E899BADBBB6FB5A300F6041A9D50EA7364CB346D85CF50
                              Function 03142C79 Relevance: .1, Instructions: 132COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3204a9a40ff8e5cfc08762b4fa37ab944ea1ffbc7f576ad76bb724beb5a05a3f
                              • Instruction ID: 5b134e30ba4bbb61f3635bce77186ee8122575cebcaa9a2dd057ad47cc94115c
                              • Opcode Fuzzy Hash: 3204a9a40ff8e5cfc08762b4fa37ab944ea1ffbc7f576ad76bb724beb5a05a3f
                              • Instruction Fuzzy Hash: CC512735A04209DFCB14CF69C484AAABBF5FF4D310F11896AE94A9B354D331E9C2CB61
                              Function 03141738 Relevance: .1, Instructions: 124COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f21132853acbff02bf185e4143be1976bf4a619c8fd55a6f2659036a86060902
                              • Instruction ID: 3f036fa531a6a72cf86342dc2528d0d188e5bc49abb1712c72f0b5d984c7f198
                              • Opcode Fuzzy Hash: f21132853acbff02bf185e4143be1976bf4a619c8fd55a6f2659036a86060902
                              • Instruction Fuzzy Hash: 8C41E135B0020ADFCB48DB68D5146AEB7A7FBC9251B598079C50697254EF398C828B91
                              Function 06EB9F88 Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bde78d2a0eddc88689c186de86132cb9f07b23736ce7167ddce2873d97c441d2
                              • Instruction ID: dca2ef202fa46a5ac9a6168bed331482d1771e19f249cd964adee17a20509703
                              • Opcode Fuzzy Hash: bde78d2a0eddc88689c186de86132cb9f07b23736ce7167ddce2873d97c441d2
                              • Instruction Fuzzy Hash: 7A419E31A00606CFCB00CF68C484AAAFBB5FF8A324F1596A9D5259B381D731FC45CB91
                              Function 031428A5 Relevance: .1, Instructions: 110COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ba9a4f4bebbe949d17c6f869796d82abacda198eb4c3c7e2a83b9a063828f2c0
                              • Instruction ID: a0e6cfdaaaf9e0c64e0829b410885e2c1027418557b9d8d113fdcfa697e5dd63
                              • Opcode Fuzzy Hash: ba9a4f4bebbe949d17c6f869796d82abacda198eb4c3c7e2a83b9a063828f2c0
                              • Instruction Fuzzy Hash: 0841C331A0421ACFCF08DFA9C8906AEB7B2EF4C310F168DA6E5066B251D771D9C78B50
                              Function 06E82549 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fde16d4ad9942582410822302b16e91d4c5584c085d6c3c853dc0eb2d1fe71d
                              • Instruction ID: ac49dec01635520e8f3efdb87f7123d74375b7f28e6372b249c877910db93ae1
                              • Opcode Fuzzy Hash: 6fde16d4ad9942582410822302b16e91d4c5584c085d6c3c853dc0eb2d1fe71d
                              • Instruction Fuzzy Hash: 0F41D674B00215CFD709DFA4D598A9DBBB2FF89314F505158E90A9B3A1CB71ED42CB90
                              Function 03145711 Relevance: .1, Instructions: 105COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5c8db0902080a984ceefb44836fce941edd54d9aa06134263dfea484354f7c8
                              • Instruction ID: 4ab56fa9d118b42537f2c53f89a3870b4d4fd7b8ba19d5a721356fdf0574fcac
                              • Opcode Fuzzy Hash: a5c8db0902080a984ceefb44836fce941edd54d9aa06134263dfea484354f7c8
                              • Instruction Fuzzy Hash: 8E31C134B001099FCB09EFB9C5946AE7BF3AF8E201F640469D502AB391CF719D028791
                              Function 05653A7C Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c9d6a18a9e71e98229557d349a0ed22a8fbf706c034cd42272819e53b7f6e369
                              • Instruction ID: a593535ee86c8f5025732ce704b7f9153227c65684de3241be03c3f18656e1f3
                              • Opcode Fuzzy Hash: c9d6a18a9e71e98229557d349a0ed22a8fbf706c034cd42272819e53b7f6e369
                              • Instruction Fuzzy Hash: DC51BCB4E45219CFDB25CF68E894BADBBB2FB49340F1045A9E809A3351DB345E86CF00
                              Function 06EBAB48 Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: da675ed690416de37ee2526e57ecedf82fe1ccc2647e2186b55ed16fd9aeb56f
                              • Instruction ID: a046a7735f7163e92b013a2fee89149a7027d6db14d3ca10afec2ab7e2a7cd93
                              • Opcode Fuzzy Hash: da675ed690416de37ee2526e57ecedf82fe1ccc2647e2186b55ed16fd9aeb56f
                              • Instruction Fuzzy Hash: ED417B70A003198FDF54CFA9D8846EFBBB1FB88354F009479E816AB250EB349949CB91
                              Function 03145DF0 Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 656f5e17de396f61a6b54c39c8b1945b797d1f553b2a6fa5b442c53ade4c210d
                              • Instruction ID: 1b3b2fbe346aa598f69641e173ccec8c18eb105832134e35bc54506dd63cfd1b
                              • Opcode Fuzzy Hash: 656f5e17de396f61a6b54c39c8b1945b797d1f553b2a6fa5b442c53ade4c210d
                              • Instruction Fuzzy Hash: 30319070E042099FCB08CFA5D45469EFBF6BF89300F2541AAE905EB341DB70ED468B81
                              Function 03145DDA Relevance: .1, Instructions: 98COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 51012c340841dc8e28c7c547231bba376e470cd10c1c845192e4614408ea890b
                              • Instruction ID: 5a9a4a13bc87b60dca67091485023b6508ee62b5c3666159c94558f68668bacb
                              • Opcode Fuzzy Hash: 51012c340841dc8e28c7c547231bba376e470cd10c1c845192e4614408ea890b
                              • Instruction Fuzzy Hash: 0B318470E1420A9FCB08DFA5C55059EFBF6BF4A300F2541AAE801EB355DB70ED468B91
                              Function 0314172A Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 58dc0ed090378ccbb4fadd4baebc2cce2d770af22796afc5c43faa88cc1ce0ae
                              • Instruction ID: add134ce6b1ca53e7baeb01e8ad2200897bd9ada4679f007f4911dbbfd8bd01b
                              • Opcode Fuzzy Hash: 58dc0ed090378ccbb4fadd4baebc2cce2d770af22796afc5c43faa88cc1ce0ae
                              • Instruction Fuzzy Hash: 9231F935B04206EFCB18DB64E51467A77BAFBCA352F4980B9C40587245DB39CCC18B91
                              Function 03141A4F Relevance: .1, Instructions: 94COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1bd271ce5e0f8313dbd2d7c1395c3bcb3232fcc64c9193d342da5e681a4d2bb7
                              • Instruction ID: 8bab047a2e93e683cf0202fd7b120d9243ef5dc84c283c0e76aa4e1785a6245a
                              • Opcode Fuzzy Hash: 1bd271ce5e0f8313dbd2d7c1395c3bcb3232fcc64c9193d342da5e681a4d2bb7
                              • Instruction Fuzzy Hash: F621F4353087C1BFEB24CA39D8443AA7BE9EB4C3A4F28597AD846C6280F360D8C4C351
                              Function 06E811B1 Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3da43662281b0620b9a5eff4dc3f73a2b641542c4dcca32cfcc0ad9540b9108f
                              • Instruction ID: fcd00cbba5ffb5af7f77ccf78d9ef9640d3347046d7fb898f7e0b50f7f15d304
                              • Opcode Fuzzy Hash: 3da43662281b0620b9a5eff4dc3f73a2b641542c4dcca32cfcc0ad9540b9108f
                              • Instruction Fuzzy Hash: 7D316135B00204DFCB099F94D848D99BFB2FF8D321B0540A5EA0A9B365DE71EC12CBA0
                              Function 06EBB501 Relevance: .1, Instructions: 90COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a42f6010fd4fc7804129e44e3b9e27b27e5547fd345c8d2630844a8d0c4e5b12
                              • Instruction ID: 06a13321b2c44e7c07b96e6b4ad241701e8f8b1e683fde797ffceb083a7c3f4b
                              • Opcode Fuzzy Hash: a42f6010fd4fc7804129e44e3b9e27b27e5547fd345c8d2630844a8d0c4e5b12
                              • Instruction Fuzzy Hash: 0F41E674E112188FEB65DB54CD91FA9B7B1BB58310F1011D9EA05AB395CA31ED81CF50
                              Function 06E82AB8 Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0c903f88f5d3ebdad7ca156b70c09749104f2f2b7bea92a1523174efd0a932c4
                              • Instruction ID: 722fbad00d809dc0d020280a0cc62233f87900d5d2a9e41fe6d8cf82dc15bdde
                              • Opcode Fuzzy Hash: 0c903f88f5d3ebdad7ca156b70c09749104f2f2b7bea92a1523174efd0a932c4
                              • Instruction Fuzzy Hash: 4D21D6313057108FD3659E69E844A67BBE5EFC1325B05C1BAE60DC7655DB20EC46C7A0
                              Function 06EB7CFF Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8382a1576bc2c313b3b97d8b34cb2b607387aa7368c39da7470aa63c8c073eec
                              • Instruction ID: 94070b9c6056dc1776cf4272bee56732ea603561a18d5a2c509c2fb0d425cde1
                              • Opcode Fuzzy Hash: 8382a1576bc2c313b3b97d8b34cb2b607387aa7368c39da7470aa63c8c073eec
                              • Instruction Fuzzy Hash: 03310774E04209CFEB48CFA9D4856EEBBF6EB89300F10D069D915A7354DB345A46CF91
                              Function 06EB8D88 Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 04d79ada3b999aba85c35cdd99b1474f280c9c9156a84edfcc9bc1ded3d09a77
                              • Instruction ID: 1cd7c6eefe53c0c0ced515399faaf2dd8cb49d2e9f5941474d74b922f6be5439
                              • Opcode Fuzzy Hash: 04d79ada3b999aba85c35cdd99b1474f280c9c9156a84edfcc9bc1ded3d09a77
                              • Instruction Fuzzy Hash: 2931D5357103028FE714ABA8E885AAFBBB9FFC4351B00552EE91ADB745DF759C018790
                              Function 06EB6D66 Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9aaec8971b6ebad8b2c4d6c48db60ecf554204ffc04ce2bf889d0369c1d8fd6f
                              • Instruction ID: e32cf4347901155ad40b23040c1bb604e8dcf19ab014d2a012148e5291210f66
                              • Opcode Fuzzy Hash: 9aaec8971b6ebad8b2c4d6c48db60ecf554204ffc04ce2bf889d0369c1d8fd6f
                              • Instruction Fuzzy Hash: 0431C170D05309CFEB54CFA5D848BEEBBF6BB49304F20A069D409AB254D7749981CF40
                              Function 06EB7D10 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d094fed670b3825c46ab25cd53b9aadbb066d2ebfa6a411dd07ee7b04f81bc24
                              • Instruction ID: 04ce5f1d2b746e773f48facd3056ac1c790bf9d7c018cb279628ad972e0dc13e
                              • Opcode Fuzzy Hash: d094fed670b3825c46ab25cd53b9aadbb066d2ebfa6a411dd07ee7b04f81bc24
                              • Instruction Fuzzy Hash: 9D310674E04209CFEB48CFAAD4846EEBBF6EB89300F10E069D915A7354DB745A45CF91
                              Function 06EB8C92 Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1fbea88e6cacbddae9c4c9e28e86f6c89fd4ead69123b0e6059480493eae320e
                              • Instruction ID: 10ec44f98a6f2ef55481319e9832542989d143f9d210db8167285e8c75ca13c7
                              • Opcode Fuzzy Hash: 1fbea88e6cacbddae9c4c9e28e86f6c89fd4ead69123b0e6059480493eae320e
                              • Instruction Fuzzy Hash: 8331BF30A102059FE758DB78D8457AEBFFAEB88300F40852DE909D7645DEB56D0A8B90
                              Function 03145720 Relevance: .1, Instructions: 84COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c291f43aa1054ae0a5fd93e41be4e525a96f43d43be86dd0618288201b23134
                              • Instruction ID: 4372c84e8a2e10ff4ba85395d70e66368696f064e7bdacc65f179690af3ea109
                              • Opcode Fuzzy Hash: 3c291f43aa1054ae0a5fd93e41be4e525a96f43d43be86dd0618288201b23134
                              • Instruction Fuzzy Hash: DA318134B002098FCB09EFB9C454AAEBAF7AF8D300F614469D506AB391DF719D018B90
                              Function 03145EF6 Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 318f380a400fbf45045b9534829e784828ac3909ff50ba50fe6489182de732ea
                              • Instruction ID: 58a881fcfcf4b600595c69178ffebae813f7c4b0a486636f7c2e86299a844009
                              • Opcode Fuzzy Hash: 318f380a400fbf45045b9534829e784828ac3909ff50ba50fe6489182de732ea
                              • Instruction Fuzzy Hash: 23314834E0020A8FCB08CFA5D58099EFBF2BF89300F654196E805EB355DB70ED468B90
                              Function 031414B0 Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ebd4487fd3fe5879652f7ede26ff09453affdf110539e4639ac0c40ecea14b50
                              • Instruction ID: 5ff61f0bc607342d43290798b2821cb085ce31e9129c4410f53a30479d88c171
                              • Opcode Fuzzy Hash: ebd4487fd3fe5879652f7ede26ff09453affdf110539e4639ac0c40ecea14b50
                              • Instruction Fuzzy Hash: 06312574B00219DFDB18DBA9D498BADB7B1BF8D715F154469E906EB3A0CB709C82CB40
                              Function 06EB65C0 Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4bc67b952369aa3fffe01fdffb775ebeccfc4ee5f6e2c1f16afd75aa31467559
                              • Instruction ID: 55f055c27528d3305baa63fb8698dcd0e230b5865303443c154fc26c2b5057fe
                              • Opcode Fuzzy Hash: 4bc67b952369aa3fffe01fdffb775ebeccfc4ee5f6e2c1f16afd75aa31467559
                              • Instruction Fuzzy Hash: DD312674E00209DFDB08DFA9D854AEEBBB6FF88310F10942AE915A7360DB755945CF90
                              Function 03140A19 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0661c772aa55d64980b8a150476f51e592153e85dc2cd8a4e3f5654ff30f3ecc
                              • Instruction ID: 89eca634d12e7ffe10896c4440c9907bc4384f41c1843d270f7bbcf3b477b2f8
                              • Opcode Fuzzy Hash: 0661c772aa55d64980b8a150476f51e592153e85dc2cd8a4e3f5654ff30f3ecc
                              • Instruction Fuzzy Hash: B221E038700705CFC309BB78E46C02EBFA7FB89251B50856CD546833A9CF319815D791
                              Function 06EBCFD0 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e47c5ecb179420b69efbe8d6557046a7016366f1840ff798a21d72fb8816647d
                              • Instruction ID: e4ab1117c550906e909f415ce11870ac27d32c30c1ec8fc0843e295a126c7f06
                              • Opcode Fuzzy Hash: e47c5ecb179420b69efbe8d6557046a7016366f1840ff798a21d72fb8816647d
                              • Instruction Fuzzy Hash: 10214A71E00209DFEB90DFB8C804BEFBBF6AF44244F10A066D919D7290E675CA51CB91
                              Function 06EB913A Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0f44a3a229311f1cb01f7a1be5977591fd0bfe0418fd1ad0b110492a82f749d
                              • Instruction ID: 1b8e006b9b3c3966b88f5d93e47470e8bf2567e69bbd8f0dd60ec1003dbd1e13
                              • Opcode Fuzzy Hash: f0f44a3a229311f1cb01f7a1be5977591fd0bfe0418fd1ad0b110492a82f749d
                              • Instruction Fuzzy Hash: 2021A732B00110AFD7458B98D804F6ABBA6FB8D314F199495E6098B372DB32EC12DB90
                              Function 0176D01C Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2735752569.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_176d000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fcbe449e14b214f20f67b087c10c50224e2ac6b671a8ba94bbd141b79ca23d6c
                              • Instruction ID: 7d0eae5240fefda863540277594f4a2db43203b4476f811491bd2364e1aea428
                              • Opcode Fuzzy Hash: fcbe449e14b214f20f67b087c10c50224e2ac6b671a8ba94bbd141b79ca23d6c
                              • Instruction Fuzzy Hash: F8214576214244DFCB25DF44D9C4B26FF69FB84314F2485A9ED490B242C336C40ACAA2
                              Function 03140B17 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 40dfdbc503e354a8b91a2c9828fec111ffdb4c9c2a50bc2dae6cac2662196393
                              • Instruction ID: 6b9804330eadc373a8119fa910cf3603396817b9a73384a5cc8f1fd4a0ce32a5
                              • Opcode Fuzzy Hash: 40dfdbc503e354a8b91a2c9828fec111ffdb4c9c2a50bc2dae6cac2662196393
                              • Instruction Fuzzy Hash: B421A374A00206CFCB04DBB8D8549AEBB72FFC9311B4085A8D905AB355DB346D0ACB91
                              Function 06EBAB37 Relevance: .1, Instructions: 73COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c394e8ea2f314916d8fd70ab4a34fe171a08eca249ee8a875d129a30efee7faa
                              • Instruction ID: 40e16429929e9f5050c600093c99ea379b423023413306fe2f3e17dc604db6b0
                              • Opcode Fuzzy Hash: c394e8ea2f314916d8fd70ab4a34fe171a08eca249ee8a875d129a30efee7faa
                              • Instruction Fuzzy Hash: 29217C70A00719CFDF54DF69D884AAFBBB5FB88214F009479D906AB310EB35A845CB90
                              Function 06EBDB40 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: adf1dde8c4fcb5869d4d2f615c4f15910c11fc90fa7d751a4965ee7902c9615a
                              • Instruction ID: f36919430f81bbccc507c516805e323f6ed1dbee3940fff8b7e877715fcdb5d3
                              • Opcode Fuzzy Hash: adf1dde8c4fcb5869d4d2f615c4f15910c11fc90fa7d751a4965ee7902c9615a
                              • Instruction Fuzzy Hash: AA215770300248AFCB41CE2AC884EEB7BEAAF89354B046095FD14CB374CA31EC50CB60
                              Function 06EB9308 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7af140b25cfd1bf78fbc4e7aa71f28a739707c47151ce7cfe4041a8579efda76
                              • Instruction ID: ee96efb3ced3e6108018ad38846bd39690ef3de7df2ff46c7b0818f9e551cc13
                              • Opcode Fuzzy Hash: 7af140b25cfd1bf78fbc4e7aa71f28a739707c47151ce7cfe4041a8579efda76
                              • Instruction Fuzzy Hash: 29215E35A00209DFDB088FA8C459ADEBFB6EB8D320F149129E915A7390CF75A945CF90
                              Function 06EB9318 Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ba37049ab280dc85e407ec4c1eb889c66e3be693c9122dc43322f4c79acd912d
                              • Instruction ID: 90c4434b0957aacafcc82b75eb185a972089444e4f446f620ac2f8b9196f25a1
                              • Opcode Fuzzy Hash: ba37049ab280dc85e407ec4c1eb889c66e3be693c9122dc43322f4c79acd912d
                              • Instruction Fuzzy Hash: 51214135A00209DFDB189FA9C8589DE7FB6EB8D320F149129E915A7390CE759941CFA0
                              Function 06EB6CA0 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a08d82863dd298dfbc62a51af8f8eaf31e552d202cc83d7351e955a7965608fe
                              • Instruction ID: f0c8a4d55ca26652769821304b7f9a0e0852541b3846de1d64db92986834947e
                              • Opcode Fuzzy Hash: a08d82863dd298dfbc62a51af8f8eaf31e552d202cc83d7351e955a7965608fe
                              • Instruction Fuzzy Hash: 5E2106B4904228CFEB94DF64D8447EEBBB6FB48300F1095A9D90AA7394DB745E85CF90
                              Function 06EB8CA0 Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e2d4367cba94c7cb50f939165f31c3d4668069bf33075a89bf069647f45521b0
                              • Instruction ID: 58b9249e2ba5ab9f95953d79565e532011725f9cec3449abe6ecc84aa7a61abb
                              • Opcode Fuzzy Hash: e2d4367cba94c7cb50f939165f31c3d4668069bf33075a89bf069647f45521b0
                              • Instruction Fuzzy Hash: B12193306103059FE758DB68D4497AEBFEAEBC8340F00852DD50AD7A55DEB56D068BD0
                              Function 05656008 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7252ec52d01ce0988cd6b92fb477637a75d945e472375386e7fc787e463de081
                              • Instruction ID: b1f91c6bd08900da67a39ee4024ed07888539e824967765331c514165434a216
                              • Opcode Fuzzy Hash: 7252ec52d01ce0988cd6b92fb477637a75d945e472375386e7fc787e463de081
                              • Instruction Fuzzy Hash: 612136B0E4021EDBCB04CFA9C9447AEBBF2BB89310F908429D819B3340DB785A45CF51
                              Function 05656018 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f5c4726e57238c5a3c608d80297563f2f88f66318afd833fd69750131572da7
                              • Instruction ID: 705e9a47d95fceb12f1aa833cb85dd94c567d429d0c51d99773406214629b175
                              • Opcode Fuzzy Hash: 4f5c4726e57238c5a3c608d80297563f2f88f66318afd833fd69750131572da7
                              • Instruction Fuzzy Hash: 6B2147B0D4421ECBCB04CFA9D5446AEBBF2BF89310F908429C819B3240DB785A45CB51
                              Function 06EB122B Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5dd1448d51c40a0f6292311a38a8579418092b00c7e1b001e9bd9e3700ce890
                              • Instruction ID: 853c34bd0e37402b57f439571d8f615e60084fbef07390c0c5eeefccf73b0bbd
                              • Opcode Fuzzy Hash: a5dd1448d51c40a0f6292311a38a8579418092b00c7e1b001e9bd9e3700ce890
                              • Instruction Fuzzy Hash: EF31D934A10228CFDB95DF24C85479ABBF6BB49305F0451E9944DA7351DB709E85CF41
                              Function 03140B38 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aeebe0694e7910c4ff274e66cbe8eec67564498accc99af175ffd606459fecfa
                              • Instruction ID: 9400090d0e96e7273617c03aeb4e8ab0b6a0b38c908e71536c559fc9408ffe75
                              • Opcode Fuzzy Hash: aeebe0694e7910c4ff274e66cbe8eec67564498accc99af175ffd606459fecfa
                              • Instruction Fuzzy Hash: ED217274A0020ADFCB04DFA8D9549AEBBB2FFC8351B508568D906AB354DF75AD06CF90
                              Function 03141930 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a65eae21052cba541dc64fd801acc594290810e10891fca0134c34bd5fc80439
                              • Instruction ID: 59eb90afc6baa1f61e92eba76e31a671cdce9efc9c935a5371341134a7ef2a76
                              • Opcode Fuzzy Hash: a65eae21052cba541dc64fd801acc594290810e10891fca0134c34bd5fc80439
                              • Instruction Fuzzy Hash: 3511E134708214BFCB158629D81477ABB96EF8E390F0D4876E88BCB3A5CB60DC818361
                              Function 03145D2A Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b4d5d1ccfb328a37819dfcfa2094560f675d439e234f6e2165aebe4a7666ab51
                              • Instruction ID: 0b8b1d1cae3ceeffaa3720a881fb953f59ffbcbc6202b3e6d8f99c8e2e4af34e
                              • Opcode Fuzzy Hash: b4d5d1ccfb328a37819dfcfa2094560f675d439e234f6e2165aebe4a7666ab51
                              • Instruction Fuzzy Hash: 84116D71E0435AEBCF19CFA1D85459EBB77BF8A304F24452AE811AB245DB70A846CB90
                              Function 06EB9CF0 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5855c1473070b2bb88fc1701c82eadb7830feac8505e494aeeb7c7285f3f9285
                              • Instruction ID: a00b682c52c54770eac5fd391eb62ba802190c8e823227197727a8b6e0021e01
                              • Opcode Fuzzy Hash: 5855c1473070b2bb88fc1701c82eadb7830feac8505e494aeeb7c7285f3f9285
                              • Instruction Fuzzy Hash: 2211F9763047019FD326CF29E884A8ABBF9FF99610B05446AE545CB362DB30ED05CB50
                              Function 06EBB401 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f2ada42e4cc4e45d850353d023650082fb1ac28ae78e0afbcb901af2883b59d1
                              • Instruction ID: 976fbf187b38e44a26f4e11837de6505d34af64532c453dc132967c7f4beb197
                              • Opcode Fuzzy Hash: f2ada42e4cc4e45d850353d023650082fb1ac28ae78e0afbcb901af2883b59d1
                              • Instruction Fuzzy Hash: 1D11C132E00209DFDB45CBA8E4456EEBFB6FB84215F04946AD509E7250EF706A86CB90
                              Function 06EBA0C1 Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 447fac714ac7371a6858175c9f30a9999d7e89c875080a33c817002a3c4be8df
                              • Instruction ID: a55435b41de86e451f09a98dffa5f8165f237011a31dcbf83c799668f089d72c
                              • Opcode Fuzzy Hash: 447fac714ac7371a6858175c9f30a9999d7e89c875080a33c817002a3c4be8df
                              • Instruction Fuzzy Hash: F611BF71B102049FDFA49B6898017EEBBFAEB88601F04503AF915DB380EB75D805CBA0
                              Function 06EB7807 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cc949022518fba83595dad6906988f4be446ce91afb46b34ff295a7be8f1bbb1
                              • Instruction ID: 258ea72183e59bc34383728bc53486055b9d9d08daea9b04bcaafe58ffc65e08
                              • Opcode Fuzzy Hash: cc949022518fba83595dad6906988f4be446ce91afb46b34ff295a7be8f1bbb1
                              • Instruction Fuzzy Hash: CE110231A08394CFEFD9DBA8C5456EB77A0AB85201F20769AC84697E90DA318E01C7C3
                              Function 0176D017 Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2735752569.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_176d000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                              • Instruction ID: 58ec604a2c775b9cc7d739098098c88a4794c78a4e5026b8ca7a60436ece2bf5
                              • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                              • Instruction Fuzzy Hash: 9B11AC76504284CFCB22CF54D6C4B16FF62FB84314F2886A9DC490B656C33AD41ACBA2
                              Function 06EB9E41 Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 77bd2a4183b1aa0fb66f9069a970566f6998ccf33bd36ec6f92b4773c2a3d6b5
                              • Instruction ID: 8d99e3dbcaaed06497f45415d127d9031c11e9cb0a0b10beee82aea2ceda9aee
                              • Opcode Fuzzy Hash: 77bd2a4183b1aa0fb66f9069a970566f6998ccf33bd36ec6f92b4773c2a3d6b5
                              • Instruction Fuzzy Hash: 9A217378A02219EFDB04CFA8D594EADBBF2BF49304F105158F906AB361DB30AD41CB50
                              Function 06EBA0D0 Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f294ebbd44684c21f34f9de6f62b9db43ff473c2bd69786d8b4094dc2756441
                              • Instruction ID: 2c0b508f67c9cc97a99b10abf12b20eceb988e154032002ad8c04c3ca71867c8
                              • Opcode Fuzzy Hash: 2f294ebbd44684c21f34f9de6f62b9db43ff473c2bd69786d8b4094dc2756441
                              • Instruction Fuzzy Hash: FD119E70B103049FDFA49A6888457EE7BFAEB88200F04503AE915D7380EE70C805CBA0
                              Function 06EB9DA0 Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: da99797b6ac54d1e4ffbf6a4ff35d028b6b6f301292246252d0a6b4d6c239155
                              • Instruction ID: 62f86303bf89cd5998b8ea870aafa4db91bc59929ce7059e1acbe67fe7b0422d
                              • Opcode Fuzzy Hash: da99797b6ac54d1e4ffbf6a4ff35d028b6b6f301292246252d0a6b4d6c239155
                              • Instruction Fuzzy Hash: 20112870A01209EFDF14CFA9E585AEEBBF5BF89310F205129E901A7391DB70AD01CB90
                              Function 03140C20 Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 00f1858a4851b4a429c0764440ea9437c588048f7466d9138e2cd213a4034175
                              • Instruction ID: 6ae75da14e913ec32a0b54a4996980d9a7854035a0e5fb57b4373158f63be72d
                              • Opcode Fuzzy Hash: 00f1858a4851b4a429c0764440ea9437c588048f7466d9138e2cd213a4034175
                              • Instruction Fuzzy Hash: 4001D431708A42C7C729E76AE41023BF796EBCE710F56C9BDD54A8B5A8DE24EC818345
                              Function 06EB9D20 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21f6bd8ec2c3db12ee3fd04576f540522f820436b0e53cf686ec3bcb76fa24da
                              • Instruction ID: 517892fa010431314ed63f05d555e84d7e5381a88a8d67bd0359c5281d5db4ee
                              • Opcode Fuzzy Hash: 21f6bd8ec2c3db12ee3fd04576f540522f820436b0e53cf686ec3bcb76fa24da
                              • Instruction Fuzzy Hash: 8A018836340314AFD7148E59EC84F9B77ADFB89720F104026FA14CB291DA71D900CB50
                              Function 03141559 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5e07a05908aff0f9c32cc3b282de5a1b54217a81f8d61c8a183f60a79ffc072
                              • Instruction ID: cbd055d742cdaf7afd21ff91176ed43f590372da5ac1c007389e472326d38bd0
                              • Opcode Fuzzy Hash: a5e07a05908aff0f9c32cc3b282de5a1b54217a81f8d61c8a183f60a79ffc072
                              • Instruction Fuzzy Hash: C8111534A002089FEB18CBA8D5A8BED77B1EB4E311F154165E903AF3A0D770DAC58B51
                              Function 03141940 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a220093cb216cd39964ca6f66d2660814ac233901949837045246b77f279483
                              • Instruction ID: 93d38f81fd0b17dbf6ac76e60cd9e6e76d3f0fead5545aaae552b9ee10112ebe
                              • Opcode Fuzzy Hash: 5a220093cb216cd39964ca6f66d2660814ac233901949837045246b77f279483
                              • Instruction Fuzzy Hash: 3D01D435714204ABC7189659D80472AB79AEB8D390F144536E90BCB3A4DB71CC818751
                              Function 03140CE8 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67dd45800978cfb933e893d604edd5c0ab47342882470c11c137de29259064b8
                              • Instruction ID: e8095a5987c32da2e8bff7648316307b499dfb43bc1ba2efae16dce4dce0c5bb
                              • Opcode Fuzzy Hash: 67dd45800978cfb933e893d604edd5c0ab47342882470c11c137de29259064b8
                              • Instruction Fuzzy Hash: E0117C303041018FDB58DB29DC58B6ABBA2EF8D314F1444A9C906DB3A2DF75EC49CB40
                              Function 056551C0 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 469b9663df0dfaa482edf7307ad4a48905b1b94cf680c5bb039de1a176f3a782
                              • Instruction ID: 1505ee464e42d6d2e86c1384bc8d518f2b6400f39b4bc226269dc9292a3c7e59
                              • Opcode Fuzzy Hash: 469b9663df0dfaa482edf7307ad4a48905b1b94cf680c5bb039de1a176f3a782
                              • Instruction Fuzzy Hash: FC01D475489348DFC765DFA4C848A9C7FB1EF05220F1442D9DC156B761D6728E81DB42
                              Function 031414DB Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f55ccc23dd64dd0a44c4b6c78b18920341f47da9965465f29d150c842e172a07
                              • Instruction ID: 3eeb075a29d8434e64b153df11121978b378e0497440415aea5bf27074af8a63
                              • Opcode Fuzzy Hash: f55ccc23dd64dd0a44c4b6c78b18920341f47da9965465f29d150c842e172a07
                              • Instruction Fuzzy Hash: 65010474A40206AFDB14CBA5D894BADBBB5BF8E214F144469E406DF365DBB08881CB00
                              Function 06E81D08 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5d015dddb94b4aac1b684aaf1a13be7e587c71bd18d1a9c96fb6ebc509b23a6c
                              • Instruction ID: 945791aa59e2db282384126f839af755ce26edbec5ba5076008b1ba9d02ee725
                              • Opcode Fuzzy Hash: 5d015dddb94b4aac1b684aaf1a13be7e587c71bd18d1a9c96fb6ebc509b23a6c
                              • Instruction Fuzzy Hash: 67F096367105099BDB149B19D4459EAB7A9EF88271F048066FD1987361DF71AC13C7D0
                              Function 031409A9 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1b320091456d03407bc6920a265adbf7ed9b999c136b18c8b1ca97bafbfe79e0
                              • Instruction ID: 19070f7d1196df06e86dc75cad923718f453dabcb2841aba0960ad16103aca00
                              • Opcode Fuzzy Hash: 1b320091456d03407bc6920a265adbf7ed9b999c136b18c8b1ca97bafbfe79e0
                              • Instruction Fuzzy Hash: F7F0F0313002009BC216B769F85816DFFAAEFCA2A238404A8D64ACB264CE24580997A1
                              Function 06EB91A0 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 243750b649f21c04f3571d056551309468cf5df06d3d172808313f7e1e5b2c8c
                              • Instruction ID: 60a929ffbf0789f736f9cff107351817c4f0b0d61753d32fd51ea56b1a581de1
                              • Opcode Fuzzy Hash: 243750b649f21c04f3571d056551309468cf5df06d3d172808313f7e1e5b2c8c
                              • Instruction Fuzzy Hash: 58F02B12F0D3806FE31606782C543AA7FA59BC7204F0960DAC3418F393DA96980BC351
                              Function 056509D8 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9bb2174ebfa551c6e9d067f90abf77627ff5674f7e6e4c447b809ad78620a02e
                              • Instruction ID: d5eb427d90a06016bfda8069a88c068c41c80db59230116125f429cc6403b643
                              • Opcode Fuzzy Hash: 9bb2174ebfa551c6e9d067f90abf77627ff5674f7e6e4c447b809ad78620a02e
                              • Instruction Fuzzy Hash: 31F02471A8E2888BEB14CA60C508539BBA1AB47330F08A0D8CC095B35BDA32CC03C741
                              Function 06EB7069 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 42ed7086893694f8cc55cf837fc25de53628b465d059d779ff8ea4655e9590da
                              • Instruction ID: df0bb0dbd82e1e02b94f1e9d8b452260167870da3500acab3930d44a8640c4b5
                              • Opcode Fuzzy Hash: 42ed7086893694f8cc55cf837fc25de53628b465d059d779ff8ea4655e9590da
                              • Instruction Fuzzy Hash: 5811F7B4A00219CFDB94DF98D844B9DB7B2FB98300F1090AAD949B7394CB745E85CF50
                              Function 06EB9148 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4e71e740e39522b2de7b276bdcbe7e938a71800de6e8d34835da058ed6de9d9
                              • Instruction ID: 680c4037baf6d26994f85ccbb9bb8c014c7731464721350144f42bc9fc2f2b7f
                              • Opcode Fuzzy Hash: d4e71e740e39522b2de7b276bdcbe7e938a71800de6e8d34835da058ed6de9d9
                              • Instruction Fuzzy Hash: 40F05931F043105FE71986089804B6FFBAEEBCD720F045029E6099B342CB71BC4183C0
                              Function 056596F0 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 53fd86c364ea0ada86ec307e3ce2857a4c26f686059f63397fa0eb7f6a147b8d
                              • Instruction ID: f450eff6d17781658d0d712a4b6c62e6c921789536e84ecba7ad2ec0029740ee
                              • Opcode Fuzzy Hash: 53fd86c364ea0ada86ec307e3ce2857a4c26f686059f63397fa0eb7f6a147b8d
                              • Instruction Fuzzy Hash: 3F01F67280020AEBCF009F99D845AE9BB75FF89324F14861AE96963211D735A5A2DB90
                              Function 03142808 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6a8441ccd070941cae5440e5bb9f3c1a520af730730bcf3aed78d9f0fb8c7f7d
                              • Instruction ID: ba576f36ae39718097332dcc0ee502143b9a3aa3b8cee779af632c264371614a
                              • Opcode Fuzzy Hash: 6a8441ccd070941cae5440e5bb9f3c1a520af730730bcf3aed78d9f0fb8c7f7d
                              • Instruction Fuzzy Hash: F7F02B2130C3C20FCB16177DAC5829ABF66DFC3254B0444EDD18DCB267C9A41D0A83A1
                              Function 0565612A Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2feb32eab7d2c04d7215dba0432a814a9c29f3a93c0de6d131eccbdf6166a50d
                              • Instruction ID: cbf65f0aa0c1e1d7d714db08931bf1df3183c3cd814968683b18a689935de3e3
                              • Opcode Fuzzy Hash: 2feb32eab7d2c04d7215dba0432a814a9c29f3a93c0de6d131eccbdf6166a50d
                              • Instruction Fuzzy Hash: 33F05E39A8420C9FCF11CFA8D545A7DBBB5EF06215F6002E6EC58D7322D6318E10DB81
                              Function 06EB9F28 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 93a8f13e8d6bc27ea670db0e77cbc4b868c124314b6445af16dd5830283f5fe7
                              • Instruction ID: 10a542dfe442a3a612251f2a16ca745b83dfbb119d60fb2b1edca973ca6d836f
                              • Opcode Fuzzy Hash: 93a8f13e8d6bc27ea670db0e77cbc4b868c124314b6445af16dd5830283f5fe7
                              • Instruction Fuzzy Hash: BBF0A7327002164BC311DB9DE44099BB769EFD23207259636FB0597201DB71F892C6D4
                              Function 05659700 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6f46c116c45b37f291fe40b8c3c6cfd8c84bc77847216a9f91c4cd52f23e537
                              • Instruction ID: 4320910cfb251356982dd360b993b5060d7b3e18d80072bd641a5cbdd552296f
                              • Opcode Fuzzy Hash: e6f46c116c45b37f291fe40b8c3c6cfd8c84bc77847216a9f91c4cd52f23e537
                              • Instruction Fuzzy Hash: 21F0EC3180020EDBCF05DF95D8409EDBB75FF89320F14C519E95837211D771A5A6DB91
                              Function 031409B8 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ce5dfe14fa6d43abc8a17abc0e118edd61c933b93d1af607b5c99ab7178d6e6
                              • Instruction ID: ee762b68bb6486da0a5a2808c808374a3b22caa1f3940407b64f5b48f1422739
                              • Opcode Fuzzy Hash: 3ce5dfe14fa6d43abc8a17abc0e118edd61c933b93d1af607b5c99ab7178d6e6
                              • Instruction Fuzzy Hash: 79E0E5313002108782697379B40C06DFE9BEBC47E23404068D54EC7268CF704D0597D5
                              Function 031455C7 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8db883024d4abeeb8fda6ce2e6760ee44ad08a437e80c109c0c93e6395c7fed5
                              • Instruction ID: 153d9e5b2df356dfb223e3c148097c7d3a30911baf405da979d21efc436d5f3a
                              • Opcode Fuzzy Hash: 8db883024d4abeeb8fda6ce2e6760ee44ad08a437e80c109c0c93e6395c7fed5
                              • Instruction Fuzzy Hash: B2F0B4311087859FC716E738E454899BFB6EFC63107048EADD0C58A966CFB4690A8361
                              Function 06E81110 Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f45db41debc03750bad8ce51cf366df1e6cea128433f9ede461aadf616aa6079
                              • Instruction ID: 3124ac64fbfb83c6607ad04b055eadc0a99765355e40090f61091fd9e194cabc
                              • Opcode Fuzzy Hash: f45db41debc03750bad8ce51cf366df1e6cea128433f9ede461aadf616aa6079
                              • Instruction Fuzzy Hash: 83E092617062128BDB50161D7C987DAE7E5EB98B65F900539FD8CC7304EE619C0AC3A0
                              Function 0565A7FF Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c20a29a1764925219f1bd5167d66fca5b1b4fb806b0deff9008a77e7c68b0314
                              • Instruction ID: c440e052e63ebb4a535fe220fe983db920380765df891877b938ecda998b5cc0
                              • Opcode Fuzzy Hash: c20a29a1764925219f1bd5167d66fca5b1b4fb806b0deff9008a77e7c68b0314
                              • Instruction Fuzzy Hash: 5BF05835805208EFCB45DF94D881BACBBB1EF48321F14C1A9EC5462350C6369A62EB91
                              Function 05658300 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3d6c98e3d9927afdddb5d026d413ba4a67ac3a848b46ef7e17f6a71763b3749f
                              • Instruction ID: 2d0a200244e6f7e5b358283a0088f323c63311744f10c8c441b59faf1c730802
                              • Opcode Fuzzy Hash: 3d6c98e3d9927afdddb5d026d413ba4a67ac3a848b46ef7e17f6a71763b3749f
                              • Instruction Fuzzy Hash: 16F0A075404208EBCB04DF80DC41BADBF75FB08310F248159EC1563352C3729A61EF81
                              Function 06E8115F Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9dcf327c56b029ef013a55c2767eaf631546228a7dea1dff45d59370478cc330
                              • Instruction ID: 8af722b14fbf98ec077463a5720c6ef1bd4f30aa56453b564ad99f127168e23f
                              • Opcode Fuzzy Hash: 9dcf327c56b029ef013a55c2767eaf631546228a7dea1dff45d59370478cc330
                              • Instruction Fuzzy Hash: BAE06531200605DBC7149B1AE848D8BBF9AEFC4765B00D93DF54947211DEB5AC05C7E0
                              Function 056545B9 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c1da467962c02724df5c31bad19dac68af58d4e731eb79fd5a2dccdc5e72555
                              • Instruction ID: 4a6668d12fea23b67f5894a5f5166b00c7f4aeedf5c6d982beba89bb21159bea
                              • Opcode Fuzzy Hash: 6c1da467962c02724df5c31bad19dac68af58d4e731eb79fd5a2dccdc5e72555
                              • Instruction Fuzzy Hash: BEF015B9D44208EFCB94DFA8C88179CB7F4EB48211F1481E9D819E3340DA719E52CF41
                              Function 05657430 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ed9a388653c5d25fc287606bce8e318579bf53293576152d76b95cf0e1f07ba
                              • Instruction ID: faa635518a5c82ea4547e253ddd1f5f6f763e6ed5273eb16654f9a51a3982f8c
                              • Opcode Fuzzy Hash: 9ed9a388653c5d25fc287606bce8e318579bf53293576152d76b95cf0e1f07ba
                              • Instruction Fuzzy Hash: F2F03035585208EBCF05DF90E841B9DBFB6EB49310F148159ED0467350C6329A65EB51
                              Function 05658A25 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: db8e903c6597351a6421d691e148d24fb0a53b264fee4b6e516d5f2f890a2255
                              • Instruction ID: 30aa08c693897d6ce291f0c1b81c914e3d462c72a1ee47d9a803262ad2f15ab1
                              • Opcode Fuzzy Hash: db8e903c6597351a6421d691e148d24fb0a53b264fee4b6e516d5f2f890a2255
                              • Instruction Fuzzy Hash: 89F0CF70A02219DFEB25DF50CD50BADB7B2BF85300F20809A9A497B280CB752E82CF44
                              Function 06EB7679 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b77f46082736afc12af78be8b653fafa25daa8cecd69bed93bb08aef53182d2f
                              • Instruction ID: eec57178b796ee147846c09791c99ab6ca2dce6b37e73931639c5a90a7861e84
                              • Opcode Fuzzy Hash: b77f46082736afc12af78be8b653fafa25daa8cecd69bed93bb08aef53182d2f
                              • Instruction Fuzzy Hash: 40F01474E01118DFEB54DF68E484A9EBBF6FB48300F105169E809AB260DB345D45CF40
                              Function 06EB9F1A Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5f6b825386465aceb8b401b9aa77059ab49fc4a822e0ee08b296c2b1068c0ffa
                              • Instruction ID: 19c25638513d09fcb7134821c5ec9283c5919e5d5dcf7d1918fabe99197f0797
                              • Opcode Fuzzy Hash: 5f6b825386465aceb8b401b9aa77059ab49fc4a822e0ee08b296c2b1068c0ffa
                              • Instruction Fuzzy Hash: 30E0923260061587C7109F4DE440ADA7BAAFB86721F568465FA0A5B241DF71FC82C7D8
                              Function 06EB72C5 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 998dbc3a9f9a261e16f8661c3af4abbc731472d797664ecec6d68f58c74cd20b
                              • Instruction ID: 256ab34e900312af9927b4129681cc52cc97e3430886d58da94200f8f64332b3
                              • Opcode Fuzzy Hash: 998dbc3a9f9a261e16f8661c3af4abbc731472d797664ecec6d68f58c74cd20b
                              • Instruction Fuzzy Hash: E601C474910218CFEB54CF58D849BDDBBB5FB49305F0051A5E809E7290C7749D85CF81
                              Function 06EB8268 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 74b4e0a71ba4ad6b1b7b72f044adb8c40a63cbc7884ea3c565d69065dc3afd16
                              • Instruction ID: baf8ed513c9965a445e17e6075cf055c4be24ed3ebd6cd17d9df9aaee35385f8
                              • Opcode Fuzzy Hash: 74b4e0a71ba4ad6b1b7b72f044adb8c40a63cbc7884ea3c565d69065dc3afd16
                              • Instruction Fuzzy Hash: C9F0F874E44308EFD784DF98D4417EDBBB9EB88214F1085AAD85893350D6725E42CB81
                              Function 0565A8E8 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8ef101579a12b78f4f84f7ca6767fd3939f352171261926a48692699d14059a0
                              • Instruction ID: 6b3d9a262a6921591627a348ab617d954a735cc7baf95bfd81197b9a31058865
                              • Opcode Fuzzy Hash: 8ef101579a12b78f4f84f7ca6767fd3939f352171261926a48692699d14059a0
                              • Instruction Fuzzy Hash: EFF0A0B5C09348AFC705DF94D8406ACFFB8AB46210F1681EADC9493362D2318F42DB91
                              Function 06EB760D Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 66d4b721563086167778a9e980067ad4ebf7b679bd00fb7595c9e8bdede68abf
                              • Instruction ID: 2da2df02dc9535fb54acf8e9798a0d225ea0a0307263d45e4cebbae17d4a2cba
                              • Opcode Fuzzy Hash: 66d4b721563086167778a9e980067ad4ebf7b679bd00fb7595c9e8bdede68abf
                              • Instruction Fuzzy Hash: EFF014B4E10218CFEB61CF54E484AADBBB2FB48300F501159E919B7290C77458448F40
                              Function 06EB6FA7 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 32534ef1ee6948d6723c026d72f70ab7e52d2513ec1421d7c657133284ea69c3
                              • Instruction ID: 8acb32f6c2480e1dc779c242814e2fbc07ae6548e85f5636244fe5b20ac02cc3
                              • Opcode Fuzzy Hash: 32534ef1ee6948d6723c026d72f70ab7e52d2513ec1421d7c657133284ea69c3
                              • Instruction Fuzzy Hash: CFF03774A00228CFDB51CF58E844BEDB7B2FB49301F4011AAE949AB380C7B55D85CF01
                              Function 06EB74CD Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5d3b1c6767d7eac9a4e52c7859948eb9a3600fe43356948dab810e91d9d8762a
                              • Instruction ID: 7c6931c30d6f58ed20408feb834aba3310b9821e439b378fddac24ff654f941d
                              • Opcode Fuzzy Hash: 5d3b1c6767d7eac9a4e52c7859948eb9a3600fe43356948dab810e91d9d8762a
                              • Instruction Fuzzy Hash: 00F0C474A01218DFDB94CF58E494BEEB7B1FB85301F101095E849A7390CB746E8ACF41
                              Function 06EBB410 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0d0f9e54dad7951540b30e87ed54a0aadb6680afa4ca1ae2e4fbc78820f80875
                              • Instruction ID: 41a4d031e788e52a90334df312cd0704d64c58a4e68b680e3ad09d6bcaef0aed
                              • Opcode Fuzzy Hash: 0d0f9e54dad7951540b30e87ed54a0aadb6680afa4ca1ae2e4fbc78820f80875
                              • Instruction Fuzzy Hash: EAF06531E04318AFDB09CF58D0597DDBFFAEB44214F0880A5E40597290EF742A82C784
                              Function 06EB7598 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8908fd2ab075c17040862efa527dd34fc09f4d6ff1a45885549a3bd435fa7996
                              • Instruction ID: 256b48752db9eff6bffc8298a44f1a3e7fcde62fb29301ef251b5b387ad8a556
                              • Opcode Fuzzy Hash: 8908fd2ab075c17040862efa527dd34fc09f4d6ff1a45885549a3bd435fa7996
                              • Instruction Fuzzy Hash: 96F01474E10218CFEB44CF58E484B9DBBB1FB49300F905096E809A7290CB386D44CF41
                              Function 06E81170 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29e8dfd169c2124a21055d45ad56fbcfd320e6e0059bb0bdbae6f96303a1f725
                              • Instruction ID: b29605e6438051702b7efddf897dab54187595d4cba6cecdbbf70a26dad3ca6c
                              • Opcode Fuzzy Hash: 29e8dfd169c2124a21055d45ad56fbcfd320e6e0059bb0bdbae6f96303a1f725
                              • Instruction Fuzzy Hash: 8AE0483130020697C7149A1AEC84C4BFF9AEFC0765710D53DE54A87615DEF4AD05C7E0
                              Function 06EB6CF4 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4c5e9c731eaab5e700cafa8efabe22d86b6e6079fca66205a333d619c0d75016
                              • Instruction ID: 1b97c2d4589a4d96e2d6e2b8e0626a4449c38e151857d06a182119d5cad7292c
                              • Opcode Fuzzy Hash: 4c5e9c731eaab5e700cafa8efabe22d86b6e6079fca66205a333d619c0d75016
                              • Instruction Fuzzy Hash: C2F06D75D01229CFEB54CF59E894A9DB7F1FF89301F0091A6E409E7654D7345A85CF00
                              Function 06EB7880 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eb6ae114869680257dcc61289b36dc3e287548d65d37076751c3397f33bcabcb
                              • Instruction ID: 5af757d9b3b265098c289295bc46d5feab6c9371260fb2332715c112c9f06536
                              • Opcode Fuzzy Hash: eb6ae114869680257dcc61289b36dc3e287548d65d37076751c3397f33bcabcb
                              • Instruction Fuzzy Hash: DBE06D70904308EFDB84DFA8E941799BBF8EB89705F2090A9C848D3350EA329E42C781
                              Function 05658530 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ff894b2116e3c47222f3bc7685441d43c3dac21c4381b66576c61c1cbec9aa2
                              • Instruction ID: 6f2a3ab9f16c614678aa540ef5355da1db59a051faa4ce8bb5e59c3a72f18845
                              • Opcode Fuzzy Hash: 3ff894b2116e3c47222f3bc7685441d43c3dac21c4381b66576c61c1cbec9aa2
                              • Instruction Fuzzy Hash: 60F0D474945218DBDB21CF54DD40BEDBBB2BB45314F208586EE0AB7680C3765E82CF44
                              Function 056561A0 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 06250a280b29de6b9dfe66a6e5ef0430403c1a98ce95f9f742c9074d5a8e0011
                              • Instruction ID: eae751b6050ec59ed1c758821502dc017775fb9afdc4b6b93b827c5fadd3fb79
                              • Opcode Fuzzy Hash: 06250a280b29de6b9dfe66a6e5ef0430403c1a98ce95f9f742c9074d5a8e0011
                              • Instruction Fuzzy Hash: 0AE04875D44308EFD754DFA8D8817ACB7F4EB04214F6441A9DC09D3341E6319E46CB41
                              Function 0565785C Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3424829ff8e50b957e38e063191de3e2539adee9ad9bac43ef72a6114f20115f
                              • Instruction ID: b69f540c937560fa54c642ffdc1c7825d304b42081169935dace5de6f5d865b6
                              • Opcode Fuzzy Hash: 3424829ff8e50b957e38e063191de3e2539adee9ad9bac43ef72a6114f20115f
                              • Instruction Fuzzy Hash: 04F034B0900208DFDF12CF84D884BADBBB2FB08354F104195EA49AB360C7749EA0CF00
                              Function 0565A810 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 482dbf25a6d764afc7f750056280ad898178a94224c0d90cc288c3f9ac209096
                              • Instruction ID: b13e07b3db2b42c99a91e34c0144e60f87d74347c6402f60948caeacbd5ee4ab
                              • Opcode Fuzzy Hash: 482dbf25a6d764afc7f750056280ad898178a94224c0d90cc288c3f9ac209096
                              • Instruction Fuzzy Hash: D4F01575804208EFCB45CF94D840AACBBB5EF48320F14C1A9EC5562351C6329A62EB91
                              Function 0565AF60 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1f752117e5f339acc28346a47fdb889adf8076c1c50e1ca1a5b6bc35a3b656da
                              • Instruction ID: 91bb32f5b4f26a697ebc71f03cd3eed903dff0fff54044c75d64174dfd8ff5e6
                              • Opcode Fuzzy Hash: 1f752117e5f339acc28346a47fdb889adf8076c1c50e1ca1a5b6bc35a3b656da
                              • Instruction Fuzzy Hash: 6EE09A78849348EBDB04EFE4E4417A8BB74FB81310F2082AEEC0517302CB315E42CBA1
                              Function 056586C3 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d9d4aeaa75268e2ff80e4dbd827d9936886dc68f13f6397175379f25656c23f9
                              • Instruction ID: 90dfe67cdf2db68495d665834d08d30dd06d104e50dadf2df17e4047ca6823ca
                              • Opcode Fuzzy Hash: d9d4aeaa75268e2ff80e4dbd827d9936886dc68f13f6397175379f25656c23f9
                              • Instruction Fuzzy Hash: CCF0BC359012299FDF2A9F60D814BDCBBB2BB98300F004499E90E622A0CB751A84DF10
                              Function 05655129 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 955c64ae3ca35e23dae16ed0a2f00fcbaa8dfb07b2cf162f4a7a91acd5249952
                              • Instruction ID: 998615879782b49a3db427de68ef2dcbafb20798e464984862f4dbe1ae8a62a1
                              • Opcode Fuzzy Hash: 955c64ae3ca35e23dae16ed0a2f00fcbaa8dfb07b2cf162f4a7a91acd5249952
                              • Instruction Fuzzy Hash: 47F0E570848348DFCB24CFA4C84069CBFF1EB12321F2082DACC60663A2D3354A82DF05
                              Function 056560E2 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d162c9ffdb4dd12427125ce81eaefc1b1c72adb51b642f9bc6a248a6d7f3a258
                              • Instruction ID: de4bbae38b8fa58c6d1563c1608abbd45b2adbffc02aa9367fad19f3a1fe1c9c
                              • Opcode Fuzzy Hash: d162c9ffdb4dd12427125ce81eaefc1b1c72adb51b642f9bc6a248a6d7f3a258
                              • Instruction Fuzzy Hash: 4FE06534D89308AFCB14CFA8C4457ACBBB4EB09220F1481A9D814A33A2C6349A40DB41
                              Function 05658310 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dcd4b00c3214a166f33adf3ade34a1e2055faf10151762d01a93047220df277e
                              • Instruction ID: 20622155aa4206e7ff45910bde2cee8a197ea34526b625a3e478cb722807092e
                              • Opcode Fuzzy Hash: dcd4b00c3214a166f33adf3ade34a1e2055faf10151762d01a93047220df277e
                              • Instruction Fuzzy Hash: 01E0653590820CEBCB04CF94D840AADBB76FB48310F208199ED0523360C7329A62EB81
                              Function 0565AA80 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 17ea564332b46d6c3c15b497bc4d6bf161d38cb1a5373e790c33f7d392734ed4
                              • Instruction ID: 035bec403dc856205bd2c4ec3bfb3aa4a7ffc461c87a0000fc399c60d9b18b1a
                              • Opcode Fuzzy Hash: 17ea564332b46d6c3c15b497bc4d6bf161d38cb1a5373e790c33f7d392734ed4
                              • Instruction Fuzzy Hash: 93E08675D48308DBD708DBD4D9417ACB7F9EB85311F288299CD0563344DA729E46C781
                              Function 0565B501 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0763df5043beb8d046b51f4cf93c6c803dee4d1c0377b9633d5722798a4bc2f0
                              • Instruction ID: ee81cdbd29cd2c53c89ccc39f580bdb69444a805ce2568e7b6f805091cd02bc4
                              • Opcode Fuzzy Hash: 0763df5043beb8d046b51f4cf93c6c803dee4d1c0377b9633d5722798a4bc2f0
                              • Instruction Fuzzy Hash: 93E0867444A244E7D308DF91E801BB5B76CF741320F14819EEC1A13210D732AE42C791
                              Function 056545C8 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 45e66baa04dedd28071f5f39e0979923ece7aa36d4daae66e27b7aba47aa7c6e
                              • Instruction ID: eefeb59e49a710e82f4a4e1216b753b92787a4e29acce441036f6cab3cc81a96
                              • Opcode Fuzzy Hash: 45e66baa04dedd28071f5f39e0979923ece7aa36d4daae66e27b7aba47aa7c6e
                              • Instruction Fuzzy Hash: D1E0E574E44208EFCB84DFA9D4806ACBBF4EB48210F10C1E9C818A3340DA719E92CF41
                              Function 05655138 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c707a14abc23c5d8848c20a5fb328f07c0fb041abce6d42ff6e14d950df25cab
                              • Instruction ID: a81460180b927297aa216d879de5f5dd902d75eeecfcba4599e2b35a761b4464
                              • Opcode Fuzzy Hash: c707a14abc23c5d8848c20a5fb328f07c0fb041abce6d42ff6e14d950df25cab
                              • Instruction Fuzzy Hash: 1DE06570D44308EFCB94DFA8C44469CBBF4AB08310F1081AAC815A2350E2348A80DF41
                              Function 05651071 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b8e5fa1ba4fc9a1408c63b12ead52e0bea15080bc6d698449d68c63a9a0cd97d
                              • Instruction ID: 3ba7430e0bbd991eeeb0a34827a07c9363aa0cd62170a7eac1aeea2098e28620
                              • Opcode Fuzzy Hash: b8e5fa1ba4fc9a1408c63b12ead52e0bea15080bc6d698449d68c63a9a0cd97d
                              • Instruction Fuzzy Hash: 61E08638248240DBD718DAA4C551BB87771D746214F148698C81987351CA339D43CB41
                              Function 05655A6A Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fbe2e214614aef69833bb668777afb2ecfaf340fc9b8340dd89de4fda654633
                              • Instruction ID: 0026761997433e8099b61c94a9d40ba54c20f9123987ee125af29ef7fbab250b
                              • Opcode Fuzzy Hash: 6fbe2e214614aef69833bb668777afb2ecfaf340fc9b8340dd89de4fda654633
                              • Instruction Fuzzy Hash: 37E02634808308EBC704DFA0D886BADBBB8EB45310F14C1A9CC0563340DE329E42C741
                              Function 06EB8278 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 082bb756a39e9e20865e8aa9a8ae511e8316b81bf7bc071361bd06470e859940
                              • Instruction ID: 731268676d1419853641aa9a5591a552ccb2dec98c508c2385aa7910d7c3d49e
                              • Opcode Fuzzy Hash: 082bb756a39e9e20865e8aa9a8ae511e8316b81bf7bc071361bd06470e859940
                              • Instruction Fuzzy Hash: C2E0E574E04308EFDB94DFA8D4406ADBBF8EB88304F10D5A9C818A3340D6319A42CF81
                              Function 05655408 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f19238520aa9775eeec267da2632cbe6219bd2d65ba076ff9cadd29c6ce45e37
                              • Instruction ID: 17601b83b69b3dcd1f05b26c8c2895e1d44e565da772cbf76e5b584be6b847a9
                              • Opcode Fuzzy Hash: f19238520aa9775eeec267da2632cbe6219bd2d65ba076ff9cadd29c6ce45e37
                              • Instruction Fuzzy Hash: 35E08635649244DBD329CB64C545BA87B70EB55325F64869CC8194B351CA329D43D741
                              Function 05655FCA Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6f3bbbde92a15f5e2fb2e1b8d576e0798db020c28aebd1387aa5893944c13040
                              • Instruction ID: 7531237c21a733f01ca518480f8bb9402bbf8a00dd28c31ccb94729fd85130bd
                              • Opcode Fuzzy Hash: 6f3bbbde92a15f5e2fb2e1b8d576e0798db020c28aebd1387aa5893944c13040
                              • Instruction Fuzzy Hash: F2E02630845348ABC744CBA4C88276CBBB4EB44211F5481A9DC1593380D6359E42CB41
                              Function 056586A9 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 297b374c877e16369f3994fe299284ede45dd6710e69f06122acf350fb06bdfd
                              • Instruction ID: 18f83e33a3c93cb8ccf69bf4b2078f5ca7d293ea97a34f2d072a1733dc706f1c
                              • Opcode Fuzzy Hash: 297b374c877e16369f3994fe299284ede45dd6710e69f06122acf350fb06bdfd
                              • Instruction Fuzzy Hash: ADF0923494622CDFDB61CF10C944BECB7F6BB49315F109299C80967791C7799A86DF10
                              Function 0565A8F8 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9dbad521de4d35756d67432bd624251811cd928b30ca389a5b178a0044c19b94
                              • Instruction ID: f455419c04fce7eff80bca3c7327ba7520c98e7941017730e6aa62be30cf6c64
                              • Opcode Fuzzy Hash: 9dbad521de4d35756d67432bd624251811cd928b30ca389a5b178a0044c19b94
                              • Instruction Fuzzy Hash: A1E01A74D48208EFCB48DF94D440AACFBB9EB49311F15C2AADC5463351D6319F52EB85
                              Function 06EB7468 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a0e09b723704ced56d06713dce9f68fa06e92d06076318a9050826353fa51101
                              • Instruction ID: 038ad6c9c2df16b71db52de655a97b664316f33ad3c1951871dbe07176e41e05
                              • Opcode Fuzzy Hash: a0e09b723704ced56d06713dce9f68fa06e92d06076318a9050826353fa51101
                              • Instruction Fuzzy Hash: 82F01C749103558FE751DF68C868B997BB6FB89300F011296D809E7254DB301E45CF50
                              Function 05653590 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 344ced11e98de7cca28a2beb7c0eb0f82f1f66b864b43046b770b30507ce9445
                              • Instruction ID: 03a0892290b118b66a80389d20052a70227441e733ef67b08b39d6228ca2f36a
                              • Opcode Fuzzy Hash: 344ced11e98de7cca28a2beb7c0eb0f82f1f66b864b43046b770b30507ce9445
                              • Instruction Fuzzy Hash: B6E01235A442499FC714CFA4D5916ACBFA1DF45214F2484DED85987381D6369E07C781
                              Function 05653EF1 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c52f8f2bbda3090819f32b8bebe07d1920d2cb3d9f35c4f9ca3b3b45d42722d1
                              • Instruction ID: 023a31e19a42d9bedc0bd827a114a338c3759ddce1d5a7dc19ad3fe323cda416
                              • Opcode Fuzzy Hash: c52f8f2bbda3090819f32b8bebe07d1920d2cb3d9f35c4f9ca3b3b45d42722d1
                              • Instruction Fuzzy Hash: 63E0D6B2A0138CCBCB00EFA8D50978DBBF0AB08209F0004BAC808D3210EA718E08CB42
                              Function 056551D0 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b1053471060c04718c60501e628daf927495ce317ab5336c7a8d955e750b3771
                              • Instruction ID: 34977ed5592d1d58fbd45558d4a3a54f43bc775a5ddaca1d41318d896e077973
                              • Opcode Fuzzy Hash: b1053471060c04718c60501e628daf927495ce317ab5336c7a8d955e750b3771
                              • Instruction Fuzzy Hash: 14E08C70889308EBCB58EFA0D804AACBF75FB05310F2081A8DC0526750D7318B90EB81
                              Function 0565B8BB Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9df44af59ba6210c7ddd22a4940ecd5c59d96859c51597e0d0deb2a99dfdf8e0
                              • Instruction ID: 2cd968d247e2e2ebe70b98ec51559bf7a6b1e9e4a62e8f5077e56cec4d573153
                              • Opcode Fuzzy Hash: 9df44af59ba6210c7ddd22a4940ecd5c59d96859c51597e0d0deb2a99dfdf8e0
                              • Instruction Fuzzy Hash: FCD05EB24CA309EED798DBA4E842B79736CEB42310F1076AACC0662370D6704E80D749
                              Function 06EBD440 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fa967e594139831c7e47e80335fa81cb8af4764cd6c22dfbfa44ede5baab888e
                              • Instruction ID: c2062eeae7e7d50edb1d8a6f89ac77566f2c6be066567e24c737b3603c428ea6
                              • Opcode Fuzzy Hash: fa967e594139831c7e47e80335fa81cb8af4764cd6c22dfbfa44ede5baab888e
                              • Instruction Fuzzy Hash: 42D02B306503049FDBA527A48C007E3339C9F05634F2034B5DB159F280D5A1FC02C3A1
                              Function 06EB8C21 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 32fbd9ffcc5f8bb4c97baccd80d09be7aa7d53dda8c80f69df44753478c6829b
                              • Instruction ID: 21db174ee7543f3b46e18a95d89967b3159322c84ae21a2dd4bf85b8307c2a88
                              • Opcode Fuzzy Hash: 32fbd9ffcc5f8bb4c97baccd80d09be7aa7d53dda8c80f69df44753478c6829b
                              • Instruction Fuzzy Hash: 17E02630E41308EFEB05CB74EE41AAD7FB1FB89301F00809AED09DB240DA706E05AB40
                              Function 06EB6543 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6a703b6c5fb21567dd2b29a0ba60e0006b58b1b620efb6f074a26b8b149aa3b1
                              • Instruction ID: 1cb95940731f5442ea8fac9b85e624ca00301e26f9e887e48b751584a0f7b561
                              • Opcode Fuzzy Hash: 6a703b6c5fb21567dd2b29a0ba60e0006b58b1b620efb6f074a26b8b149aa3b1
                              • Instruction Fuzzy Hash: 73E08670C4630CDFC784EFB4D44579DBBB8A704201F1051A49C08E3314DB305A94CB45
                              Function 06EB7890 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21ab920e44278fa02d162aa2fd10ef26e2b2dd3d842256bff7bd86259b4fd054
                              • Instruction ID: 0d3752d793af4f55e8fb74fca94c222ac5e4143adda4eee92748fb2488d0b46c
                              • Opcode Fuzzy Hash: 21ab920e44278fa02d162aa2fd10ef26e2b2dd3d842256bff7bd86259b4fd054
                              • Instruction Fuzzy Hash: C6E0EC74D15318EFCB84EFA8D9857ADBBF4EB88214F2491A9C848D3351E6719E81CB81
                              Function 05655418 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: bf79b05036bf9c482a4cc475f7dc8b68953e72c515f24d2020a3da956338ef78
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 73E0C234948308DBC708DF94D444AACBBB8EB45311F60829CCC0923350CB319E82CB81
                              Function 0565AF70 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: c5bff09862860ba7d8be46165bb9ef19358f4fff5c27c1cb42f90de3f01bc90b
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 2AE0C274948308DBC708DFD4E440A6CBBB4EB45311F208298DC0923340C6319E42CB91
                              Function 05653F00 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd5098d7d019bf107e318804c84e7d99023314e56fbf26c74f6006b604310e85
                              • Instruction ID: 059aa5097b6aba56f8e99c763cd782d37f3285b5e60faf55b4c853c652a3bd0a
                              • Opcode Fuzzy Hash: dd5098d7d019bf107e318804c84e7d99023314e56fbf26c74f6006b604310e85
                              • Instruction Fuzzy Hash: 59E0C27154134CDBC704EFB8C40864E77F99B44200F0005A5CD04D3310EE714E04D793
                              Function 056509E8 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: 69b737ce4d2bfd94ab4db0500f7488992f7245680060c79aff35875fa14ec2ca
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 4DE08C34949308DBC708DFA4D445A6CBBB8AB45320F208198CC0823342DA31AE42CB81
                              Function 05651080 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: fbfb47c9b662d36ef555e86ef506201ee654b273974f298bb44b64805137db3b
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 3DE0C238948308DBC708DFA4D450A7CFBB4EB46310F208198CC0823340CA329E43CB81
                              Function 05655A78 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: a7abc9482d0b7d45b85b888572d3eabd78007b0d119c77d981f5529011f16918
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 2FE0C234948308DBC708DF94D485A6CBBB9EF45310F20C19CCC0927340DA329E42CB81
                              Function 0565AA90 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction ID: 7f475a13f60616d841223c55ab715a8c24b0edea45868c1aa3fd0294c40367e5
                              • Opcode Fuzzy Hash: f10941c5f8fa9e12caa32ee8e8328b680e57311a25f3ef3d7f7feca5c38f9b43
                              • Instruction Fuzzy Hash: 0BE0C234948308DBC708DFD4E540A6CBBF5EB85311F208298CC0923344CA319E42CB81
                              Function 06EB6548 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3b898a9a0e2204d53c16da8dc3d8fca921a48d002f693e316127780957592b6a
                              • Instruction ID: 83b7b1415a8eab1e5d901177455a0b660c3875665b734b453d8fde72bf88f441
                              • Opcode Fuzzy Hash: 3b898a9a0e2204d53c16da8dc3d8fca921a48d002f693e316127780957592b6a
                              • Instruction Fuzzy Hash: DFE08CB0C0630CDFC784EFA8D44569DBBB8AB04200F1051A89808A3214EA305A90CB45
                              Function 06EB7848 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1f253511a13c649d8a389e8e61e2cb3aedcc6bda2524216d460d7a04eb82790e
                              • Instruction ID: 8c6b1f4d6f59ba7c5e4bf9179991e5d248a873d7d3c7cefd9b6578af63a254a8
                              • Opcode Fuzzy Hash: 1f253511a13c649d8a389e8e61e2cb3aedcc6bda2524216d460d7a04eb82790e
                              • Instruction Fuzzy Hash: 0CE0C27194134CDBCB44EFB8840868E77B9DB44200F0115A5CD44D3250EE718E04D793
                              Function 03145628 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c32f47fbfd8b6367af075b161d64feef2a7c4737f1cfc7daf33dd15e9b632326
                              • Instruction ID: 54915624123f8e9776bfcc3866ae932d1268aa5079081f6be269f615aaaed3b1
                              • Opcode Fuzzy Hash: c32f47fbfd8b6367af075b161d64feef2a7c4737f1cfc7daf33dd15e9b632326
                              • Instruction Fuzzy Hash: 47E0C274C043488F8F50DFB854681A97FF0AB0E105F0845E5C8EAD220AE7304902CB83
                              Function 056535A0 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction ID: 837c548541a54aa16303c5cd97b6de1a43b39397721d9a645029826223121d0c
                              • Opcode Fuzzy Hash: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction Fuzzy Hash: 0FE0C270948308DFC744DFA4C45076CBBB4EF05211F1481D9CC0957341D6319E46CB81
                              Function 05654C00 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction ID: 8e469e3b2bc5cf61985cb48683457f223122a70e2a0871cd94258ce6c7737673
                              • Opcode Fuzzy Hash: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction Fuzzy Hash: BEE0C270849308DFCB44DFA4C44066CBBB4EB45211F1481E9CC0853341DA329EC2CB81
                              Function 05655FD8 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction ID: e52732a702614cbe9a626bd5b7684b8bf7d75f512d741a6ea0f4cc83f5ccd4dd
                              • Opcode Fuzzy Hash: 3c493f8afd34631a450750317fa44a5d54c1e94eed75bd11bfe892cdebb40436
                              • Instruction Fuzzy Hash: 85E0C230848348EFC794DBA8C44466CBBB4AB05210F1481D9DC5A53341D6319E42CB41
                              Function 06EB87D0 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d7f9ec14888ba80ebacabe4d2203c07c8e4bf0b36ec76f97981a83f02b4b37c
                              • Instruction ID: 56575d94b650b5c3652b04ab730dc12ee8b9b77b51718f2d7224b1b7a88fe0c4
                              • Opcode Fuzzy Hash: 9d7f9ec14888ba80ebacabe4d2203c07c8e4bf0b36ec76f97981a83f02b4b37c
                              • Instruction Fuzzy Hash: FAE0DF30A09248DFDB01CFB4EA5298DBFB1EF4A304B10819AD80CE3252DA752E09DB41
                              Function 06EB8C30 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b0c0cbae1c977c8bd1c6e4f01774a553909edf149a1e65169f96d955abf944ab
                              • Instruction ID: 8d21be462c3b931f424f4808c1ea8dccbc3e53f77edcceff3b03969402de5211
                              • Opcode Fuzzy Hash: b0c0cbae1c977c8bd1c6e4f01774a553909edf149a1e65169f96d955abf944ab
                              • Instruction Fuzzy Hash: 9AE01230E0430DEBEB44DFB4D9416AEBBBAEB85241F5085A9D909D7341DD716E05A780
                              Function 0565B510 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c75a35ac3a20291432686c33b53ad5a5a31bba7a15e672ae2a594026fa3b4a7
                              • Instruction ID: da45025d98151da550379c20c4c785f8bc426d8b867449ed8122b9125b4ea70e
                              • Opcode Fuzzy Hash: 6c75a35ac3a20291432686c33b53ad5a5a31bba7a15e672ae2a594026fa3b4a7
                              • Instruction Fuzzy Hash: B0D05E7054A208DBC748CE94E840B78F3ADEB46324F14919C8C1A53361CA729E42C741
                              Function 05658C83 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 044e81b492c4fead49583cbeae3291413eb2c7e5d21a22b94ee81e10e6360eb9
                              • Instruction ID: 99df8b7c3a58717e1c71c492c17831ab558528b7ce5d26b5dd27b8049cc94952
                              • Opcode Fuzzy Hash: 044e81b492c4fead49583cbeae3291413eb2c7e5d21a22b94ee81e10e6360eb9
                              • Instruction Fuzzy Hash: 3DE01275D402298FEB21CF10DC09BE8BBB1BB08305F0045DAEA09A2280C3B81FC4CFA0
                              Function 06EB6E9B Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d9abb8357f81c0394a77b8d63ff7ed6a664bd5b46da541d7cba51784d138382
                              • Instruction ID: 95560c4130e9b45cf77897ad701f0999676029c9e94c6d46e9fe01ff34cb55ac
                              • Opcode Fuzzy Hash: 4d9abb8357f81c0394a77b8d63ff7ed6a664bd5b46da541d7cba51784d138382
                              • Instruction Fuzzy Hash: 2FE01AB4900255CFDB64DF24D849BAABBB6FB4A305F0081A5990EA3764EF345E85CF40
                              Function 06EB87E0 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cc605dbab57b494a6f19035e3eca275d3188f33a1d25e14a46c6dd41958fac28
                              • Instruction ID: b18cfc375ec6c41cbabae516a07d1c51bbf35ec59c1e0a54fe7b40403455582c
                              • Opcode Fuzzy Hash: cc605dbab57b494a6f19035e3eca275d3188f33a1d25e14a46c6dd41958fac28
                              • Instruction Fuzzy Hash: 07E01230A0110DEFDB44DFA4D54169DBBBAEB49300F108199DD0CD3701DA716E019B91
                              Function 06EB773D Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6639890eddcf0556945d174668d0e079fb9f538aea7153228770637f9db0e61
                              • Instruction ID: 6db0880983024e82665ad647ded95765e097bfd2660b1392d9a20f9424068d65
                              • Opcode Fuzzy Hash: e6639890eddcf0556945d174668d0e079fb9f538aea7153228770637f9db0e61
                              • Instruction Fuzzy Hash: BCE0E574914218CFE764AF64E859F9DBBB6FF45301F00509A980AA7264CB305E81CF95
                              Function 056584D7 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: abf2a6309cabd796ae092bd5d7e1563c538d32e66ccefdc6c7dd7a9e2492c6a6
                              • Instruction ID: 54a77a69afea2e81257c6f0baf6a0580c5b0b2645fb9e5ed1137aaac201473cd
                              • Opcode Fuzzy Hash: abf2a6309cabd796ae092bd5d7e1563c538d32e66ccefdc6c7dd7a9e2492c6a6
                              • Instruction Fuzzy Hash: BDE09274A45218DBDB21CF54DD50FADBBB2AB49310F20808AEA09B7381C3766E82CF50
                              Function 0565B8C8 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cda03ad5920b0d6f74992fc1cca3c66408679d520cb0a86d077af58cab20744e
                              • Instruction ID: d46bade2494e6f27456fb302f89a46553fcf6632b395390689c2d9ca2ba0f6fa
                              • Opcode Fuzzy Hash: cda03ad5920b0d6f74992fc1cca3c66408679d520cb0a86d077af58cab20744e
                              • Instruction Fuzzy Hash: B6D0C9B148B3099BC798DAA5A402B6976ACD702220F10669AC80A232609A715E40D75A
                              Function 06EB76E3 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3d4a7a0bb2424121b56aba8df6c07b6a0192c5e4789dd98c16f40ef80402de74
                              • Instruction ID: 28a01ade7a9d5bc27bd4aae044feee83e956e8475c056e09a3a7c0c1bd3029f8
                              • Opcode Fuzzy Hash: 3d4a7a0bb2424121b56aba8df6c07b6a0192c5e4789dd98c16f40ef80402de74
                              • Instruction Fuzzy Hash: F5E01A70E10219CFE794DF65E865B9DBBB6FB44300F104099980DA73A8DB302E458F10
                              Function 06EB6EFB Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9791cbd87b16aa56844a3e48055fcf28e6a4eeb817d40b15db221bf856d11fe0
                              • Instruction ID: 23a8c50401da9e91902f025ac719634ab43c3717062a631d2ef25909c31c697f
                              • Opcode Fuzzy Hash: 9791cbd87b16aa56844a3e48055fcf28e6a4eeb817d40b15db221bf856d11fe0
                              • Instruction Fuzzy Hash: ECE0E5749103198FD7A4DB64D8947AABB7AFB84300F008099990DA33A4CF301D89CF45
                              Function 06EB6F51 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ac7a5d4d170d7d6edab8d968ff1e5947356a7fe1efdbe06a22ff4da82d50c40
                              • Instruction ID: 1ec2d0c553c6e1314d26a7f1d4ea3b123010e93017c8233022b10e508e9df38f
                              • Opcode Fuzzy Hash: 9ac7a5d4d170d7d6edab8d968ff1e5947356a7fe1efdbe06a22ff4da82d50c40
                              • Instruction Fuzzy Hash: 42E0EDB0A00319CFEB649B14D454BAEB775FB85300F004195A84AB3654CB701D448F61
                              Function 06EB740A Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ff482d78a605a39e19b3bae15ba9e9158efb2c1399e2f4d466f44b1d41214e78
                              • Instruction ID: d6c8938255931ea587371b281808e66012e4b8f71e0b4ba5fb27d921daf61d87
                              • Opcode Fuzzy Hash: ff482d78a605a39e19b3bae15ba9e9158efb2c1399e2f4d466f44b1d41214e78
                              • Instruction Fuzzy Hash: 0EE0E5749003188BDB55EF64D8443EEBBBAFB89300F404199990AA3394CB702D448F91
                              Function 06EB701C Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7c6801aaeed77a61c3766d4412f6fe4ad26df359eeedb44e559cb7601681d67f
                              • Instruction ID: a8c827d8323eafd2f1ff29f112cc0fe97cda3fcf2913ad23f297ba05d1e9e4f7
                              • Opcode Fuzzy Hash: 7c6801aaeed77a61c3766d4412f6fe4ad26df359eeedb44e559cb7601681d67f
                              • Instruction Fuzzy Hash: E4E01AB0A11118CFDB96DF98D8A869DBBB6FB55304F400058D909B7394DF702C048B00
                              Function 06EB7163 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 57df401d44f68fe6c528c2e990cad2dc853def390acd549fc8ee846f381548b9
                              • Instruction ID: abc08276155bb601e7a4e91f8670daf83d919376c7bf64f07fa3dc4567e75004
                              • Opcode Fuzzy Hash: 57df401d44f68fe6c528c2e990cad2dc853def390acd549fc8ee846f381548b9
                              • Instruction Fuzzy Hash: 1EE01A709003198BDB54DF14E8547ADBB76FB99300F0041999A0AA7394CB701F44CF81
                              Function 06EB77F7 Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fe7d8c902704855e5c9d8fadd3aa209b60ce1133e1f156053f4e1fd5ccd98ca8
                              • Instruction ID: b493f16c0b3f9ebc3e3ee959cc58357b6da96530dfe063b881487c6f9c7b07c5
                              • Opcode Fuzzy Hash: fe7d8c902704855e5c9d8fadd3aa209b60ce1133e1f156053f4e1fd5ccd98ca8
                              • Instruction Fuzzy Hash: 87C08C2211D3ADDD6FD29940C4028FB3355EBC510030036E3C81A5BC20AA114B10DBCB
                              Function 06E82BEA Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b7cb6dbee2b4af441544e33bf15e5cf81d7c1741e2603f32380a7ac1bfd76a9
                              • Instruction ID: c164de8089d2870ed39ad8ec15cddbafe6dd39a1aa08c2cdc1b7867bb63a46db
                              • Opcode Fuzzy Hash: 0b7cb6dbee2b4af441544e33bf15e5cf81d7c1741e2603f32380a7ac1bfd76a9
                              • Instruction Fuzzy Hash: 29C080347006034FAB55DA3DF51015B3BE69FC87043109628E40ACB744FE34FD064B80
                              Function 03140842 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1cee35556a6fb17ea0911f309cd98583b2bd121909670bcaabc9e54e233e4b94
                              • Instruction ID: 37c4b0df407469e70623213ef62352b57e1e195fc31f59f41a84af0ce390f3a4
                              • Opcode Fuzzy Hash: 1cee35556a6fb17ea0911f309cd98583b2bd121909670bcaabc9e54e233e4b94
                              • Instruction Fuzzy Hash: 73C0122000C7899FEF02133028682687F289E4F11230D4AC7D189DA9ABCB04A88087A2
                              Function 03145638 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e8c6e2ebae99473ed273be5a680427c9588c3b7920c1985455a94f925142784
                              • Instruction ID: 439b2df757dba459c5779367680cf5d44687c17e2cb6964c652c3235325a74d0
                              • Opcode Fuzzy Hash: 7e8c6e2ebae99473ed273be5a680427c9588c3b7920c1985455a94f925142784
                              • Instruction Fuzzy Hash: 47D0C9B0C0530CDF8B80EFB8950516EBBF8BB08204F1045AAD81EE3205FB3046118B92
                              Function 05656138 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8f51c27592f06ca2bdc23a5fb812bf087bffaf9bc3cf6745599947815355f175
                              • Instruction ID: cfc12193d937d71252ef33b422e3c9217a6c670a46c234aeb58722e7da27c743
                              • Opcode Fuzzy Hash: 8f51c27592f06ca2bdc23a5fb812bf087bffaf9bc3cf6745599947815355f175
                              • Instruction Fuzzy Hash: 14C02B320CE30983C738574DE00C731739C930723BF841D149C2E025238AF04480C31A
                              Function 06EB0399 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 603ffc0e201265d4672a707970bfd88c2cb33d0396e39eb3959ffcd2c63cbc3c
                              • Instruction ID: cc984021f4f64dd63c6fd17f2cb42dcf95811c4be4d25f74afe62765e6ebe160
                              • Opcode Fuzzy Hash: 603ffc0e201265d4672a707970bfd88c2cb33d0396e39eb3959ffcd2c63cbc3c
                              • Instruction Fuzzy Hash: C2E0E27490022ACFDB65EF24D854BEABBB1FB48305F0092E99909A3240CF706E81CF40
                              Function 056527A4 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 889e322f1f5d7efefd49ac3e434ce7374c3df4b5b9c9b443a6886d361f6283d0
                              • Instruction ID: 7ccd08facafa8d19a8a2d2f7d83b53cb22c9e2b8251f35f0a68a89b1c82ec237
                              • Opcode Fuzzy Hash: 889e322f1f5d7efefd49ac3e434ce7374c3df4b5b9c9b443a6886d361f6283d0
                              • Instruction Fuzzy Hash: 44D0A774C04258CBE710CF20D81476DBFB5FB41340F00419AC95997284EB381E85CF20
                              Function 05658C08 Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ffecfeaa359e7b8699f0f7b6897e3c51e4ca3595362482c472fa516a58ed945f
                              • Instruction ID: bda5be3d70bd47249dfb60695b07aaf95663cbad9d3f46dea4eef3afc1bc37ce
                              • Opcode Fuzzy Hash: ffecfeaa359e7b8699f0f7b6897e3c51e4ca3595362482c472fa516a58ed945f
                              • Instruction Fuzzy Hash: BFD0C9709442298BDB64DF54C84479DB6B5BB48310F1082D4C82CA3305D7300E89CF40
                              Function 06EB6D4F Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ed5d4c3bdc42a82e2b5c54e8da7765098c60a10b3995741552cd8a4918355914
                              • Instruction ID: b3826384952b47580c0ee82712528e63f9a6311c523e47d86d93f736682d2e64
                              • Opcode Fuzzy Hash: ed5d4c3bdc42a82e2b5c54e8da7765098c60a10b3995741552cd8a4918355914
                              • Instruction Fuzzy Hash: B2C01230140324DBEF244A24E09499E3370FB0A302B402806E003E5880C73684048F82
                              Function 031427E3 Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ad26830f305dcc2c824c18bdc52e7a504a4386e0f82485a3e3b86ed6ca69366
                              • Instruction ID: c6052643c802a5d62daa63da755dba558b404b0a7bf7545c1b8ad221c5572ad0
                              • Opcode Fuzzy Hash: 9ad26830f305dcc2c824c18bdc52e7a504a4386e0f82485a3e3b86ed6ca69366
                              • Instruction Fuzzy Hash: FAC012B8300005CBCB14CB48F8488C87725E7C83A47908139C90402424CB783E1E8B40
                              Function 06EBA0A0 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 65a3ecfe462a4c9fc012769b7fdd6201d6c1de16dd6b96c2bac0af416d46de91
                              • Instruction ID: 030452f88c3ab18206bde620b48c8e416e967cc25eb1ce1cdc9e82b76959f51b
                              • Opcode Fuzzy Hash: 65a3ecfe462a4c9fc012769b7fdd6201d6c1de16dd6b96c2bac0af416d46de91
                              • Instruction Fuzzy Hash: 83C04CA26993805EEB065B605D1B7443F355B15B01F1450C6BA459E5D2DEA124048365
                              Function 06EB713A Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a84f6f546052e4416b1d2b01a0c6e9ba0008060988e5c4643b4438aef8714bc2
                              • Instruction ID: e5c1b889b04e58f87ed5f7ccee3f3aaab4595916243cacdc8c9931eee72370eb
                              • Opcode Fuzzy Hash: a84f6f546052e4416b1d2b01a0c6e9ba0008060988e5c4643b4438aef8714bc2
                              • Instruction Fuzzy Hash: C6C08CB0500201CBE3045B50E05867F3B26F741300F001004A802261E8CB741E45CA80
                              Function 06EB7111 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7817bbe3c9e90a589a0ff5ab6a6ccce7ba2f15d13955fc757bdcbe93323814e6
                              • Instruction ID: 361892bbd4ddc3301365104ad4e7771f1a8a9faf6fac91fa1900cf1bcd8e5727
                              • Opcode Fuzzy Hash: 7817bbe3c9e90a589a0ff5ab6a6ccce7ba2f15d13955fc757bdcbe93323814e6
                              • Instruction Fuzzy Hash: 5DC08CB05101048BE3055B50E4186AB7B6AF741300F0061085502261A8CB340C068A50
                              Function 03145654 Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 653caff38238c74e0e9d09457e74a935340e574d8e50e9665df55dc7edfc8e2b
                              • Instruction ID: 8deee515afadae6739dac6282b9861e7ead6e0e83215337a600b89726690f248
                              • Opcode Fuzzy Hash: 653caff38238c74e0e9d09457e74a935340e574d8e50e9665df55dc7edfc8e2b
                              • Instruction Fuzzy Hash: C4B0123004D10CC3462C896034140383E16D38B1153020286E80B88155DF4104600E97
                              Function 06E82BC8 Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d46d7e9a647727f6057f9c82e66e254b8629daa1653420819eab45231be2368
                              • Instruction ID: b7bbe0cca867e26cdd2c2cdfc215933e7fc7fe4e2eedbcc457086fe9a96aa870
                              • Opcode Fuzzy Hash: 6d46d7e9a647727f6057f9c82e66e254b8629daa1653420819eab45231be2368
                              • Instruction Fuzzy Hash: 8DA012144066C3C789020630153E4C36F34CA0719123004C0CC4017A0312050216D275
                              Function 06E82BC0 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773381115.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: true
                              • Associated: 00000000.00000002.2772007007.0000000006D90000.00000004.08000000.00040000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6d90000_SecuriteInfo.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 06b2df6f50253e1ff142911bf417c603b8b2b67092a83d48bcc7217e3d3953b0
                              • Instruction ID: 3b549511d505b30bbfd4618ad442036b8f15d673e014c92d2e7abace92e08142
                              • Opcode Fuzzy Hash: 06b2df6f50253e1ff142911bf417c603b8b2b67092a83d48bcc7217e3d3953b0
                              • Instruction Fuzzy Hash: E9A0122840A3C1CD9B811A2041080C62920584338023000C5C2840F20541010201D7B6
                              Function 03140850 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2737932435.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_3140000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 153dcac5045cbd87dcde77c7d1f5bbd7999df4de93ca0891ba44acc5f722661c
                              • Instruction ID: 4ce9926a89f96b7d4412217770f1fdb2473ec88098645628eabf0cf0a8030797
                              • Opcode Fuzzy Hash: 153dcac5045cbd87dcde77c7d1f5bbd7999df4de93ca0891ba44acc5f722661c
                              • Instruction Fuzzy Hash: 3490223000830C8B800023803C08008330C80000203800000E00E008000A0028000288

                              Non-executed Functions

                              Function 06EB599B Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: P$r@6
                              • API String ID: 0-3407898764
                              • Opcode ID: 419465dcf82a15d6a1e13db151f28dc578e64f5d856eff45066f775217e19163
                              • Instruction ID: 37f0ea0c30fae81bbba0b4ac6e5939f70b56e0311c40d65d88895c4b08257eb7
                              • Opcode Fuzzy Hash: 419465dcf82a15d6a1e13db151f28dc578e64f5d856eff45066f775217e19163
                              • Instruction Fuzzy Hash: B5614974E052698FDBA4CF68C984BCDBBF1BB48314F1485E9D549E7202D730AA99CF01
                              Function 06F179E8 Relevance: 1.6, Strings: 1, Instructions: 354COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2774167637.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6f10000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: \Vm
                              • API String ID: 0-711957416
                              • Opcode ID: 13fa83349cbf2a73231f65f18bed2cd561fc3b2f91a26ce516fd38a9533d5e5e
                              • Instruction ID: f585b9d9d2040c8376c082cbfd1cbea12b76dd560e1d5d9ab79f99e4ff071da1
                              • Opcode Fuzzy Hash: 13fa83349cbf2a73231f65f18bed2cd561fc3b2f91a26ce516fd38a9533d5e5e
                              • Instruction Fuzzy Hash: 61E1C470D00219CFEB64DFA9C884BDDBBB2BF49340F1095AAD809AB250EB745A85CF55
                              Function 05655448 Relevance: .3, Instructions: 255COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c5ec3e494a89d47ab1cf54c7e2454747296af137ab9d2ee1db3e0a604d3e87e6
                              • Instruction ID: 560ff43b3692b360b02b30d870e0d297f67f263e3b30d914744659ae16e7fdbb
                              • Opcode Fuzzy Hash: c5ec3e494a89d47ab1cf54c7e2454747296af137ab9d2ee1db3e0a604d3e87e6
                              • Instruction Fuzzy Hash: 10B12974E44258CFEB14CFA4D888BADBBF2FB59310F109169D80AAB394DB745986CF00
                              Function 0565AFA0 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e55c19b7620fa603ac0b25fcac107b014fa31ca06e5657a062d291e6b18e5d1
                              • Instruction ID: b9447d588fc8c4ed760e73368adf4e55bbe9d6880b10c059dd63274522901ea2
                              • Opcode Fuzzy Hash: 7e55c19b7620fa603ac0b25fcac107b014fa31ca06e5657a062d291e6b18e5d1
                              • Instruction Fuzzy Hash: 4CA1E670E45208CFDB54DFA5D484BAEBBF6FB89310F609069D81AA73A1DB345986CF10
                              Function 0565AFB0 Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b60fbe6d866c782b5d78c4c8a8e5766c8805ae3fcb208d3ce00e908e7c74e5ea
                              • Instruction ID: 62cdf920b169a1ca619d9e3b604ed02ba09b76dbd7dbf17aeb3e50847bf8c8d4
                              • Opcode Fuzzy Hash: b60fbe6d866c782b5d78c4c8a8e5766c8805ae3fcb208d3ce00e908e7c74e5ea
                              • Instruction Fuzzy Hash: BAA1E670E45208CFDB54DFA5D484BAEBBF6FB49310F509069D81AA73A1DB345986CF10
                              Function 05655458 Relevance: .2, Instructions: 244COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ffe894065aa2c37467796ddb87400d01d7ec606e2ac18fc148af700729046e98
                              • Instruction ID: 97670ea2f193f405fec2e7eccdacfa3864c6e2471143739997b023c6341216a0
                              • Opcode Fuzzy Hash: ffe894065aa2c37467796ddb87400d01d7ec606e2ac18fc148af700729046e98
                              • Instruction Fuzzy Hash: 0AB12974E44258CFEB14CFA4D888BADBBF6FB59310F109169D80AAB394DB745986CF10
                              Function 06EB82F0 Relevance: .2, Instructions: 238COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2773604273.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6eb0000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1530f10392dd8a33beda9070c2cda5f98a60a72f2d6abb33a4fd1bb4c376bf1e
                              • Instruction ID: 1669b48df0270b9bc9b8738f186d3f47b1dc6cd3039a72296acf889c247bedec
                              • Opcode Fuzzy Hash: 1530f10392dd8a33beda9070c2cda5f98a60a72f2d6abb33a4fd1bb4c376bf1e
                              • Instruction Fuzzy Hash: 70B1F474E15218CFEB58CFA9D844BDEBBF6BB89304F10A0A9D409A7354DB749986CF04
                              Function 05658360 Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3768bb47ef8cc0021297f5b5bc1648342042da010c5c56d9c773ed52bee859d9
                              • Instruction ID: 7e9c48d5ddd4359eea6eb43ca39084859db1f4220567dbc519a42c1e748c7451
                              • Opcode Fuzzy Hash: 3768bb47ef8cc0021297f5b5bc1648342042da010c5c56d9c773ed52bee859d9
                              • Instruction Fuzzy Hash: 3F31A5B1D456288BEB69CF6BC8447DDBAF3BFC8310F14C1AAC819A6654DB7409868F10
                              Function 05658356 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2751278244.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5650000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bec8110a754dc43ba7de2b72d0a9baa6e263c184ad57b07a3827f3d84a9e5de1
                              • Instruction ID: f6a670ea0236fb1d66815ec4e49d1b026151488508b9d7ae2692f11a431bd6cb
                              • Opcode Fuzzy Hash: bec8110a754dc43ba7de2b72d0a9baa6e263c184ad57b07a3827f3d84a9e5de1
                              • Instruction Fuzzy Hash: 242197B1D416288BEB18CFABC9443DDFAF3AFC8304F14C1BAC819A6654DB7409868F10

                              Execution Graph

                              Execution Coverage:13.2%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:94
                              Total number of Limit Nodes:9
                              execution_graph 35689 fee198 35690 fee1d8 FindCloseChangeNotification 35689->35690 35692 fee209 35690->35692 35575 57dc3b0 35577 57dc3ba 35575->35577 35576 57dc43a 35577->35576 35584 56920f0 35577->35584 35588 5696d50 35577->35588 35591 5697800 35577->35591 35596 56977f0 35577->35596 35602 5698da0 35577->35602 35607 5698d90 35577->35607 35613 56921a9 35584->35613 35618 56921b8 35584->35618 35585 56920fb 35585->35577 35638 56970d4 35588->35638 35589 5696d5b 35589->35577 35662 5697a58 35591->35662 35666 5697810 35591->35666 35670 5697820 35591->35670 35592 569780b 35592->35577 35597 5697800 35596->35597 35599 5697a58 KiUserExceptionDispatcher 35597->35599 35600 5697820 KiUserExceptionDispatcher 35597->35600 35601 5697810 KiUserExceptionDispatcher 35597->35601 35598 569780b 35598->35577 35599->35598 35600->35598 35601->35598 35677 56992c9 35602->35677 35681 5698dc0 35602->35681 35685 5698db1 35602->35685 35603 5698dab 35603->35577 35608 5698da0 35607->35608 35610 56992c9 KiUserExceptionDispatcher 35608->35610 35611 5698db1 KiUserExceptionDispatcher 35608->35611 35612 5698dc0 KiUserExceptionDispatcher 35608->35612 35609 5698dab 35609->35577 35610->35609 35611->35609 35612->35609 35615 56921b8 35613->35615 35614 56924be 35614->35585 35615->35614 35616 5692530 KiUserExceptionDispatcher 35615->35616 35623 5696332 35615->35623 35616->35615 35620 56921c3 35618->35620 35619 56924be 35619->35585 35620->35619 35621 5692530 KiUserExceptionDispatcher 35620->35621 35622 5696332 KiUserExceptionDispatcher 35620->35622 35621->35620 35622->35620 35624 569633b 35623->35624 35625 569634d 35623->35625 35628 5696408 35624->35628 35632 56963f8 35624->35632 35625->35615 35631 569642a 35628->35631 35630 5696436 35630->35625 35631->35630 35636 56960e0 KiUserExceptionDispatcher 35631->35636 35635 56963fb 35632->35635 35634 5696436 35634->35625 35635->35634 35637 56960e0 KiUserExceptionDispatcher 35635->35637 35636->35631 35637->35635 35639 56970f0 35638->35639 35642 5692530 35639->35642 35647 5692548 35642->35647 35651 5692696 35642->35651 35655 5692558 35642->35655 35643 5692543 35649 5692558 35647->35649 35648 569266d 35648->35643 35649->35648 35659 56960e0 KiUserExceptionDispatcher 35649->35659 35652 569261b 35651->35652 35653 569266d 35652->35653 35660 56960e0 KiUserExceptionDispatcher 35652->35660 35653->35643 35657 569257a 35655->35657 35656 569266d 35656->35643 35657->35656 35661 56960e0 KiUserExceptionDispatcher 35657->35661 35659->35648 35660->35653 35661->35656 35665 5697839 35662->35665 35663 5697a6d 35663->35592 35665->35663 35674 56960e0 KiUserExceptionDispatcher 35665->35674 35668 5697839 35666->35668 35667 5697a6d 35667->35592 35668->35667 35675 56960e0 KiUserExceptionDispatcher 35668->35675 35673 5697839 35670->35673 35671 5697a6d 35671->35592 35673->35671 35676 56960e0 KiUserExceptionDispatcher 35673->35676 35674->35665 35675->35668 35676->35673 35680 5698f63 35677->35680 35678 569913a 35679 56960e0 KiUserExceptionDispatcher 35679->35680 35680->35678 35680->35679 35684 5698de9 35681->35684 35682 5698dd6 35682->35603 35683 56960e0 KiUserExceptionDispatcher 35683->35684 35684->35682 35684->35683 35688 5698dc0 35685->35688 35686 5698dd6 35686->35603 35687 56960e0 KiUserExceptionDispatcher 35687->35688 35688->35686 35688->35687 35561 fe5750 35562 fe5764 35561->35562 35564 fe73e0 35561->35564 35567 fedf10 35564->35567 35569 fedf23 35567->35569 35571 fedfc8 35569->35571 35572 fee010 VirtualProtect 35571->35572 35574 fe73ff 35572->35574

                              Executed Functions

                              Function 056B0040 Relevance: 2.4, Strings: 1, Instructions: 1173COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4
                              • API String ID: 0-4088798008
                              • Opcode ID: 31af586ec574a34015d32916497fea2fbe5a5948cf8a2f781a1eaaf503b74db9
                              • Instruction ID: a785e97801ec1ff1979622bc5a609d740a844072bd25e4405b2759c029a6b6da
                              • Opcode Fuzzy Hash: 31af586ec574a34015d32916497fea2fbe5a5948cf8a2f781a1eaaf503b74db9
                              • Instruction Fuzzy Hash: 99B2FB34A00218CFEB18DF94C998BAEBBB6FB88310F144599E505AB3A5DB70DD85CF50
                              Function 056B0367 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4
                              • API String ID: 0-4088798008
                              • Opcode ID: 74ed7566fe8f90a076ab9aac7980bf4dcf2b16aeb0c57d4b28728522da16f74e
                              • Instruction ID: 1437777ac00e5a4ca24dfd393e7a6c79e777becdfff1075f751f57292c5fde27
                              • Opcode Fuzzy Hash: 74ed7566fe8f90a076ab9aac7980bf4dcf2b16aeb0c57d4b28728522da16f74e
                              • Instruction Fuzzy Hash: 5222DD74A00215CFEB24DF64C998BADBBB2FF48310F1481A9E509AB7A5DB719D81CF50
                              Function 052D0040 Relevance: .7, Instructions: 682COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1274 52d0040-52d0072 1276 52d0078-52d008c 1274->1276 1277 52d0491-52d04af 1274->1277 1278 52d008e 1276->1278 1279 52d0093-52d0154 1276->1279 1281 52d08d6-52d08e2 1277->1281 1278->1279 1325 52d015a-52d0162 1279->1325 1326 52d03d3-52d03f7 1279->1326 1283 52d04bd-52d04c9 1281->1283 1284 52d08e8-52d08fc 1281->1284 1287 52d04cf-52d055c 1283->1287 1288 52d08c3-52d08c8 1283->1288 1307 52d055e-52d0564 1287->1307 1308 52d0574-52d058d 1287->1308 1293 52d08d3 1288->1293 1293->1281 1310 52d0568-52d056a 1307->1310 1311 52d0566 1307->1311 1313 52d05bd-52d05fb 1308->1313 1314 52d058f-52d05b8 1308->1314 1310->1308 1311->1308 1330 52d05fd-52d061e 1313->1330 1331 52d0620-52d063a 1313->1331 1314->1293 1328 52d0169-52d0171 1325->1328 1329 52d0164-52d0168 1325->1329 1335 52d047b-52d0481 1326->1335 1332 52d0176-52d0198 1328->1332 1333 52d0173 1328->1333 1329->1328 1352 52d0641-52d0647 1330->1352 1331->1352 1341 52d019d-52d01a3 1332->1341 1342 52d019a 1332->1342 1333->1332 1336 52d048e-52d048f 1335->1336 1337 52d0483 1335->1337 1336->1277 1337->1336 1343 52d035d-52d0368 1341->1343 1344 52d01a9-52d01c3 1341->1344 1342->1341 1350 52d036d-52d03a3 1343->1350 1351 52d036a 1343->1351 1348 52d01c5-52d01c9 1344->1348 1349 52d0203-52d020c 1344->1349 1348->1349 1353 52d01cb-52d01d3 1348->1353 1354 52d0476 1349->1354 1355 52d0212-52d0222 1349->1355 1388 52d03cb 1350->1388 1389 52d03a5-52d03be 1350->1389 1351->1350 1357 52d0649-52d0664 1352->1357 1358 52d0666-52d06b8 1352->1358 1359 52d025c-52d02f5 1353->1359 1360 52d01d9 1353->1360 1354->1335 1355->1354 1361 52d0228-52d0239 1355->1361 1357->1358 1396 52d06be-52d06c3 1358->1396 1397 52d07d3-52d0812 1358->1397 1372 52d03fc-52d0410 1359->1372 1373 52d02fb-52d02ff 1359->1373 1363 52d01dc-52d01de 1360->1363 1361->1354 1364 52d023f-52d024f 1361->1364 1367 52d01e0 1363->1367 1368 52d01e3-52d01ee 1363->1368 1364->1354 1369 52d0255-52d025a 1364->1369 1367->1368 1368->1354 1374 52d01f4-52d01ff 1368->1374 1369->1359 1372->1354 1379 52d0412-52d042c 1372->1379 1373->1372 1376 52d0305-52d0313 1373->1376 1374->1363 1380 52d0201 1374->1380 1381 52d0315 1376->1381 1382 52d0353-52d0357 1376->1382 1379->1354 1383 52d042e-52d044b 1379->1383 1380->1359 1385 52d031b-52d031d 1381->1385 1382->1343 1382->1344 1383->1354 1387 52d044d-52d046b 1383->1387 1390 52d031f-52d0323 1385->1390 1391 52d0327-52d0343 1385->1391 1387->1354 1392 52d046d 1387->1392 1388->1326 1408 52d03c5-52d03c9 1389->1408 1390->1391 1391->1354 1393 52d0349-52d0351 1391->1393 1392->1354 1393->1382 1393->1385 1398 52d06cd-52d06d0 1396->1398 1410 52d082e-52d083d 1397->1410 1411 52d0814-52d082c 1397->1411 1401 52d079b-52d07c3 1398->1401 1402 52d06d6 1398->1402 1409 52d07c9-52d07cd 1401->1409 1403 52d06dd-52d0709 1402->1403 1404 52d076d-52d0799 1402->1404 1405 52d073f-52d076b 1402->1405 1406 52d070e-52d073a 1402->1406 1403->1409 1404->1409 1405->1409 1406->1409 1408->1388 1408->1389 1409->1397 1409->1398 1414 52d0846-52d08a8 1410->1414 1411->1414 1419 52d08b3-52d08c1 1414->1419 1419->1293
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67bb0c3ce9f1a54a42fce0b145db62a29232dd1a1776023446fb5c77e61a8854
                              • Instruction ID: 27f4bfa103b794ab0be57922de3ebad1c2df162df94c3b573da4aa3c11fa2529
                              • Opcode Fuzzy Hash: 67bb0c3ce9f1a54a42fce0b145db62a29232dd1a1776023446fb5c77e61a8854
                              • Instruction Fuzzy Hash: 0E524775A10114DFDB15CFA8C988EA9BBB2FF88314F1581A8E5099B272DB31EC51DF60
                              Function 056B34C8 Relevance: .6, Instructions: 646COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1421 56b34c8-56b34e2 1422 56b34ee-56b34fa 1421->1422 1423 56b34e4-56b34eb 1421->1423 1425 56b34fc-56b3509 1422->1425 1426 56b3556-56b3559 1422->1426 1433 56b350f-56b353f 1425->1433 1434 56b3727-56b375f 1425->1434 1427 56b355b-56b355d 1426->1427 1428 56b356c-56b356f 1426->1428 1432 56b3565 1427->1432 1430 56b3571-56b358f 1428->1430 1431 56b3595-56b3598 1428->1431 1430->1431 1440 56b3766-56b37b1 1430->1440 1435 56b359e-56b35a4 1431->1435 1436 56b371d-56b3724 1431->1436 1432->1428 1462 56b354c-56b354f 1433->1462 1463 56b3541-56b354a 1433->1463 1434->1440 1435->1436 1438 56b35aa-56b35b3 1435->1438 1444 56b35eb-56b35f1 1438->1444 1445 56b35b5-56b35c4 1438->1445 1471 56b37ea-56b37ec 1440->1471 1472 56b37b3-56b37c0 1440->1472 1448 56b36fc-56b3702 1444->1448 1449 56b35f7-56b3600 1444->1449 1445->1444 1455 56b35c6-56b35df 1445->1455 1448->1436 1452 56b3704-56b3714 1448->1452 1449->1448 1461 56b3606-56b3612 1449->1461 1452->1436 1465 56b3716-56b371b 1452->1465 1455->1444 1467 56b35e1-56b35e4 1455->1467 1469 56b3618-56b3640 1461->1469 1470 56b36b0-56b36f4 1461->1470 1462->1426 1463->1426 1465->1436 1467->1444 1469->1470 1484 56b3642-56b367f 1469->1484 1470->1448 1473 56b3c37-56b3c3e 1471->1473 1472->1471 1477 56b37c2-56b37e8 1472->1477 1477->1471 1489 56b37f1-56b3825 1477->1489 1484->1470 1496 56b3681-56b36ae 1484->1496 1497 56b382b-56b3834 1489->1497 1498 56b38c8-56b38d7 1489->1498 1496->1448 1499 56b383a-56b384d 1497->1499 1500 56b3c3f-56b3c60 1497->1500 1506 56b38d9-56b38ef 1498->1506 1507 56b3916 1498->1507 1509 56b384f-56b3868 1499->1509 1510 56b38b6-56b38c2 1499->1510 1511 56b3c62-56b3c63 1500->1511 1512 56b3c35 1500->1512 1518 56b390f-56b3914 1506->1518 1519 56b38f1-56b390d 1506->1519 1508 56b3918-56b391d 1507->1508 1513 56b391f-56b3940 1508->1513 1514 56b3960-56b397c 1508->1514 1509->1510 1530 56b386a-56b3878 1509->1530 1510->1497 1510->1498 1512->1473 1513->1514 1534 56b3942 1513->1534 1523 56b3982-56b398b 1514->1523 1524 56b3a44-56b3a4d 1514->1524 1518->1508 1519->1508 1523->1500 1528 56b3991-56b39ae 1523->1528 1524->1512 1527 56b3a53 1524->1527 1531 56b3a5a-56b3a5c 1527->1531 1532 56b3abe-56b3acc call 56b1070 1527->1532 1533 56b3a61-56b3a6f call 56b1070 1527->1533 1554 56b3a32-56b3a3e 1528->1554 1555 56b39b4-56b39ca 1528->1555 1530->1510 1542 56b387a-56b387e 1530->1542 1531->1473 1545 56b3ace-56b3ad4 1532->1545 1546 56b3ae4-56b3ae7 1532->1546 1543 56b3a71-56b3a77 1533->1543 1544 56b3a87-56b3a8a 1533->1544 1538 56b3945-56b395e 1534->1538 1538->1514 1542->1500 1549 56b3884-56b389d 1542->1549 1550 56b3a7b-56b3a7d 1543->1550 1551 56b3a79 1543->1551 1556 56b3a8c-56b3a8e 1544->1556 1557 56b3a93-56b3aa1 call 56b1070 1544->1557 1552 56b3ad8-56b3ada 1545->1552 1553 56b3ad6 1545->1553 1558 56b3b78-56b3b89 call 56b1070 1546->1558 1559 56b3aed-56b3afb call 56b1070 1546->1559 1549->1510 1575 56b389f-56b38b3 1549->1575 1550->1544 1551->1544 1552->1546 1553->1546 1554->1523 1554->1524 1555->1554 1586 56b39cc-56b39da 1555->1586 1556->1473 1571 56b3ab9 1557->1571 1572 56b3aa3-56b3aa9 1557->1572 1569 56b3b8b-56b3b91 1558->1569 1570 56b3ba1-56b3ba4 1558->1570 1573 56b3afd-56b3b03 1559->1573 1574 56b3b13-56b3b26 call 56b1070 1559->1574 1577 56b3b93 1569->1577 1578 56b3b95-56b3b97 1569->1578 1570->1512 1580 56b3baa-56b3bbb call 56b1070 1570->1580 1571->1473 1581 56b3aab 1572->1581 1582 56b3aad-56b3aaf 1572->1582 1583 56b3b07-56b3b09 1573->1583 1584 56b3b05 1573->1584 1589 56b3b28-56b3b2e 1574->1589 1590 56b3b3e-56b3b4b 1574->1590 1575->1510 1577->1570 1578->1570 1595 56b3bbd-56b3bc3 1580->1595 1596 56b3bd3-56b3be3 call 56b1070 1580->1596 1581->1571 1582->1571 1583->1574 1584->1574 1586->1554 1602 56b39dc-56b39e0 1586->1602 1592 56b3b32-56b3b34 1589->1592 1593 56b3b30 1589->1593 1590->1558 1605 56b3b4d-56b3b5b call 56b1070 1590->1605 1592->1590 1593->1590 1597 56b3bc7-56b3bc9 1595->1597 1598 56b3bc5 1595->1598 1606 56b3bfb-56b3c08 1596->1606 1607 56b3be5-56b3beb 1596->1607 1597->1596 1598->1596 1602->1500 1603 56b39e6-56b3a0f 1602->1603 1603->1554 1625 56b3a11-56b3a2f 1603->1625 1614 56b3b5d-56b3b63 1605->1614 1615 56b3b73 1605->1615 1606->1512 1619 56b3c0a-56b3c1b call 56b1070 1606->1619 1610 56b3bef-56b3bf1 1607->1610 1611 56b3bed 1607->1611 1610->1606 1611->1606 1616 56b3b67-56b3b69 1614->1616 1617 56b3b65 1614->1617 1615->1473 1616->1615 1617->1615 1623 56b3c1d-56b3c23 1619->1623 1624 56b3c33 1619->1624 1626 56b3c27-56b3c29 1623->1626 1627 56b3c25 1623->1627 1624->1473 1625->1554 1626->1624 1627->1624
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf2105167c3a0d24aee45a9f62aaf5f62c7f05aa44b3b9807c2f94800de1f59d
                              • Instruction ID: 9a2e26c106391b04978106c17b19a04258890d24c45fc9bc63f71a83ae5a0cba
                              • Opcode Fuzzy Hash: cf2105167c3a0d24aee45a9f62aaf5f62c7f05aa44b3b9807c2f94800de1f59d
                              • Instruction Fuzzy Hash: 73421B34700208CFEB18DF69C594AAA7BF2FF89310B2588A9D506CB765DB71DC82CB51
                              Function 052D2F87 Relevance: .5, Instructions: 455COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e75e24184e756c054d858f81c67b1e277f7bc882de3518796dcf47677406f555
                              • Instruction ID: 5f7652774fe6fa340b2cc7aa630e7d4927e4c43708aaf1e0308037d219a92ec9
                              • Opcode Fuzzy Hash: e75e24184e756c054d858f81c67b1e277f7bc882de3518796dcf47677406f555
                              • Instruction Fuzzy Hash: 7222ED74A10218CFCB55DF68D898A99BBB6FF88300F1485D9E90DA7355DB30AE81CF51
                              Function 052D0006 Relevance: .3, Instructions: 290COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bcf2861fa813f08ffa652b9159eb81707b8d15116af16f12d936d27eb0eda2f8
                              • Instruction ID: 27ac4a09122a5975d62550f14a098b210042e099876740c6746accadeb90c452
                              • Opcode Fuzzy Hash: bcf2861fa813f08ffa652b9159eb81707b8d15116af16f12d936d27eb0eda2f8
                              • Instruction Fuzzy Hash: 8BB19270B102189FDB14DB69C998BADBBF2FF89300F1581A9D409EB261EB70DD45CB60
                              Function 057DCA48 Relevance: .2, Instructions: 244COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0df97548149e5c9e43f4164831722b31d305cf67b4cb25bd937e881ba640b10e
                              • Instruction ID: 55de70815285a857778859b5a91c765cf057c31053315725832c41754a442b84
                              • Opcode Fuzzy Hash: 0df97548149e5c9e43f4164831722b31d305cf67b4cb25bd937e881ba640b10e
                              • Instruction Fuzzy Hash: C4A1A431A04214CFEB06DF55E845BA9FBBBFBC8300F148165E407A72A6D7749E82DB60
                              Function 052D20D8 Relevance: 2.1, Strings: 1, Instructions: 866COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 315 52d20d8-52d2148 318 52d216c-52d2178 315->318 319 52d214a-52d2160 315->319 320 52d217e-52d2183 318->320 321 52d2da1 318->321 538 52d2166 call 52d3d90 319->538 539 52d2166 call 52d3d82 319->539 323 52d2185-52d218e 320->323 324 52d21b6-52d21fb 320->324 325 52d2da6-52d2db0 321->325 323->321 326 52d2194-52d21b1 323->326 324->321 346 52d2201-52d23de 324->346 327 52d2d5d-52d2d74 325->327 328 52d2db2 325->328 329 52d2f57-52d2f5d 326->329 357 52d2d7f-52d2d96 327->357 331 52d2e3f-52d2e83 328->331 332 52d2ece-52d2f12 328->332 333 52d2db9-52d2dee 328->333 334 52d2e88-52d2ecc 328->334 335 52d2df3-52d2e3a 328->335 336 52d2f5f-52d2f7b 329->336 337 52d2f84 329->337 356 52d2f4a-52d2f52 331->356 354 52d2f44 332->354 355 52d2f14-52d2f31 332->355 333->356 334->356 335->356 336->337 386 52d23e4-52d23ed 346->386 387 52d2963-52d2994 346->387 354->356 355->321 366 52d2f37-52d2f42 355->366 356->329 357->321 366->354 366->355 386->321 388 52d23f3-52d247d 386->388 395 52d29ff-52d2a30 387->395 396 52d2996-52d29c8 387->396 422 52d247f-52d24a3 388->422 423 52d24a5-52d24f4 388->423 406 52d2bb8-52d2bc6 395->406 407 52d2a36-52d2af1 395->407 408 52d29ca-52d29cd 396->408 409 52d29e2-52d29fd 396->409 413 52d2bd0-52d2c00 406->413 457 52d2b4b-52d2b4e 407->457 458 52d2af3-52d2b49 407->458 408->409 411 52d29cf-52d29df 408->411 409->395 409->396 411->409 415 52d2c5d-52d2ca1 413->415 416 52d2c02-52d2c57 413->416 436 52d2ca7-52d2cef 415->436 437 52d2d36-52d2d58 415->437 416->415 422->423 444 52d24f6-52d24fb 423->444 445 52d2500-52d2543 423->445 436->357 456 52d2cf5-52d2cfd 436->456 437->329 448 52d294e-52d295d 444->448 459 52d254f-52d2592 445->459 460 52d2545-52d254a 445->460 448->386 448->387 456->321 463 52d2d03-52d2d10 456->463 461 52d2b79-52d2b91 457->461 462 52d2b50-52d2b77 457->462 468 52d2b9d-52d2bb2 458->468 476 52d259e-52d25e1 459->476 477 52d2594-52d2599 459->477 460->448 461->468 462->468 463->325 465 52d2d16-52d2d30 463->465 465->436 465->437 468->406 468->407 481 52d25ed-52d2630 476->481 482 52d25e3-52d25e8 476->482 477->448 486 52d263c-52d267f 481->486 487 52d2632-52d2637 481->487 482->448 491 52d268b-52d26ce 486->491 492 52d2681-52d2686 486->492 487->448 496 52d26da-52d271d 491->496 497 52d26d0-52d26d5 491->497 492->448 501 52d271f-52d2724 496->501 502 52d2729-52d276c 496->502 497->448 501->448 506 52d276e-52d2773 502->506 507 52d2778-52d27bb 502->507 506->448 511 52d27bd-52d27c2 507->511 512 52d27c7-52d280a 507->512 511->448 516 52d280c-52d2811 512->516 517 52d2816-52d2859 512->517 516->448 521 52d285b-52d2860 517->521 522 52d2865-52d28a8 517->522 521->448 526 52d28aa-52d28af 522->526 527 52d28b4-52d28f7 522->527 526->448 531 52d28f9-52d28fe 527->531 532 52d2900-52d2943 527->532 531->448 536 52d294c 532->536 537 52d2945-52d294a 532->537 536->448 537->448 538->318 539->318
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID: 2
                              • API String ID: 0-450215437
                              • Opcode ID: 17681f1a1a39b00053d3777154fcf16e13405b733f8d14250afc36f93f97b8bd
                              • Instruction ID: 98c27d670b142a0f5eaf473cce98982d6044596d11dbfadffa2e9ac552f2b846
                              • Opcode Fuzzy Hash: 17681f1a1a39b00053d3777154fcf16e13405b733f8d14250afc36f93f97b8bd
                              • Instruction Fuzzy Hash: CA82C774A10315CFDB54DF68D8946ADBBB2FB89301F1085A9D80AE7365EB309D86CF60
                              Function 056B5EB0 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 842 56b5eb0-56b5ec2 843 56b5eec-56b5ef0 842->843 844 56b5ec4-56b5ee5 842->844 845 56b5efc-56b5f0b 843->845 846 56b5ef2-56b5ef4 843->846 844->843 848 56b5f0d 845->848 849 56b5f17-56b5f43 845->849 930 56b5ef6 call 56b5e9d 846->930 931 56b5ef6 call 56b5eb0 846->931 848->849 852 56b5f49-56b5f4f 849->852 853 56b6170-56b61b7 849->853 854 56b6021-56b6025 852->854 855 56b5f55-56b5f5b 852->855 882 56b61b9 853->882 883 56b61cd-56b61d9 853->883 858 56b6048-56b6051 854->858 859 56b6027-56b6030 854->859 855->853 857 56b5f61-56b5f6e 855->857 861 56b6000-56b6009 857->861 862 56b5f74-56b5f7d 857->862 864 56b6053-56b6073 858->864 865 56b6076-56b6079 858->865 859->853 863 56b6036-56b6046 859->863 861->853 866 56b600f-56b601b 861->866 862->853 867 56b5f83-56b5f9b 862->867 868 56b607c-56b6082 863->868 864->865 865->868 866->854 866->855 871 56b5f9d 867->871 872 56b5fa7-56b5fb9 867->872 868->853 870 56b6088-56b609b 868->870 870->853 874 56b60a1-56b60b1 870->874 871->872 872->861 881 56b5fbb-56b5fc1 872->881 874->853 876 56b60b7-56b60c4 874->876 876->853 880 56b60ca-56b60df 876->880 880->853 893 56b60e5-56b6108 880->893 884 56b5fcd-56b5fd3 881->884 885 56b5fc3 881->885 887 56b61bc-56b61be 882->887 889 56b61db 883->889 890 56b61e5-56b61f6 883->890 884->853 886 56b5fd9-56b5ffd 884->886 885->884 891 56b6202-56b6208 887->891 892 56b61c0-56b61cb 887->892 889->890 899 56b61fd-56b6201 890->899 898 56b620a-56b622f call 56b1070 891->898 891->899 892->883 892->887 893->853 900 56b610a-56b6115 893->900 906 56b6231-56b6237 898->906 907 56b6247-56b6249 898->907 903 56b6117-56b6121 900->903 904 56b6166-56b616d 900->904 903->904 911 56b6123-56b6139 903->911 909 56b623b-56b623d 906->909 910 56b6239 906->910 932 56b624b call 56b62c8 907->932 933 56b624b call 56b62b8 907->933 934 56b624b call 56b7082 907->934 909->907 910->907 916 56b613b 911->916 917 56b6145-56b615e 911->917 912 56b6251-56b6255 913 56b62a0-56b62b0 912->913 914 56b6257-56b626e 912->914 914->913 922 56b6270-56b627a 914->922 916->917 917->904 925 56b628d-56b629d 922->925 926 56b627c-56b628b 922->926 926->925 930->845 931->845 932->912 933->912 934->912
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID: d
                              • API String ID: 0-2564639436
                              • Opcode ID: ff31d793e98637b25d195c1c8200d262ba316a7778aa000546eb32be8cba7915
                              • Instruction ID: f7a314adf3a6792d74cb1bd126d585ccfd342c76fd768c013c0ccb4ccd6040c7
                              • Opcode Fuzzy Hash: ff31d793e98637b25d195c1c8200d262ba316a7778aa000546eb32be8cba7915
                              • Instruction Fuzzy Hash: 1BD16A30600606CFDB24CF29C584EAAB7F6FF88310B658569D55A9B761DB70FC86CB90
                              Function 00FEDFC8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 935 fedfc8-fee049 VirtualProtect 938 fee04b-fee051 935->938 939 fee052-fee077 935->939 938->939
                              APIs
                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00FEE03C
                              Memory Dump Source
                              • Source File: 00000004.00000002.3571694169.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_fe0000_MSBuild.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: f678fb50f6d7f6e6f19ba370af086595aecad29fe4c1baa4bf3ea88a761f7ec9
                              • Instruction ID: 044fcb488397a6d37354548333f5429906571bade891a442021d74172cd6b149
                              • Opcode Fuzzy Hash: f678fb50f6d7f6e6f19ba370af086595aecad29fe4c1baa4bf3ea88a761f7ec9
                              • Instruction Fuzzy Hash: 7E11F771D003499FDB10DFAAC484B9EFBF4BF48320F14842AD519A7240C7B59944CFA1
                              Function 00FEE198 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 943 fee198-fee207 FindCloseChangeNotification 946 fee209-fee20f 943->946 947 fee210-fee235 943->947 946->947
                              APIs
                              • FindCloseChangeNotification.KERNELBASE ref: 00FEE1FA
                              Memory Dump Source
                              • Source File: 00000004.00000002.3571694169.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_fe0000_MSBuild.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 9a528c888db820346db1e5c0da65bfef3dae67d10dda1fe6b6903a3fd8caa511
                              • Instruction ID: 55aad97dff41fc34df51d1c11a7f3d1b90f6ebb63c9bff649b3a0e666c80e904
                              • Opcode Fuzzy Hash: 9a528c888db820346db1e5c0da65bfef3dae67d10dda1fe6b6903a3fd8caa511
                              • Instruction Fuzzy Hash: E5113A71D003498FDB10DFAAC4457DEFBF4AF88724F248419D519A7240CB79A944CBA5
                              Function 056960E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 951 56960e0-56960ee KiUserExceptionDispatcher
                              APIs
                              • KiUserExceptionDispatcher.NTDLL(?,05696508), ref: 056960EB
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670384919.0000000005690000.00000040.00000800.00020000.00000000.sdmp, Offset: 05690000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_5690000_MSBuild.jbxd
                              Similarity
                              • API ID: DispatcherExceptionUser
                              • String ID:
                              • API String ID: 6842923-0
                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                              Function 056B171F Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1079 56b171f-56b1742 1080 56b1748-56b174a 1079->1080 1081 56b1836-56b185b 1079->1081 1082 56b1862-56b1886 1080->1082 1083 56b1750-56b175c 1080->1083 1081->1082 1095 56b188d-56b18b1 1082->1095 1087 56b175e-56b176a 1083->1087 1088 56b1770-56b1780 1083->1088 1087->1088 1087->1095 1088->1095 1096 56b1786-56b1794 1088->1096 1100 56b18b8-56b193d call 57de348 1095->1100 1099 56b179a-56b179f 1096->1099 1096->1100 1132 56b17a1 call 56b171f 1099->1132 1133 56b17a1 call 56b1930 1099->1133 1122 56b1942-56b1950 call 56b1070 1100->1122 1103 56b17a7-56b17f0 1117 56b1813-56b1833 1103->1117 1118 56b17f2-56b180b 1103->1118 1118->1117 1127 56b1968-56b196a 1122->1127 1128 56b1952-56b1958 1122->1128 1129 56b195a 1128->1129 1130 56b195c-56b195e 1128->1130 1129->1127 1130->1127 1132->1103 1133->1103
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID: @
                              • API String ID: 0-2766056989
                              • Opcode ID: 9cedfb297d04bdce901bb88e1e3179ffeb9e68330b865133372607eb3b96be97
                              • Instruction ID: 639a3901616705640b252d2e5476e5080b064533bb10b7072cdafe782511eebf
                              • Opcode Fuzzy Hash: 9cedfb297d04bdce901bb88e1e3179ffeb9e68330b865133372607eb3b96be97
                              • Instruction Fuzzy Hash: 06519C30B002009FE729AF68C4546AE77B3FFC9200B64856DD8069B7A5DF35DC46CBA4
                              Function 057DF6D8 Relevance: .9, Instructions: 878COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1145 57df6d8-57df6e6 1146 57df6e8-57df6ec 1145->1146 1147 57df6f7-57df6fb 1145->1147 1146->1147 1148 57df6fd-57df706 1147->1148 1149 57df70b-57df717 1147->1149 1150 57df8c6-57df8ca 1148->1150 1151 57df71d-57df72d 1149->1151 1152 57df986-57df9b6 1149->1152 1153 57df72f-57df734 1151->1153 1154 57df739-57df743 1151->1154 1158 57df9b8-57df9cf 1152->1158 1159 57df9d1-57df9dd 1152->1159 1153->1150 1156 57df8cd-57df8eb 1154->1156 1157 57df749-57df752 1154->1157 1167 57df8f2-57df910 1156->1167 1157->1152 1160 57df758-57df770 1157->1160 1162 57df9f7-57dfa16 1158->1162 1161 57df9df-57df9f4 1159->1161 1159->1162 1164 57df77c-57df780 1160->1164 1165 57df772-57df777 1160->1165 1161->1162 1169 57dfa5f-57dfa63 1162->1169 1170 57dfa18-57dfa28 1162->1170 1166 57df786-57df78f 1164->1166 1164->1167 1165->1150 1166->1152 1171 57df795-57df7ad 1166->1171 1186 57df917-57df935 1167->1186 1172 57dfa85-57dfa8b 1169->1172 1173 57dfa65-57dfa69 1169->1173 1175 57dfa2a 1170->1175 1176 57dfa30-57dfa36 1170->1176 1179 57df7af-57df7b4 1171->1179 1180 57df7b9-57df7bd 1171->1180 1183 57dfa8d-57dfa91 1172->1183 1184 57dfa93-57dfa99 1172->1184 1173->1172 1182 57dfa6b-57dfa83 1173->1182 1175->1169 1178 57dfa2c-57dfa2e 1175->1178 1176->1169 1178->1169 1178->1176 1179->1150 1180->1186 1187 57df7c3-57df7cc 1180->1187 1182->1172 1194 57dfa38-57dfa48 1182->1194 1183->1184 1188 57dfa9c-57dfaf4 1183->1188 1198 57df93c-57df95a 1186->1198 1187->1152 1189 57df7d2-57df7ea 1187->1189 1217 57dfafa-57dfb07 call 57df6d8 1188->1217 1218 57dfb76-57dfbb8 1188->1218 1192 57df7ec-57df7f1 1189->1192 1193 57df7f6-57df7fa 1189->1193 1192->1150 1193->1198 1199 57df800-57df806 1193->1199 1194->1169 1197 57dfa4a-57dfa5c 1194->1197 1197->1169 1210 57df961-57df97f 1198->1210 1199->1152 1202 57df80c-57df821 1199->1202 1205 57df82d-57df833 1202->1205 1206 57df823-57df828 1202->1206 1209 57df839-57df845 1205->1209 1205->1210 1206->1150 1209->1210 1212 57df84b-57df84f 1209->1212 1210->1152 1212->1210 1215 57df855-57df85c 1212->1215 1215->1152 1216 57df862-57df867 1215->1216 1216->1210 1220 57df86d-57df871 1216->1220 1227 57dfb1e-57dfb22 1217->1227 1228 57dfb09-57dfb17 call 56bfdd1 1217->1228 1245 57dfc0b-57dfc16 1218->1245 1246 57dfbba-57dfbcf 1218->1246 1220->1152 1222 57df877-57df87c 1220->1222 1222->1210 1226 57df882-57df886 1222->1226 1226->1152 1229 57df88c-57df891 1226->1229 1231 57dfb4a 1227->1231 1232 57dfb24-57dfb48 1227->1232 1234 57dfb19-57dfb1c 1228->1234 1229->1210 1233 57df897-57df89b 1229->1233 1235 57dfb53-57dfb62 1231->1235 1232->1231 1232->1235 1233->1152 1236 57df8a1-57df8a6 1233->1236 1234->1235 1240 57dfb6a-57dfb73 1235->1240 1236->1210 1239 57df8ac-57df8b0 1236->1239 1239->1152 1241 57df8b6-57df8bb 1239->1241 1241->1210 1243 57df8c1 1241->1243 1243->1150 1249 57dfc1e-57dfc22 1245->1249 1250 57dfc17-57dfc18 1245->1250 1247 57dfbd5-57dfbdb 1246->1247 1248 57dfc90-57dfce5 1246->1248 1251 57dfbdd-57dfbe0 1247->1251 1252 57dfc05 1247->1252 1265 57dfced-57dfcf1 1248->1265 1253 57dfc2a-57dfc5a 1249->1253 1250->1253 1254 57dfc1a-57dfc1c 1250->1254 1255 57dfc5b-57dfc89 1251->1255 1256 57dfbe2-57dfc04 1251->1256 1252->1245 1254->1249 1254->1253 1255->1248 1266 57dfd1b-57dfd41 1265->1266 1267 57dfcf3-57dfd1a 1265->1267
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b6472d1835ae297b9271b6fa88391fb62631f755b841e9230b7c829e5455f6e
                              • Instruction ID: cbc1ed0e57122eae17a129096084c0a6f10b5b5774db3ae4cbcddfbac2bbeafb
                              • Opcode Fuzzy Hash: 4b6472d1835ae297b9271b6fa88391fb62631f755b841e9230b7c829e5455f6e
                              • Instruction Fuzzy Hash: A3128D31A047049FCB29DB69C448A6AFBF2FF84310F298529E45BCB791DB34E841DB61
                              Function 052B1508 Relevance: .6, Instructions: 597COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3659437834.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 34cf25d82be690babcbb3d9244f82610301ac873108678777ba8b35d6bbb5983
                              • Instruction ID: 0741c36036c21ee1503b42b91e58d392eea7077acdcb7e60fb4e61ac2a917460
                              • Opcode Fuzzy Hash: 34cf25d82be690babcbb3d9244f82610301ac873108678777ba8b35d6bbb5983
                              • Instruction Fuzzy Hash: 77028931F345128BA6285A7944B86FA69A7AFC87D1F24613AD50BCB3C4DFF08C11C792
                              Function 056B2D2F Relevance: .5, Instructions: 537COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1896 56b2d2f-56b2d63 1897 56b2d72-56b2d7b 1896->1897 1898 56b2d65-56b2d70 1896->1898 1898->1897 1899 56b2d7e-56b2da0 1898->1899 2031 56b2da3 call 56b34ba 1899->2031 2032 56b2da3 call 56b34c8 1899->2032 1901 56b2da9-56b2db2 1902 56b2e03-56b2e2a call 56b1e48 1901->1902 1903 56b2db4-56b2dc5 call 57de348 1901->1903 1907 56b302f-56b3041 call 56b2888 1902->1907 1908 56b2e30 1902->1908 1906 56b2dca-56b2dcc 1903->1906 1906->1902 1909 56b2dce-56b2df9 call 56b1930 1906->1909 1915 56b3043-56b305b 1907->1915 1916 56b3060-56b3066 1907->1916 1914 56b2e39-56b2e41 1908->1914 1909->1902 1917 56b2dfb-56b2e00 1909->1917 1918 56b2e4a-56b2e4d 1914->1918 1919 56b2e43 1914->1919 1915->1916 1943 56b305d 1915->1943 1920 56b3068-56b306f 1916->1920 1921 56b3075-56b30bd 1916->1921 1917->1902 1935 56b2e53-56b2e56 1918->1935 1936 56b2fd0-56b3001 1918->1936 1919->1918 1922 56b2f6a-56b2f7c 1919->1922 1923 56b2f49-56b2f65 1919->1923 1924 56b2ee8-56b2efa 1919->1924 1925 56b2e61-56b2e73 1919->1925 1926 56b2f81-56b2f95 1919->1926 1927 56b2f9a-56b2fad 1919->1927 1928 56b2f18-56b2f2c 1919->1928 1929 56b2eb8-56b2ecb 1919->1929 1930 56b2e78-56b2eb3 1919->1930 1931 56b2eff-56b2f13 1919->1931 1932 56b2fb2-56b2fce 1919->1932 1933 56b2f31-56b2f44 1919->1933 1934 56b2ed0-56b2ee3 1919->1934 1920->1921 1938 56b3071-56b3073 1920->1938 2029 56b30bf call 56b3d48 1921->2029 2030 56b30bf call 56b3d58 1921->2030 1922->1907 1923->1907 1924->1907 1925->1907 1926->1907 1927->1907 1928->1907 1929->1907 1930->1907 1931->1907 1932->1907 1933->1907 1934->1907 1939 56b2e5c 1935->1939 1940 56b3003-56b302d 1935->1940 1936->1907 1945 56b30c7-56b30c9 1938->1945 1939->1907 1940->1907 1943->1916 1958 56b30cf-56b30d8 1945->1958 1959 56b33ed-56b33f6 1945->1959 1962 56b30ea-56b312a call 56b2008 1958->1962 1963 56b30da-56b30e2 1958->1963 1961 56b30c5 1961->1945 1972 56b313e 1962->1972 1973 56b312c-56b313c 1962->1973 1963->1962 1974 56b3140-56b3142 1972->1974 1973->1972 1973->1974 1975 56b3161-56b3190 1974->1975 1976 56b3144-56b315f 1974->1976 1982 56b31cd-56b31d5 1975->1982 1986 56b3192-56b31be 1975->1986 1976->1982 1984 56b31e3 1982->1984 1985 56b31d7-56b31e1 1982->1985 1987 56b31e8-56b31ea 1984->1987 1985->1987 1986->1982 1996 56b31c0-56b31c4 1986->1996 1988 56b31fa-56b326c 1987->1988 1989 56b31ec-56b31f2 1987->1989 1997 56b326e-56b3285 1988->1997 1998 56b3290-56b32b6 1988->1998 1989->1988 1996->1982 1997->1998 2000 56b32b8-56b32c3 1998->2000 2001 56b32cd 1998->2001 2033 56b32c5 call 56b41c8 2000->2033 2034 56b32c5 call 56b4228 2000->2034 2002 56b32cf-56b32ee 2001->2002 2002->1959 2005 56b32f4-56b3306 call 56b2888 2002->2005 2003 56b32cb 2003->2002 2005->1959 2008 56b330c-56b3324 2005->2008 2010 56b335d-56b3375 2008->2010 2011 56b3326-56b332f 2008->2011 2016 56b3377-56b3380 2010->2016 2017 56b33a5-56b33bd 2010->2017 2012 56b333e-56b3345 2011->2012 2013 56b3331-56b3334 2011->2013 2012->2010 2014 56b3347-56b3358 2012->2014 2013->2012 2014->1959 2018 56b338f-56b3398 2016->2018 2019 56b3382-56b3385 2016->2019 2017->1959 2023 56b33bf-56b33c8 2017->2023 2018->2017 2021 56b339a-56b33a2 2018->2021 2019->2018 2021->2017 2025 56b33ca-56b33cd 2023->2025 2026 56b33d7-56b33e0 2023->2026 2025->2026 2026->1959 2027 56b33e2-56b33ea 2026->2027 2027->1959 2029->1961 2030->1961 2031->1901 2032->1901 2033->2003 2034->2003
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cc29bfc8ecea64ae74f0dacc41282aabcf46027a2c61f3b6a03efe9545bd53f9
                              • Instruction ID: a0a565e41033d244518201b48ba13858508c2cba50dfd84841aa5a954cfebeb1
                              • Opcode Fuzzy Hash: cc29bfc8ecea64ae74f0dacc41282aabcf46027a2c61f3b6a03efe9545bd53f9
                              • Instruction Fuzzy Hash: E6227F75B10204DFEB18DF68D895AADBBB2FF88300F148569E9059B3A1DB71ED81CB50
                              Function 056B2168 Relevance: .5, Instructions: 516COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2036 56b2168-56b218e 2037 56b219f-56b21a8 2036->2037 2038 56b2190-56b219d 2036->2038 2038->2037 2039 56b21ab-56b21b8 2038->2039 2040 56b21ba-56b21c1 2039->2040 2041 56b21c3 2039->2041 2042 56b21ca-56b21f4 2040->2042 2041->2042 2043 56b21fd-56b2210 call 56b1e48 2042->2043 2044 56b21f6 2042->2044 2047 56b2216-56b2229 2043->2047 2048 56b2354-56b235b 2043->2048 2044->2043 2058 56b222b-56b2232 2047->2058 2059 56b2237-56b2251 2047->2059 2049 56b2361-56b2376 2048->2049 2050 56b25f5-56b25fc 2048->2050 2063 56b2378-56b237a 2049->2063 2064 56b2396-56b239c 2049->2064 2051 56b266b-56b2672 2050->2051 2052 56b25fe-56b2607 2050->2052 2054 56b2678-56b2681 2051->2054 2055 56b270e-56b2715 2051->2055 2052->2051 2057 56b2609-56b261c 2052->2057 2054->2055 2060 56b2687-56b269a 2054->2060 2061 56b2731-56b2737 2055->2061 2062 56b2717-56b2728 2055->2062 2057->2051 2076 56b261e-56b2663 2057->2076 2065 56b234d 2058->2065 2080 56b2258-56b2265 2059->2080 2081 56b2253-56b2256 2059->2081 2084 56b26ad-56b26b1 2060->2084 2085 56b269c-56b26ab 2060->2085 2068 56b2749-56b2752 2061->2068 2069 56b2739-56b273f 2061->2069 2062->2061 2086 56b272a 2062->2086 2063->2064 2066 56b237c-56b2393 2063->2066 2070 56b23a2-56b23a4 2064->2070 2071 56b2464-56b2468 2064->2071 2065->2048 2066->2064 2077 56b2741-56b2747 2069->2077 2078 56b2755-56b27ca 2069->2078 2070->2071 2079 56b23aa-56b23b5 call 56b28e8 2070->2079 2071->2050 2073 56b246e-56b2470 2071->2073 2073->2050 2083 56b2476-56b247f 2073->2083 2076->2051 2115 56b2665-56b2668 2076->2115 2077->2068 2077->2078 2152 56b27d8 2078->2152 2153 56b27cc-56b27d6 2078->2153 2094 56b23bb-56b242b 2079->2094 2082 56b2267-56b227b 2080->2082 2081->2082 2082->2065 2113 56b2281-56b22d5 2082->2113 2090 56b25d2-56b25d8 2083->2090 2091 56b26b3-56b26b5 2084->2091 2092 56b26d1-56b26d3 2084->2092 2085->2084 2086->2061 2095 56b25eb 2090->2095 2096 56b25da-56b25e9 2090->2096 2091->2092 2099 56b26b7-56b26ce 2091->2099 2092->2055 2100 56b26d5-56b26db 2092->2100 2143 56b242d-56b243f 2094->2143 2144 56b2442-56b2461 2094->2144 2104 56b25ed-56b25ef 2095->2104 2096->2104 2099->2092 2100->2055 2101 56b26dd-56b270b 2100->2101 2101->2055 2104->2050 2106 56b2484-56b2492 call 56b1070 2104->2106 2120 56b24aa-56b24c4 2106->2120 2121 56b2494-56b249a 2106->2121 2148 56b22e3-56b22e7 2113->2148 2149 56b22d7-56b22d9 2113->2149 2115->2051 2120->2090 2129 56b24ca-56b24ce 2120->2129 2123 56b249e-56b24a0 2121->2123 2124 56b249c 2121->2124 2123->2120 2124->2120 2130 56b24ef 2129->2130 2131 56b24d0-56b24d9 2129->2131 2137 56b24f2-56b250c 2130->2137 2135 56b24db-56b24de 2131->2135 2136 56b24e0-56b24e3 2131->2136 2139 56b24ed 2135->2139 2136->2139 2137->2090 2156 56b2512-56b2593 2137->2156 2139->2137 2143->2144 2144->2071 2148->2065 2155 56b22e9-56b2301 2148->2155 2149->2148 2154 56b27dd-56b27df 2152->2154 2153->2154 2157 56b27e1-56b27e4 2154->2157 2158 56b27e6-56b27eb 2154->2158 2155->2065 2162 56b2303-56b230f 2155->2162 2178 56b25aa-56b25d0 2156->2178 2179 56b2595-56b25a7 2156->2179 2159 56b27f1-56b281e 2157->2159 2158->2159 2164 56b231e-56b2324 2162->2164 2165 56b2311-56b2314 2162->2165 2167 56b232c-56b2335 2164->2167 2168 56b2326-56b2329 2164->2168 2165->2164 2171 56b2337-56b233a 2167->2171 2172 56b2344-56b234a 2167->2172 2168->2167 2171->2172 2172->2065 2178->2050 2178->2090 2179->2178
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bdeac1722047bcd7d3966a07f4f0c25c6fc94558d06118f448e26a9665aa6969
                              • Instruction ID: 743ccc15391ea46835ac74fd1b1dcf54c2a83d76c119a57ade88250cae8bc201
                              • Opcode Fuzzy Hash: bdeac1722047bcd7d3966a07f4f0c25c6fc94558d06118f448e26a9665aa6969
                              • Instruction Fuzzy Hash: 1222BF35E00219CFDB19DFA4C864AEDBBF2FF48300F144559E812AB7A5DB74A986CB50
                              Function 056B44B0 Relevance: .5, Instructions: 498COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2183 56b44b0-56b44f0 2184 56b44f2-56b44f4 2183->2184 2185 56b44f6-56b44f8 2183->2185 2184->2185 2186 56b44fd-56b4509 2184->2186 2187 56b49cb-56b49d7 2185->2187 2189 56b450b-56b450d 2186->2189 2190 56b4512-56b4525 2186->2190 2189->2187 2192 56b452e-56b4534 2190->2192 2193 56b4527-56b452a 2190->2193 2194 56b4592-56b4594 2192->2194 2195 56b452c-56b458d 2193->2195 2196 56b4536-56b4553 2193->2196 2198 56b459c-56b459e 2194->2198 2195->2187 2204 56b455c-56b4589 2196->2204 2205 56b4555-56b4557 2196->2205 2200 56b45a0-56b45a2 2198->2200 2201 56b45a7-56b45ca 2198->2201 2200->2187 2208 56b45cc-56b45ce 2201->2208 2209 56b45d3-56b45dc 2201->2209 2204->2194 2205->2187 2208->2187 2212 56b45de-56b45ea 2209->2212 2213 56b45ec-56b45fa 2209->2213 2217 56b45fc-56b4632 2212->2217 2213->2217 2222 56b4678-56b467a 2217->2222 2223 56b4634-56b4643 2217->2223 2224 56b467c-56b467e 2222->2224 2225 56b4683-56b469a 2222->2225 2223->2222 2228 56b4645-56b4676 2223->2228 2224->2187 2229 56b4733-56b4754 2225->2229 2230 56b46a0-56b46a6 2225->2230 2228->2222 2242 56b4776-56b4778 2229->2242 2243 56b4756-56b4764 2229->2243 2231 56b49da-56b4a5e call 56b1d98 call 56b1a50 2230->2231 2232 56b46ac-56b46bf 2230->2232 2239 56b46c1-56b46da 2232->2239 2240 56b4726-56b472d 2232->2240 2239->2240 2253 56b46dc-56b46e8 2239->2253 2240->2229 2240->2230 2242->2187 2243->2242 2251 56b4766-56b4774 2243->2251 2251->2242 2258 56b477d-56b47a1 2251->2258 2253->2240 2260 56b46ea-56b46f8 2253->2260 2265 56b47ba-56b47c0 2258->2265 2266 56b47a3-56b47b2 2258->2266 2260->2240 2264 56b46fa-56b470d 2260->2264 2264->2240 2271 56b470f-56b4724 2264->2271 2267 56b4859-56b4883 call 56b4160 2265->2267 2268 56b47c6-56b47ea 2265->2268 2266->2265 2285 56b488c-56b48b9 call 56b4160 2267->2285 2286 56b4885-56b4887 2267->2286 2279 56b480a-56b4810 2268->2279 2280 56b47ec-56b4802 2268->2280 2271->2229 2282 56b484a-56b4850 2279->2282 2283 56b4812-56b4819 2279->2283 2280->2279 2282->2267 2288 56b4852-56b4854 2282->2288 2283->2231 2287 56b481f-56b4842 2283->2287 2295 56b48db-56b48dd 2285->2295 2296 56b48bb-56b48c9 2285->2296 2286->2187 2287->2282 2288->2187 2295->2187 2296->2295 2298 56b48cb-56b48d9 2296->2298 2298->2295 2300 56b48e2-56b48f0 2298->2300 2302 56b48f2-56b490b 2300->2302 2303 56b4914-56b4959 call 56b4160 2300->2303 2302->2303 2308 56b490d-56b490f 2302->2308 2313 56b495b-56b4978 2303->2313 2314 56b49c6 2303->2314 2308->2187 2313->2314 2317 56b497a-56b49be call 56b4160 2313->2317 2314->2187 2317->2314
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 838e00495a428d9dd1290f5e1aad8de76b365390dad53b17fee533b68452dfa7
                              • Instruction ID: a5b744a8de16ffaf7881ec155aa4d23e3367335bad0de27c4e8cda103463b4e2
                              • Opcode Fuzzy Hash: 838e00495a428d9dd1290f5e1aad8de76b365390dad53b17fee533b68452dfa7
                              • Instruction Fuzzy Hash: 0B12E634700505CFDB14DF28C994AAA77F2BF89751B2185A9E506DB372DB71EC82CB60
                              Function 056B63F8 Relevance: .5, Instructions: 479COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 20663c658e8fcf41104fa24f9750ff4dc5072e8394d6098f703d4e5a8fa25ed9
                              • Instruction ID: cffed2c16f73e01691521d455a02179e798c583292454053868b3cd95f47f8d3
                              • Opcode Fuzzy Hash: 20663c658e8fcf41104fa24f9750ff4dc5072e8394d6098f703d4e5a8fa25ed9
                              • Instruction Fuzzy Hash: 8D124F31A00205DFDB24DFA9C594AAEBBB2FF84300F24852DE5069B795DB75EC86CB50
                              Function 056BD2E0 Relevance: .4, Instructions: 437COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ebf7cde609bcf3421939183a4960d3df7029f1225688956a2775d8fae9f6a16c
                              • Instruction ID: 9aa2d736bc43c67f2465a8cc9436ff11d1966349718a6c0fbba3097726d9a316
                              • Opcode Fuzzy Hash: ebf7cde609bcf3421939183a4960d3df7029f1225688956a2775d8fae9f6a16c
                              • Instruction Fuzzy Hash: 3A12D734B002198FDB14EF64C894B9DBBB2FF89300F5086A8D54AAB355DFB1AD85CB50
                              Function 056BD977 Relevance: .4, Instructions: 394COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 370c51df29918d9cad41fa4b7042c6520a577697f5656048f3e658a41b44a66a
                              • Instruction ID: 05a8b7d1438aa029e6523bb6a09a31e3f2c40ba38dacda30e39a1236b510f30e
                              • Opcode Fuzzy Hash: 370c51df29918d9cad41fa4b7042c6520a577697f5656048f3e658a41b44a66a
                              • Instruction Fuzzy Hash: F3F12F34B00209DFDB08EF64D494A9DBBB2FF89310F548569E406AB365DF75AD82CB90
                              Function 057DE348 Relevance: .4, Instructions: 374COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf6998c1228d7e7379318020a372479982166d072835cd05c19506b6fb6c1630
                              • Instruction ID: 6abc7929bc7ab9a1491f7c48230ea1bae7dd2c4c4778a1617cd4d755ecf94d0b
                              • Opcode Fuzzy Hash: cf6998c1228d7e7379318020a372479982166d072835cd05c19506b6fb6c1630
                              • Instruction Fuzzy Hash: F2E18E35B00205DFCB16DF64D995AAEBBB6FF88310F248469E906EB391DB31D841DB60
                              Function 056B80B8 Relevance: .4, Instructions: 370COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eda9c39c4a9a7d452f1fbeff53d0c6881373b94343ebdaf5461b65b50823940f
                              • Instruction ID: 8b10ed88ae0bc11810b2e5a53abf6b9f912afaec2184faf4ac5db57c0cc89aab
                              • Opcode Fuzzy Hash: eda9c39c4a9a7d452f1fbeff53d0c6881373b94343ebdaf5461b65b50823940f
                              • Instruction Fuzzy Hash: 6CF1DC34B10118DFDB04DFA4D998A9DBBB6FF88300F118569E506AB3A5DB71EC82CB50
                              Function 056B9678 Relevance: .3, Instructions: 301COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5f170cd1c2d09f40403a8a657abf3d1a589a922d36a344b310034ad958f4a70f
                              • Instruction ID: 5c883b4ab6017667727ab0c957399226bea04dbf1303c5beabf3f1ea2592aa23
                              • Opcode Fuzzy Hash: 5f170cd1c2d09f40403a8a657abf3d1a589a922d36a344b310034ad958f4a70f
                              • Instruction Fuzzy Hash: 20E1B175A002288FDB68DF68C991BDDBBF2BB88300F1445E9E549A7351DB309E81CF61
                              Function 056BB1F8 Relevance: .3, Instructions: 289COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f36e2ab7c95b0b76f7096e9dd98144d5fd970b96c728ece02f0506de4ee12a0d
                              • Instruction ID: 77a1c0221cafdd73bcd4d46ac93163138826c2cb5f315f771e7d8b3fe48d340d
                              • Opcode Fuzzy Hash: f36e2ab7c95b0b76f7096e9dd98144d5fd970b96c728ece02f0506de4ee12a0d
                              • Instruction Fuzzy Hash: F4C1A874B10218DFDB04DFA4C998A9DBBB6FF89300F504569E506AB3A5DB71AC42CF50
                              Function 057DC3B0 Relevance: .3, Instructions: 276COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f27e55e4997b15949e4e13369a6df9fcd7a9c7b93ff290e775f8b4d1e1fd18fa
                              • Instruction ID: a59a949c6f48cc7bdbd81e833faa0546ad83eebfc3b0a1e9c3e4a5b7ce9a0776
                              • Opcode Fuzzy Hash: f27e55e4997b15949e4e13369a6df9fcd7a9c7b93ff290e775f8b4d1e1fd18fa
                              • Instruction Fuzzy Hash: 34A11234304104CFDB09AB69E52666FB7A7EBC8705F258028E90A8779EDF344D078BB5
                              Function 056B6C28 Relevance: .3, Instructions: 274COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d427ebea4110492eb90a989822d2e813bd08e70d30169acfc359295a28be035e
                              • Instruction ID: 5448ec9280f6e1b8ee034d47421a407042cb4f00859a42357d1f0f2884d20fb1
                              • Opcode Fuzzy Hash: d427ebea4110492eb90a989822d2e813bd08e70d30169acfc359295a28be035e
                              • Instruction Fuzzy Hash: 01A17030300215DFEB14EF28C494BAE7BA2FF88354F158569E8059B7A1DB74EC42CBA4
                              Function 056BB1E9 Relevance: .3, Instructions: 270COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a7bd9968bd25bdea537a2f423c121d5e4bec0eb9385f886bc7e377e0b6a65afd
                              • Instruction ID: 1995bfdfeae95fbc504ad925cf6ff92982b608e90538e12b6d96132cecd86d89
                              • Opcode Fuzzy Hash: a7bd9968bd25bdea537a2f423c121d5e4bec0eb9385f886bc7e377e0b6a65afd
                              • Instruction Fuzzy Hash: 1CC1C879B00218DFDB04DFA4C998A9DBBB6FF89300F504169E506AB3A5DB71EC42CB50
                              Function 056BE9A8 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 92e7ee1a638be86c1fd7c2bd0e4b0b53c473e2c0d9afa544661d33918124ba58
                              • Instruction ID: 7b2b9d265d8fa8e5b05e5b24377db2b2f0e7f2a7dee758580c1237b8c33be74a
                              • Opcode Fuzzy Hash: 92e7ee1a638be86c1fd7c2bd0e4b0b53c473e2c0d9afa544661d33918124ba58
                              • Instruction Fuzzy Hash: CFA160347006048FDB08EF64C494AAE7BB2FF89700B10866DE5169B3A4DF75AD86CB95
                              Function 056BED10 Relevance: .2, Instructions: 225COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90f69830e3775e14e260b7edcce1f3d21e29e8440c9820ed8a984d0c02908e88
                              • Instruction ID: 0cdad8a0738c1de908ae3d258726b6be5365bfb51c2cb23bdbe882b89f1effbb
                              • Opcode Fuzzy Hash: 90f69830e3775e14e260b7edcce1f3d21e29e8440c9820ed8a984d0c02908e88
                              • Instruction Fuzzy Hash: FD911D35B002049FDB05DF64D498AEDBBB6FF89710F148069E506AB3A1CBB6AD41CB60
                              Function 056B80AA Relevance: .2, Instructions: 222COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d9651da84bd76fb94e60c4ddf4c2574375d4fa5c830058572ad722931d1b8699
                              • Instruction ID: 9c14632f1357926c3b6aeeab45973dbaa25bf927981fdd1ce8b2623ad7c9c6f1
                              • Opcode Fuzzy Hash: d9651da84bd76fb94e60c4ddf4c2574375d4fa5c830058572ad722931d1b8699
                              • Instruction Fuzzy Hash: 86A1DB34A10218DFDB04DFA4D998A9DBBB6FF89311F158169E406AB361DB70EC86CB50
                              Function 056B9C18 Relevance: .2, Instructions: 221COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f104ba8c0c6a5d74815156e125ad2d7071754cbe32d42690341194541e60a298
                              • Instruction ID: 7fb58a892a58809c06cf404a77375d5616af32d1772bf4feaad5030bb87ceb26
                              • Opcode Fuzzy Hash: f104ba8c0c6a5d74815156e125ad2d7071754cbe32d42690341194541e60a298
                              • Instruction Fuzzy Hash: 6171CD307042458FEB29AF39C8507AE7BF2AF85300F18456ED606DB792DBB4D905CBA1
                              Function 056BE278 Relevance: .2, Instructions: 221COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f789a051908465346cb4046e864b6146e98cc7f002ee558e1a58f81110c25401
                              • Instruction ID: 523552c801b5312f689b7d5638dbaa724ae6bac4a68fe737dedabee37f9a9547
                              • Opcode Fuzzy Hash: f789a051908465346cb4046e864b6146e98cc7f002ee558e1a58f81110c25401
                              • Instruction Fuzzy Hash: 10815D307502149FDB04DF68C898AAE7BB6FF89710F104169E506DB3A1CBB5EC41CB91
                              Function 056B4228 Relevance: .2, Instructions: 208COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b2c6748ece38ec7b5d930a3759904734903ae7f707f1b8ac300890e4fcc06c6a
                              • Instruction ID: 67e99fa48f0868ff5f078966ef78855f0970ff2515e799ee497f6860847cd54f
                              • Opcode Fuzzy Hash: b2c6748ece38ec7b5d930a3759904734903ae7f707f1b8ac300890e4fcc06c6a
                              • Instruction Fuzzy Hash: 65812875A00218CFDB14DF69C58499DBBF6FF88311B1586A9E8069B762DB70EC81CF90
                              Function 056BE6C0 Relevance: .2, Instructions: 207COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 97948043b7fdf65de4c5fa9f57f4bd9a316c52cd9b1cf21adc5d0de0519b45ac
                              • Instruction ID: e7c654abdc4608422245d1155329198bc5c1a977a873fb39ee9529fd4e984f00
                              • Opcode Fuzzy Hash: 97948043b7fdf65de4c5fa9f57f4bd9a316c52cd9b1cf21adc5d0de0519b45ac
                              • Instruction Fuzzy Hash: 88815F34B006149FDB18EF68C458AEDB7B6FF89704F10456DD402A73A1CBB5AD86CB90
                              Function 057DD5A0 Relevance: .2, Instructions: 189COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2628742551e921211d3c6ccab7afda390fd3ea6712e9f41f5a0f58eae053f24
                              • Instruction ID: 5e35fbcdafc32e3f2f776a781ecdea8ae6c02e8b9e9837fff80cb6b383739549
                              • Opcode Fuzzy Hash: a2628742551e921211d3c6ccab7afda390fd3ea6712e9f41f5a0f58eae053f24
                              • Instruction Fuzzy Hash: 11610E312047408FE736DF6AD44075ABBF2EFC5360F15866AD04ACB6A2DB75D845CBA0
                              Function 052B3020 Relevance: .2, Instructions: 183COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3659437834.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23744813833c559bab967620a39b9a625a84ade30fab47f268ba1add0a08e7b3
                              • Instruction ID: 5ba6bbc7839fc1f68456dbdf0a9cd18cd1044a1734f374c8600885b38e0ff8fd
                              • Opcode Fuzzy Hash: 23744813833c559bab967620a39b9a625a84ade30fab47f268ba1add0a08e7b3
                              • Instruction Fuzzy Hash: D2517330324141CBEF049AD9C4986AAFAABAFE6741F64553EE307C7298DFF18D058791
                              Function 056BE6B1 Relevance: .2, Instructions: 172COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 18aec09f33a82d9b3e61a3666001da05562d15d3d73cac2f8526e94b4ccb6685
                              • Instruction ID: 343499182c86968be14a3b8b3a04bca6816dde718f6835832cb6c252aa963f5a
                              • Opcode Fuzzy Hash: 18aec09f33a82d9b3e61a3666001da05562d15d3d73cac2f8526e94b4ccb6685
                              • Instruction Fuzzy Hash: 3D618034B006049FEB14EF68C458ADDBBB6FF89300F10856DE402977A1DBB5AD86CB90
                              Function 057DB968 Relevance: .2, Instructions: 171COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 518e3599549acd3c0aec7fa963a43281b2acecb6578e363c53b91079c322c8aa
                              • Instruction ID: d03f8c0e58156bd6e5f6a002cce749fc339f9af4133666ecadde05e4667d3ac6
                              • Opcode Fuzzy Hash: 518e3599549acd3c0aec7fa963a43281b2acecb6578e363c53b91079c322c8aa
                              • Instruction Fuzzy Hash: 3E615F30708044CBDB14AF25D0197AABBA3EBC4345F218528A80A5B79EDF349D479FB5
                              Function 052B327D Relevance: .2, Instructions: 167COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3659437834.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b4f82941da9343d5c7a852ccb7d542cf40a59474ebf3ed31b4179c980128ed98
                              • Instruction ID: 48847faf5555a5975f06290ab24a48979c46f16781352348cbc19fb47452b07a
                              • Opcode Fuzzy Hash: b4f82941da9343d5c7a852ccb7d542cf40a59474ebf3ed31b4179c980128ed98
                              • Instruction Fuzzy Hash: 8951E7347207024BEB0E9B69C5A82BEBBA7BFD9740B54453CE506C7384DFB48C05C685
                              Function 056BE268 Relevance: .2, Instructions: 162COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55f1aec25e6688424ce96a7dd22f30633fb088b2cc3e95254bd555548c4757f6
                              • Instruction ID: 00a61272b9578997b253bf078e75017daa1f2ec89f60fa5a1a4c85ae57d517a0
                              • Opcode Fuzzy Hash: 55f1aec25e6688424ce96a7dd22f30633fb088b2cc3e95254bd555548c4757f6
                              • Instruction Fuzzy Hash: 0A611B34B50214DFDB04DF68C898AADB7B6FF89710F144169E5069B365DBB1EC81CB90
                              Function 056B9A88 Relevance: .2, Instructions: 159COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 24caf4e6ed44530ca7c086591af92f60113b085cdba9f09b377cd01bc8a7f849
                              • Instruction ID: 001bfd39a3a976dda21c9cd4217b5aa5f41f1bfc8bdb3df8cefca83e6407b05c
                              • Opcode Fuzzy Hash: 24caf4e6ed44530ca7c086591af92f60113b085cdba9f09b377cd01bc8a7f849
                              • Instruction Fuzzy Hash: 8141D1327041586FDF069EA99C408FFBFFEEB88210B14416BFA15D3281CA35C9259BB0
                              Function 057DEBC0 Relevance: .2, Instructions: 159COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a4e3084d36bd1021cc07ea2c7537cb1dae3471975752c002567ab320b608db8
                              • Instruction ID: 33a5686cb7fbd1f5c1711f7feaaeea232ed7ca4599b575b9dd33dcc33597ba30
                              • Opcode Fuzzy Hash: 9a4e3084d36bd1021cc07ea2c7537cb1dae3471975752c002567ab320b608db8
                              • Instruction Fuzzy Hash: 80518C357001158FCB05DB69D890AAEBBF6FF88310B258169EA06DF361DB31ED01CBA1
                              Function 057DDBD0 Relevance: .2, Instructions: 158COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ad22ffe5214c34ce5eb3307c14b3ac135f5608b03f968f6488cfb9757a363e9
                              • Instruction ID: a536ef4819dfb434ff779e878ebda1e4f69d425f2c35250fa92f1f05f9104b9d
                              • Opcode Fuzzy Hash: 3ad22ffe5214c34ce5eb3307c14b3ac135f5608b03f968f6488cfb9757a363e9
                              • Instruction Fuzzy Hash: 9651F871B006158FCB10CF68D484AAAFBB1FF85320F558666E5199B381D770F852CBE4
                              Function 052B3298 Relevance: .2, Instructions: 157COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3659437834.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 264284047a5e74783958660de676a57c24002278b95a505eb8a3bb95b056b896
                              • Instruction ID: 0e40ea4b5dc66808469aed721d2874bdea859145dabddb58d03890f91a86fe1c
                              • Opcode Fuzzy Hash: 264284047a5e74783958660de676a57c24002278b95a505eb8a3bb95b056b896
                              • Instruction Fuzzy Hash: 5E41E73472070247EB0D6A6AD1A82BEBAABBFD8740B54553CE607C7384DFB48C01C685
                              Function 052DA880 Relevance: .2, Instructions: 156COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3f813fd01dd5c5aef3eee89f881336d10c7f20f8afc4c46825723e8193f1833
                              • Instruction ID: e9a29f16f3c4dbad78dc6da713b3ccc5e397c5d627aa2f56985198eaa7f71b37
                              • Opcode Fuzzy Hash: e3f813fd01dd5c5aef3eee89f881336d10c7f20f8afc4c46825723e8193f1833
                              • Instruction Fuzzy Hash: 205156B3D2824A8FC7118EB8DDD9B51FF74EF55240B8F5255D849E7389E660C802CA72
                              Function 056B76C0 Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a5b5d14ef75f8fed3023b3257e411ed501369f30b5858a430412168b0489627
                              • Instruction ID: 58ad70e07d9178ba189ae23c53bcd75e4c5685f7c0de7efe636ebafc9110befa
                              • Opcode Fuzzy Hash: 2a5b5d14ef75f8fed3023b3257e411ed501369f30b5858a430412168b0489627
                              • Instruction Fuzzy Hash: 34517131A00205CFD748DFA9C8507AEBBA6FFC8300F54992DD10A97791DFB5AD068BA1
                              Function 052DF4C0 Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 187378c6b63428e11de36217c441ff7ec11ce10f707a16df1db44fc7663967a8
                              • Instruction ID: 9340d91fb4b7cec930c105bca1b87aacef6bab918e078da8d016e753258f4a34
                              • Opcode Fuzzy Hash: 187378c6b63428e11de36217c441ff7ec11ce10f707a16df1db44fc7663967a8
                              • Instruction Fuzzy Hash: EB511C76600104AFCB499FA8C955D69BFB7FF8C3147198098E2099B372DB32DC22EB51
                              Function 056B3D58 Relevance: .1, Instructions: 147COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3bfb092d4ba3d01bb6f01c8b2e71f245be2d8a5097a2fddd41fa267d70725dd0
                              • Instruction ID: e3023695229e277dbb5a45796340d0a096ff770afe2810d3f5f70fd316552f09
                              • Opcode Fuzzy Hash: 3bfb092d4ba3d01bb6f01c8b2e71f245be2d8a5097a2fddd41fa267d70725dd0
                              • Instruction Fuzzy Hash: C7518D313002059FEB18AF69D4957AE7BA2EFC4744F64452AE806CB391CF79DC42CB94
                              Function 056B7C88 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2579b6f7118d6641db91fd093a516c2a2989d805f56678a07973669334db095a
                              • Instruction ID: b41de460664257261f4dafd836899698294242ec2f3bd33a1f4ee7081aa55eb0
                              • Opcode Fuzzy Hash: 2579b6f7118d6641db91fd093a516c2a2989d805f56678a07973669334db095a
                              • Instruction Fuzzy Hash: 09515D34B106199FCB04EF64E458AAEBBB6FFC8711F108129F50297364DFB4A946CB91
                              Function 056BD08F Relevance: .1, Instructions: 137COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5a5f0223d1b1acf8e943203a342c42431415405a669bbba1b697884c7130f58
                              • Instruction ID: 5fc9cba7b8f401fd3011d54c19cc2915995c5d93f9bbff61d9ba10358333eb1c
                              • Opcode Fuzzy Hash: a5a5f0223d1b1acf8e943203a342c42431415405a669bbba1b697884c7130f58
                              • Instruction Fuzzy Hash: 59417334B102148FDB05AB68C858AAE77B7EFC9700F50452DD402EB394DFB49C86CB95
                              Function 056BDF58 Relevance: .1, Instructions: 135COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f56f50a5a08494ef517123ea6789c623245d5bc2b7f9b4ae1cdd4684f584421e
                              • Instruction ID: 1e6b016429df46050cd4850dfa4fe80c58e5583fc1cbda9e1689bf036285fab9
                              • Opcode Fuzzy Hash: f56f50a5a08494ef517123ea6789c623245d5bc2b7f9b4ae1cdd4684f584421e
                              • Instruction Fuzzy Hash: BD416F35304601DFE7259B24C498BAA7BB3BFC9300F54856DE5068B7A1CBB6EC82CB40
                              Function 052D3DA0 Relevance: .1, Instructions: 133COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3820568fea3885de0bc770f832c46e7bd88b240598da19fd259d80022d7de83f
                              • Instruction ID: a97fcc0aea6ec17bc6879ab947a85cc074b4a7a3a8fa2d517f3694d1d54ec95e
                              • Opcode Fuzzy Hash: 3820568fea3885de0bc770f832c46e7bd88b240598da19fd259d80022d7de83f
                              • Instruction Fuzzy Hash: 9741B5317142108FDB15AB68E46877B7BA6EF89705F150428E90A8B3DADA744C078BF2
                              Function 056B7690 Relevance: .1, Instructions: 130COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 10896ffb64753e33923bf7741923fd1a6f85b85806f8c4d44d6264ceb5b8985a
                              • Instruction ID: 478c50b2ea4ff5a5f0bd6569f96dcdbcbbea5ef849d6b7a4cb4ec7d839d55df0
                              • Opcode Fuzzy Hash: 10896ffb64753e33923bf7741923fd1a6f85b85806f8c4d44d6264ceb5b8985a
                              • Instruction Fuzzy Hash: FF41B131A002458FD719DF68C8507AEBFB2FFC9300F14896DD1459B792EBB1A946CBA1
                              Function 052D3DB0 Relevance: .1, Instructions: 126COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fe4eed004b56ddffba54222a8c0790b3771c977a2b3cc2293ac5b17ed551158c
                              • Instruction ID: 304eabff48535c636b4886eb4c7bfcf7463a187dc57ed13cc28d83d681f62c12
                              • Opcode Fuzzy Hash: fe4eed004b56ddffba54222a8c0790b3771c977a2b3cc2293ac5b17ed551158c
                              • Instruction Fuzzy Hash: D841B5317142108FDB15BB68E46877B76A6EF89705F150528ED0A8B3DADE748C078BF2
                              Function 056BFE08 Relevance: .1, Instructions: 123COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e2a2c33dec9807a5bb2163408bc00961b3ea685f0465daaa4900fecbf44b7fb7
                              • Instruction ID: da8037750b2088ea7421dd982b982d80a64c7622fea2c73a743f5cdff598eba0
                              • Opcode Fuzzy Hash: e2a2c33dec9807a5bb2163408bc00961b3ea685f0465daaa4900fecbf44b7fb7
                              • Instruction Fuzzy Hash: 5841FE31B007149BDB64DB78D9842AEB7F2FF84610F14992ED05AD7B90DB71E982CB80
                              Function 056B5E9D Relevance: .1, Instructions: 122COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63cda61f982039b2d87da43e3b9d9d031c949b938a077c150008832d6299d4c9
                              • Instruction ID: 753a4c77aa6093d7769f253144ff55f957825412ab3c03e9de9777139194154e
                              • Opcode Fuzzy Hash: 63cda61f982039b2d87da43e3b9d9d031c949b938a077c150008832d6299d4c9
                              • Instruction Fuzzy Hash: F3415870600606CFDB14CF69C480EAABBF6FF89310B558569E51AAB752DB70F841CF94
                              Function 056BF5B1 Relevance: .1, Instructions: 112COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 76f282f5ef4edf93d7a28489b337302008666076346fd92c2f9b6830c6e335d9
                              • Instruction ID: 78c913ec6a85ce3df99434af4878ac77d622d7fe0c0809e1f96224a106f050cd
                              • Opcode Fuzzy Hash: 76f282f5ef4edf93d7a28489b337302008666076346fd92c2f9b6830c6e335d9
                              • Instruction Fuzzy Hash: 983132717406149FE308DB68C855F6A7BE6EFC8714F104568E6068B3A2DFB1EC42C791
                              Function 056BF5C0 Relevance: .1, Instructions: 109COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 448f877dc593ad0494fe908c739864b506201c5a92ed24ba6b9a898f9fdb1e96
                              • Instruction ID: d7ca0d7cbd5931f88eb3545ffd44607aad61168042ed9041e29fa61440354464
                              • Opcode Fuzzy Hash: 448f877dc593ad0494fe908c739864b506201c5a92ed24ba6b9a898f9fdb1e96
                              • Instruction Fuzzy Hash: B53110357006149FD308DB69C894F6A7BE6EBC8714F104568E6068B3A1DFB1EC42C795
                              Function 056B0006 Relevance: .1, Instructions: 108COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4c064aae6d5fc25a8e75422427fcc02ca2d7b20cea38ae02f24e6dcd1960787e
                              • Instruction ID: 2d3a97764917ce091c0afc1e150134867223baf5339616e25fff5120f6c6c2f7
                              • Opcode Fuzzy Hash: 4c064aae6d5fc25a8e75422427fcc02ca2d7b20cea38ae02f24e6dcd1960787e
                              • Instruction Fuzzy Hash: FC418834A052548FEB26CB24CC95FA9BBB1BF0A310F1541D9E909AB3E2C671DD81CF60
                              Function 056BA7B8 Relevance: .1, Instructions: 103COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8e5fd4b1ab61c3ff104bd3dec47f5ab73bf64e3fe94b663812d5109281d03d1b
                              • Instruction ID: a7255c07ad971d75e3f6100ce586b053821d6dba750607919dbbe57ec3e8d95c
                              • Opcode Fuzzy Hash: 8e5fd4b1ab61c3ff104bd3dec47f5ab73bf64e3fe94b663812d5109281d03d1b
                              • Instruction Fuzzy Hash: 7F31F736A101049FDB45DF98D898EA9BBB2FF48320F1640A8E5099B772C771ED52CB40
                              Function 056B2090 Relevance: .1, Instructions: 100COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4eb8c7ea3453d159e5633bbcbb73d3a1164b35b483b618d0e2a53499f7281a66
                              • Instruction ID: 7823552370a194726ab42313192ae509bd852074cacfd7b8e46917995fe9d563
                              • Opcode Fuzzy Hash: 4eb8c7ea3453d159e5633bbcbb73d3a1164b35b483b618d0e2a53499f7281a66
                              • Instruction Fuzzy Hash: A0316C753041449FEB15CF2AC894AAA7BE5FF89320B1940A6F906CB371CA71D891CB20
                              Function 056BE570 Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c5c47de42478b5c20bd2f8aaf4073f4cd54827592e1d891d663af2702ca35613
                              • Instruction ID: d7a1157d6057b71f31ad39a3efeceee73cb3b0ac50ee34dd0afa0f59b6014c2e
                              • Opcode Fuzzy Hash: c5c47de42478b5c20bd2f8aaf4073f4cd54827592e1d891d663af2702ca35613
                              • Instruction Fuzzy Hash: DA310F35A402199BDB14DFA4D855AEEBBB6FF88311F108129D801B7390DBB59D85CBA0
                              Function 052B14ED Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3659437834.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f844e7ba60eec47ba0cee67c6b5347e015ab9b8c2a04d323640810dcb5f72a4b
                              • Instruction ID: 6e6389345ff9503a48140a5fbc01722bce52fe3a7553a8118f13700931b1888d
                              • Opcode Fuzzy Hash: f844e7ba60eec47ba0cee67c6b5347e015ab9b8c2a04d323640810dcb5f72a4b
                              • Instruction Fuzzy Hash: DD2108767282028BEB291A2594686F97A73AFC57D1F24407BD407C72C1DEF48D12C362
                              Function 056B7520 Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bf289128045ef322317ae5ae50df1e829e3103698cdff4d71e156e94cd71c239
                              • Instruction ID: 54345b1e5b729bf9b9dd5cf157fc6c4a741c14d0ff6693494b1618fded619da1
                              • Opcode Fuzzy Hash: bf289128045ef322317ae5ae50df1e829e3103698cdff4d71e156e94cd71c239
                              • Instruction Fuzzy Hash: B2318535B00204DFCF099F94D958999BFB2FF88310B1541A5E6059B361DF72DC52CB91
                              Function 056B41C8 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fad4825c583fabe2f6a701e4b18089533f285089e6a5e8f37d6d1aac61dd9bbe
                              • Instruction ID: 3f9b59f8b105245ae1037fad144ac161f719afb0feff920165ac8eab2080899e
                              • Opcode Fuzzy Hash: fad4825c583fabe2f6a701e4b18089533f285089e6a5e8f37d6d1aac61dd9bbe
                              • Instruction Fuzzy Hash: 2B21A7B6A00208AFCB19DFA4D8809DEBBFAEF88210F158566E505D7751DB70ED05CBA1
                              Function 056B8A28 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 273ae3e3b4804e4689ceddaeae1ec1b7fe8ea03e9dbf798358f799f9152d1ab0
                              • Instruction ID: 87f7bfad5a15b103efa1cf2fe164db49e413e4b2a8215ae3940bd6afd1df2fd7
                              • Opcode Fuzzy Hash: 273ae3e3b4804e4689ceddaeae1ec1b7fe8ea03e9dbf798358f799f9152d1ab0
                              • Instruction Fuzzy Hash: A62195323086109FE7249B69E884AA6BBE9EBC0321B15857AE50EC7751DFB1EC81C751
                              Function 052DE930 Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b68484fbb1178b00783227f17a15539e9bbf56a72f39a67861231a5a178dd4dc
                              • Instruction ID: 7bc35bdc728930deb39961c2223d2f2dc71d779ad33f6a1f01f14e1b36d77a16
                              • Opcode Fuzzy Hash: b68484fbb1178b00783227f17a15539e9bbf56a72f39a67861231a5a178dd4dc
                              • Instruction Fuzzy Hash: 5A31C430A25109CFEF44EA15E4457E9B3A7FFC8314F158075D0066B299DB741986CB65
                              Function 052D484A Relevance: .1, Instructions: 84COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 44edb89ea96e87a61cdce8b2e5d6a32ad0eded96b413a9e6690e0222ee38c382
                              • Instruction ID: 6eddc7321d092e72fa0fd40a191ab5cc42a74d4bbca8f7b6607094b528d9d55f
                              • Opcode Fuzzy Hash: 44edb89ea96e87a61cdce8b2e5d6a32ad0eded96b413a9e6690e0222ee38c382
                              • Instruction Fuzzy Hash: E02128F28142844BDF01EBB4C98A349BFB0DF05240F5B9686888ADB3E7E5B4D90187E1
                              Function 052D4554 Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0997caffafb99c5cb75e9c8252e8045067acbc9926b731f0493e4dfa6ce24aed
                              • Instruction ID: 0873d664363619e914f6f37677d1b81c465b979eff543c4a3c3b600363b97b5a
                              • Opcode Fuzzy Hash: 0997caffafb99c5cb75e9c8252e8045067acbc9926b731f0493e4dfa6ce24aed
                              • Instruction Fuzzy Hash: 28214CF38282944BDF11EBB4CD89349BBB0DF05240B5B9586CD86DB2D2E2F4D84187E1
                              Function 052D45B1 Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1ac0d1c444a6c111c50050be3cbf4a2621375feb7dd9941586790a6c4e97aced
                              • Instruction ID: edfd467c0e3c62e26758d78ff0aca404e5b1a1f5fbc524eb5916eecc18bb653c
                              • Opcode Fuzzy Hash: 1ac0d1c444a6c111c50050be3cbf4a2621375feb7dd9941586790a6c4e97aced
                              • Instruction Fuzzy Hash: 53210CF28183544BDF01EBB4C9893497B70DF45240B5B95468C86DB3E7E5B4D90187F1
                              Function 056BC600 Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0179c97ffc1caa3baabc12b1a3ffec492f021eb48c4465698734a40d31db8e6
                              • Instruction ID: 5a1ca1ba2033b962f48b6984d00c81e5f6c789dc7d69652479c6a4f48a0e1fd6
                              • Opcode Fuzzy Hash: f0179c97ffc1caa3baabc12b1a3ffec492f021eb48c4465698734a40d31db8e6
                              • Instruction Fuzzy Hash: 51216574B10A098FCB04EF68D5448AEBBB5FF89700B104529D506A7360EF70AE46CBA5
                              Function 057D26F0 Relevance: .1, Instructions: 77COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e5a0fe25573466b98d1825e3b23d33e3c096b89a2d1a610e6e8e0b506c969553
                              • Instruction ID: 86ae260d8330771f1c36a277a584c06216c150dc87890808224f49fe1ed17657
                              • Opcode Fuzzy Hash: e5a0fe25573466b98d1825e3b23d33e3c096b89a2d1a610e6e8e0b506c969553
                              • Instruction Fuzzy Hash: EA219F397142008FD655AA69E85872EBB7BFBC9750B240024E906C739ADE649C03A7B5
                              Function 052D471F Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 58e8f1f44c12e07687113e8a5dbfc134d1cba6ea3639bfcf4d74cc491b3bab42
                              • Instruction ID: 516edd9dcc509e6e30b5718a7f9e94de6efac2897fd589b3aa851d47c73ea47c
                              • Opcode Fuzzy Hash: 58e8f1f44c12e07687113e8a5dbfc134d1cba6ea3639bfcf4d74cc491b3bab42
                              • Instruction Fuzzy Hash: CC212BF38282844BDB01EBB4CD89349BBB0DF05240B5B96868986DB3D3E1F4D80187E1
                              Function 052D47A9 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e73b0d1bad26c76f94d55338de6796b4f4e81b57113a8a81677172383e7c352
                              • Instruction ID: 7a11392147c270e10d0d89397e6d083abfe9371324b974ca58cf24a67ca93055
                              • Opcode Fuzzy Hash: 7e73b0d1bad26c76f94d55338de6796b4f4e81b57113a8a81677172383e7c352
                              • Instruction Fuzzy Hash: 4E21FBF38242884BDB01EBB4CD89349BFB0DF15240B5F96868886EB2D3E5F4D94187E1
                              Function 056B1590 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be0de321de87cee1b0ecc97f9b861daaed49343b4ea4dbcfff583c4bf9947476
                              • Instruction ID: fdae1ab66a60cc08e93d0ad9b5d348d88003705238f3944a94cefee642b5e629
                              • Opcode Fuzzy Hash: be0de321de87cee1b0ecc97f9b861daaed49343b4ea4dbcfff583c4bf9947476
                              • Instruction Fuzzy Hash: C7215C71E04209EFEB10DFB8D414BEEBBF5AF05240F548066D91AD7290E774CA81CB91
                              Function 00D4D450 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3560223882.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_d4d000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5ddd7c6024aa9f93ac58fd71121eb80acb20ff15c8851e9bc49405a788a049b4
                              • Instruction ID: 0702ab3b62bfb9ebe049856eebcfe3a873511cb2ba912e6f1f803da1ec0e725c
                              • Opcode Fuzzy Hash: 5ddd7c6024aa9f93ac58fd71121eb80acb20ff15c8851e9bc49405a788a049b4
                              • Instruction Fuzzy Hash: 08210372504240EFDB15DF14D9C0B2ABF66FB88324F24C16DE90A0B25AC736E856CAB1
                              Function 00D4D53C Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3560223882.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_d4d000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5713e9f845114e577935398efed7e5e8d288ac0fd3a33194156df5d57e446678
                              • Instruction ID: 929817401c46191182150ad1c9be3583fd176c38c87680e82eca3703a990661f
                              • Opcode Fuzzy Hash: 5713e9f845114e577935398efed7e5e8d288ac0fd3a33194156df5d57e446678
                              • Instruction Fuzzy Hash: 7F2142B2100204EFCB05DF00D9C0B2ABF62FB98328F24816DE9090B256C736D816CAB1
                              Function 056BC5F0 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d5eb621ff8bcf9c9acbf6a93b98bf2c0cb2e221dc37928f942fb544f10879a1
                              • Instruction ID: dcd937e155efe651af770d3e6eba18f76724552c2b90fe2895eb90fb949866c9
                              • Opcode Fuzzy Hash: 6d5eb621ff8bcf9c9acbf6a93b98bf2c0cb2e221dc37928f942fb544f10879a1
                              • Instruction Fuzzy Hash: 27216235B0060ACFDB04EF64C4859AEB7B5EF89700F10452AD506E7360EB70AA46CBA5
                              Function 056B62C8 Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a0ebb25a2314ef606625053c56a3bfb5c54dcb27baf4583e9886a7322d014619
                              • Instruction ID: 9708dfa65316783d2eb2e7f749d482e5c2b0f6bed7aec84896247ad858ca7067
                              • Opcode Fuzzy Hash: a0ebb25a2314ef606625053c56a3bfb5c54dcb27baf4583e9886a7322d014619
                              • Instruction Fuzzy Hash: C721D735A002098FDB04DF54C555ADDB7F2FF88310F2056A9E505BB3A1CB75AD81CBA0
                              Function 056BDF49 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2031eed78b04722c8956203d3b7590089fa9d7c5199e73a357c7be999ee96711
                              • Instruction ID: b3503d425782dd6c38d9d6d2175746f34e99b5346b4f597945e9a10315219e14
                              • Opcode Fuzzy Hash: 2031eed78b04722c8956203d3b7590089fa9d7c5199e73a357c7be999ee96711
                              • Instruction Fuzzy Hash: 1221A571304604DBE7259E25C584BAABBB7FBC4700F54856DE5068B791DBB3EC81C750
                              Function 056B62B8 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9b3e6e84acd4d5b54603dacf386d119114bdce3b752d8e4752167c2eec3c5dde
                              • Instruction ID: c49d0956392cc974aa2d8e9a3a298004932084a5db2b662767e817c8a3bd9e46
                              • Opcode Fuzzy Hash: 9b3e6e84acd4d5b54603dacf386d119114bdce3b752d8e4752167c2eec3c5dde
                              • Instruction Fuzzy Hash: DB21F931A00209CFEB08DF64C555ADDBBF2BF48300F2056A8E505BB7A1CB759D41CBA0
                              Function 052DF878 Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fa4210e92e55c888e3f6b61aa6919fe06cdf56062b6abb2795f5d3f17d827caf
                              • Instruction ID: 18e9c84fc28a28155d08794ecdef5265c5bc684970c30ef3dba5c092f82b66af
                              • Opcode Fuzzy Hash: fa4210e92e55c888e3f6b61aa6919fe06cdf56062b6abb2795f5d3f17d827caf
                              • Instruction Fuzzy Hash: 25217131A10209DFCB089FA9C5449DEBFB6EF8C320F249129E416A7390DF715941CFA4
                              Function 056BDE99 Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d9272c65f10654d9f36aa639e04e8ebd844309662bcec6962dc447b3fec926bb
                              • Instruction ID: 4a6d981ca4495e2a7aeb9e5f79e31c0cd5740117564db79bcfc32e5dde43a782
                              • Opcode Fuzzy Hash: d9272c65f10654d9f36aa639e04e8ebd844309662bcec6962dc447b3fec926bb
                              • Instruction Fuzzy Hash: 3F219D35B002048FC714EF28D888AAEB7F6EF88310F144569E506DB361DB70ED42CBA1
                              Function 056BE1B8 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd1f16be6cc06346d3277fe3e0e5e36d61b1c595aa992a2a010725f1d114bef2
                              • Instruction ID: 8a5902a64229d715a0595c410299fe57f234067745a160b4c9408903eed0c123
                              • Opcode Fuzzy Hash: dd1f16be6cc06346d3277fe3e0e5e36d61b1c595aa992a2a010725f1d114bef2
                              • Instruction Fuzzy Hash: B8116332604254AFC70A9FA8D814D597FB6EF8961031A80DAE505DF373CB36DC11DB91
                              Function 052DA797 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e9770d1b4d0b03456e9400eeb67f01cd432620d89c7222edb44afe56bc44d4a0
                              • Instruction ID: 7efc3d0411e13188f1a748e5c4cd1ce65bf01d6e211e0a877d8b43d8503ced47
                              • Opcode Fuzzy Hash: e9770d1b4d0b03456e9400eeb67f01cd432620d89c7222edb44afe56bc44d4a0
                              • Instruction Fuzzy Hash: A211E5717002145FD308DAB98C61B6B7A9AEFC9310F101469A209DB392DD649C0657A0
                              Function 056BEE5F Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12833ffc99cdb4a95237f05b6846827d29a9c19501ce8bfa9915dcf0f5bc3f44
                              • Instruction ID: e4893a8b1a6d7dc7325d1129437aa5d111bb91966e46e920097c576f08e5f55e
                              • Opcode Fuzzy Hash: 12833ffc99cdb4a95237f05b6846827d29a9c19501ce8bfa9915dcf0f5bc3f44
                              • Instruction Fuzzy Hash: E7219F35A40104CFD708DF68C598A9CB7B6FF8C311B618598E506AB361CB72EC81CB50
                              Function 052DA7A8 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae001c309d34b78f04aadc778fde85949cffa211b622222f9678bf7bb2bbfb8c
                              • Instruction ID: 542ed9b1e3bd37ef499cf554874242da6c23788a119f4c6f0b1fdedda3d7910d
                              • Opcode Fuzzy Hash: ae001c309d34b78f04aadc778fde85949cffa211b622222f9678bf7bb2bbfb8c
                              • Instruction Fuzzy Hash: BE0180707002189BD748EABA8C61B6F7ADAFBC9350F105468A20EDB396DDA5AC0153A0
                              Function 00D4D44B Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3560223882.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_d4d000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                              • Instruction ID: e63c93a5b1d04dcbcc857391a942ea4b5770cb219ec898ea59c6af6c62e7ada8
                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                              • Instruction Fuzzy Hash: 2211B176504280CFCB16CF10D5C4B1ABF72FB94314F28C5A9D8090B25AC33AD85ACBA2
                              Function 00D4D537 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3560223882.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_d4d000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                              • Instruction ID: 52ae86b1b73db1759f2a7319eb524c12c9dc02c61cd82f9e02315e0d5fc5e860
                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                              • Instruction Fuzzy Hash: 9611E676504284CFCB06CF10D5C4B16BF72FB94314F28C6ADD8094B656C33AD856CBA1
                              Function 057DD9C8 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4c56f215b08433dcad41a340a763c3bcbda2a73a52b6722f1db1a347e81c3bb
                              • Instruction ID: 654569db574196f4b9251fada36cad955b2d13c91afd95687f9b90699ace6e94
                              • Opcode Fuzzy Hash: d4c56f215b08433dcad41a340a763c3bcbda2a73a52b6722f1db1a347e81c3bb
                              • Instruction Fuzzy Hash: 78018436350214AFDB149E59DC84FABBBA9FBC8721F108026FA05DB290CAB1D8008760
                              Function 056B28E8 Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb4b424af8e66412b8cceef4faa117dd50d6913dd9b74334f7dce83f9a453b6e
                              • Instruction ID: 30e0adfc9973b64d64f5710dadacc278c89be7766c2422ae94d2133238e663ec
                              • Opcode Fuzzy Hash: cb4b424af8e66412b8cceef4faa117dd50d6913dd9b74334f7dce83f9a453b6e
                              • Instruction Fuzzy Hash: 3C01D67A604209AFE718DE99C850BCABBF5FB44320F558069E549D7B50DB70E9C0CB90
                              Function 057C11BC Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fbdd9d132225c4b5d0ecec36fd6c3bbf4103743d059cc0f3a6cd2e6de9b24a5d
                              • Instruction ID: 403f26f40826581d982846e51b82fa63f9be0b29f7331f7e38a3226150a4685b
                              • Opcode Fuzzy Hash: fbdd9d132225c4b5d0ecec36fd6c3bbf4103743d059cc0f3a6cd2e6de9b24a5d
                              • Instruction Fuzzy Hash: 3921B374A01218CFCB55DF68C994A9ABBF6EB48310F1480D5E80DA7356CB35EE82CF60
                              Function 056BBB20 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea1511e37ad6fa1b8822ee3fc96ed0acd8c3cfbf354d3da4fe1da9ed37bcf160
                              • Instruction ID: a6d0792cb1968e6abf5dee660c4af5df43a0e5391851cf830e918aaa7a6aed15
                              • Opcode Fuzzy Hash: ea1511e37ad6fa1b8822ee3fc96ed0acd8c3cfbf354d3da4fe1da9ed37bcf160
                              • Instruction Fuzzy Hash: 4201623A7005149FC3059F24D459A5ABBB2EFDC721B109639E90687390DFB1EC42CB94
                              Function 052D0B1F Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 10de20a7b5741f05444faf0f4edc224e40593a5d903c612a9ba21fbb3e76f484
                              • Instruction ID: c971650175d8ac34edb1e03ef155cbda4c7bf46703832bb478dabf65ecf4e2ec
                              • Opcode Fuzzy Hash: 10de20a7b5741f05444faf0f4edc224e40593a5d903c612a9ba21fbb3e76f484
                              • Instruction Fuzzy Hash: 5CF0FC73A183149FC755CB959C88DAFFBE9FF89364F014136D50CD7161E670890683A9
                              Function 057C1BD9 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7c16a856199d36f099fe6d98faa452a8080cd81c23df6f563d0a40e6ce82616b
                              • Instruction ID: 31eca572cf27514cd50121669e219793fd513853ceed7860268e74b3fe94e720
                              • Opcode Fuzzy Hash: 7c16a856199d36f099fe6d98faa452a8080cd81c23df6f563d0a40e6ce82616b
                              • Instruction Fuzzy Hash: 53115A34A00118CFCB14DB18D4486E9BB76FB45301F0100EDE909AB396DB748E828F92
                              Function 056B7C78 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 44f7ea61404be28ab30ee5a21a5dad0fa8e1feb2ab5a25126ec4ad4fc50f5d1e
                              • Instruction ID: fc70ba105e0963ffb3442f43ca627106be5bb2bdb01f6bf4619f5865a244568b
                              • Opcode Fuzzy Hash: 44f7ea61404be28ab30ee5a21a5dad0fa8e1feb2ab5a25126ec4ad4fc50f5d1e
                              • Instruction Fuzzy Hash: 9EF024327000086BDB049A19C8889AAB7AAEFC4220B054026F905D7760DE709D12CBE0
                              Function 056BBB30 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 472674b924470d86f2dca2a63aa4207ecfd0ee07d520efd559518afe2e6970c6
                              • Instruction ID: 48995b35ecead8cddf9b338efeb9bd7c41382001ec3e535afc14cffb3cf55d9f
                              • Opcode Fuzzy Hash: 472674b924470d86f2dca2a63aa4207ecfd0ee07d520efd559518afe2e6970c6
                              • Instruction Fuzzy Hash: EC011D393006149FC3059B24D45895ABBB6EFCD721B108669E9068B790DF71EC42CB95
                              Function 052D5CA9 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6725832f0686d1a8c8ed5bf0990eabde9a95a01bcae212b629f1b02e98a88cc5
                              • Instruction ID: e680041b2a2d28f747c1a34fc570fb7e20458a692c7e5dab2aa0e19402b5abbd
                              • Opcode Fuzzy Hash: 6725832f0686d1a8c8ed5bf0990eabde9a95a01bcae212b629f1b02e98a88cc5
                              • Instruction Fuzzy Hash: 23F0A477F252149BD700DB75E84D7BEFB56EF44211F04806AE40AD7345EAB448418BA1
                              Function 052D5CB8 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9fdd2426d64e392c736c5bd4e061bb67753f76037d3f48b2876a8abe10f2a0da
                              • Instruction ID: 18f52667c3566c6f0a920184125a26c59f090d76327a75f6be54576d0ae22e96
                              • Opcode Fuzzy Hash: 9fdd2426d64e392c736c5bd4e061bb67753f76037d3f48b2876a8abe10f2a0da
                              • Instruction Fuzzy Hash: B7F09637F152189BD700DA76A84D67FFB5AEF85321B00807AE80DD7345DAB449418BB5
                              Function 056BAF70 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 57aadd89812bbeeed5684bc79b1fcf7011b5b3fd340215db393244f15c96825e
                              • Instruction ID: 489e007ced0cc948774d104eaca5ca98c6d3e8507055a3416926b9e7e1d2d7d6
                              • Opcode Fuzzy Hash: 57aadd89812bbeeed5684bc79b1fcf7011b5b3fd340215db393244f15c96825e
                              • Instruction Fuzzy Hash: 08F04F7A3102049FC7159B29C858D2A7BBAEF89721B1584AAF956CB3A1CA71EC01CB50
                              Function 052DA872 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 299179b70b86aa592a78fdb278732dc473a9b5dd7dff36ec90932c4f2c3b2e76
                              • Instruction ID: 0b85181852bf1917a34319914686110c4751a800db3cb80d2dd14d5a5e007a7c
                              • Opcode Fuzzy Hash: 299179b70b86aa592a78fdb278732dc473a9b5dd7dff36ec90932c4f2c3b2e76
                              • Instruction Fuzzy Hash: 7BF0B432A24326EFDB20DB65D844F61B399FF88322F0A8026DC1AC7251D721E846E770
                              Function 052D4008 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 83a711c64a8d0228ddc5c8148307d75b8d8adad14ec094ca9e7f793ec494c0b8
                              • Instruction ID: 01ccf01f5fafbebb508f4e434b8862e6210855a6cf0f2d7481a664bb872d23a5
                              • Opcode Fuzzy Hash: 83a711c64a8d0228ddc5c8148307d75b8d8adad14ec094ca9e7f793ec494c0b8
                              • Instruction Fuzzy Hash: C7F082B6D14108ABCB00EAF5D915B5EBBB9EF55282B1585EA9408C7312F9B2DA0152E0
                              Function 052D0B30 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df2d7bb9de9ada2eea69baa0b82f3506ea47032c10f695a834ad4c6bad1185de
                              • Instruction ID: e5fdd4daf668db6edc8439683307480220bef73fa314227e82ab23c2b1af4faf
                              • Opcode Fuzzy Hash: df2d7bb9de9ada2eea69baa0b82f3506ea47032c10f695a834ad4c6bad1185de
                              • Instruction Fuzzy Hash: 80F08933A182259F8754CA9A9C489AFF69AFF89365F014135E50DD2120E670490146A4
                              Function 056BAF80 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a6d6e096f8508c6e024d5df02846193208df465bd0aaa35a03917427050487f8
                              • Instruction ID: 3f9f1d41720abf02586ce47e4ee99c387049e738afb9ddb5baa2314fe5666c38
                              • Opcode Fuzzy Hash: a6d6e096f8508c6e024d5df02846193208df465bd0aaa35a03917427050487f8
                              • Instruction Fuzzy Hash: D5F05E393102149FC304DB19D458D3A7BAAEFC8721B10406DF9068B360CA71EC42CB90
                              Function 056B4ABF Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d22bab4f8bd6a1e4eecccaf376f4d1c0e6cbdd07d1ae4e3c66044e9ab68c92b
                              • Instruction ID: 841af9eb9af8842cdb6a3f7b037b3fbf6892e800f1e782c20a632787b1298ea5
                              • Opcode Fuzzy Hash: 9d22bab4f8bd6a1e4eecccaf376f4d1c0e6cbdd07d1ae4e3c66044e9ab68c92b
                              • Instruction Fuzzy Hash: AEF0B4316043159BDF159B64C829BDEBBF2AF44701F01496DD545BB782CFB59C05CB81
                              Function 057C4139 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd4e2c7cddf89c55959c780f3d36f0cbde616cb5f25e5fa1b23f509b9aac36e7
                              • Instruction ID: fd3d8e2d72040b0702b4128919cbb127d020bf6ae3aacff000cc8dd1d16e7d80
                              • Opcode Fuzzy Hash: cd4e2c7cddf89c55959c780f3d36f0cbde616cb5f25e5fa1b23f509b9aac36e7
                              • Instruction Fuzzy Hash: 7D01F635E04125CBDB609B18D85CBBCBAA2BF05310F0240F8D909A7695EB789EC19FA1
                              Function 057D6C08 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 46c975cd9a0425cda5cf9fd65f9a1c3d60a56a92bfe8e2d1565b253e6f04b297
                              • Instruction ID: 7d99238928ab3e567a0385f7d5cf931d1dcb2c9a207e75c1cc2b4f4fb55d5036
                              • Opcode Fuzzy Hash: 46c975cd9a0425cda5cf9fd65f9a1c3d60a56a92bfe8e2d1565b253e6f04b297
                              • Instruction Fuzzy Hash: CDE0482171021857E31C65BE5C65B2BA98EEFC5750F64803EB50DC7396CCA58C0603F4
                              Function 056B74D0 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c1b16bda6e50697eac78e1182625d22883f2be9a52b021fb6052bb5009c47cd
                              • Instruction ID: e80cf4dc2cb3d611ffd74df1c9faef3fdf20a09188de4aa8dbb44f2207f5fbc8
                              • Opcode Fuzzy Hash: 9c1b16bda6e50697eac78e1182625d22883f2be9a52b021fb6052bb5009c47cd
                              • Instruction Fuzzy Hash: 60E09B722003059BC7159A1AEC85E4BFFAAEFD1324B14D93DE109C7222DDB4AD0AC7D0
                              Function 056B7082 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c7e86f525900bb5c86b276a453488742870843dce885231ece6fb423a8da143d
                              • Instruction ID: 59cfac28180fc666c27a23ba4948aaf599ec27fb1d1d7b20b0e6496f585add48
                              • Opcode Fuzzy Hash: c7e86f525900bb5c86b276a453488742870843dce885231ece6fb423a8da143d
                              • Instruction Fuzzy Hash: A5E086B130502257E7340C6D6C8966EE59DFFC5A30B40013FF805C7304D9A19C42C7A4
                              Function 056B4AD0 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f8ff68a7488708da9570bc6736fa85af68372fe7c5708f089b5862bc15f5670b
                              • Instruction ID: a8a0f0b31486caeecd896b54da047474b071e7bf4f0731a1d789ced1affedaff
                              • Opcode Fuzzy Hash: f8ff68a7488708da9570bc6736fa85af68372fe7c5708f089b5862bc15f5670b
                              • Instruction Fuzzy Hash: AAF0A031A00318DBDF189B68C825ADE7BF2AB48701F00092DD502F7382CFB56C00CB90
                              Function 052D7F33 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f2e8907a5ca25a9da2874e2300fa4509d21f104107bf75bc9f7e000f12963598
                              • Instruction ID: 6d269b909116f09cec4374f8f6246c06d93b42d22aaf3fd82815be1e8a625cb2
                              • Opcode Fuzzy Hash: f2e8907a5ca25a9da2874e2300fa4509d21f104107bf75bc9f7e000f12963598
                              • Instruction Fuzzy Hash: 31F03A34B006008FCB45EB38E46866D7BE2EF88301B100069E90ADB3A6EF359C45DB61
                              Function 056B74E0 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 467cf4fa65164a3917ea828e2495cca8297e1fd622004979abc10de18c806d5f
                              • Instruction ID: b0de032adb5777b394b577a4ced125b2401afe6b7573d422a4abf1a84f3cd360
                              • Opcode Fuzzy Hash: 467cf4fa65164a3917ea828e2495cca8297e1fd622004979abc10de18c806d5f
                              • Instruction Fuzzy Hash: A6E0483130020A9BC7159A1EEC84C4BFF9ADFC0364710EA3DE10A87625DEB4AD49C7D0
                              Function 056B1540 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6840716d58dffb2fd167441ead827f1534a53d92a1133bf548b315ce887dcdd
                              • Instruction ID: 169e6af8cc1bfb422a122c983d7247c157e07d9d25affbdb70d3955754568dd7
                              • Opcode Fuzzy Hash: c6840716d58dffb2fd167441ead827f1534a53d92a1133bf548b315ce887dcdd
                              • Instruction Fuzzy Hash: 9BD05E939993894FE202C1545D122C33F91ABBA715B25A0A29182C77DAE028EC438226
                              Function 056B1930 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 295e64cf8b4217a27a04f47b05b9e96489c58e56260585323679ff6249e0bcf6
                              • Instruction ID: 1753b5ef72d6ed95657625858e2e6eaedf778f9e737c29516174d1f4ff2ab5c2
                              • Opcode Fuzzy Hash: 295e64cf8b4217a27a04f47b05b9e96489c58e56260585323679ff6249e0bcf6
                              • Instruction Fuzzy Hash: B3E08630740308ABFB10B6748814BE933A99F47611F30406AEA05AF7C4DDF1D881C7A5
                              Function 052D68A8 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5ea181478bcf8eeb6cff9eb1451b4dab99f57755445ac4960a26ff19b9e57efa
                              • Instruction ID: 5e7c730b04fc45ce4fd0b1a77100a890a3c88df242a6f90786a8d45d2dc5c344
                              • Opcode Fuzzy Hash: 5ea181478bcf8eeb6cff9eb1451b4dab99f57755445ac4960a26ff19b9e57efa
                              • Instruction Fuzzy Hash: C6D05EB26083441FC301C668C899891BBB4DB95510306809AE448CB2A3F531AD0B9251
                              Function 057DD290 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 988c95ae97e5e5b374a13d6ee3b611f1c5ce70fa81579278b62d8eb7761d629c
                              • Instruction ID: baf05aab0bed9cd3c7b90bdc4a18f274663e24e927d2f6c1130dc0477dc3a86b
                              • Opcode Fuzzy Hash: 988c95ae97e5e5b374a13d6ee3b611f1c5ce70fa81579278b62d8eb7761d629c
                              • Instruction Fuzzy Hash: 0DD0123150520DEBC710DEB49D0155AB7ACEB05101B1005E9DC09D3200EA32DA109AA1
                              Function 056B8B50 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7ec1c49bc785b663b9082e83795480b79be5279350474dc79c9fe45fc7035438
                              • Instruction ID: 63b47f6bef2a9efa48a7b7378108ca1c810172ccd7a2fe73a86360fd1fdbcdad
                              • Opcode Fuzzy Hash: 7ec1c49bc785b663b9082e83795480b79be5279350474dc79c9fe45fc7035438
                              • Instruction Fuzzy Hash: 01E02B3530D7514FD716873DA8148963FF5DF8960030A92A9E085CB327DD60CC06CB60
                              Function 056BCA39 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6b1f2fbe3d2df86ef916025d8736c0065db31c68830782afc3ef9128a85d0886
                              • Instruction ID: 0165797767032ed097bb0272b8cb7bccd93b5620bf4c1a04aecb6482544b6956
                              • Opcode Fuzzy Hash: 6b1f2fbe3d2df86ef916025d8736c0065db31c68830782afc3ef9128a85d0886
                              • Instruction Fuzzy Hash: 40E0C232A181488ECB01EF78E8444DCFB75FF81316B0183BAD08556001DB319199C791
                              Function 052DF190 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d62edd5b7e3f75230ae1df7826afd1a2bcb680b581da0dc9dc24d4ebb4e7ca72
                              • Instruction ID: 3709c151061e9e4383317769717c8cd45a98802e1cdc9c376cd9ccca720a8933
                              • Opcode Fuzzy Hash: d62edd5b7e3f75230ae1df7826afd1a2bcb680b581da0dc9dc24d4ebb4e7ca72
                              • Instruction Fuzzy Hash: A3E0C230A0120DEFDB48DFB8DA417AD7BBAEB84304F1041A9E904AB280DE311F009BA1
                              Function 052D0960 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 584e0ad6a51d3c6e611fff541e44d4b22880499cd6f118597db97984c7956d0f
                              • Instruction ID: e5eb11f6f236f5ea7c8f3ea87451e506c8148d78f1221f9eab972fc2dae99390
                              • Opcode Fuzzy Hash: 584e0ad6a51d3c6e611fff541e44d4b22880499cd6f118597db97984c7956d0f
                              • Instruction Fuzzy Hash: E2D05B312492546FCB05DA84DC51C75BB69DF95721704C09BED448B352D673EC15C7E1
                              Function 052DED40 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5df723a26aef881b5b5a5a884ac71a44bf015b6ac8c7b77c11fd17be435e3663
                              • Instruction ID: 7cc628e6000edc9eaf892c5117c4b31ce60bf70b605978e08d88c2f7e9b7ea5d
                              • Opcode Fuzzy Hash: 5df723a26aef881b5b5a5a884ac71a44bf015b6ac8c7b77c11fd17be435e3663
                              • Instruction Fuzzy Hash: 01E01230A00209EFCB44DFA8EA4169D7BB5EB88314F2051A9D409E7345EA715F009BA1
                              Function 052D5DA0 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a601c4ac715986b2346bb76a0938530d7380512a8c30431f2da21b13b8ce8f1
                              • Instruction ID: 94eb81554b1a1ecbfcc41ce2a40e275ca59b266547ae36720009cf9ccc48e7bd
                              • Opcode Fuzzy Hash: 9a601c4ac715986b2346bb76a0938530d7380512a8c30431f2da21b13b8ce8f1
                              • Instruction Fuzzy Hash: 98D017B26492881FC305C6A8C8A44E2BB719BAB11434680ABE449CF292E52299039610
                              Function 052D5880 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f39bd16f7f84c2bd45e9b402126b80733a84a5df0408534dde4e49262c84051e
                              • Instruction ID: 19920d52fad763644edc13c16178e2da0063602fdedc919e3623dd6049fa663b
                              • Opcode Fuzzy Hash: f39bd16f7f84c2bd45e9b402126b80733a84a5df0408534dde4e49262c84051e
                              • Instruction Fuzzy Hash: 85D0127254D3444FCB4283F498A94C07B74DB9B108707CCDAD44DCB193ED22AE038251
                              Function 057D8F98 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                              • Instruction ID: bb559cd9e63285f842ffa59cec69cfb130f4eb354ed15726ef19bdad66fad4c8
                              • Opcode Fuzzy Hash: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                              • Instruction Fuzzy Hash: 63D05E322041686F8300CA89C810CB6BBEC9A8D120708C05BB958C7241C976ED0287A0
                              Function 056BAF48 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 99888e61684c14cab312e2cb5d86e010d9dd266d326e0a49b5542e5bf810a924
                              • Instruction ID: 1cd07c78f75c8143f4514e0bf2c3f8e7be1c712c67550a4995713fa9bcf36e73
                              • Opcode Fuzzy Hash: 99888e61684c14cab312e2cb5d86e010d9dd266d326e0a49b5542e5bf810a924
                              • Instruction Fuzzy Hash: 21D05EB61585C24FC3024BA4C955DC1BFB0AE0212030AC0E2E188CBBB3C224D862C354
                              Function 052D4948 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 330a4f7f0ba74f7be5e553321db25d31e5aae7f5dd8233d0d83fd0c2cfd222a0
                              • Instruction ID: 953a651aa1087ccf55b76b64b08c671e507984b43654e19a5421f002c87cf5ef
                              • Opcode Fuzzy Hash: 330a4f7f0ba74f7be5e553321db25d31e5aae7f5dd8233d0d83fd0c2cfd222a0
                              • Instruction Fuzzy Hash: 50D0527190120CAB8B00EFB0880058EBBA89B05242B0044AA990897221FE369E006BE1
                              Function 052D99C2 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 441830e6bd2f2714028e27bd04a394666c1562827451d73c1959d6f54cf46727
                              • Instruction ID: f26ff214a9a0f130eba861e5b8b518d5bbc26463a9446e4abfaba7c2e603e156
                              • Opcode Fuzzy Hash: 441830e6bd2f2714028e27bd04a394666c1562827451d73c1959d6f54cf46727
                              • Instruction Fuzzy Hash: 98D02B3032020ACFDB0A9A25D0806B57717FFC4300F248219A00245158DD728982AB51
                              Function 057D4470 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ac5d3e2011ef130372c8c9fc7a5f13767ef0d94acdb338572536da1c6380f098
                              • Instruction ID: 44114d2a9497c2f91f76acff68565d1c968ae075b0d0f2b903d6f1312b6c6894
                              • Opcode Fuzzy Hash: ac5d3e2011ef130372c8c9fc7a5f13767ef0d94acdb338572536da1c6380f098
                              • Instruction Fuzzy Hash: 71D0A97190120CEBCB00EFF0C80148EBBF8DF05200B1045EA9508DB222FE369E0067D2
                              Function 052D0970 Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                              • Instruction ID: 399b19409b12bfee8db974d66aa2a96c1138129ff0f8d3e3c5f1b8eb92e7f6bb
                              • Opcode Fuzzy Hash: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                              • Instruction Fuzzy Hash: A2D012352001187F9704DA88D841CA6F76DEBC9670714C05BFC0887301CAB3ED12C7D0
                              Function 052D4342 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 585718bef94e0d36ecd856acf53b3ed1da04e7b5b36a0a10adee0fbc6bea18b0
                              • Instruction ID: 672dde5ea23269315aa6a427d641d1688acd2e53cc1dd121aa7930aef4a2c062
                              • Opcode Fuzzy Hash: 585718bef94e0d36ecd856acf53b3ed1da04e7b5b36a0a10adee0fbc6bea18b0
                              • Instruction Fuzzy Hash: ABD0127150D3844FC30293A49C65900BF74DE4351434EC0DFD44CCB253D522E8078395
                              Function 052D4050 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a40f2374719777b4a659b61ed48840f8758f58c963b65cdf9a22e8ae5b12645c
                              • Instruction ID: 264d1d1e9957df2e5765a4b424f21fbf7494475a8396096125aca5163f1fd962
                              • Opcode Fuzzy Hash: a40f2374719777b4a659b61ed48840f8758f58c963b65cdf9a22e8ae5b12645c
                              • Instruction Fuzzy Hash: 27C0123214D3446FC345D2949C61816BF698A42605348C0DED949CB283C662E80686D5
                              Function 052D3D82 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1a8ace44f2bdecc9e38f1afb9c170ce8d894672be3bbf59b530c6715fbecd08b
                              • Instruction ID: d57551be52d0c7cc7a24b051a2008a457c7c301adfeda308eaa1fcf1ca4c6cdf
                              • Opcode Fuzzy Hash: 1a8ace44f2bdecc9e38f1afb9c170ce8d894672be3bbf59b530c6715fbecd08b
                              • Instruction Fuzzy Hash: D0C012B200D3880FC702E2A48DA1401FF79AE4600838EC1CAD4488B293D556E803C3D1
                              Function 057D7558 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                              • Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
                              • Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                              • Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694
                              Function 056BE241 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a16b9fc878b4510f7377e1e0aeaa280e9b9406c23c29b26a3a91d684b48cd94
                              • Instruction ID: 61420f155ebcd894d4d6b167bfaf49aef1d36a54bf58c275d133c9079dd9e91b
                              • Opcode Fuzzy Hash: 7a16b9fc878b4510f7377e1e0aeaa280e9b9406c23c29b26a3a91d684b48cd94
                              • Instruction Fuzzy Hash: 90D012720402089FD3008F14D845F40BBB8EF15211F1444A5FD448B362D332E420D650
                              Function 052D68B8 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                              Function 057D8DB0 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                              • Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
                              • Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                              • Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98
                              Function 057D59A8 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                              Function 057D3B60 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                              Function 057D0A00 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                              Function 056BFDD1 Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: acce1f63b3a3b970067a45e4d56fbfb57dcb473dd6a55c7ffd276ab86728e7f1
                              • Instruction ID: 9a8dba00d5f99e497d9da51c3f1891b4707038299e376403acd5ba4915ff6411
                              • Opcode Fuzzy Hash: acce1f63b3a3b970067a45e4d56fbfb57dcb473dd6a55c7ffd276ab86728e7f1
                              • Instruction Fuzzy Hash: 3ED0123A10050067C240CA50C895B05F7A5EF85214F18C86D98894B352D633ED07D741
                              Function 052D815E Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d2c961ddab97d6a7ccc07f677c7359d176a41b0279ee4e957ec9ca6f2042807
                              • Instruction ID: ee393f866690e7745498ee4941892a34d2968f49dff99d57612d52ca1d9ac18a
                              • Opcode Fuzzy Hash: 7d2c961ddab97d6a7ccc07f677c7359d176a41b0279ee4e957ec9ca6f2042807
                              • Instruction Fuzzy Hash: 0FD01234210201CFCB05EB28E8989587BB1FF44345B509658E803CB3B5EE74EC00CF90
                              Function 056BAF58 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                              Function 052D5890 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                              Function 057D5F70 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                              Function 057D26D0 Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                              Function 052D3D90 Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                              • Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
                              • Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                              • Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580
                              Function 057DD580 Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                              • Instruction ID: cfd3c94acb28e12ede7e7a80c62375d018fe088f1f186957f4485c32e65079b3
                              • Opcode Fuzzy Hash: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                              • Instruction Fuzzy Hash: 6CB092301602088F82009A59E448C0137ACAF08A0434100D0E1088B632C621F8008A51
                              Function 057D9F90 Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9595624a4e0f29354b960da1d05594d8c04970dc059046f5c46c3cadfcc90daf
                              • Instruction ID: 19ae7ab630e199ca59750321b9417556a7d636762dfce4460639e4203ee02302
                              • Opcode Fuzzy Hash: 9595624a4e0f29354b960da1d05594d8c04970dc059046f5c46c3cadfcc90daf
                              • Instruction Fuzzy Hash: ABB01230140208CFC300DF5DE549C013FECEF08A0434100D0F1088B732C721FC008A51
                              Function 056B8B31 Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3670867021.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_56b0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0d56c662507d51d9c231cf415702380517446bffe134398730e65e34f1cf370
                              • Instruction ID: 837c9e4c9d206236039ce939a9d106b9146679e6a95b107d073b47b11da6e366
                              • Opcode Fuzzy Hash: f0d56c662507d51d9c231cf415702380517446bffe134398730e65e34f1cf370
                              • Instruction Fuzzy Hash: 8FA0021610569627FA213660CE477CC9DA0DF45204FFC5AAD9DC1C03C7DBACC298C72A
                              Function 052DA781 Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 568012e0237a38482a8298ab6e9289ed8648639a18ed87ee15113d6a97164b47
                              • Instruction ID: 60890df10dfb88e0aac1c843e2c53d7bb4ce60e021100faca66293b4d050da35
                              • Opcode Fuzzy Hash: 568012e0237a38482a8298ab6e9289ed8648639a18ed87ee15113d6a97164b47
                              • Instruction Fuzzy Hash: 99B092A280A6C8CEDF625A30AD280943E205E32302B1500D694414604294960504CF32
                              Function 057DA030 Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ff5f8a13fd7e4e5df0d26d58bec3beab2cab597e0edf52fd2729f3a3f342b9bf
                              • Instruction ID: f4e96015b9bd31c618b6460716a933f7b8392780914b054bf93b489d4446b5f4
                              • Opcode Fuzzy Hash: ff5f8a13fd7e4e5df0d26d58bec3beab2cab597e0edf52fd2729f3a3f342b9bf
                              • Instruction Fuzzy Hash: 85A02230083B0C82820032B2280202033AC080030838000B8A20C08E32083BE8E08088
                              Function 052DE510 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5b50d23126cadcdc691f7945317e6a802a69b59a2e021d888f19fc4cc7ea35f0
                              • Instruction ID: c777c2b3a73dd1d3f3a39d13c1712fca2ed17b03ce247721a109801671a2fec4
                              • Opcode Fuzzy Hash: 5b50d23126cadcdc691f7945317e6a802a69b59a2e021d888f19fc4cc7ea35f0
                              • Instruction Fuzzy Hash: 3690223000020C8B08082380320A0C23B0CC0000003800000B00C008008EA028000AC0
                              Function 052DE6C0 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3660238764.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_52d0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 276556b4587b3dc5ddd61f8b92e4b7067975368bdf1ce59ed3baecd324ae2780
                              • Instruction ID: 9054cc8ff0a74bc48f34a88dc605e7ac9505b06b9e427f5ed633cacef0bbee7a
                              • Opcode Fuzzy Hash: 276556b4587b3dc5ddd61f8b92e4b7067975368bdf1ce59ed3baecd324ae2780
                              • Instruction Fuzzy Hash: AF90023104972C8B464027997C49555775CA9445167C54151E91D926115A5564104DA6
                              Function 057D9FB0 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3671470718.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_57c0000_MSBuild.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a6a2d73b2e2dcee74d760fe551de10f74c5e53aa5aee2ab7cdb55b4d1a830211
                              • Instruction ID: f02fa57ded0192697e7c8d3b9b74ab70edccf6a6bc4f9b27cff1c73a6a660e3c
                              • Opcode Fuzzy Hash: a6a2d73b2e2dcee74d760fe551de10f74c5e53aa5aee2ab7cdb55b4d1a830211
                              • Instruction Fuzzy Hash: 5190223000020C8B0080A380380E0C03F8CC80002A3C00800B00C000020E0020000080

                              Executed Functions

                              Function 02DCA191 Relevance: .3, Instructions: 297COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eae9c87df068e3753eebebdfad3f83dabfb3f6fcd3d2a71372dc8748cf24b68f
                              • Instruction ID: d341a55115c000ec3a21c40047eb4813b8be5f51e714e4ba73778c2e7df93efd
                              • Opcode Fuzzy Hash: eae9c87df068e3753eebebdfad3f83dabfb3f6fcd3d2a71372dc8748cf24b68f
                              • Instruction Fuzzy Hash: 1EC12870E05209DFDB54DFA8E884BADBBB6FB4A300F209169D419A7391DB34AD85CF11
                              Function 0786D898 Relevance: .3, Instructions: 276COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d255ed713fd5cfd7b604f0c235e67f8985323e364ccbb6fa3c7b5dfc8425bae9
                              • Instruction ID: 5f8703f251db73e8f62ae49ac839d4898df8906cf95c40af3fa393c4a38c30ac
                              • Opcode Fuzzy Hash: d255ed713fd5cfd7b604f0c235e67f8985323e364ccbb6fa3c7b5dfc8425bae9
                              • Instruction Fuzzy Hash: C8D1D4B4A01219DFDB58DF69D884B9DBBB2FF88300F1081A9D409AB364DB35AD81CF50
                              Function 013C3538 Relevance: .2, Instructions: 195COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5fea32748a75616f1128c8154823a2f8be84f45773cdd4ccd164b2038c5d3b87
                              • Instruction ID: 244821d977f1c312c9ec4e7b3faf0685035d6836895b6cff0a49d4638ffca31a
                              • Opcode Fuzzy Hash: 5fea32748a75616f1128c8154823a2f8be84f45773cdd4ccd164b2038c5d3b87
                              • Instruction Fuzzy Hash: DB512230B00208DBE718AA78C854B7A7AAABBD9B14F20857ED506DB3D1DE71DC028791
                              Function 02DC808E Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: *$.
                              • API String ID: 0-3886413389
                              • Opcode ID: a60b381c7f35f3c152937d619d5192d5edaf41d05afba0d778709cf4da5c2bf3
                              • Instruction ID: 1c47b109757435f5e34a5ba15709445f65a1d8b420ca3ec9de100eb2333b19b4
                              • Opcode Fuzzy Hash: a60b381c7f35f3c152937d619d5192d5edaf41d05afba0d778709cf4da5c2bf3
                              • Instruction Fuzzy Hash: 5AF0E274A42159CFEB68DF14C844AA8F7B5FB8A300F6094DA880AA7340DB309E42CF41
                              Function 02DC7BA2 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: !$.
                              • API String ID: 0-3958380972
                              • Opcode ID: 2a9747c5bbe57fc3bdb6541de96b5c59010b0027564aa17cdb697d10befa0e84
                              • Instruction ID: bd3dddbfd9ee2f735e9d05b4cffd1d8ac92dbae054aa1d231e5ff0b1e522d813
                              • Opcode Fuzzy Hash: 2a9747c5bbe57fc3bdb6541de96b5c59010b0027564aa17cdb697d10befa0e84
                              • Instruction Fuzzy Hash: 7DF0F474E402588FEB50CF54C881BD9FBB5EB49314F20909A890DA7380D772AE82CF40
                              Function 02DC7B26 Relevance: 2.5, Strings: 2, Instructions: 19COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: 9$>
                              • API String ID: 0-3832740608
                              • Opcode ID: 0c4bd5327fb4934c5a36f6b4a459bd78e10e5bccbc2b12d4eb9654dbc58b160d
                              • Instruction ID: ebd99445cc431cc863089d3f963c8969b9f75d5d4a1baceafbab17dacba0d20d
                              • Opcode Fuzzy Hash: 0c4bd5327fb4934c5a36f6b4a459bd78e10e5bccbc2b12d4eb9654dbc58b160d
                              • Instruction Fuzzy Hash: BFF0C97494226ECFEB30DF10DA08BE9B6B9AB05345F2091DA844963690D7745FC4CF01
                              Function 0786F8D8 Relevance: 1.6, Strings: 1, Instructions: 347COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: d
                              • API String ID: 0-2564639436
                              • Opcode ID: 860e21b36c99b7834177c8506709a0bcbdbbd5972f51a3f1db1c2ef03e613147
                              • Instruction ID: 3f115b02f1b8e02bd9c3f5638a58a5359cc5fbae5df7a67f356302a5deb0bb0a
                              • Opcode Fuzzy Hash: 860e21b36c99b7834177c8506709a0bcbdbbd5972f51a3f1db1c2ef03e613147
                              • Instruction Fuzzy Hash: D0D18974600602DFCB14CF28D48896AB7F2FF89314B658969E65ADB365DB30FC42CB90
                              Function 02DC7D79 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: '
                              • API String ID: 0-1997036262
                              • Opcode ID: 86e471f8cb3642c8cea8ad6676777c5269461397d0dc48debfb82f556c034fc0
                              • Instruction ID: 2bcb01a4f2bf0b26abc68987fbfc9e60a9eda92273353f9ef424baed29e63eec
                              • Opcode Fuzzy Hash: 86e471f8cb3642c8cea8ad6676777c5269461397d0dc48debfb82f556c034fc0
                              • Instruction Fuzzy Hash: 0401B27594526ACFEB60DF18D989BE8BBB5FB09308F2084E5E20DA3251C7359E80CF00
                              Function 02DC7E59 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: E
                              • API String ID: 0-3568589458
                              • Opcode ID: 253bb6dc65e4d9949339f4a497d29b05e21dcfdb4aa3a2ab3563dc5bbebd1fa4
                              • Instruction ID: a005148eb4fcb72dc559328f64af62105b8178f91209dc22680331029843b9b9
                              • Opcode Fuzzy Hash: 253bb6dc65e4d9949339f4a497d29b05e21dcfdb4aa3a2ab3563dc5bbebd1fa4
                              • Instruction Fuzzy Hash: 08F0AE75806269DFEF309F60D908BECBAB6AF08305F20409AD20E632A1C7794A84DF01
                              Function 02DC7B43 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: 08357b5113b429e216ef0efa2d6fcc073140ab7366615caf865b420d3309ac54
                              • Instruction ID: e8279484afb67aaed20d04e9c1a93d23afa61d7beff409c2562be2930766f847
                              • Opcode Fuzzy Hash: 08357b5113b429e216ef0efa2d6fcc073140ab7366615caf865b420d3309ac54
                              • Instruction Fuzzy Hash: D0F09874A421598FEB58DF54D850AD8F7B1FB89300F5094D98409A7350DB35AE45CF41
                              Function 02DC7FEB Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: B
                              • API String ID: 0-1255198513
                              • Opcode ID: 246fc5734180c7be22573ff7991fe0c7953c918be0750f6324a3e9df29f4fd88
                              • Instruction ID: 51f833bc513a87a0c5ec431fb2f36eaae835f830989903cf9c0ed15363e39221
                              • Opcode Fuzzy Hash: 246fc5734180c7be22573ff7991fe0c7953c918be0750f6324a3e9df29f4fd88
                              • Instruction Fuzzy Hash: 02F03931900A5BDBCF25AF64CD00AEAB779FF48304F208685EA5933610DB30AB91DF80
                              Function 02DC7A7F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: 317ffdbac47a2e6ec34b8ed5c97db8a2ca8fbba05275c775be5b83e4d9117209
                              • Instruction ID: 5dd35ebabf0bc42cb75184276489b27bba86a33a5eaedab256ab0d6afe35ad7a
                              • Opcode Fuzzy Hash: 317ffdbac47a2e6ec34b8ed5c97db8a2ca8fbba05275c775be5b83e4d9117209
                              • Instruction Fuzzy Hash: 70E0BD78A411598FDB54CF54D881A98FBB5BB49300F20D09AC909A7340D731AE42CF80
                              Function 02DC7921 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: >
                              • API String ID: 0-325317158
                              • Opcode ID: 9d13712f4c06c5d4c4312d40fca2afb190c8e4a1e12299ee1ee44c0ff2f6a906
                              • Instruction ID: f1c987084f945892b710a930a212282781a019fb8c6ed32db8c94290f236ad37
                              • Opcode Fuzzy Hash: 9d13712f4c06c5d4c4312d40fca2afb190c8e4a1e12299ee1ee44c0ff2f6a906
                              • Instruction Fuzzy Hash: 96E0B67580126ACFEB20CF21D948FE8BBB9AB04340F1080E6840963690D7345F85DF10
                              Function 02DC1E87 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: $
                              • API String ID: 0-3993045852
                              • Opcode ID: b1bf714dff6ff51eca399fd89f01ff11a7e6f962b48da4b33310104bdfa2b7ad
                              • Instruction ID: 3583ab59883b6191b43a865b181f924b5394f5355ec631a34b6e6b3075a8f03e
                              • Opcode Fuzzy Hash: b1bf714dff6ff51eca399fd89f01ff11a7e6f962b48da4b33310104bdfa2b7ad
                              • Instruction Fuzzy Hash: F7D05E7480412A8FCB14AF3AD4147A9BBB1FB29304F00C09AC48567240C6785D40CF50
                              Function 013C3921 Relevance: 1.3, Strings: 1, Instructions: 6COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: jjjjjj
                              • API String ID: 0-3900813449
                              • Opcode ID: 6c50a25c222d0a545e4d2cb91669b8592d689498b7166a52164f63377177453d
                              • Instruction ID: bdbf3e73909da4a78421574b375fa84ddc8cd429a2a808a95a1bf959667644be
                              • Opcode Fuzzy Hash: 6c50a25c222d0a545e4d2cb91669b8592d689498b7166a52164f63377177453d
                              • Instruction Fuzzy Hash: 29B09230108240CE8B22CA0081805647370FF81649324D1AEC0030E4168A348883DB02
                              Function 013C1E78 Relevance: .5, Instructions: 534COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7bb1e6998c6cf83112c4afd25ec30a1bb139713e7a45173fad7514840c8ea584
                              • Instruction ID: 41424f3983bc2a4401bd037dc90950b39a5aa6905650e5092544572686cb24da
                              • Opcode Fuzzy Hash: 7bb1e6998c6cf83112c4afd25ec30a1bb139713e7a45173fad7514840c8ea584
                              • Instruction Fuzzy Hash: 9842F6B490131ACFD321DF08D698A5ABBB2FB50308F55C59AE0194F26AD37ADC89CF51
                              Function 013C1DA0 Relevance: .5, Instructions: 485COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 31414c94171ba5f31430d9aed723033d9e0d35f6455fae7557b351ac8552e9eb
                              • Instruction ID: 715883390a7955bd376040020eb320f4c6c007873c0997dd7316c3501ab3e33c
                              • Opcode Fuzzy Hash: 31414c94171ba5f31430d9aed723033d9e0d35f6455fae7557b351ac8552e9eb
                              • Instruction Fuzzy Hash: 2632F4B5A02315CFD321DF08D699A56BBE2BB10708F55C49EE0198F26AD3BADC48CF11
                              Function 02DC53DB Relevance: .3, Instructions: 254COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: abf3effb762b11d064cee8aed035feb91d942e1128664f6de30b6671d34ca301
                              • Instruction ID: a04e4add3726170b6a665ee800daabd482f5cfcfe164cf071870b2ad0697dd92
                              • Opcode Fuzzy Hash: abf3effb762b11d064cee8aed035feb91d942e1128664f6de30b6671d34ca301
                              • Instruction Fuzzy Hash: EFB10370D06219CFDB64DFA9E884BADBBB2BB49301F6091A9D419B7350DB346D85CF01
                              Function 02DC53E8 Relevance: .3, Instructions: 252COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2cb550558e8681f272913bde4de8e8e8e313f2bd7e3bb552498d2bdfb1622767
                              • Instruction ID: 3051442641e17c0f4861d53455dc0802f7179933983da313ba340e38816a325a
                              • Opcode Fuzzy Hash: 2cb550558e8681f272913bde4de8e8e8e313f2bd7e3bb552498d2bdfb1622767
                              • Instruction Fuzzy Hash: EBB12370D06219CFDB64DFA9E844BADBBB6BB49301F6091A9D419B7390DB34AD85CF00
                              Function 02DC8A6A Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 032b8723f4e29229bc20d276aa4a6babac60e911b887acec117a78585a60971e
                              • Instruction ID: 63878d8c5a75ed329ee2b00dadc3717852d6a0ad433828f413579df95a4798a2
                              • Opcode Fuzzy Hash: 032b8723f4e29229bc20d276aa4a6babac60e911b887acec117a78585a60971e
                              • Instruction Fuzzy Hash: DBD165B4D05629CBDB65CF69C844BD9BBB1BB49300F1082EAD94DA7350EB70AE84DF50
                              Function 02DC54CC Relevance: .2, Instructions: 246COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29a437792e0d8bcc99842a458741abf8bfeda5d3a9d8d080e80f7012e0f461f1
                              • Instruction ID: 38a7065eb54df2741fcd0075adf68941b65f268151a6f90072ff018aae462740
                              • Opcode Fuzzy Hash: 29a437792e0d8bcc99842a458741abf8bfeda5d3a9d8d080e80f7012e0f461f1
                              • Instruction Fuzzy Hash: 6DB1E474E06219CFDB64DF68E884BADBBB2BB49301F6091A9D419B7350DB34AD85CF01
                              Function 02DC8AC3 Relevance: .2, Instructions: 234COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e229ab99753c0c3959a9927204c7fd8b1ff864d4710d839354254716997ee3df
                              • Instruction ID: eac7ebe2b21dc85f63baf8241df767457e5f8ec619e6a457664aceb30f5d120e
                              • Opcode Fuzzy Hash: e229ab99753c0c3959a9927204c7fd8b1ff864d4710d839354254716997ee3df
                              • Instruction Fuzzy Hash: 06C187B4D05629CBDB65CF69C844BD9BBB1BB49300F1082EAD94DA7350EB70AE84DF50
                              Function 013C2C88 Relevance: .2, Instructions: 210COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a16d4745b00ea9a7312188b00fc177160fe61b2426b25030ac026902865e311
                              • Instruction ID: 3947c1c931ee0687a28f520817240b5fe6f1ce76955a347193b8c0ea526ecd0a
                              • Opcode Fuzzy Hash: 9a16d4745b00ea9a7312188b00fc177160fe61b2426b25030ac026902865e311
                              • Instruction Fuzzy Hash: 3D815735A0020ACFCB24DF69C484AAABBF5FF48718F14852EE84A97751D734ED81CB51
                              Function 02DC4CC8 Relevance: .2, Instructions: 188COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3233d40cba19c89bc2b02f16d6024452cef39ece9d8d0f32339acadd7864cae2
                              • Instruction ID: cabed53cd6a38f093fe8eb96d8f4d9266d320ff9f4b1fd49f4a51089479d8c75
                              • Opcode Fuzzy Hash: 3233d40cba19c89bc2b02f16d6024452cef39ece9d8d0f32339acadd7864cae2
                              • Instruction Fuzzy Hash: 0E811874A01219CFCB58EFA8E854BADBBB6FF89304F2091A9D419A7354CB346D84CF41
                              Function 02DC9CB0 Relevance: .2, Instructions: 186COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be1f3c61d47ba9510db26303ba5912d2ebb34b4557d095c3f8e2d7a356b405aa
                              • Instruction ID: 3fd3223e6a5935020f4f28eb3a602c3dcd47ae9b089b1d6ad586464f3a776c78
                              • Opcode Fuzzy Hash: be1f3c61d47ba9510db26303ba5912d2ebb34b4557d095c3f8e2d7a356b405aa
                              • Instruction Fuzzy Hash: DC81F574E0220ACFCB48EFA9E4946EEBBB6FB49304F20912AD415A7354D7346D45CF90
                              Function 02DC9CC0 Relevance: .2, Instructions: 178COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1fb16321bdd8210dacde7331e83b50b4e7478093067efdfe26df5eafe06fa130
                              • Instruction ID: 4b3102174a1b424696bdafd5355da9a8f36ccede8a2e4e16ae2c1db9798c1149
                              • Opcode Fuzzy Hash: 1fb16321bdd8210dacde7331e83b50b4e7478093067efdfe26df5eafe06fa130
                              • Instruction Fuzzy Hash: F471E474E0220ACFCB48EFA9E4946AEBBB6FB49304F20912AD415B7354D7746D45CF90
                              Function 02DC4FEB Relevance: .2, Instructions: 177COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5b5a605f1584e47a965375b69fb40c2f04734a274eab36ae6df29044a54c949e
                              • Instruction ID: 7c27b7530c00fd80ab3220cb1619bc5857c1269cd8886b7a570e4696bdaa3140
                              • Opcode Fuzzy Hash: 5b5a605f1584e47a965375b69fb40c2f04734a274eab36ae6df29044a54c949e
                              • Instruction Fuzzy Hash: B0810374E01219CFCB54EFA8E894BAEBBB6FB49304F6091A9D459A7344CB346D84CF41
                              Function 02DC4CD8 Relevance: .2, Instructions: 165COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7cb53d3c678bf68ca596f6d4582de30a269d850998301e7f5c629c76a9f6c714
                              • Instruction ID: c2300eb460b8e8f57dd62c5a2875fef6718788710f60c1262c11c65e3c805e76
                              • Opcode Fuzzy Hash: 7cb53d3c678bf68ca596f6d4582de30a269d850998301e7f5c629c76a9f6c714
                              • Instruction Fuzzy Hash: B5710574A012198FCB58EF68E894BAEBBB6FF89304F2095A9D019A7354CB346D44CF01
                              Function 02DC4D9A Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 070b1063cfab0e18fe08d4ab9603d6b8bc14ac7d4206c80da5931b24e257f945
                              • Instruction ID: 59a5dfa49a249b343774cfe2b0810627411ea69f92ce3199e72c313c8732bf84
                              • Opcode Fuzzy Hash: 070b1063cfab0e18fe08d4ab9603d6b8bc14ac7d4206c80da5931b24e257f945
                              • Instruction Fuzzy Hash: 0B710574A01219CFCB98EFA8E890BAEBBB6FF49304F205599D059A7340CB346D44CF01
                              Function 02DC4FB9 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67ecfb490ddc3909dba20362f9f31058e7c17f5e775d5de5a1eac87c711e2d00
                              • Instruction ID: f54cc2937b2057da0ff972df326be1c23d9e91643ca9d29b305a2133981ac2b4
                              • Opcode Fuzzy Hash: 67ecfb490ddc3909dba20362f9f31058e7c17f5e775d5de5a1eac87c711e2d00
                              • Instruction Fuzzy Hash: B561E574A01219CFCB58EFA8E894BAEBBB6FF49304F6094A9D419A7354CB346D44CF01
                              Function 02DC50BC Relevance: .1, Instructions: 132COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dba3354f6ee52f24c94205c1ebd9dc11e730252c658afb971d876ef60e8bf4b9
                              • Instruction ID: c94c44fe44802cad70f6d5a911cf7d5ee54bc9eb949f63d187d0a10bc19983a2
                              • Opcode Fuzzy Hash: dba3354f6ee52f24c94205c1ebd9dc11e730252c658afb971d876ef60e8bf4b9
                              • Instruction Fuzzy Hash: 05510674A01219CFCB99EFA8E894BAEBBB6FF49304F609499D059A7354CB346D44CF01
                              Function 013C2871 Relevance: .1, Instructions: 131COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 843ab1aec0646b5f64f0ebf5ad54e497fabcee1b3f630f78b0ef478a969d0ab1
                              • Instruction ID: 5f5db79995636e84ac514a950653aa2831445003668083d68a21f38607e1bfc7
                              • Opcode Fuzzy Hash: 843ab1aec0646b5f64f0ebf5ad54e497fabcee1b3f630f78b0ef478a969d0ab1
                              • Instruction Fuzzy Hash: AA41AC31E0420ACFCB00DFA8C8806EFBBB1FF89708F55856ED505A7251D735AD568B60
                              Function 013C2C79 Relevance: .1, Instructions: 129COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 64eda1f08199d653a884eaf1c8d7c58ff4d09f65e3a389f1e2795ed7e42686ed
                              • Instruction ID: 2e783c397e66df207d02baf188b91f7292577eebf5645a1aad5669f3212add0b
                              • Opcode Fuzzy Hash: 64eda1f08199d653a884eaf1c8d7c58ff4d09f65e3a389f1e2795ed7e42686ed
                              • Instruction Fuzzy Hash: D7514835A00209DFCB10DFA9C484AAABBF9FF48714F10856EE84A9B751D330ED41CB65
                              Function 013C1738 Relevance: .1, Instructions: 124COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b7128d018a73d0a1c7a66fe3fb86e913379aee6017f002b2564b900f8b4fe28
                              • Instruction ID: 014da7be2c6054b65c2371020ff2d05eeffe0272066d11a3c41ccc26df41b868
                              • Opcode Fuzzy Hash: 7b7128d018a73d0a1c7a66fe3fb86e913379aee6017f002b2564b900f8b4fe28
                              • Instruction Fuzzy Hash: 8A41C134B00209DFDB58EB68C424ABF7BA6BBC8A04B148529D1069724ADF31CC52A781
                              Function 02DC5AD0 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a69ae0db26936376fd0ee6dfa7f403d2d1162941507e837bbd354b469f77e23
                              • Instruction ID: 3e55c01402519cc051fa3409e2c0af6a48d06ad48315ee7ffc36d95079aac0cc
                              • Opcode Fuzzy Hash: 2a69ae0db26936376fd0ee6dfa7f403d2d1162941507e837bbd354b469f77e23
                              • Instruction Fuzzy Hash: E2414F74F002198BDB18DBA9E494BEEBBF6BF88700F648129E505B7354CB71AC41CB90
                              Function 013C5DF0 Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1a63c858a7da931ff262331540cd69f217f984d3f5e77d259e03bad57fc964f8
                              • Instruction ID: 4353744df8f9b093ef9222187b4cc96a43fcc0e7de8f6b06a732ce877c2a3ddd
                              • Opcode Fuzzy Hash: 1a63c858a7da931ff262331540cd69f217f984d3f5e77d259e03bad57fc964f8
                              • Instruction Fuzzy Hash: B2318131B0020ACFDB09CFA5D45069EBBF2BF89304F25459AE505EB381DA70ED458B80
                              Function 013C5DDA Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e582093a4e68e3655805e639e017ee14e69261414b807a7216ad7d979f551232
                              • Instruction ID: f235279cafddf50bad6105442021b3236725ab310611c794564b2f51def0103e
                              • Opcode Fuzzy Hash: e582093a4e68e3655805e639e017ee14e69261414b807a7216ad7d979f551232
                              • Instruction Fuzzy Hash: 2B319070B1124ACFDB09CFA5C45469EBBF2AF85704F2545AAE405EB392DB70AD468B80
                              Function 013C1729 Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d999ad1f7ffa6df8fe290b9a99bf31bd11e3478508a30257b88c4bba254c0d98
                              • Instruction ID: c158176b03eb54f30febac9bb27b40330dae1563bb4b731f6e435b66819a10c1
                              • Opcode Fuzzy Hash: d999ad1f7ffa6df8fe290b9a99bf31bd11e3478508a30257b88c4bba254c0d98
                              • Instruction Fuzzy Hash: 0031D734B04208DFDB58DB24D520A7B3BBAFBC9A15F54847DC5068764ADB35DC12A781
                              Function 013C1A4F Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c938edf0494e99698f16a240b136a17d367226b1fffce1e824c905386f63edd
                              • Instruction ID: d7efa04a2ab699855f5f0fe23a32c8b8e9b6f13275f99d068097797a066e7a37
                              • Opcode Fuzzy Hash: 8c938edf0494e99698f16a240b136a17d367226b1fffce1e824c905386f63edd
                              • Instruction Fuzzy Hash: D321D33930C749DFF721897DD8447AA7BD8EB40B5CF04493ED446C6683E6A1DC85A750
                              Function 013C5711 Relevance: .1, Instructions: 90COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86bf0469738217f751fb567a87d713458ed5396ea91414b7720e54c1b6f62c97
                              • Instruction ID: 0ecc1a92ecb4224e3948725cab0c8f459ff75fe0b4208d6ebd5e2a007d1ff64e
                              • Opcode Fuzzy Hash: 86bf0469738217f751fb567a87d713458ed5396ea91414b7720e54c1b6f62c97
                              • Instruction Fuzzy Hash: EB317234B101098FCB09EFBDC554AAEBBF7AF88700F51446DE502AB391DE75AD029B90
                              Function 013C5720 Relevance: .1, Instructions: 84COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 27a2c2bc88214ae7fd909f7f193f7861877629d75163b22ea9a3b4b38b5539c1
                              • Instruction ID: 67e925649a6bf4c00480b3e706c2d628ccd9e8f3cba02218574c48724dffe830
                              • Opcode Fuzzy Hash: 27a2c2bc88214ae7fd909f7f193f7861877629d75163b22ea9a3b4b38b5539c1
                              • Instruction Fuzzy Hash: AF315034B101098BCB09EFBDC5546AEBAF7AF88700F61446DE506AB391DE759D019B90
                              Function 013C5EF6 Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5fb7ba2b0fde3874fb37708882d60f9566e5c8b289c342777a1fd1ff099583b6
                              • Instruction ID: 2a5a55f44700ff7673f1cb2da0af1fe485ed51bfc04edc639f9b06886b6b3a1b
                              • Opcode Fuzzy Hash: 5fb7ba2b0fde3874fb37708882d60f9566e5c8b289c342777a1fd1ff099583b6
                              • Instruction Fuzzy Hash: 36313E34B1020ACFDB08CFA5D58099EBBF2BF88304F65855AE905EB351DB71ED468B90
                              Function 013C14B0 Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f61f36188b1143b158e41bade09a455c3a4392e440399c810a6006a17d3a76e3
                              • Instruction ID: 729291c64a0392e9146e53b69063d52622f34c0bb1b7c02d88170ccd46c204fc
                              • Opcode Fuzzy Hash: f61f36188b1143b158e41bade09a455c3a4392e440399c810a6006a17d3a76e3
                              • Instruction Fuzzy Hash: FB312174B00119CFDB18DFA9D498BADB7B5BF88709F144469E906DB3A1CB709C02DB50
                              Function 02DC5C98 Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd11a7e4fe55937193ee33eef900d70c0ee72ba932895b052fbd3eb94048bdc7
                              • Instruction ID: 70bb014d96ae95a331384eed857038698fbcfc5f449e021abb480b6f264c58a1
                              • Opcode Fuzzy Hash: cd11a7e4fe55937193ee33eef900d70c0ee72ba932895b052fbd3eb94048bdc7
                              • Instruction Fuzzy Hash: 8621C731A042468FCF04CF69E58059BBBB5FF8532476486A6D818EB246E330E916CBA1
                              Function 013C0B17 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 17a3e22525ea0369deef64e8894ab0e34d2b73ad6c762038882cc74f2ab4eb62
                              • Instruction ID: 1582a80dd534538b41db8c675f3e0b46a3e289de8703d65247412d8b90409730
                              • Opcode Fuzzy Hash: 17a3e22525ea0369deef64e8894ab0e34d2b73ad6c762038882cc74f2ab4eb62
                              • Instruction Fuzzy Hash: F521B578A01109CFCB04EFB8C4545AEBB76FFC9305B4085A9D405EB355DB38AD0ACB91
                              Function 0133D01C Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3306185259.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_133d000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf26cf7a5d50404950fa38ccff2b4de8afcf08ba844c97c0f08031f2872a3c4d
                              • Instruction ID: 490a4b4dc7dab6bd0c725c10bbbecae0aff9b113d1cc75c36e210030ca57ae37
                              • Opcode Fuzzy Hash: cf26cf7a5d50404950fa38ccff2b4de8afcf08ba844c97c0f08031f2872a3c4d
                              • Instruction Fuzzy Hash: 91214272104244DFCB15DF88D9C0B2AFF69FBC4B28F608569E9090B242C336C40ACBA2
                              Function 013C0A19 Relevance: .1, Instructions: 73COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bd4d1d6a3590473917b88f697a1e1b90a324b2a215e8773cfcd8926f0119cb57
                              • Instruction ID: 72ca1b8213e378c8bcb51dde6f0f4246da67d6fe3631fdc391d02a81ad0cc559
                              • Opcode Fuzzy Hash: bd4d1d6a3590473917b88f697a1e1b90a324b2a215e8773cfcd8926f0119cb57
                              • Instruction Fuzzy Hash: E1218E34700615CFD31ABB78E46806E7BAAFBC9305F40496DE44783398DF36A81AC799
                              Function 0786FCF0 Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 99d32f6f37d0ad75c06a2e1f52306d43de0ade5c211297bec627caecabdfa4ca
                              • Instruction ID: dc80ddf910737bc40ba0701ab1f7b0d810a174e3153f10d2dfa8af7c1d5f1804
                              • Opcode Fuzzy Hash: 99d32f6f37d0ad75c06a2e1f52306d43de0ade5c211297bec627caecabdfa4ca
                              • Instruction Fuzzy Hash: DE21D771A002099FDB04DF98D944ADDB7F2FF89300F1041A9D605BB3A5DB75AD45CBA0
                              Function 02DC5228 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1ecd04ee01fc99d54a62d29b423d4e755458f44b30e00ddd165ae39aa9d47e3
                              • Instruction ID: 5a624982b5db514f1aa727826643be52abb6fe4596ab0fd81eeaf7889baba6ea
                              • Opcode Fuzzy Hash: f1ecd04ee01fc99d54a62d29b423d4e755458f44b30e00ddd165ae39aa9d47e3
                              • Instruction Fuzzy Hash: C7211470D0424ADFCB04CFA9E8442AEFBF1BB8A300F6585A9D015B3255D7786A44CF51
                              Function 0133D006 Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3306185259.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_133d000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e7f2105ee11b8eaefc13aa67c7f5d9d764afe41f51d990826fbf190f2a7c770
                              • Instruction ID: 6946a88ded3288792c0208183e292c4d694bf4d01ebf2e4283966c322f3d17f7
                              • Opcode Fuzzy Hash: 0e7f2105ee11b8eaefc13aa67c7f5d9d764afe41f51d990826fbf190f2a7c770
                              • Instruction Fuzzy Hash: 81217F714083809FCB03CF54D994B16BF71EB86714F2985DAD8458F267C33AD81ACBA2
                              Function 02DC5238 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2455e51796b52bbedb12a32e87a8b71b86fd2b87e1f001738553c9d9a3245806
                              • Instruction ID: a7d9512fd5e8f9a20d86c9c2e4e93e041fc62ac25cb77b53e63a7147e8a2bd15
                              • Opcode Fuzzy Hash: 2455e51796b52bbedb12a32e87a8b71b86fd2b87e1f001738553c9d9a3245806
                              • Instruction Fuzzy Hash: 4B21F270D0421ADBCB04DFA9E8446AEFBF5FB89300FA08569D415B3358DB786A44CF51
                              Function 013C0B38 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 31789b7f3e8f652b14e6ccc0f812fd120733158e2cb3b20f469025ff3f59aa27
                              • Instruction ID: 62d3a2e6386d25b752f249a5b40c8e9012e178afe3867eb1dbdf1bbf8cbf6b60
                              • Opcode Fuzzy Hash: 31789b7f3e8f652b14e6ccc0f812fd120733158e2cb3b20f469025ff3f59aa27
                              • Instruction Fuzzy Hash: FB219078A0010ADFCB04DFA8D8559AEBBB2FFC8305F508568D406AB354DF38A906CB90
                              Function 013C5D2A Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a77c01b71fed3969f63d4f91373e89080288914bf65eedb75cbcc6b27e492054
                              • Instruction ID: 93db580d9eb4303b5a43b9a0052a819ed030e06a14c70a5f4fe7f04a84ff5c28
                              • Opcode Fuzzy Hash: a77c01b71fed3969f63d4f91373e89080288914bf65eedb75cbcc6b27e492054
                              • Instruction Fuzzy Hash: F6119171F1034ADBDB19CFA1D8545DEBBB2BF85344F14852EE801AB341DB71A94ACB80
                              Function 013C1559 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0599568d058751afc9cf49928264bce1e4cce37b69167c20a898c89e6bb6d7e8
                              • Instruction ID: 0531c90418f2d065ef8c19393043fe4af472693b3ea39e437877735503be69fd
                              • Opcode Fuzzy Hash: 0599568d058751afc9cf49928264bce1e4cce37b69167c20a898c89e6bb6d7e8
                              • Instruction Fuzzy Hash: 54117935A4010CCFEB14CFA8D468BAC77B9EF48B18F180169E503AB392C771DE429B81
                              Function 013C1930 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 816436faf7682d86ff93eec9bb13423284f73fdf5c42fa96375ed1834ebe9f98
                              • Instruction ID: 578b8cfb1ebada88705d268a30bc51b6e6444eee858f6a21f88cbea33b09db0e
                              • Opcode Fuzzy Hash: 816436faf7682d86ff93eec9bb13423284f73fdf5c42fa96375ed1834ebe9f98
                              • Instruction Fuzzy Hash: C9012831704218DFD31597388810BBEBBEAEF8E744F08846DE44ACB392CA70DC0293A5
                              Function 013C1940 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fc1cac33cd2e70f17f00fcb63c7007148cc3dc69e062e7b7e73b1d1ddd3d2ceb
                              • Instruction ID: e8047abdd3dcbb0218374c9fd545065a75cff55c48f521db9340388346374a74
                              • Opcode Fuzzy Hash: fc1cac33cd2e70f17f00fcb63c7007148cc3dc69e062e7b7e73b1d1ddd3d2ceb
                              • Instruction Fuzzy Hash: 0F01F236704118DFD714566D9800BBAB6DAEBC9754F18853AE50EC7382CAA19C0193E5
                              Function 013C0C20 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a844f7d31e3c748f5238121b0fc67f7ca0124de45212b96a72f9f460d1e338f9
                              • Instruction ID: f092516c79c2dda3726a45558c2bceeed3dae0204de76968589c29ba95c59e6b
                              • Opcode Fuzzy Hash: a844f7d31e3c748f5238121b0fc67f7ca0124de45212b96a72f9f460d1e338f9
                              • Instruction Fuzzy Hash: 4201F735314781CBDB2ED769D45063B7792ABC5704F14C97EE04A8B565CD24EC41C344
                              Function 013C0CE8 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 052530a502db10fa5c9f8ccf5907af27ef0d342905e435e3ee9a5fb2df252ce2
                              • Instruction ID: 3093ce596b4c5d8d87b6d22ddcb94c5046a9faedc4d9dc6b9bed0ba943b34df0
                              • Opcode Fuzzy Hash: 052530a502db10fa5c9f8ccf5907af27ef0d342905e435e3ee9a5fb2df252ce2
                              • Instruction Fuzzy Hash: FA11C278300186CFE719EB28C469B2D3BA2AF85B08F14446DE406CB3A6DF35EC01CB41
                              Function 02DC5A48 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1a661fd1731965a7572eb54b47747fd2f40f5eff1ca84f02e2f2dc73addb4739
                              • Instruction ID: 6bdf5607dc95a85861be225d1685a899fe845090ee451e86cb0c5b74df91a7be
                              • Opcode Fuzzy Hash: 1a661fd1731965a7572eb54b47747fd2f40f5eff1ca84f02e2f2dc73addb4739
                              • Instruction Fuzzy Hash: A601B531E0565B8FCB05EFB9D8141EE7BB2EFC6211B554566C515F7240EB301A45CB90
                              Function 02DC09D8 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c56133ad9173d876bc76aa7587d9b9905d473e1c009cf5e01aaaa5d052db38b
                              • Instruction ID: 45f94cb659740b6987e59250a3586fc68b472a82bc57d57eae0ee691b934f18c
                              • Opcode Fuzzy Hash: 1c56133ad9173d876bc76aa7587d9b9905d473e1c009cf5e01aaaa5d052db38b
                              • Instruction Fuzzy Hash: 2601247080A38CEBCB55DBB0D800AAEBFB89B05306F2482EED80463352DF305E40C792
                              Function 07868F10 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a72547a8f10ab0a77c60257b82c7c02ecd7e3165d6fda18544dce4bb2eaba036
                              • Instruction ID: 8a236d2dac0815fb7848ff091c075e52983b16b73bdb4f5bc934df0e0c79c9e6
                              • Opcode Fuzzy Hash: a72547a8f10ab0a77c60257b82c7c02ecd7e3165d6fda18544dce4bb2eaba036
                              • Instruction Fuzzy Hash: 0F117FB4E0120ADFDB44DFA8D548AAEFBF5FB58200F1085AAD919E3350E7349A41CF91
                              Function 0786DD20 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1ba26d180a73a983db43b8fe4bedb77ff6d976b3b6328963dbcebceb26069802
                              • Instruction ID: 5a0b1326e80ebf2d0028c4d66ebf672e40b63b6ef644854af0e50a92b16c8e90
                              • Opcode Fuzzy Hash: 1ba26d180a73a983db43b8fe4bedb77ff6d976b3b6328963dbcebceb26069802
                              • Instruction Fuzzy Hash: 571109B0E0021A9FDB48EFE9C8457AFBBF1FF88300F208569D518A7341DA745A418BA1
                              Function 02DC88E0 Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8e854f4cb67d974aa26c43d4fca052619377fe5220c8a6bbb4343d112b6642e8
                              • Instruction ID: 849e42784120b6a354e2451b114d8be07447c5951421b31024d75f6fd42ec242
                              • Opcode Fuzzy Hash: 8e854f4cb67d974aa26c43d4fca052619377fe5220c8a6bbb4343d112b6642e8
                              • Instruction Fuzzy Hash: C9017C3180424AEFCF029F95C8049D9BB75FF4A310F11C649EA5467251D731AAA5DBA1
                              Function 013C14DB Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 717c5f39a502edf4b2e264ea3aa95f3ba1de9cbf772bc78e9f98417ee1412a64
                              • Instruction ID: 2c3022d28be41f1f85d81035e756785064c77eb5a90c707b24f1295d6dea4fe0
                              • Opcode Fuzzy Hash: 717c5f39a502edf4b2e264ea3aa95f3ba1de9cbf772bc78e9f98417ee1412a64
                              • Instruction Fuzzy Hash: 1A014F74700205CFD715DFA9C85476DBBB5BF99708F180069E402DB3A2DBB49C02DB00
                              Function 013C09A9 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 774ef9ebda1771d43df3e906917f5f61a486dd8e175e93984fa4ec982616c4c0
                              • Instruction ID: 7d1b79a784a8e3d72567c8afe3d28ece9f3e81aa85da7954d162f007dd7e82a5
                              • Opcode Fuzzy Hash: 774ef9ebda1771d43df3e906917f5f61a486dd8e175e93984fa4ec982616c4c0
                              • Instruction Fuzzy Hash: 4BF0E9313001509FC21D777CB8584AD7FBAEFCA716B45446DE187D7254CE291C0A87AD
                              Function 02DC5A38 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf42acc01d30d184d92f706434cddde453381d087ba77e896b7742f7f8cf0f85
                              • Instruction ID: 794fd9271f99b3a07c211fdd1337d6839e34d20bbdfddce81c1d46c32b009884
                              • Opcode Fuzzy Hash: cf42acc01d30d184d92f706434cddde453381d087ba77e896b7742f7f8cf0f85
                              • Instruction Fuzzy Hash: 58F03730D0621B8FCB00DFA9D8150EEBBB1EE86320B158566D204FB141E7702A99CBC1
                              Function 02DC99EF Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e512248b2df16a1b4229aabc4f741e8dd4a0f06f45f29df1c475318cea9c03b0
                              • Instruction ID: 2ecb67e6b89fc56a258dc92d466f49567145bf618846754f12d8e03334fc9841
                              • Opcode Fuzzy Hash: e512248b2df16a1b4229aabc4f741e8dd4a0f06f45f29df1c475318cea9c03b0
                              • Instruction Fuzzy Hash: 28F06D34808289EFCB05CF94C810AECBFB1EF4A300F2481DAE855A7352C3328A61EB55
                              Function 02DC88F0 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4e2316041a67a7657efdb95cbc91536a1a46de84870c538af96dd5ef0a2e195
                              • Instruction ID: 9370806525f90d8ae0790ab4bb308af36b9abdfde65d13af4be47b5c1571ca41
                              • Opcode Fuzzy Hash: d4e2316041a67a7657efdb95cbc91536a1a46de84870c538af96dd5ef0a2e195
                              • Instruction Fuzzy Hash: BEF0373180020EEBCF05DF98C8009EEBB75FF89324F10C619E95873210D731AAA2DB91
                              Function 013C09B8 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b383676eaa874caea8fd7bb8597373ffcebde706a8c0e086fcedcfdea0a525f
                              • Instruction ID: 8e985e8c20ac5bfde4b06e6d564fbce56c5c6ce4c72f32cca15d36310c16f866
                              • Opcode Fuzzy Hash: 4b383676eaa874caea8fd7bb8597373ffcebde706a8c0e086fcedcfdea0a525f
                              • Instruction Fuzzy Hash: 12E06D323000209BC22D777DB81846DBA9EEBC976AF415428E14BE7254CF291D0A87AE
                              Function 02DC5FA8 Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 502cedc207847aace78f1a9d073d1b2eb21e2b7ded967cc711bd766035b9bd8b
                              • Instruction ID: ff59e175f21f3377069ba7da60d9130440fc864e67e991ede661a9a789fc21bd
                              • Opcode Fuzzy Hash: 502cedc207847aace78f1a9d073d1b2eb21e2b7ded967cc711bd766035b9bd8b
                              • Instruction Fuzzy Hash: FBF03A70909248EFC744DFA8D49469CBBF4EF4A200F2482DAD858A7391D731AA45CB41
                              Function 013C55C7 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e90ec0975d69222adf4f89d46a7c093d71722eff9a5196f620b21cf005e25ac
                              • Instruction ID: a889ac75a3df1878820611e1ec9f04f77ed3d2936dcdcecd231396cfec53dd8e
                              • Opcode Fuzzy Hash: 0e90ec0975d69222adf4f89d46a7c093d71722eff9a5196f620b21cf005e25ac
                              • Instruction Fuzzy Hash: 01F090302087869FC716EB28E050499BFB2EEC5214B048AAEC0C687566CE75691A8755
                              Function 02DC6218 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5763131d3cb6f85060d2c38bd0707ff15c260f52000d12373c15e73ed211bfc3
                              • Instruction ID: 8460dde2a6ea8b2f90e77a2151b565c28eea97866d45f67a2ad0faaf6fbb67a3
                              • Opcode Fuzzy Hash: 5763131d3cb6f85060d2c38bd0707ff15c260f52000d12373c15e73ed211bfc3
                              • Instruction Fuzzy Hash: C4F05E38409249EFDB02DF90D8159A8BF35EF4A300F24C1D9E85417355C3319DA2EB51
                              Function 02DC74F3 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 65bf5022c999facf469407198f425ad259f2b23266f3e1cdec30195e32d55f66
                              • Instruction ID: a04e6168ad67b8f4c37a4c4946b27b967c45c8a622fea0a9d1b49613c638c9f9
                              • Opcode Fuzzy Hash: 65bf5022c999facf469407198f425ad259f2b23266f3e1cdec30195e32d55f66
                              • Instruction Fuzzy Hash: 98F05E35408289EFCB02CFA4D8809ADBF75EF4A300F1485D9E88457262C7329E76EB51
                              Function 02DC5390 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 516daa7f3db5545dbd9ab5728e86b07208d1180ce8257c1d14798c490991994a
                              • Instruction ID: 31ba2e80249c2cecc92864d6646e82f448e4c22576b6566c2572755e7407aa59
                              • Opcode Fuzzy Hash: 516daa7f3db5545dbd9ab5728e86b07208d1180ce8257c1d14798c490991994a
                              • Instruction Fuzzy Hash: 32F08C3090A284DFCB51DF68C49529CBFB0EF0A300F2581D9C88897302DA715E86CB40
                              Function 02DC1071 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 71db1e154df268c75440c05168099c0aa3dd3247d13be85fc779c677e917150a
                              • Instruction ID: f2c3ddc2920ae8abe6f1664aefd6b5e9c41180ffe7a3e43b3616b587fb6357f7
                              • Opcode Fuzzy Hash: 71db1e154df268c75440c05168099c0aa3dd3247d13be85fc779c677e917150a
                              • Instruction Fuzzy Hash: F7E09238509288DFC705DFA4D855AA8BF74AF46304F2482DAD80867352C6319E52DB52
                              Function 02DC4628 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 66ab2420cb7367453127e76d7ec6cb443fb330ff10b63ddb22167984d04274fb
                              • Instruction ID: baa319080fffaa2f52f68223596113bb9c89d2617a7741ad1f5ce5959f3d9e8f
                              • Opcode Fuzzy Hash: 66ab2420cb7367453127e76d7ec6cb443fb330ff10b63ddb22167984d04274fb
                              • Instruction Fuzzy Hash: FFF0223480C388AFC706DFA4C4606E8BFB49F0A314F2481DDC8A41B356CA319E13CB51
                              Function 02DC9C71 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 11b864b120369066c12e21b6fe3b957f11d10322a44fbc727976ab3b30141dd7
                              • Instruction ID: f74ec8d6ce6b87d870ba3699e5d9ae37bd8a10d1d88e92d2ce69b67436564c02
                              • Opcode Fuzzy Hash: 11b864b120369066c12e21b6fe3b957f11d10322a44fbc727976ab3b30141dd7
                              • Instruction Fuzzy Hash: CDF0A034909248DFC704DFA4D8145A8BF74AB06304F1282DED80427242CA315D96C795
                              Function 02DC7C15 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce8aec1a997da2c4e6bcd3c6e4d3876041988233301baf474aa9d75ade7ce308
                              • Instruction ID: b9ab74e9ab6ff8dd0137e6f7dfaac83690d9c0aab7f6c8a95263c1864e532514
                              • Opcode Fuzzy Hash: ce8aec1a997da2c4e6bcd3c6e4d3876041988233301baf474aa9d75ade7ce308
                              • Instruction Fuzzy Hash: BCF0CF70A02229DFEB64DF54CD51BADB7B1AF89300F2080DA954ABB380CB756E81CF05
                              Function 0786E0F8 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2531192834115d47e239fc1ed55523ed7662f59256172b193a5cc4ef988b6a26
                              • Instruction ID: d7a67dd78b397cbab03efa56dc62f0ff24d8b4600cf20fe0ceb1e27a57168a75
                              • Opcode Fuzzy Hash: 2531192834115d47e239fc1ed55523ed7662f59256172b193a5cc4ef988b6a26
                              • Instruction Fuzzy Hash: C8F0F8B4904248AFCB84DFA8C845AADBBF8AB49211F14C1EAA868D3341D6359A51EF50
                              Function 02DCA150 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29db13c0f2844866bb57c7adf479552eaac3790a1903d820d5ba355889c01c97
                              • Instruction ID: 03414c9154826dcb5a5d1a4574f780058922db4543b795c88a1a9b0844797a2e
                              • Opcode Fuzzy Hash: 29db13c0f2844866bb57c7adf479552eaac3790a1903d820d5ba355889c01c97
                              • Instruction Fuzzy Hash: 3FE0923490E24C9FC705DFA4D8545A8BFB4AF46304F2492D9C8545B361C6715E52DF45
                              Function 02DC3EF1 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 063662ebd1ae5c62caa36d26ac25b5430db1c59c742d84f9bd644d68b3e2883c
                              • Instruction ID: afad531765732345091503a636d8b1cb55a8355624b1750a8c7318f8e72e178c
                              • Opcode Fuzzy Hash: 063662ebd1ae5c62caa36d26ac25b5430db1c59c742d84f9bd644d68b3e2883c
                              • Instruction Fuzzy Hash: 2AE02271809288AFD783EFB488002CE7FF9CF46200F1105EAC440A7261EA320E14D366
                              Function 02DC9ADB Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd359e40e2d81a4a9ca2f133988866cdbe1f6091e1ea5078f007037e3d6608f0
                              • Instruction ID: 1c6ee5c9ef0e5d571f2c5a874d882fc7e42b4c2a0c284c08fa21c59f5623cbaf
                              • Opcode Fuzzy Hash: cd359e40e2d81a4a9ca2f133988866cdbe1f6091e1ea5078f007037e3d6608f0
                              • Instruction Fuzzy Hash: DFF08C74808288AFC741CFA4C460AACBFB5AB49300F2481EED88497352C6319E51DB89
                              Function 02DC51E8 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c25f7577c17f61c89bccdc1f8a7e19d8ac6f3c3e156cf2f5553850935a7b96e
                              • Instruction ID: 297d596bd6f729cf94713b3537e30e6cbc9376cc2d3b9f95acc7a69e3acdd186
                              • Opcode Fuzzy Hash: 1c25f7577c17f61c89bccdc1f8a7e19d8ac6f3c3e156cf2f5553850935a7b96e
                              • Instruction Fuzzy Hash: 0DE02234809289AFC741CBA49510268BFF4AF4A300F2482DED84867387C630AE41D751
                              Function 02DC6A4C Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eaf7741a1fd38b635aeb25381025c85048e49ba44a8b9b390574d16f62f6426b
                              • Instruction ID: a0c0455bc4894dfdf95bffd0b17ccf8875aca06768ca39df4c3d074008b4c88b
                              • Opcode Fuzzy Hash: eaf7741a1fd38b635aeb25381025c85048e49ba44a8b9b390574d16f62f6426b
                              • Instruction Fuzzy Hash: D8F0AF7494411ADFDB219F94E884BADBBBAFB48314F208499E549AB250C775DDA0CF80
                              Function 02DC9A00 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1379bc25d0d77cb060d2a6c515b7fc6f7386c85b924026a92c58a9f8a095a28c
                              • Instruction ID: 549d65a0930eacbaa48229221d1fd73dae032bcff79f219b9a6b3047b02f3d07
                              • Opcode Fuzzy Hash: 1379bc25d0d77cb060d2a6c515b7fc6f7386c85b924026a92c58a9f8a095a28c
                              • Instruction Fuzzy Hash: EDF01535808208EFCF05CF94D840AACBBB5EB48300F2081A9EC5463351C7329A61EF81
                              Function 02DC5300 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: db1643ac256718fb1c1154ebde2430c28ca483b1e8633491f1f2038924852558
                              • Instruction ID: a761867c523248bae43f38e01c16c8612930c58e3cfb1e9bd211f31419f1f299
                              • Opcode Fuzzy Hash: db1643ac256718fb1c1154ebde2430c28ca483b1e8633491f1f2038924852558
                              • Instruction Fuzzy Hash: 98F0A974C08248EFC702CFA8E4545ACBFB4EF0A300F2241EAD890A7362E6709E50CB41
                              Function 02DC7720 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c7d3ddd3e00bc77ed6950ee306d2f0f193a5ed3fce9c814975160e21d8e990a1
                              • Instruction ID: 5c16e8941e0601325e93c80bb636e40571b3f9c1e6108e53aae1c9c2bb44c87b
                              • Opcode Fuzzy Hash: c7d3ddd3e00bc77ed6950ee306d2f0f193a5ed3fce9c814975160e21d8e990a1
                              • Instruction Fuzzy Hash: 3FF01270941259DBEB20CF48CE40BACB7BAAB05300F20848AD609B7380C3329E81CF44
                              Function 02DC4C89 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d260b2169dd4db0592a5ef582758b8a38656ea226a71d77a709dede7e16e82b
                              • Instruction ID: 13abc2b8c9f73740ab4c306fdb81acdb3491e5de5fe9fd540c880e63a36b149c
                              • Opcode Fuzzy Hash: 9d260b2169dd4db0592a5ef582758b8a38656ea226a71d77a709dede7e16e82b
                              • Instruction Fuzzy Hash: BEE02634909308DBC705DF98D5516ECBBB8EB45314F2082DEE80477351CB31AE91CB95
                              Function 02DC3590 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 34530b0082dd17f724fbf864d1c8c065b97f348139deea9250be153398253fe4
                              • Instruction ID: 10a4e2523af7fa782e0e94f8734af07c175d3b0666b336436d25c9318ed5b24b
                              • Opcode Fuzzy Hash: 34530b0082dd17f724fbf864d1c8c065b97f348139deea9250be153398253fe4
                              • Instruction Fuzzy Hash: 6DE092348192899FC781DFA4C45066CBFB4DF0A204F2582DEC8449B386D6319E59DB51
                              Function 07854BAF Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb789da8b03d2d7e4f1b055c189abcb92f23018082e7c54a066bc0176a9b4946
                              • Instruction ID: a20fb974572df4063fc90add72f6ce05eda85e10b5bf34284c944e0833c43ac9
                              • Opcode Fuzzy Hash: cb789da8b03d2d7e4f1b055c189abcb92f23018082e7c54a066bc0176a9b4946
                              • Instruction Fuzzy Hash: 9FF03AB4A0521DCFDB28DF24D854BAAB7B1FB0A305F0401D4C90AA7750CB309E85CF02
                              Function 02DC6228 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ed5ce53ff793668eed33620ac53728f7ae779b3ac3a4a19a34d8e65fc31525a
                              • Instruction ID: 99ef0e6163040fe359a444a54af926a096e5aad61cd9916bade1bcd7ef46e114
                              • Opcode Fuzzy Hash: 9ed5ce53ff793668eed33620ac53728f7ae779b3ac3a4a19a34d8e65fc31525a
                              • Instruction Fuzzy Hash: B5E06535808208EBCB04CF90D840AADBB79EB8A300F20C299EC0423354C732DEA1EB81
                              Function 02DC78B3 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bdf7202832c5f319e30d92012168efae3cb21256029c0181c9dddfc582062c75
                              • Instruction ID: 1d5395cbb80ea5a40996273e8059262481993a9beec9d47eb9ea09b26d71e016
                              • Opcode Fuzzy Hash: bdf7202832c5f319e30d92012168efae3cb21256029c0181c9dddfc582062c75
                              • Instruction Fuzzy Hash: 66F0DF759012699FEF39AF60D814BDCBAB2FB58300F5044D9D10E632A0CB750E84DF10
                              Function 02DC7500 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ed5ce53ff793668eed33620ac53728f7ae779b3ac3a4a19a34d8e65fc31525a
                              • Instruction ID: db2316fb0f7708e65d0f4e76d0c65f12e9f4b48e313f8a3e8252687f09d75ec1
                              • Opcode Fuzzy Hash: 9ed5ce53ff793668eed33620ac53728f7ae779b3ac3a4a19a34d8e65fc31525a
                              • Instruction Fuzzy Hash: 8FE06539804208EBCF05CF90D840AADBB79FB48301F208699EC0423351C7329EA1EF81
                              Function 07869188 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5c3806b9814844b756a404ce3ae879829fe15865b97c6e6f487be3d256fec6b6
                              • Instruction ID: 3e9057cc4a4fb5ec02dabeb89e48120ff4a079a274f5bf76bb07cb4cc10bf009
                              • Opcode Fuzzy Hash: 5c3806b9814844b756a404ce3ae879829fe15865b97c6e6f487be3d256fec6b6
                              • Instruction Fuzzy Hash: EEE0C9B4D04208EFCB44DFA8D444A9CBBF5EB59310F20C1AAD818A3344D636AE51DF45
                              Function 078650B8 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5c3806b9814844b756a404ce3ae879829fe15865b97c6e6f487be3d256fec6b6
                              • Instruction ID: 7aa65517d3c7bae106fa2c292bc21f7c3d5d82a288831b4dea308abe15dde248
                              • Opcode Fuzzy Hash: 5c3806b9814844b756a404ce3ae879829fe15865b97c6e6f487be3d256fec6b6
                              • Instruction Fuzzy Hash: 8BE0EDB4D04208EFCB54DFA8D544A9CFBF4EB58300F20C2A99818E3344D6319A51DF85
                              Function 07868EC0 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e91632bd1cd7d27321577858dc2d2495fb31d7062d8c5fb779f53bcd7a975bbd
                              • Instruction ID: d961adaaa6c3cbf34a017d468b2092dfb1c0ba208f9255a272a297a138604668
                              • Opcode Fuzzy Hash: e91632bd1cd7d27321577858dc2d2495fb31d7062d8c5fb779f53bcd7a975bbd
                              • Instruction Fuzzy Hash: EEE0E5B4E04208EFCB84DFA8D4446ACBBF4EB48304F2082E99818E3340D7759E41CF41
                              Function 0786D840 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 72012e4a68e06714983b79e0bae73e5c51b402096f1b24c38408720ca736a48d
                              • Instruction ID: aac8145134d8ba5cab12bdc1c597333915599062a2220fc661564982da47d7b5
                              • Opcode Fuzzy Hash: 72012e4a68e06714983b79e0bae73e5c51b402096f1b24c38408720ca736a48d
                              • Instruction Fuzzy Hash: 79E04FB0E0524CEBCB54EFB8D548B5D7BF8EB49305F1046A9D908E3340D6705A54CB95
                              Function 02DC9AE8 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f97a4b766bed352a2a63ff7a69e99ade9f8acca6bfbbb035a41df9b905f1a6cb
                              • Instruction ID: 1f7f082d1a432232f15901eac5e46cfd69c53eabb1f928f608491a8b5f613603
                              • Opcode Fuzzy Hash: f97a4b766bed352a2a63ff7a69e99ade9f8acca6bfbbb035a41df9b905f1a6cb
                              • Instruction Fuzzy Hash: 97E0E5B4904248ABCB44DF94D591AACFBB9AB48300F2082AA985863341D6719E51DB85
                              Function 02DC7899 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1aff46854b7e3e33d32e3ad2ba93374aaceea49aab7e1f11d59eda5c41d406c
                              • Instruction ID: 2ba9ef4d58936c087fc5262f38b9475a2ec87fedc1b9b9c30e4b22c11592fa50
                              • Opcode Fuzzy Hash: e1aff46854b7e3e33d32e3ad2ba93374aaceea49aab7e1f11d59eda5c41d406c
                              • Instruction Fuzzy Hash: ACF0F23480522DCFEB60CF10C944BE8BBB9BB08308F208199C80D63381C7349E86DF00
                              Function 0786F128 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ee296cf01acbfc8ac1f1c438aececec8ef10825014d84780ef466b51653eb8fa
                              • Instruction ID: 45c3f2ae84889b8f03cef734f241a9fe749955ca98a12cb711ec88381d0215ad
                              • Opcode Fuzzy Hash: ee296cf01acbfc8ac1f1c438aececec8ef10825014d84780ef466b51653eb8fa
                              • Instruction Fuzzy Hash: 03E086F4908248EBC744DF94E845A6DBBB8AB95301F1082D9D94497341C631DE91DB95
                              Function 07867A58 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8fe31f607e55eecedac8149d5b7e9f07d84b20338de5e1bd0970ced517e89933
                              • Instruction ID: 28accbc043a98b9d8d3d7a4a2c4e305ba4b7e31e933c9d3358c5910b67f8463d
                              • Opcode Fuzzy Hash: 8fe31f607e55eecedac8149d5b7e9f07d84b20338de5e1bd0970ced517e89933
                              • Instruction Fuzzy Hash: 76E04FB4D04208EFC744DFA5D4446ACFBB8EB49305F10C2E9D85893341D6319F41DB85
                              Function 02DC1080 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: 7da301444575608391ac325b2b81b4445f6cdc84f2ce987570bb156235d2d95e
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: 3BE08C34908208DBC704DFA4D441A6CBBB8AB45315F3082DC880823341C6329E42DB85
                              Function 02DC09E8 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: 822c7fffd3a42b5da55a0e0996749bcfd565b95566f2864d38451a75cbd8a544
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: FCE0127490924CDBC704DFA4D541A6DFBB8EB45309F20C2DDD80967341DB719E52DB85
                              Function 02DCA160 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: f9e2fd7053b777394bc0a2b38a6813552509df09a8e190c4c071f7711fe188ab
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: E3E0C23490820CDBC704DF94D840A6CBBB8EB45304F2092DCC80863340C7319E42CF85
                              Function 02DC4638 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: 91cd7e9fae628348c12d091d657282edfe6040cf234bc7faa85e939e48f8f6ab
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: 54E0C234908208DBCB04EF94D550AACBBB8EB45304F2082ECC81823344CB319E42DB85
                              Function 02DC3F00 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ba0fb8d8102f977093c50b0af739d6ffa5f5d4d974bcab951068377d2bac97e0
                              • Instruction ID: c68e2bdfdaae49d7edf431039de13a0d10f26e16755201079f5349e628fab665
                              • Opcode Fuzzy Hash: ba0fb8d8102f977093c50b0af739d6ffa5f5d4d974bcab951068377d2bac97e0
                              • Instruction Fuzzy Hash: C7E0C77180120CEBCBC1EFB88804A8E7BF9EF44200F1006E98908A7200EEB14E00E7A6
                              Function 02DC4C98 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: bb83ce29bdd1590093372db567cdcb30ae5e66916df320a69cf98b8836cb3708
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: 0FE0C234908208DBC704DF94D540A6CBBB8EB45304F2082DCC80823350CB319E92CB95
                              Function 02DC9C80 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction ID: c6044a558cefde4f2aa1906ad88afda47cbf5a04507e6ebb166c0bef7bb0cc52
                              • Opcode Fuzzy Hash: 735a2f6afaa0e28cca04d0cb925a5b9093b2509e5e0deca6162f115c7a960103
                              • Instruction Fuzzy Hash: B3E0C234908208DBC704DFA4D540ABCBBB8EB45305F2182DCD80823344C7319E42CB85
                              Function 0786CD70 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5afba2a04c25ace64fff87be9c58182ea326ca7d9963b194761a4bee53a5e76b
                              • Instruction ID: 2f043b0484d255870b3424a65a9687236e79c3f281bae97b3347175dd92153dc
                              • Opcode Fuzzy Hash: 5afba2a04c25ace64fff87be9c58182ea326ca7d9963b194761a4bee53a5e76b
                              • Instruction Fuzzy Hash: BFE0C2B4909208EBC704DFA4D848A6CBBB8EB45304F2082D9C80867380C631AE42CB95
                              Function 013C5628 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 519c1c3ec21b4bd09910f671c6c45937fe39b394c5d088373644b86ee5d04288
                              • Instruction ID: c0db8e77716e74b5919d67140e870562e6940f03916f1f76d29cc4f41b3f47a5
                              • Opcode Fuzzy Hash: 519c1c3ec21b4bd09910f671c6c45937fe39b394c5d088373644b86ee5d04288
                              • Instruction Fuzzy Hash: 1CE0EC70D5930CDFCB40EFB8A50559ABFF8BB48204F4045BAE859E7621FA35A9118B81
                              Function 02DC51F8 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8a76fb18e7ccf2c76deac48d8512eacd9ec8952ffd8222b185ffa0d23e784d5f
                              • Instruction ID: 9e35d8214c5bc70a804a42afe7a132d00f20cd33048c1fd508187856356cf126
                              • Opcode Fuzzy Hash: 8a76fb18e7ccf2c76deac48d8512eacd9ec8952ffd8222b185ffa0d23e784d5f
                              • Instruction Fuzzy Hash: 50E0C230805248DFC754DBA4D54076CFBF8AB45205F2082DDDC5863345D631AE41DB41
                              Function 02DC35A0 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8a76fb18e7ccf2c76deac48d8512eacd9ec8952ffd8222b185ffa0d23e784d5f
                              • Instruction ID: eede70258d30a45d16498a91fb3dcf5928520285dcbcb2181f49ecfe80f5f2e3
                              • Opcode Fuzzy Hash: 8a76fb18e7ccf2c76deac48d8512eacd9ec8952ffd8222b185ffa0d23e784d5f
                              • Instruction Fuzzy Hash: 73E0C274804208DFC784DBA4C44066CBBB8DF05209F2082DDC84853341D631DE46CB81
                              Function 02DC7E73 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ede21b292290c5b664b009a76ddc47c902ecaa01176a381f6b68805011eed560
                              • Instruction ID: d380267229721dd813e6a62e8e25fa043354559778e00420520fe7fcd41e6874
                              • Opcode Fuzzy Hash: ede21b292290c5b664b009a76ddc47c902ecaa01176a381f6b68805011eed560
                              • Instruction Fuzzy Hash: 7FE012B5D442298FEB208F10DC09BE8BAB5BB08305F1005DAE20DA2280C3B44FC0CF60
                              Function 02DCAAC8 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bbb8ad1b475a71c2ea305032f0a7a96215480466c6b8ecf537478fee8ee84f11
                              • Instruction ID: 07d75952a682de1559df4a9c5bd3d71dea95d2463b607d17fe9604905ba1b14d
                              • Opcode Fuzzy Hash: bbb8ad1b475a71c2ea305032f0a7a96215480466c6b8ecf537478fee8ee84f11
                              • Instruction Fuzzy Hash: B2D0A97088B20D9BC704CEA49500B6A72ACC702300F2022988809633409A704E50D249
                              Function 02DCAAC3 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d608f3c2b08a1cb963fff6acd1857795b662fe1a684230c03722269d96992f48
                              • Instruction ID: 43f244a8b9ae7320b6d3731d565d473d79c5526e43a6ce88e3a6aff7fc3a34ce
                              • Opcode Fuzzy Hash: d608f3c2b08a1cb963fff6acd1857795b662fe1a684230c03722269d96992f48
                              • Instruction Fuzzy Hash: C0D0A97088F149AFC708CEB0D101BAA3BACDB02354F2062E8C80A63362D6B04E90D389
                              Function 02DC76C7 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3309037508.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_2dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 08e565b20fa0c6aa414dc3b6756630ec8687e18d56e8682361134a1187983dc3
                              • Instruction ID: 78dc5182fe0fdb7d9a104d4d0a4328ef5a39bb0ef6e5192148ba4f1a5be137ea
                              • Opcode Fuzzy Hash: 08e565b20fa0c6aa414dc3b6756630ec8687e18d56e8682361134a1187983dc3
                              • Instruction Fuzzy Hash: C3E075749011189BDB51CB54DD51BA9BBB5AB49300F20808A9A49A7380C736AE81CF40
                              Function 013C5638 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2ac672fd2573b254c042548ac83c0ada97ce43934c190d3a3b75d02277bcc175
                              • Instruction ID: 3619fb5e40a4432425f7953cc3967c0ff045a9c2a77110566821c32d93149329
                              • Opcode Fuzzy Hash: 2ac672fd2573b254c042548ac83c0ada97ce43934c190d3a3b75d02277bcc175
                              • Instruction Fuzzy Hash: 98D0C9B0D0520CDFCB80EFB8950516EBBF8BB08204F4046AAD81EE3244FB305A118B91
                              Function 013C049F Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 52f7a11e735bebed1d383b632096695a02131a0f458bff153f329530ee0e2c6a
                              • Instruction ID: 54b199e2bf7ff81609b616387833c3c36f75c02f187fa5556f37edde270f165b
                              • Opcode Fuzzy Hash: 52f7a11e735bebed1d383b632096695a02131a0f458bff153f329530ee0e2c6a
                              • Instruction Fuzzy Hash: 48D01234118B80CFDB0ACB38C8948117B74EF8B308B1688CAE081CF6B2CA26AC01CB10
                              Function 0786D0A0 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd5043e0a674395a91709d9a31867647a29dabb99927bb9b827d70c5def1c04f
                              • Instruction ID: a593c4259b5628cc9f2fd97277b57be7235cea0a3e4652649364e2fab79051eb
                              • Opcode Fuzzy Hash: dd5043e0a674395a91709d9a31867647a29dabb99927bb9b827d70c5def1c04f
                              • Instruction Fuzzy Hash: 16C02BF028E3899FC7153680704C33072DD470B30AF0017405A0C401110BB184E0CEAB
                              Function 013C0842 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 36628739c669edcdf4dba45b4016d9ea8d42a5f993b53496d3411afff7ba31c5
                              • Instruction ID: c81b8c0c140e78da55add258b589176f386b38e5ee60dd39dadf5052da727655
                              • Opcode Fuzzy Hash: 36628739c669edcdf4dba45b4016d9ea8d42a5f993b53496d3411afff7ba31c5
                              • Instruction Fuzzy Hash: 88C08C3014C7C85FC30343B458294A03FB89D0F20078904DAD0C98B423E216B022C799
                              Function 07850654 Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3399847142.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_7850000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ca9b1cef9f8a908d815bfaccd81ed7b453316bd4958dfb2d449da1ff1eb2d37
                              • Instruction ID: e437fc4fbc1df28df6f0c3c4199ddfd6f3ef451324640b67b4e72df966e708ae
                              • Opcode Fuzzy Hash: 9ca9b1cef9f8a908d815bfaccd81ed7b453316bd4958dfb2d449da1ff1eb2d37
                              • Instruction Fuzzy Hash: 98D09EB8D8611DCBDF68CF51C9486DDB7B1AB25304F1040D58909A3300D7305E82DF55
                              Function 013C5654 Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 577731d3a7c052bce99b74d62d65b1147b5bb4be39e1419f974fbf3299d6ae8d
                              • Instruction ID: 73c55371d2518958e4037f9ca5b6d38873050cfad28f5bc00e63f3767bd23631
                              • Opcode Fuzzy Hash: 577731d3a7c052bce99b74d62d65b1147b5bb4be39e1419f974fbf3299d6ae8d
                              • Instruction Fuzzy Hash: F3B0123224D00CC2D4245D7034040383A1CD39062EB0022CDF80B489849E411C300F97
                              Function 013C0850 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.3307440634.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_13c0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5fb57a25e32bc184194949839256dce4fc5a91eedf2ca1b74f2ebfe9276f370f
                              • Instruction ID: b5b5288c50519991f93c8be214752e2111b1dafc5f3050712b073ea2290d323b
                              • Opcode Fuzzy Hash: 5fb57a25e32bc184194949839256dce4fc5a91eedf2ca1b74f2ebfe9276f370f
                              • Instruction Fuzzy Hash: 4290023104860D8BA55027957509555775C9544615F800051E50D419055A55E411469D

                              Execution Graph

                              Execution Coverage:10.8%
                              Dynamic/Decrypted Code Coverage:99.4%
                              Signature Coverage:0%
                              Total number of Nodes:351
                              Total number of Limit Nodes:29
                              execution_graph 47277 7597679 47278 7597683 47277->47278 47282 5dc4c98 47278->47282 47291 5dc4c89 47278->47291 47279 7596cdf 47283 5dc4cad 47282->47283 47300 5dc50bc 47283->47300 47303 5dc4feb 47283->47303 47306 5dc4d9a 47283->47306 47309 5dc4fb9 47283->47309 47312 5dc4cc8 47283->47312 47315 5dc4cd8 47283->47315 47292 5dc4c98 47291->47292 47294 5dc50bc 12 API calls 47292->47294 47295 5dc4cd8 12 API calls 47292->47295 47296 5dc4cc8 12 API calls 47292->47296 47297 5dc4fb9 12 API calls 47292->47297 47298 5dc4d9a 12 API calls 47292->47298 47299 5dc4feb 12 API calls 47292->47299 47293 5dc4cc3 47293->47279 47294->47293 47295->47293 47296->47293 47297->47293 47298->47293 47299->47293 47301 5dc4d2f 47300->47301 47318 5dc6218 47301->47318 47304 5dc4d2f 47303->47304 47305 5dc6218 12 API calls 47304->47305 47305->47304 47307 5dc4d2f 47306->47307 47308 5dc6218 12 API calls 47307->47308 47308->47307 47310 5dc4d2f 47309->47310 47311 5dc6218 12 API calls 47310->47311 47311->47310 47313 5dc4d02 47312->47313 47314 5dc6218 12 API calls 47313->47314 47314->47313 47316 5dc4d02 47315->47316 47317 5dc6218 12 API calls 47316->47317 47317->47316 47319 5dc623d 47318->47319 47322 5dc6a4c 47319->47322 47323 5dc6a67 47322->47323 47327 5dc7500 47323->47327 47345 5dc74f3 47323->47345 47324 5dc66e0 47328 5dc7515 47327->47328 47363 5dc7a7f 47328->47363 47369 5dc7b43 47328->47369 47375 5dc7ba2 47328->47375 47386 5dc7921 47328->47386 47390 5dc7720 47328->47390 47396 5dc76c7 47328->47396 47401 5dc7b26 47328->47401 47407 5dc7feb 47328->47407 47412 5dc808e 47328->47412 47418 5dc78b3 47328->47418 47423 5dc7e73 47328->47423 47427 5dc7c15 47328->47427 47432 5dc7d79 47328->47432 47436 5dc7e59 47328->47436 47441 5dc7899 47328->47441 47329 5dc7537 47329->47324 47346 5dc7500 47345->47346 47348 5dc7a7f 3 API calls 47346->47348 47349 5dc7899 3 API calls 47346->47349 47350 5dc7e59 2 API calls 47346->47350 47351 5dc7d79 2 API calls 47346->47351 47352 5dc7c15 2 API calls 47346->47352 47353 5dc7e73 2 API calls 47346->47353 47354 5dc78b3 2 API calls 47346->47354 47355 5dc808e 3 API calls 47346->47355 47356 5dc7feb 2 API calls 47346->47356 47357 5dc7b26 3 API calls 47346->47357 47358 5dc76c7 2 API calls 47346->47358 47359 5dc7720 2 API calls 47346->47359 47360 5dc7921 3 API calls 47346->47360 47361 5dc7ba2 3 API calls 47346->47361 47362 5dc7b43 3 API calls 47346->47362 47347 5dc7537 47347->47324 47348->47347 47349->47347 47350->47347 47351->47347 47352->47347 47353->47347 47354->47347 47355->47347 47356->47347 47357->47347 47358->47347 47359->47347 47360->47347 47361->47347 47362->47347 47365 5dc7b43 47363->47365 47364 5dc809e 47365->47364 47447 75f32f8 47365->47447 47451 75f32f0 47365->47451 47455 75f32b2 47365->47455 47370 5dc7b4d 47369->47370 47370->47369 47371 5dc809e 47370->47371 47372 75f32f8 ResumeThread 47370->47372 47373 75f32b2 ResumeThread 47370->47373 47374 75f32f0 ResumeThread 47370->47374 47372->47370 47373->47370 47374->47370 47376 5dc7ba6 47375->47376 47377 5dc7b72 47375->47377 47379 5dc7b43 47377->47379 47383 75f32f8 ResumeThread 47377->47383 47384 75f32b2 ResumeThread 47377->47384 47385 75f32f0 ResumeThread 47377->47385 47378 5dc809e 47379->47378 47380 75f32f8 ResumeThread 47379->47380 47381 75f32b2 ResumeThread 47379->47381 47382 75f32f0 ResumeThread 47379->47382 47380->47379 47381->47379 47382->47379 47383->47379 47384->47379 47385->47379 47461 5dc9ae8 47386->47461 47467 5dc9adb 47386->47467 47387 5dc793c 47391 5dc81b3 47390->47391 47393 5dc76ae 47390->47393 47486 75f2c9a 47391->47486 47490 75f2ca0 47391->47490 47392 5dc81d7 47392->47329 47397 5dc81b3 47396->47397 47399 75f2c9a VirtualAllocEx 47397->47399 47400 75f2ca0 VirtualAllocEx 47397->47400 47398 5dc81d7 47398->47329 47399->47398 47400->47398 47402 5dc7b33 47401->47402 47403 5dc7920 47401->47403 47405 5dc9ae8 3 API calls 47403->47405 47406 5dc9adb 3 API calls 47403->47406 47404 5dc793c 47405->47404 47406->47404 47408 5dc8003 47407->47408 47494 5dc88f0 47408->47494 47499 5dc88e0 47408->47499 47409 5dc801b 47413 5dc809e 47412->47413 47414 5dc7b43 47412->47414 47414->47412 47415 75f32f8 ResumeThread 47414->47415 47416 75f32b2 ResumeThread 47414->47416 47417 75f32f0 ResumeThread 47414->47417 47415->47414 47416->47414 47417->47414 47419 5dc78bd 47418->47419 47420 5dc7e63 47419->47420 47522 5dc99ef 47419->47522 47527 5dc9a00 47419->47527 47425 5dc99ef 2 API calls 47423->47425 47426 5dc9a00 2 API calls 47423->47426 47424 5dc7e99 47425->47424 47426->47424 47428 5dc7c1f 47427->47428 47430 75f2c9a VirtualAllocEx 47428->47430 47431 75f2ca0 VirtualAllocEx 47428->47431 47429 5dc81d7 47429->47329 47430->47429 47431->47429 47434 5dc99ef 2 API calls 47432->47434 47435 5dc9a00 2 API calls 47432->47435 47433 5dc76ae 47434->47433 47435->47433 47437 5dc78d9 47436->47437 47438 5dc7e63 47436->47438 47437->47436 47439 5dc99ef 2 API calls 47437->47439 47440 5dc9a00 2 API calls 47437->47440 47439->47437 47440->47437 47442 5dc78a3 47441->47442 47444 75f2739 Wow64SetThreadContext 47442->47444 47445 75f2618 Wow64SetThreadContext 47442->47445 47446 75f2620 Wow64SetThreadContext 47442->47446 47443 5dc7f78 47444->47443 47445->47443 47446->47443 47448 75f333c ResumeThread 47447->47448 47450 75f3388 47448->47450 47450->47365 47452 75f32f8 ResumeThread 47451->47452 47454 75f3388 47452->47454 47454->47365 47456 75f32ba 47455->47456 47459 75f325d 47455->47459 47457 75f3355 ResumeThread 47456->47457 47458 75f32bf 47456->47458 47460 75f3388 47457->47460 47458->47365 47459->47365 47460->47365 47462 5dc9afd 47461->47462 47473 75f2739 47462->47473 47478 75f2620 47462->47478 47482 75f2618 47462->47482 47463 5dc9b16 47463->47387 47468 5dc9ae8 47467->47468 47470 75f2739 Wow64SetThreadContext 47468->47470 47471 75f2618 Wow64SetThreadContext 47468->47471 47472 75f2620 Wow64SetThreadContext 47468->47472 47469 5dc9b16 47469->47387 47470->47469 47471->47469 47472->47469 47474 75f2742 47473->47474 47475 75f2688 47473->47475 47474->47463 47476 75f26ab Wow64SetThreadContext 47475->47476 47477 75f26e6 47475->47477 47476->47475 47476->47477 47477->47463 47480 75f2669 47478->47480 47479 75f26ab Wow64SetThreadContext 47479->47480 47481 75f26e6 47479->47481 47480->47479 47480->47481 47481->47463 47483 75f2620 47482->47483 47484 75f26ab Wow64SetThreadContext 47483->47484 47485 75f26e6 47483->47485 47484->47483 47484->47485 47485->47463 47487 75f2ca0 VirtualAllocEx 47486->47487 47489 75f2d5c 47487->47489 47489->47392 47491 75f2ce4 VirtualAllocEx 47490->47491 47493 75f2d5c 47491->47493 47493->47392 47495 5dc8907 47494->47495 47504 5dc8a6a 47495->47504 47509 5dc8ac3 47495->47509 47496 5dc8929 47496->47409 47500 5dc88f0 47499->47500 47502 5dc8a6a 2 API calls 47500->47502 47503 5dc8ac3 2 API calls 47500->47503 47501 5dc8929 47501->47409 47502->47501 47503->47501 47505 5dc8a73 47504->47505 47506 5dc89dd 47505->47506 47514 75f2264 47505->47514 47518 75f2270 47505->47518 47506->47496 47510 5dc8aeb 47509->47510 47511 5dc89dd 47510->47511 47512 75f2264 CreateProcessA 47510->47512 47513 75f2270 CreateProcessA 47510->47513 47511->47496 47512->47511 47513->47511 47516 75f2270 CreateProcessA 47514->47516 47517 75f24ec 47516->47517 47519 75f22f0 CreateProcessA 47518->47519 47521 75f24ec 47519->47521 47523 5dc9a00 47522->47523 47532 75f2f58 47523->47532 47536 75f2f60 47523->47536 47524 5dc9a37 47524->47419 47528 5dc9a15 47527->47528 47530 75f2f58 WriteProcessMemory 47528->47530 47531 75f2f60 WriteProcessMemory 47528->47531 47529 5dc9a37 47529->47419 47530->47529 47531->47529 47533 75f2f5d WriteProcessMemory 47532->47533 47535 75f3042 47533->47535 47535->47524 47537 75f2fa9 WriteProcessMemory 47536->47537 47539 75f3042 47537->47539 47539->47524 47074 759760d 47075 7597617 47074->47075 47079 75fb450 47075->47079 47085 75fb460 47075->47085 47076 7596cdf 47080 75fb45a 47079->47080 47082 75fb426 47079->47082 47090 75fb490 47080->47090 47094 75fb4a0 47080->47094 47081 75fb48b 47081->47076 47082->47076 47086 75fb475 47085->47086 47088 75fb490 10 API calls 47086->47088 47089 75fb4a0 10 API calls 47086->47089 47087 75fb48b 47087->47076 47088->47087 47089->47087 47092 75fb49e 47090->47092 47091 75fb530 47091->47081 47092->47091 47098 75fb8e0 47092->47098 47096 75fb4ca 47094->47096 47095 75fb530 47095->47081 47096->47095 47097 75fb8e0 10 API calls 47096->47097 47097->47096 47099 75fb905 47098->47099 47100 75fb91e 47099->47100 47106 75fba86 47099->47106 47110 75fc607 47099->47110 47115 75fbf6c 47099->47115 47119 75fbe3d 47099->47119 47124 75fbce6 47099->47124 47100->47092 47130 75fcef0 47106->47130 47135 75fcee0 47106->47135 47111 75fc60d 47110->47111 47148 75f40ee 47111->47148 47152 75f40f8 47111->47152 47156 75fcf7f 47115->47156 47161 75fcf90 47115->47161 47116 75fbf86 47120 75fc445 47119->47120 47174 75fd17a 47120->47174 47180 75fd188 47120->47180 47121 75fb9c4 47121->47100 47125 75fbfe8 47124->47125 47127 75fb9c4 47124->47127 47193 75f39a8 47125->47193 47197 75f39a0 47125->47197 47126 75fc023 47127->47100 47131 75fcf05 47130->47131 47140 75f3e9e 47131->47140 47144 75f3ea8 47131->47144 47136 75fcef0 47135->47136 47138 75f3e9e CreateFileA 47136->47138 47139 75f3ea8 CreateFileA 47136->47139 47137 75fb9c4 47137->47100 47138->47137 47139->47137 47141 75f3ea8 CreateFileA 47140->47141 47143 75f3ffe 47141->47143 47145 75f3f0a CreateFileA 47144->47145 47147 75f3ffe 47145->47147 47149 75f415a CreateFileMappingA 47148->47149 47151 75f4240 47149->47151 47153 75f415a CreateFileMappingA 47152->47153 47155 75f4240 47153->47155 47155->47155 47157 75fcf90 47156->47157 47166 75f4338 47157->47166 47170 75f4330 47157->47170 47158 75fcfc7 47158->47116 47162 75fcfa5 47161->47162 47164 75f4338 MapViewOfFile 47162->47164 47165 75f4330 MapViewOfFile 47162->47165 47163 75fcfc7 47163->47116 47164->47163 47165->47163 47167 75f437c MapViewOfFile 47166->47167 47169 75f43f4 47167->47169 47169->47158 47171 75f437c MapViewOfFile 47170->47171 47173 75f43f4 47171->47173 47173->47158 47175 75fd186 47174->47175 47176 75fd1e0 47174->47176 47185 75f1e68 47175->47185 47189 75f1e62 47175->47189 47176->47121 47177 75fd1b3 47177->47121 47181 75fd19d 47180->47181 47183 75f1e68 FindCloseChangeNotification 47181->47183 47184 75f1e62 FindCloseChangeNotification 47181->47184 47182 75fd1b3 47182->47121 47183->47182 47184->47182 47186 75f1eac FindCloseChangeNotification 47185->47186 47188 75f1ef8 47186->47188 47188->47177 47190 75f1eac FindCloseChangeNotification 47189->47190 47192 75f1ef8 47190->47192 47192->47177 47194 75f39f1 K32GetModuleInformation 47193->47194 47196 75f3a5e 47194->47196 47196->47126 47198 75f39a8 K32GetModuleInformation 47197->47198 47200 75f3a5e 47198->47200 47200->47126 47201 75974cd 47202 75974d7 47201->47202 47206 756ddc8 47202->47206 47210 756ddb8 47202->47210 47203 7596cdf 47207 756dddd 47206->47207 47214 756df0e 47207->47214 47211 756ddc8 47210->47211 47213 756df0e 3 API calls 47211->47213 47212 756ddf3 47212->47203 47213->47212 47215 756decf 47214->47215 47215->47214 47216 756dfe2 47215->47216 47219 756e198 47215->47219 47227 756e188 47215->47227 47220 756e1ad 47219->47220 47221 756e1c3 47220->47221 47235 756f530 47220->47235 47240 756fa46 47220->47240 47245 756e279 47220->47245 47249 756f5dd 47220->47249 47254 756f0bc 47220->47254 47221->47215 47228 756e198 47227->47228 47229 756e1c3 47228->47229 47230 756f530 2 API calls 47228->47230 47231 756f0bc 2 API calls 47228->47231 47232 756f5dd 2 API calls 47228->47232 47233 756e279 KiUserCallbackDispatcher 47228->47233 47234 756fa46 2 API calls 47228->47234 47229->47215 47230->47229 47231->47229 47232->47229 47233->47229 47234->47229 47236 756f4b2 47235->47236 47236->47235 47237 756f992 47236->47237 47259 75f4618 47236->47259 47263 75f4620 47236->47263 47237->47221 47242 756fa6d 47240->47242 47241 756f9fb 47241->47221 47241->47241 47242->47241 47243 75f4618 CheckRemoteDebuggerPresent 47242->47243 47244 75f4620 CheckRemoteDebuggerPresent 47242->47244 47243->47242 47244->47242 47267 75f9660 47245->47267 47271 75f9670 47245->47271 47246 756e285 47246->47221 47250 756f5e3 47249->47250 47251 756f992 47250->47251 47252 75f4618 CheckRemoteDebuggerPresent 47250->47252 47253 75f4620 CheckRemoteDebuggerPresent 47250->47253 47251->47221 47251->47251 47252->47250 47253->47250 47256 756f0c8 47254->47256 47255 756f992 47255->47221 47255->47255 47256->47255 47257 75f4618 CheckRemoteDebuggerPresent 47256->47257 47258 75f4620 CheckRemoteDebuggerPresent 47256->47258 47257->47256 47258->47256 47260 75f4664 CheckRemoteDebuggerPresent 47259->47260 47262 75f46cc 47260->47262 47262->47236 47264 75f4664 CheckRemoteDebuggerPresent 47263->47264 47266 75f46cc 47264->47266 47266->47236 47268 75f9670 47267->47268 47275 75f96b0 KiUserCallbackDispatcher 47268->47275 47272 75f9684 47271->47272 47274 75f96b0 KiUserCallbackDispatcher 47272->47274 47273 75f9696 47273->47246 47274->47273 47276 75f9696 47275->47276 47276->47246

                              Executed Functions

                              Function 0759B501 Relevance: 2.4, Strings: 1, Instructions: 1145COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4
                              • API String ID: 0-4088798008
                              • Opcode ID: 73b030980f047e12c8aa26677b168676be9afc1891bb91c55b99fb799409f59b
                              • Instruction ID: 4cf703db76fab589bb847081a0aa6f3afe4a7a2aa4d80d278e476223d3bfdac1
                              • Opcode Fuzzy Hash: 73b030980f047e12c8aa26677b168676be9afc1891bb91c55b99fb799409f59b
                              • Instruction Fuzzy Hash: 91B2F8B4A00219DFEF14CFA4D994BADB7B6FF88300F1585A9E505AB2A5CB70AD41CF50
                              Function 05DC808E Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 234 5dc808e-5dc8098 235 5dc809e-5dc809f 234->235 236 5dc7b43-5dc7b5e 234->236 239 5dc7b69-5dc7b7c 236->239 241 5dc7b7f call 75f32f8 239->241 242 5dc7b7f call 75f32b2 239->242 243 5dc7b7f call 75f32f0 239->243 240 5dc7b81-5dc7b91 240->234 241->240 242->240 243->240
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: *$.
                              • API String ID: 0-3886413389
                              • Opcode ID: 5161336ec4d2318dbc7626836d7222390f6f4fb3a4311abd4bc85318b531c149
                              • Instruction ID: 7d90780eb6807c9e95a437f32b169862a147408edb9eba8a0e5b1f4cda99d24d
                              • Opcode Fuzzy Hash: 5161336ec4d2318dbc7626836d7222390f6f4fb3a4311abd4bc85318b531c149
                              • Instruction Fuzzy Hash: 34F0F474A42159CFEB69CF14C845AA8F7B2FF8A300F5094DEC80AA7240CB309E42CF41
                              Function 05DC7BA2 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 244 5dc7ba2-5dc7ba4 245 5dc7ba6-5dc7bd1 244->245 246 5dc7b72-5dc7b7c 244->246 247 5dc7b81-5dc8098 246->247 258 5dc7b7f call 75f32f8 246->258 259 5dc7b7f call 75f32b2 246->259 260 5dc7b7f call 75f32f0 246->260 250 5dc809e-5dc809f 247->250 251 5dc7b43-5dc7b7c 247->251 255 5dc7b7f call 75f32f8 251->255 256 5dc7b7f call 75f32b2 251->256 257 5dc7b7f call 75f32f0 251->257 255->247 256->247 257->247 258->247 259->247 260->247
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: !$.
                              • API String ID: 0-3958380972
                              • Opcode ID: 6526df4fd08bd84030592788ed1c6cd8062762d57c2557c2de56170bfbdd84c1
                              • Instruction ID: d29a6cb15305e51f9b0276a0936b84facf65c6882e3df52356f9a854983d6888
                              • Opcode Fuzzy Hash: 6526df4fd08bd84030592788ed1c6cd8062762d57c2557c2de56170bfbdd84c1
                              • Instruction Fuzzy Hash: 9CF09274E402188BEB54CF58C896BD9BBB1EB4A314F2490DA9909A7280C6729E82CF40
                              Function 05DC7B26 Relevance: 2.5, Strings: 2, Instructions: 19COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 261 5dc7b26-5dc7b2d 262 5dc7920-5dc7930 261->262 263 5dc7b33-5dc7b34 261->263 266 5dc7936 call 5dc9ae8 262->266 267 5dc7936 call 5dc9adb 262->267 265 5dc793c-5dc7956 266->265 267->265
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: 9$>
                              • API String ID: 0-3832740608
                              • Opcode ID: 7edc71570301ecd4d910e5189539ff7247aab19bd4454c0ee6b52fed24e14f78
                              • Instruction ID: 849ece98ece036878e3bd1cde348e3765f97dd21e9760b3b5a46e79e5287386c
                              • Opcode Fuzzy Hash: 7edc71570301ecd4d910e5189539ff7247aab19bd4454c0ee6b52fed24e14f78
                              • Instruction Fuzzy Hash: 33F0AE3494126ACFEB20CF14DA49BE9BBB9AB01305F1091EA844A63290D7789B85DF01
                              Function 05DC7D79 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: '
                              • API String ID: 0-1997036262
                              • Opcode ID: c720e29cade9d346b78c6f93b2eaf4fe7ad1476c33a6ce774ca14430a64e6513
                              • Instruction ID: 1bc20e188006aefe665d9b754e9f1ff448f92bb9613814c681682ca4ff35a195
                              • Opcode Fuzzy Hash: c720e29cade9d346b78c6f93b2eaf4fe7ad1476c33a6ce774ca14430a64e6513
                              • Instruction Fuzzy Hash: DA019D7594026ACFDB60CF18D989BE8BBB1FB05308F1484DAE20DA3251C7359E80CF00
                              Function 05DC7E59 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: E
                              • API String ID: 0-3568589458
                              • Opcode ID: 4b7b7bcf580bdc199964300ebd9ad5d087d84f8bf395963726328bddedcfb373
                              • Instruction ID: 156eda5be81332be203b018fcad5c648da54daed503c81abae8d65d9c571ac53
                              • Opcode Fuzzy Hash: 4b7b7bcf580bdc199964300ebd9ad5d087d84f8bf395963726328bddedcfb373
                              • Instruction Fuzzy Hash: 72F09B75C05229DFEB308F64D909BDCBEB2EF05305F20409AE20A232A1C7794A84DF01
                              Function 05DC7FEB Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: B
                              • API String ID: 0-1255198513
                              • Opcode ID: 3903b584d92990d41daf5c2748bb4aa3b10bc80f05590f196dd5ef1956156893
                              • Instruction ID: 9627d248c5edf5bb5820fcdb67f624c9230b643caa26a3fb7c76834c30f2b9d2
                              • Opcode Fuzzy Hash: 3903b584d92990d41daf5c2748bb4aa3b10bc80f05590f196dd5ef1956156893
                              • Instruction Fuzzy Hash: 99F0F23190065BDBCF219F64CD00ADABB72FF54300F10868AAA5923610DB30AA919F80
                              Function 05DC7B43 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: a47e5cb07dfa6e44af34db3968a80f083762a4c4b81b1bf7b1b0377fe702f3c9
                              • Instruction ID: d7e48467ae787a6142ddb78ddc40b52515203e2f3e383bf68bbd18377b71d715
                              • Opcode Fuzzy Hash: a47e5cb07dfa6e44af34db3968a80f083762a4c4b81b1bf7b1b0377fe702f3c9
                              • Instruction Fuzzy Hash: 40F09274A421598FEB69DF54D851AD8B7B1FB8A300F5094DA8809A7350CB31AE86CF41
                              Function 05DC7A7F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: 8d55541d4984a25e058a647797a707c21459511b14b46b6c6487138fc48ffb38
                              • Instruction ID: 85ad4278330681feaf87cec1ffe9074027010b0f1d7bc8f6115c03f2a9aa8551
                              • Opcode Fuzzy Hash: 8d55541d4984a25e058a647797a707c21459511b14b46b6c6487138fc48ffb38
                              • Instruction Fuzzy Hash: 9AE0BD78A41119CFDB54CF58D882A98BBB2FB4A300F10D0DEC919A7341C731AE428F80
                              Function 05DC7921 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: >
                              • API String ID: 0-325317158
                              • Opcode ID: ffee375b45efa3ae2b2e15985a929947da7d540b808f2acc469d933989e61fb1
                              • Instruction ID: 71ca256b6fff660a9d2571a1e9dac64a8d37837628fcf798b66d41d04a294a5b
                              • Opcode Fuzzy Hash: ffee375b45efa3ae2b2e15985a929947da7d540b808f2acc469d933989e61fb1
                              • Instruction Fuzzy Hash: 4CE0B63590026ACFDB20CF10D945FE8BBB5AB05300F1081EA840A63290D7389F85DF10
                              Function 05DC1E87 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID: $
                              • API String ID: 0-3993045852
                              • Opcode ID: 82e8c4ee971160671a8aff17520b8c6a84af5f966287f82ddf088727ff7cf7c4
                              • Instruction ID: f298ddd23c69323ec3b1e431439cfc509a6a92423ee9c3892b58f07493b508fe
                              • Opcode Fuzzy Hash: 82e8c4ee971160671a8aff17520b8c6a84af5f966287f82ddf088727ff7cf7c4
                              • Instruction Fuzzy Hash: 39D05E34904129CFCB10DF62D418399FFB2EF65301F00C0AAC495A7241CB7849408F60
                              Function 0759E7E0 Relevance: .5, Instructions: 534COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae2b60b457e956eec4a4e33d108dc53d5bbbb0dbdf1c93c47a12c02b027d3803
                              • Instruction ID: add789246d4b440798f31890b193a7c0bb4d3f365861e8cab32a6170bbcd9fe1
                              • Opcode Fuzzy Hash: ae2b60b457e956eec4a4e33d108dc53d5bbbb0dbdf1c93c47a12c02b027d3803
                              • Instruction Fuzzy Hash: 3D226EB6A002159FDB04DFA4D495AADB7F2FF88310F188569E905AB3A1CB75EC41CB90
                              Function 0759EFE6 Relevance: .5, Instructions: 492COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d2df7e35d3cb5b3cfcebf04b3597f0780dee2c90555ff3ac979efb3ca7e78c0b
                              • Instruction ID: 17ed477e5a9b44d636c50392981c2f53c43e7a92f9bb7785944a0e332350ad0b
                              • Opcode Fuzzy Hash: d2df7e35d3cb5b3cfcebf04b3597f0780dee2c90555ff3ac979efb3ca7e78c0b
                              • Instruction Fuzzy Hash: 431206B4700205CFDB14DF28C984AAABBF6BF89715B1584AAE505DB3B1DB35EC41CB90
                              Function 0759E7D2 Relevance: .4, Instructions: 403COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b07cc8f5c0e19eea719d9904681af0c775c048e23d0beac27d0a073de8bc8184
                              • Instruction ID: 819e0418db215bf8736591c6ce1217c7aa510bb67ce169e04dc8e426453789f4
                              • Opcode Fuzzy Hash: b07cc8f5c0e19eea719d9904681af0c775c048e23d0beac27d0a073de8bc8184
                              • Instruction Fuzzy Hash: 95E1AEB6A002159FDB05DFA4C496BADB7E2FF88310F188569E805EB391CB75ED41CB90
                              Function 05DC09D8 Relevance: .3, Instructions: 255COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1b34947d7ade8b5e91b18e8721846336d27216098582f0f3bc308db80f4b3b74
                              • Instruction ID: 6cff31b25af2587c78645e9641f7bb6801d41bc3eda475a79053c6fd7725c5e5
                              • Opcode Fuzzy Hash: 1b34947d7ade8b5e91b18e8721846336d27216098582f0f3bc308db80f4b3b74
                              • Instruction Fuzzy Hash: 4AC10474E05219CFDB14CFA8E948BADBBB2FB49305F1081AAD419A7351DB34AE85CF01
                              Function 05DC53D8 Relevance: .3, Instructions: 252COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c1b26ea480eabe0ae184f473233141e6b5c9366aab45f87c352372587fa0af08
                              • Instruction ID: c6081dae05047ac76f6cc487e87bc15a057d5a217514b60e27fbcc3fe49f02bd
                              • Opcode Fuzzy Hash: c1b26ea480eabe0ae184f473233141e6b5c9366aab45f87c352372587fa0af08
                              • Instruction Fuzzy Hash: 1DB1F5B0E05209CFDB14CFA9E984B9DBBB2FB89301F5081AAD459A7351DB34AD85CF11
                              Function 05DC53E8 Relevance: .3, Instructions: 252COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c88f2c6c4b3788b52895246a78bda387fa5e81f715c0afe910faa5cd2af393da
                              • Instruction ID: 29e9572d6d3a691808ee8cac714f2de14fb60ce1a61656f4df54b895290bf156
                              • Opcode Fuzzy Hash: c88f2c6c4b3788b52895246a78bda387fa5e81f715c0afe910faa5cd2af393da
                              • Instruction Fuzzy Hash: D8B1F6B0E05209CFDB14CFA9E884B9DBBB2FB89301F5081AAD459A7350DB34AD85CF11
                              Function 05DC8A6A Relevance: .2, Instructions: 250COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 88e46e37e2e7772673d263f04075819328583074a9777869c473fca83ee8b89e
                              • Instruction ID: 61903ecb15ba221b59759a0f464ab6b4d24abb2495967fd0550487bcaade77c0
                              • Opcode Fuzzy Hash: 88e46e37e2e7772673d263f04075819328583074a9777869c473fca83ee8b89e
                              • Instruction Fuzzy Hash: C0D168B5D05629CFDB61CF68CD44BD9BBB1BB49300F1081EAD94DA7250EB30AA84DF50
                              Function 0759A698 Relevance: .2, Instructions: 249COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 50915601d8c09bf597df01037ecff58d42385c2880718eb7cb2cc39f893f8643
                              • Instruction ID: 77343e319049f5d35322f72b2fcb0f4b41b06df85c607ae7bbdd6509f088b286
                              • Opcode Fuzzy Hash: 50915601d8c09bf597df01037ecff58d42385c2880718eb7cb2cc39f893f8643
                              • Instruction Fuzzy Hash: C19189B5B012159FDB05CF64D949AEDBBF2FF88310F14806AE805AB290CB39DD02CB60
                              Function 05DC54CC Relevance: .2, Instructions: 246COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 964471d9f4229e105d89f09481a145fe8fa4e56d985df7ef13b82ffee17311c7
                              • Instruction ID: 2889a8e1d2b7eea4cda9f102f2b90593cb8ab7b8b1b4fc30f6cf4f27d50b8a52
                              • Opcode Fuzzy Hash: 964471d9f4229e105d89f09481a145fe8fa4e56d985df7ef13b82ffee17311c7
                              • Instruction Fuzzy Hash: E6B1D4B4E05219CFDB14CFA9E884BADBBB2FB49301F5081AAD459A7351DB34AD81CF11
                              Function 05DC8AC3 Relevance: .2, Instructions: 234COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ef697a16bfaf60d9682fd99ff0f42ee0e9385140a8e3a8eddee361b651c63228
                              • Instruction ID: 54ae44fa29213eb3258fdaa064b670d062dbdcf32bab868aac5a4e7968a89d80
                              • Opcode Fuzzy Hash: ef697a16bfaf60d9682fd99ff0f42ee0e9385140a8e3a8eddee361b651c63228
                              • Instruction Fuzzy Hash: 3FC18AB5D05229CBDB61CF69CC44BD9BBF2BB49300F1082EAD54DA7250EB70AA84DF50
                              Function 07598E58 Relevance: .2, Instructions: 203COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b9e63c07cb5ea824e5d46473235a8ab9490119ca48f0008638c7fdf4698433e6
                              • Instruction ID: c1092a40868de02b68d9d871504f7eeef3cd4650e33bab15c6f3c282ee487a2c
                              • Opcode Fuzzy Hash: b9e63c07cb5ea824e5d46473235a8ab9490119ca48f0008638c7fdf4698433e6
                              • Instruction Fuzzy Hash: BE617476600100AFCB469FA8D814DAA7FA7FF8D31471980D9E2498B772DB36DC12DB91
                              Function 0759F7E8 Relevance: .2, Instructions: 185COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e907f4925d2d844819f1ac95b8ed0b50abd84e088f11c9d91e575a634ca39477
                              • Instruction ID: e90f82a6a0a605ac7e5f6bec2ef2be070633b6f27b852a7e2088a350e2c0a097
                              • Opcode Fuzzy Hash: e907f4925d2d844819f1ac95b8ed0b50abd84e088f11c9d91e575a634ca39477
                              • Instruction Fuzzy Hash: DC51AF713002069FEB199F68D840AAE7BA6FFC4754F54816AE805DB391CF79DC02CB91
                              Function 05DC9CB0 Relevance: .2, Instructions: 181COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c8fc904a5e34284bc6265a29db80f27833be4423c72ed1cbd38182600b77324
                              • Instruction ID: 349a7c412f0c32c9e8785fd764b9ff2df6222c2e6fdba313c2c9d7aa03159959
                              • Opcode Fuzzy Hash: 8c8fc904a5e34284bc6265a29db80f27833be4423c72ed1cbd38182600b77324
                              • Instruction Fuzzy Hash: 2471F3B4E05209DFDB04DFA9E8986AEBFB2FB89300F20816AD415A7354DB746945CF90
                              Function 05DC9CC0 Relevance: .2, Instructions: 178COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5365b77b8f85931bc8f1bc6d101239e3a3a7838395f8a0c5a0e4f3ddb2a61c42
                              • Instruction ID: b95881a67f3dcfe1f79a74c4637e3d3983f1871b00cac7134771a0c3ca13d054
                              • Opcode Fuzzy Hash: 5365b77b8f85931bc8f1bc6d101239e3a3a7838395f8a0c5a0e4f3ddb2a61c42
                              • Instruction Fuzzy Hash: 6F71F274E0520ADFCB44DFA9E8946AEBFB2FB89300F20816AD415B7354DB746945CF90
                              Function 05DC4FEB Relevance: .2, Instructions: 177COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 04e9a4b243cf2c81729e4d7c912ae6c2d193120344bb3f547967352922343fea
                              • Instruction ID: 880820ef60fc3862558aa7c936b90c13a72e586c999ae51eefbc026dd01341f8
                              • Opcode Fuzzy Hash: 04e9a4b243cf2c81729e4d7c912ae6c2d193120344bb3f547967352922343fea
                              • Instruction Fuzzy Hash: 6D810270A00219CFCB50DFA8E894BADBBB2FB8A301F5041AAD419A7355DB74AD80CF51
                              Function 05DC4CD8 Relevance: .2, Instructions: 165COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e28d61d997d170846d97467b7060f2bea73bf09272e5df682340ce7972cf007c
                              • Instruction ID: 5a42a6d12c70d6333563e00b607dabfcedb7ea1e72afbc9bdac2a05b5f506c48
                              • Opcode Fuzzy Hash: e28d61d997d170846d97467b7060f2bea73bf09272e5df682340ce7972cf007c
                              • Instruction Fuzzy Hash: E8711270A00219DFCB54EFA9E994B9EBBB2FF89301F5080AAD019A7354DB346D84CF11
                              Function 05DC4CC8 Relevance: .2, Instructions: 163COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cfbe567dd69ad50f865f5ad15c9bb95a627f63956e07a95717e328b154506dc6
                              • Instruction ID: 0841798ea2c263b7f5e5eacdc34abec959febced2de47e57abedde02c39ae6cf
                              • Opcode Fuzzy Hash: cfbe567dd69ad50f865f5ad15c9bb95a627f63956e07a95717e328b154506dc6
                              • Instruction Fuzzy Hash: 39711274A00218DFCB54EFA9E994B9EBBB2FF89301F5080AAD419A7354DB346D84CF51
                              Function 07598F50 Relevance: .2, Instructions: 156COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f5260bd5d40a7749ca83519f9fe4c880dc7dd73906b48c9388785a60025c6694
                              • Instruction ID: 8eaef7b8673f0843921b88af5119fefc6fbb4916895f29079081bb5aa7a0e9f8
                              • Opcode Fuzzy Hash: f5260bd5d40a7749ca83519f9fe4c880dc7dd73906b48c9388785a60025c6694
                              • Instruction Fuzzy Hash: B8511076600100AFCB469FA8DD14DA97FA7FF8D31471981D5E2099B272D732DC21EB91
                              Function 07598F60 Relevance: .2, Instructions: 155COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ded5f829a6355af1ae7a578fc505e3ba12fc125023b4f79bc3c3ffdb52eb17c6
                              • Instruction ID: 1f0195e1fd54be812e5c1e8152b1ebc23551b6226d8f95e68b7d889ed748e105
                              • Opcode Fuzzy Hash: ded5f829a6355af1ae7a578fc505e3ba12fc125023b4f79bc3c3ffdb52eb17c6
                              • Instruction Fuzzy Hash: 50513F76600100EFCB459FA8D914D59BFB7FF8D3147198099E2099B272DB32DC22EB51
                              Function 05DC4D9A Relevance: .2, Instructions: 152COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b517306d2a4ecf2c31b5a03c47a267334a52e341caa63103b3f01a756cd5803
                              • Instruction ID: d75479672c6039e5021d4b5c899bee4614e4c7f6c357b676e7ef3a23a0fe7e1f
                              • Opcode Fuzzy Hash: 2b517306d2a4ecf2c31b5a03c47a267334a52e341caa63103b3f01a756cd5803
                              • Instruction Fuzzy Hash: C571F174A00219DFCB54EFA8E994B9EBBB2FF8A301F5040AAD459A7355DB346D80CF11
                              Function 07599F82 Relevance: .1, Instructions: 145COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e84e68738701909b7b3b75aafbb0daefe364f14ae9a1df77b044889fc2ff0e59
                              • Instruction ID: 25079635790adf4daf227221d3ea5b769dc0e1dad1dd1a7fec78c4e9f5a04c9d
                              • Opcode Fuzzy Hash: e84e68738701909b7b3b75aafbb0daefe364f14ae9a1df77b044889fc2ff0e59
                              • Instruction Fuzzy Hash: 4641E471A006068FCB11CF68D884AAAFBB5FF85320F1582AAD5159B281D731FC46CBD1
                              Function 05DC4FB9 Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2687cd35fbabd7d53b36a0a242dc46bcf2e0774203d4133dcf80c99b7be43c48
                              • Instruction ID: 8e28ff754a3738fd1349c9867e1334b82a52cd808981a96b68d0e5612147c3e4
                              • Opcode Fuzzy Hash: 2687cd35fbabd7d53b36a0a242dc46bcf2e0774203d4133dcf80c99b7be43c48
                              • Instruction Fuzzy Hash: E961F074A01219DFCB54EFA8E994B9DBBB2FF8A301F5080AAD419A7355DB346D80CF11
                              Function 05DC50BC Relevance: .1, Instructions: 132COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a7ea4faa98ebf9a382029f9965234223d4b6d656bad74ddf3a3481f93591c429
                              • Instruction ID: 87bdb2f438dd79c0b1a7679e64f077e4e470530f8591636c9da4dc1fdcf8bebd
                              • Opcode Fuzzy Hash: a7ea4faa98ebf9a382029f9965234223d4b6d656bad74ddf3a3481f93591c429
                              • Instruction Fuzzy Hash: 31512474A00219DFCB54EFA8E994B9EBBB2FF8A301F5040AAD459A7351DB346D80CF11
                              Function 05DC5AD0 Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 64850bf2b0007810e4ec37c2d88e33cae6232f21ba3ee2503df50b86a686e889
                              • Instruction ID: 8060e965c602d1fa2c1a26ffa98a3b5e61c6dbd19f28ac6e3e291794cc79c020
                              • Opcode Fuzzy Hash: 64850bf2b0007810e4ec37c2d88e33cae6232f21ba3ee2503df50b86a686e889
                              • Instruction Fuzzy Hash: 3F415C34E002098FDB14DBA9D494BEEBFF2BF99601F14816AE406B7254DB70AC41CB90
                              Function 07596D66 Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea8fc559203997f64379c8b2991e289c9803eaa7cf14ffe5be69a91115c0975a
                              • Instruction ID: 94df5001b8ef6a238a4cb82b3b1b15b9ab17fc13d13ab84227e55837e0ac56d8
                              • Opcode Fuzzy Hash: ea8fc559203997f64379c8b2991e289c9803eaa7cf14ffe5be69a91115c0975a
                              • Instruction Fuzzy Hash: 0231BFB4D05209CFDB50CFA5D448BEEBBB2FB4A304F20957AD019AB245D779A889CF00
                              Function 07597D10 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7114988e7f7583816ba8cc39be8df43e5477711b159391a63b4904b68131829
                              • Instruction ID: fc3890b3927870f08afb8e7311b098603b5f62a3fce4df530d6cd6a55947307f
                              • Opcode Fuzzy Hash: b7114988e7f7583816ba8cc39be8df43e5477711b159391a63b4904b68131829
                              • Instruction Fuzzy Hash: 3D31F4B4E14209CBDB44CFAAD4846EEBBF6FB8D200F10C46AD429A7354D7785945CF90
                              Function 075977D2 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e020a8cd77115f8483fd363b616462f78aff65523c1d1644b858be56dc365e17
                              • Instruction ID: b63f4f03cee53fc72fd1abdacf775dc64a15ee93b16ca233368e146af88be5f9
                              • Opcode Fuzzy Hash: e020a8cd77115f8483fd363b616462f78aff65523c1d1644b858be56dc365e17
                              • Instruction Fuzzy Hash: F40104F311C3589EFA19D664B9021D9BBD1EB0823073409BFD2045A6A3ED32AB81D6C9
                              Function 0759CFD0 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a24c2d53ce8543d699d32f640571b4f18e61e146f5b21e8233515cf7ffb0b7e
                              • Instruction ID: 897678b6852b83cd9dd59108c89123df7b4c93432d76df2663eb8a0664a8bbf1
                              • Opcode Fuzzy Hash: 9a24c2d53ce8543d699d32f640571b4f18e61e146f5b21e8233515cf7ffb0b7e
                              • Instruction Fuzzy Hash: E62136B1B0020ADFDF90DEB8C904BEEBBB4AB44240F108476D919DB290E635CA52CB91
                              Function 01ABD01C Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3387277585.0000000001ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ABD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1abd000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e368a3bbae004c510115d5ad08f778906cd7f89af923cdba391820dcf75ba7a
                              • Instruction ID: cf91ce0a3a423503776a66143408fbc4703fd124b919b266bba581919e44e24b
                              • Opcode Fuzzy Hash: 7e368a3bbae004c510115d5ad08f778906cd7f89af923cdba391820dcf75ba7a
                              • Instruction Fuzzy Hash: 72214576104284DFCB15DF44D9C0B66BF69FB84328F248569E90A0B243C336C406CBA2
                              Function 05DC5228 Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1421a59b6577b8f589b21bde1d215d255e06cd11d39a66dd559bcf7bc11fd2e
                              • Instruction ID: 227ee8351e0649f8695003a238136492df093785c376d6f48aef0aca2aea5267
                              • Opcode Fuzzy Hash: e1421a59b6577b8f589b21bde1d215d255e06cd11d39a66dd559bcf7bc11fd2e
                              • Instruction Fuzzy Hash: 422134B0D0424ADFCF00CBA9E8406AEFBF1BB8A300F1585AAD016A3251DB786A048F51
                              Function 05DC5238 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: faaccf8e9829683d288b7d2c2e281e37b09532aaa3722a5ecaeb03c1ab22951a
                              • Instruction ID: e440e0630f4811e12e8c762f30da1bed6b444f0c596f89b453827290fc7fd1c8
                              • Opcode Fuzzy Hash: faaccf8e9829683d288b7d2c2e281e37b09532aaa3722a5ecaeb03c1ab22951a
                              • Instruction Fuzzy Hash: 022103B0D0420ADFCF04CFA9E8446AEFBF6FB89300F5085AAD416B3250DB786A418F51
                              Function 01ABD017 Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3387277585.0000000001ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01ABD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_1abd000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                              • Instruction ID: c3a3820c4424b3e739ab05bdfc1cc35689ce665029f9775af997dc485018f419
                              • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                              • Instruction Fuzzy Hash: 9B11B176504280CFCB12CF54D5C4B56BF71FB84328F24C5A9D8090B657C33AD45ACBA2
                              Function 07599E41 Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 041449575703cb832db693347077b53d47a6dcc68e89517f0fa6298cef5d9c57
                              • Instruction ID: 662df87e8d3d46dd55ee7dc559a91c181683c1261d312fe145b17cb0675f5b44
                              • Opcode Fuzzy Hash: 041449575703cb832db693347077b53d47a6dcc68e89517f0fa6298cef5d9c57
                              • Instruction Fuzzy Hash: C52150B8A42219EFDF04CF68D594EADB7B2BF89310F104159E905AB361DB34AD41CB50
                              Function 075977A8 Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b6ddf0ca350f3224a7b1be8f3d184f329476a6ad9547cd1dec500d2557859ab3
                              • Instruction ID: f7c2c0aea3fab847bb4fa26b33e9c0a02957ef9c7d2109513e965a4885b3d1dd
                              • Opcode Fuzzy Hash: b6ddf0ca350f3224a7b1be8f3d184f329476a6ad9547cd1dec500d2557859ab3
                              • Instruction Fuzzy Hash: B4F0FEBB5181049FDB58DA68F8421E8FBA0F708220F2046FBCC0857551D9315991C6C5
                              Function 05DC5A48 Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b42938140bbcb49932c8c7cdc5e41b0b3d2389e1431d1a67ade2b9fabe6ebc03
                              • Instruction ID: d5c58ad56b150c3e05d17ad2517089da7543bb757b7a352bb78237c0d0cc6b19
                              • Opcode Fuzzy Hash: b42938140bbcb49932c8c7cdc5e41b0b3d2389e1431d1a67ade2b9fabe6ebc03
                              • Instruction Fuzzy Hash: 9A019E31E1121B8FDB44EBB8D8151EE7BB2EFC6221B504566D119F7240EB306A468B90
                              Function 05DC9C28 Relevance: .0, Instructions: 44COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1876ca2b9c22e722d577e44c223c0cdb4e587dfe816f85a88154d79d64533963
                              • Instruction ID: bf008a6d95fc747cb2215c63524bcf589c1e7635b94cc0da785ada3a286351be
                              • Opcode Fuzzy Hash: 1876ca2b9c22e722d577e44c223c0cdb4e587dfe816f85a88154d79d64533963
                              • Instruction Fuzzy Hash: E401F2B490814CEBDB15DFA4D950BAD7FF9EB05300F1051EAD81893210DB30AA42DB92
                              Function 07598791 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0445bdadfa5b8343421628749931df9a2cab3bd7ca42e94a2758f37b1ddc56a4
                              • Instruction ID: 04071e9989b52ae1be01a5ed172e83d126183dc5dcd38d6329f609c70f414ded
                              • Opcode Fuzzy Hash: 0445bdadfa5b8343421628749931df9a2cab3bd7ca42e94a2758f37b1ddc56a4
                              • Instruction Fuzzy Hash: 64F0C2B1109249EFCF01CF64EC44A997BB9EF47201F0142E6E80897262DA76EE54CB61
                              Function 07599D11 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dc47a7ef6e0cafba65170061b54e3e5ba610d3bccf9ca032194dabe0ac16c40a
                              • Instruction ID: 4d6f9e5ab9946258125c663fd9bccae812acb5311c28a144685503468d80d179
                              • Opcode Fuzzy Hash: dc47a7ef6e0cafba65170061b54e3e5ba610d3bccf9ca032194dabe0ac16c40a
                              • Instruction Fuzzy Hash: 5DF06D7A3143459FCB118F2AD88488A7BB9FF8A62431180BAF905CB721DA30D900C7A1
                              Function 05DC88E0 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 87064807773bd10816770a12777dc008c4f1128a75aeda713cbf923be67f0221
                              • Instruction ID: 9b8043dac3783a67c07391fae6bf81fa3ebcc000ec1adb51a883e9e5fe8c3acd
                              • Opcode Fuzzy Hash: 87064807773bd10816770a12777dc008c4f1128a75aeda713cbf923be67f0221
                              • Instruction Fuzzy Hash: 2101F63580424AEBCF009F99DC01AE9BB75FF89320F01C51AEA5837250D731A6A6DBA1
                              Function 07599F28 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1863a4f485abc1c498196352eb972bb49408f122ec00a2c554729abef3db1132
                              • Instruction ID: b718559ab35ee7cbeadfc456d8aa26871d83334c660f495aa1cf93b9b80b63ae
                              • Opcode Fuzzy Hash: 1863a4f485abc1c498196352eb972bb49408f122ec00a2c554729abef3db1132
                              • Instruction Fuzzy Hash: B6F0A7767002164BC711DB5DE440A9BB769EFD13107158636F60597200DB71F89282D4
                              Function 05DC88F0 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f7b26afc5c6c852ca20aa12127461b58ee8e09236833297569a235f892f9906
                              • Instruction ID: 9b79d2af08c92c398718b7b2083ed0479b6a499c7be52116be78b909477a8f79
                              • Opcode Fuzzy Hash: 2f7b26afc5c6c852ca20aa12127461b58ee8e09236833297569a235f892f9906
                              • Instruction Fuzzy Hash: 9CF0373580024EEBCF00DF98C8009EEBB75FF89320F00C61AE95837210D731A6A2DB91
                              Function 07599F1A Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 060f9290d7782a22eb1da9a8da981399a09af27009f42c363639dda66de4ea63
                              • Instruction ID: 3b2305eabae47b155688e43e475a0db9d56adb23bae1ade37af5d324431ee7c6
                              • Opcode Fuzzy Hash: 060f9290d7782a22eb1da9a8da981399a09af27009f42c363639dda66de4ea63
                              • Instruction Fuzzy Hash: 1CF05C313052554FC7029B0CD840DD67B6ADFC331070681EBF4059B142CB61BC46C3D4
                              Function 05DC99EF Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29f7994e0fa7f87a22ea7ab6d6169a1c174e673d63a677d688834a8965283779
                              • Instruction ID: 572426429ad8ad74c055e1def20ad57959ee7d5cd30b11d98eee53e83d2cb17d
                              • Opcode Fuzzy Hash: 29f7994e0fa7f87a22ea7ab6d6169a1c174e673d63a677d688834a8965283779
                              • Instruction Fuzzy Hash: 3FF03435908249EFCF04DF94D850BACBFB5FB48300F1081AAE864A3251C6369A62EF81
                              Function 05DC74F3 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e451b9a34c7c61dac8a1bff05629854d074ac366c558e9c7c55400eef75a11a5
                              • Instruction ID: f6cbfabda07ca6d0e87843c1e1e719bc2266b3a6346fe09359fa027bd4b803d4
                              • Opcode Fuzzy Hash: e451b9a34c7c61dac8a1bff05629854d074ac366c558e9c7c55400eef75a11a5
                              • Instruction Fuzzy Hash: 75F01C76908109EBCF05DE94DC42E9DBB75FB44300F148599AC0567352D6329A61EB91
                              Function 05DC7C15 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ff5da8d2e1e4220d5e6862e5eccc2566148be14d4a18ff165cd2a415ee092628
                              • Instruction ID: 76e14a01ed76d29723bdec596f86739b0c4677a02db1bb5335e4bb3f9fb5e6e2
                              • Opcode Fuzzy Hash: ff5da8d2e1e4220d5e6862e5eccc2566148be14d4a18ff165cd2a415ee092628
                              • Instruction Fuzzy Hash: 4AF0CF70A02219DFEB64CF54CD51BADBBB2EF86300F2040DA9549BB280CB726E81CF44
                              Function 05DC5FA8 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a5e9bab8d86c8ed0e73026ee93594cc3d95ac45da17bd73676e9ddfeb8726e16
                              • Instruction ID: e32b01d784322d6a64889bde4cd4b88c271a9a4b0f0dde34108319d00dbc6ddf
                              • Opcode Fuzzy Hash: a5e9bab8d86c8ed0e73026ee93594cc3d95ac45da17bd73676e9ddfeb8726e16
                              • Instruction Fuzzy Hash: 29F03075D05208EFCB54DFA8D84179CBFF4EB48310F2081AA9818E7350D735AA41CF41
                              Function 05DC6218 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78d23b50e834e38f3d8f06aa22e9755c5afe49f6e199fb1fb93f021d8eb9ab07
                              • Instruction ID: 774ce73f48d02852820a7b0255fa78a06e5036cb33797eea6af7866b912a9a5d
                              • Opcode Fuzzy Hash: 78d23b50e834e38f3d8f06aa22e9755c5afe49f6e199fb1fb93f021d8eb9ab07
                              • Instruction Fuzzy Hash: 14F01C35508108EFDB05DF98E845BADBF75FB49300F20C599EC5523265C736DA62EB41
                              Function 07597679 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12802bf5934e60ccebb8b0f87d639bdfea58332fda2f51f45d53093cebd58ed2
                              • Instruction ID: 9f8740e5f1b05f2ce57373089c341bd76beb7ccacf6ec5a020b73b96b4ca7364
                              • Opcode Fuzzy Hash: 12802bf5934e60ccebb8b0f87d639bdfea58332fda2f51f45d53093cebd58ed2
                              • Instruction Fuzzy Hash: 70F0E2B4E05018DFDB18DFA8E595A9CBBF2FB49300F60416AE409A7350CB389D55CF01
                              Function 07596FA7 Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb55c607950f45b07ffe70206b3d4fa59866066941afcd5d871a626a3917b9a0
                              • Instruction ID: beba0e6766ce560c931eeff78497c6d7601c92124902ce5911e968165d51234e
                              • Opcode Fuzzy Hash: cb55c607950f45b07ffe70206b3d4fa59866066941afcd5d871a626a3917b9a0
                              • Instruction Fuzzy Hash: 1AF0F9B4A00229DFCB11DF58E955BDDB7B1FF4A301F4001AAE549A7340C7799D848F02
                              Function 0759760D Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f48fb1bccdc97c7ad4397b545fab6e1422a3e2a1af5a76e62583b9ff2ce675ee
                              • Instruction ID: b42f9b0ffbd19347c59621d4c6e09a7d5cf98252b7735ecd400715d5ad8947cf
                              • Opcode Fuzzy Hash: f48fb1bccdc97c7ad4397b545fab6e1422a3e2a1af5a76e62583b9ff2ce675ee
                              • Instruction Fuzzy Hash: 33F0F4B4E00218DFDB21DFA9E494B9DB7B1FB49300FA0056AE52AA3380C7389D849F01
                              Function 05DC1071 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e264e3687604c7c8014037264a43e2668e81cae473bdcf9e857b8f81408ba53e
                              • Instruction ID: 7661481ebb95e37f14ddcfc8a3c1d41a332e3bf5e0695c3746318a9a556dd3ef
                              • Opcode Fuzzy Hash: e264e3687604c7c8014037264a43e2668e81cae473bdcf9e857b8f81408ba53e
                              • Instruction Fuzzy Hash: 9AE09238508104DBC714DBA4E8857A8BB74FB40304F1082AA881463301CA319E93DB41
                              Function 05DC4C89 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd9b471e6345025b46a484c88c7dc457b96738b273ae9c2020ca7b40fe3be6f7
                              • Instruction ID: 5a7b298275d0e094fabc2ef6fd72c1c47c93f40a295f6e106c0485f41bcc6441
                              • Opcode Fuzzy Hash: cd9b471e6345025b46a484c88c7dc457b96738b273ae9c2020ca7b40fe3be6f7
                              • Instruction Fuzzy Hash: A8E0DF34908308DBDB04DB98D9816A8BBB9EB45315F2081EFD809B7351CA31AE92CB81
                              Function 05DC7720 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 171c661e6fccee1784e39a8655cdbfc6ef9c78f3dab895e3ab814134ac5e0238
                              • Instruction ID: 88c87de7cdb7a48572719c42f24807647e8be94c5971462d276cabe3007728d5
                              • Opcode Fuzzy Hash: 171c661e6fccee1784e39a8655cdbfc6ef9c78f3dab895e3ab814134ac5e0238
                              • Instruction Fuzzy Hash: 77F0B270945219DBDB60CF48DE45BADBBB6FB05300F2084CAD609B7290C7369E81DF44
                              Function 05DC3EF1 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0d59f9117298c5f0d64a500877fc70f696a0d5cd80515b922442607fb11c57e
                              • Instruction ID: f8fe0e8e1ec896d038a13dc1f2fb8629305252d20916aaa171352c0c1150a6bb
                              • Opcode Fuzzy Hash: f0d59f9117298c5f0d64a500877fc70f696a0d5cd80515b922442607fb11c57e
                              • Instruction Fuzzy Hash: 1FE0DFF2A0124CEBE701EFB8D8017DABBE9EB05240F0005EAC508A3901EE715A408B93
                              Function 05DC4628 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2cb8d692db3b1f299bcb8ecfae449b3bba32edfd2596424a578a0a7049bc32f1
                              • Instruction ID: 4af867268133ce6137796accb17b886478ae60b8ccd923be5a52eb83af20407b
                              • Opcode Fuzzy Hash: 2cb8d692db3b1f299bcb8ecfae449b3bba32edfd2596424a578a0a7049bc32f1
                              • Instruction Fuzzy Hash: B5E0D8389082089BCB14CFA4D995BECBFB4EB45315F2081EDC85417346CA319E82CB92
                              Function 05DC51E8 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ee11d14687b63e4770d8aab0942a0e6d2e2ad0984814e7f5e99ac6bda00d7826
                              • Instruction ID: af1e63cefc651746bb76c3fbb0b39fbd291c20841d1c61a1b7f3eba6d585998a
                              • Opcode Fuzzy Hash: ee11d14687b63e4770d8aab0942a0e6d2e2ad0984814e7f5e99ac6bda00d7826
                              • Instruction Fuzzy Hash: 08E0D834909148DFCB50CB94E8413A8FFB4FB45200F1042DEC85963351DA359E42D751
                              Function 05DCA150 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 15fd15da5eecc8b5d83cd418d97eb9f6bf234138d472cb21c479c495f624f2e1
                              • Instruction ID: fb447d690ba01ee3e6795519d40b03aa885629cb6116aec02bbb60e9df2cd89c
                              • Opcode Fuzzy Hash: 15fd15da5eecc8b5d83cd418d97eb9f6bf234138d472cb21c479c495f624f2e1
                              • Instruction Fuzzy Hash: 89E0DFB480910CABCB04CA94DC81B69BBB8EB44300F2091E98C08A3350C636AE82DB44
                              Function 05DC5390 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fee69f457824de0fcd4d8aea146667a3a981deff407a5b36eac21ecac360dcb6
                              • Instruction ID: 2ecb7ef5263c710f60a4cbada7d8d191d12efcc25772b4b8e480b12f94b44137
                              • Opcode Fuzzy Hash: fee69f457824de0fcd4d8aea146667a3a981deff407a5b36eac21ecac360dcb6
                              • Instruction Fuzzy Hash: 40E06D30909108DFCB50DFA8E85679CBBF4EB08300F2080A9D80893301D671AA81CB80
                              Function 05DC5300 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 959c5b54ed52ab014593fd69ed8ac81d59b4f1c30672cbcce1213410a14e04d9
                              • Instruction ID: aec1a955100294d7d4abe5396634fa332b1a5a3d244b6fd630e95457fe9ed675
                              • Opcode Fuzzy Hash: 959c5b54ed52ab014593fd69ed8ac81d59b4f1c30672cbcce1213410a14e04d9
                              • Instruction Fuzzy Hash: 6DF0ED78808288DFDB11CBA4E8445AC7FB0EB0A301F1201EBC89593232CA345E40DB01
                              Function 05DC9ADB Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0f80674b4794118b4235214cf77e9f3a4bbac1370e8d9c0ef3f8bbfdd919f9d5
                              • Instruction ID: 4398fb2df2e51da85d16ad06c12b957d41cc8b29cbb970365d613f722a725272
                              • Opcode Fuzzy Hash: 0f80674b4794118b4235214cf77e9f3a4bbac1370e8d9c0ef3f8bbfdd919f9d5
                              • Instruction Fuzzy Hash: 80F039B8908248ABCB04CF94D8A1BACBBB5EB48300F10C1AAD85897351D635AA52DF84
                              Function 05DC6A4C Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55ef30c80cf0fc5c2ff968d213fd3abcfc04dc2271bc20a82fbaa998499ff619
                              • Instruction ID: be9c0749e77c87c15c3fc858364455294efeb2e7e5ae97bedebf853ae42becdf
                              • Opcode Fuzzy Hash: 55ef30c80cf0fc5c2ff968d213fd3abcfc04dc2271bc20a82fbaa998499ff619
                              • Instruction Fuzzy Hash: 8CF0B274904219DFDB21CF98E884BADBFB2FB08310F5085DAE549AB251C774D9A0DF50
                              Function 05DC9A00 Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df7557302041f6bcf5048f3a174b339fd0733017e00e66963bdd5e57e2e76716
                              • Instruction ID: 4ac4d6400224c7c56f7483404eadebac449af0c3076c8286baff2ef141dade09
                              • Opcode Fuzzy Hash: df7557302041f6bcf5048f3a174b339fd0733017e00e66963bdd5e57e2e76716
                              • Instruction Fuzzy Hash: 6FF01535804248EFCF05CF94D840AACBFB5EB48300F1081AAEC54A3351C632AA61EF81
                              Function 05DC7500 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 345c399c09e2fb7a20583bb116c90abac318b6e4b39843bac6fe5e6188405e10
                              • Instruction ID: 0a386ccb5b152b90add66c633379760e527eff5e20428ccbccc59aab2dcb9d39
                              • Opcode Fuzzy Hash: 345c399c09e2fb7a20583bb116c90abac318b6e4b39843bac6fe5e6188405e10
                              • Instruction Fuzzy Hash: 73E06D39404208EBCF05CF94D8409ADBF75FB48300F10859DEC0423251C7329A61EF81
                              Function 05DC9C71 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02ff4d0c24b66da6fd60eadfec38b454068fbc1e54fcf0a490ba02fe8a92d95a
                              • Instruction ID: e122c65331e4fba93d6ac1fd656607ac30cb2b82b185ef7489e094428c574196
                              • Opcode Fuzzy Hash: 02ff4d0c24b66da6fd60eadfec38b454068fbc1e54fcf0a490ba02fe8a92d95a
                              • Instruction Fuzzy Hash: 66E0DF74908108EFCB08DFA4E99476CBBB4FB45304F1282ADC80863310C731AE83DB80
                              Function 05DC78B3 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 125b5a8cd9e6da876dfb51b6fb5ad671178053a0132a8c4ca22f1fb44ef419ab
                              • Instruction ID: c64b0e7a64cbc1102e5a539e7053a2178da2c40eef36ba0e5a35c453e1d20954
                              • Opcode Fuzzy Hash: 125b5a8cd9e6da876dfb51b6fb5ad671178053a0132a8c4ca22f1fb44ef419ab
                              • Instruction Fuzzy Hash: 4AF0BC35D012299FEF299F60D814BDCBAB2FF99300F5004D9D10A632A0CB750A84DF00
                              Function 075987D0 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fdf084c7e45a18163c7a78f854f2a65c5b1b250919804681b91bd891b94686ef
                              • Instruction ID: d8f6db3b575418a7c51e3e9459ecc1cd5b9b0a35f00e6a961902400cdf3c2100
                              • Opcode Fuzzy Hash: fdf084c7e45a18163c7a78f854f2a65c5b1b250919804681b91bd891b94686ef
                              • Instruction Fuzzy Hash: 06E0D834A09148EFDB01DF78ED115DDBFB5DF46204B00419AD44CE3702DA751E019B51
                              Function 05DC7899 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 35a2101fd5fdc855c3136174094c3ee23c301af2b0fb1cc31c8e96669e31d158
                              • Instruction ID: 2e9f1e6d8284ac25b08c43233e7ebbdddbe05ed1315921bb69be9612581f72a4
                              • Opcode Fuzzy Hash: 35a2101fd5fdc855c3136174094c3ee23c301af2b0fb1cc31c8e96669e31d158
                              • Instruction Fuzzy Hash: 98F07F3584522DCFDB60CF14C944BE8BBB6FB49319F14819AC80D67291D7759A86DF00
                              Function 05DC9AE8 Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c6359e5fe8b93f4869d1a723554dfe2f66f89e308f5a0f58aa48a9a67031e55
                              • Instruction ID: 348cc4d992d8a692bdbb18341096d2e04fa21be8a1406c3f490877f4c32ed4bb
                              • Opcode Fuzzy Hash: 2c6359e5fe8b93f4869d1a723554dfe2f66f89e308f5a0f58aa48a9a67031e55
                              • Instruction Fuzzy Hash: F1E065B4808248ABCB04CF98C880AACFBB9AB48300F1081AA985863341D631AA42DB80
                              Function 05DCAAB9 Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e9d816b061462b71ebcff3193324a16a01627aa726c895827072ea96abf87b4
                              • Instruction ID: 4479451e2cb72a800e484e1ee0a20e2fd6018e55386ef62211dfb7236caa5338
                              • Opcode Fuzzy Hash: 4e9d816b061462b71ebcff3193324a16a01627aa726c895827072ea96abf87b4
                              • Instruction Fuzzy Hash: 2AD02E7144B10AEBCF00CBA5E901BAA7FBCE702300F011299D405A3220CA344E40D785
                              Function 05DC4C98 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: 354b238c1c20fba8acbb30385a7f8b5ba82cbca357bab5fa1bbf050d50a03fe4
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: 73E0C234908208DBCB04DF94D980A6CBBB8EB45305F2081EDC80963351CA31AE92CB85
                              Function 05DC9C80 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: c3407749982bf7e80c4bf2061e3e1b827bafe7ae9bf4c6a0727bf7ddd254d071
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: 03E0C238908208DBCB04DFA4D980A6CBBB8EB45300F2181EDC80863345C631AE43CB81
                              Function 05DC3F00 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 779570d29622f00b997020df87a32c737fce349c369d3010ba54c831f9f34ebb
                              • Instruction ID: 8e6d6c78a5a325e9ee5e02c0ac593312d3e9f3e814ead1e1796c6e88c2d10aef
                              • Opcode Fuzzy Hash: 779570d29622f00b997020df87a32c737fce349c369d3010ba54c831f9f34ebb
                              • Instruction Fuzzy Hash: 59E0C2B180114CEBEB04EFF8840069E7BF99F44200F0005E6C90893111EF705E009793
                              Function 05DC4638 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: 56dbd95cb4e63030e5608ed7940afb59e04892c463fee0c89940a5ca2ae52354
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: 9AE0C234908208DBCF04DF94D990AACBBB8EB45305F2081EDC81823345CA31AE42DB81
                              Function 05DC09E8 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: b9a792800bbf8f6283bf209e3f72c156b211c94cf27a9aaa4e1a7500635d1318
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: 4FE0127490924CDBCB04DFA4D985A6DFBB9EB45304F20C1EDC80967351DB71AE42DB85
                              Function 05DCA160 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: 8521c30ce0d4e9fb6e962c4d88d6858b396a95c4a3a42456233ddc51eb7ec8a6
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: 4FE0127490920CDBCB04DF94D981A6CBBB9EB45304F6091EDC859A7351C671AE42DF85
                              Function 05DC1080 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction ID: 9d8b0948941960304d45b680eddfef28f6cf3ba5f7e599b7a2cbc4afe781822c
                              • Opcode Fuzzy Hash: 5a1921e9f683d4394d9072b9171ee8462da834e536e0811c346118f77d2c96ba
                              • Instruction Fuzzy Hash: C3E0C238908248DBCB04DFE4D881A7CFBB8EB45300F2081EDC80823342C632AE83DB81
                              Function 07596548 Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d91c34028e4773d157430a702065060a7e87f6832377205871e89481c4879e9c
                              • Instruction ID: 39ff3d3ee29d01cfadf44be97e06d103385c28ea170e7ce7718752b099d50c6c
                              • Opcode Fuzzy Hash: d91c34028e4773d157430a702065060a7e87f6832377205871e89481c4879e9c
                              • Instruction Fuzzy Hash: 76E0ECF4D15248EFCB44EFA8D88569CBBF8FB05201F5041B99808A3254E6705A84CB51
                              Function 05DC35A0 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19f4f163b5d5016961ed007226d6134831c9be6c935a207e2dc4b82f30df4839
                              • Instruction ID: d3f7d4f5e3033270357ae0a1b65814aa98cef94452af6268512482684c539e72
                              • Opcode Fuzzy Hash: 19f4f163b5d5016961ed007226d6134831c9be6c935a207e2dc4b82f30df4839
                              • Instruction Fuzzy Hash: 6AE0C274808248DFC744DBA8C84066CBFB8EF05205F1081EEC84853341D631DE46CB81
                              Function 05DC51F8 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19f4f163b5d5016961ed007226d6134831c9be6c935a207e2dc4b82f30df4839
                              • Instruction ID: 4da3e2da86df90ac81b336fbce81c8ddf0a0dc92e99800cf8a0ef93ecb13def6
                              • Opcode Fuzzy Hash: 19f4f163b5d5016961ed007226d6134831c9be6c935a207e2dc4b82f30df4839
                              • Instruction Fuzzy Hash: 12E0C234809248DFC754DBA8D94076CFFF8AB45200F1041EECC5A53351D631AE42DB41
                              Function 05DC7E73 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e4f7d8d1d6cc368eca0e56821e5fb6fffc875e848f192424821222d7db4c4ee0
                              • Instruction ID: 4435836ef081206d8665d4a0319a9035dadae739a61786ae457798198c184329
                              • Opcode Fuzzy Hash: e4f7d8d1d6cc368eca0e56821e5fb6fffc875e848f192424821222d7db4c4ee0
                              • Instruction Fuzzy Hash: 4DE0EE75D402288FEB208F14DC46BE8BAB1BB08305F1005DAE209A2280C3B84AC4CF60
                              Function 0759773D Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 31daf126c3c655d2e99f1ddb069f01fb4dc8c7bc5915aadcf2fb5ad58f0a05c6
                              • Instruction ID: 112d299c34cfc0c06ce7bd31e6eaf624bf7eb97d09a8ace6686dbee53cbca188
                              • Opcode Fuzzy Hash: 31daf126c3c655d2e99f1ddb069f01fb4dc8c7bc5915aadcf2fb5ad58f0a05c6
                              • Instruction Fuzzy Hash: 7AE0E570904218CBEB65AF24E898BCDB7B2FF4A311F4084AAD50AA3250CB341D819F91
                              Function 075987E0 Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a50f43c5513448e28c51639167b49d1d74f2ebee99f9918aa749a81d9a7256a
                              • Instruction ID: 0ab6ef500b14ec1e503dc9d81a9df7862fb72c92f3532569da202fdf3dee54ef
                              • Opcode Fuzzy Hash: 5a50f43c5513448e28c51639167b49d1d74f2ebee99f9918aa749a81d9a7256a
                              • Instruction Fuzzy Hash: B7E01270A4110DEFCB40DFA4EA0169DB7F5EF49200F108599E80CE3701DB755E009B91
                              Function 07596E9B Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7570574d6cfa90e5c4c9743e72ef94c5d405d262cdced0670a33ae1d39da076a
                              • Instruction ID: 358bf7e809124344dbc91b0459fd2e731cbefc39810638629916dbe6fe51f832
                              • Opcode Fuzzy Hash: 7570574d6cfa90e5c4c9743e72ef94c5d405d262cdced0670a33ae1d39da076a
                              • Instruction Fuzzy Hash: 5CE0E5B0A0011ADFCB649F24E858B9AB772FB5A301F4081A9D90DA3741DB351D858F41
                              Function 05DC76C7 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b2953295e2fd98c3b2705f280079a7a741299175b3560975901aadecd5f0a442
                              • Instruction ID: eb4750afe6f7ccef60f07a20203ff76c7f685ca31fe10781faee4816b453c869
                              • Opcode Fuzzy Hash: b2953295e2fd98c3b2705f280079a7a741299175b3560975901aadecd5f0a442
                              • Instruction Fuzzy Hash: 4CE09A74901218DBDB50CF54DD51F99BBB2EB49300F2080CADA49B7280C7369E81CF40
                              Function 05DCAAC8 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3426319142.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5dc0000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b7d105fdd1b9127f557d5da306b19d72b9318130f7793a129ce74577d43a993
                              • Instruction ID: f8a892827fc57500c9ec1c12d170a4fe2959b34b18bf77ba80a54bacf21c712b
                              • Opcode Fuzzy Hash: 7b7d105fdd1b9127f557d5da306b19d72b9318130f7793a129ce74577d43a993
                              • Instruction Fuzzy Hash: 74D0227088B20DDBCB04CAB8D900B6A7BACD702300F0022EEC80AA3350DA705E40D349
                              Function 07596F51 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 376763dae071705754153c233f1e1cf81ff55e3a4cab26ccff2fa58b83ad480f
                              • Instruction ID: 80d4837791d56ec339397ebb7404c6acf8254c66099170ff0c146ad648868a4e
                              • Opcode Fuzzy Hash: 376763dae071705754153c233f1e1cf81ff55e3a4cab26ccff2fa58b83ad480f
                              • Instruction Fuzzy Hash: 87E01AF0A00219CFDB21DF54E895FAEB771FB86210F4081A9A88963790CB341D809F61
                              Function 07596EFB Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b271ae3e05d124688a23420e885bbd276c89ee16b425ca9829f03f7415dacc2e
                              • Instruction ID: 607871dd0e5b198e9f33bdad5b4eb0f33e002137245e99f6a1a2e6895a10d7b3
                              • Opcode Fuzzy Hash: b271ae3e05d124688a23420e885bbd276c89ee16b425ca9829f03f7415dacc2e
                              • Instruction Fuzzy Hash: 1DE01AB4900219CFCBA1EF64D8947AEB772FB45201F4041A9D05DA3350CF342D89DF51
                              Function 075976E3 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6a1ee7dd2fdcffde775b75086c76b3bcadbbaa991363184ac1e1c66159d612f
                              • Instruction ID: 5d24dc786f573043cb3d02c572ded4b0228461682e99bfb6d66c94c47e885e3d
                              • Opcode Fuzzy Hash: c6a1ee7dd2fdcffde775b75086c76b3bcadbbaa991363184ac1e1c66159d612f
                              • Instruction Fuzzy Hash: 78E0E5B0A10119DBDB649B64E864B9DB7B2FB4A301F504099940E63284CB341D448F11
                              Function 07596D4F Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 356f54a873b530e7579b53db0fd1bca039d3a7b481c289ad2024f89b0f740f47
                              • Instruction ID: 6641aecfd54a53c06647f061d9f671c402e663ec0c52fa836eebb9f937885987
                              • Opcode Fuzzy Hash: 356f54a873b530e7579b53db0fd1bca039d3a7b481c289ad2024f89b0f740f47
                              • Instruction Fuzzy Hash: 7FC00274565164DBDB294B64E4A699D7AB4FB0A316F810826F003D1581CB3AC8189A56
                              Function 0759CFAE Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.3438273331.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7590000_cvchost.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8866820ae5d258ff0039ef4be7f7410d1a58f8a8a131b097c8f4226d1100014d
                              • Instruction ID: 6b95076dedbef12310144cc6c1205a6d974b809a47f10ead9e45824cbde7d631
                              • Opcode Fuzzy Hash: 8866820ae5d258ff0039ef4be7f7410d1a58f8a8a131b097c8f4226d1100014d
                              • Instruction Fuzzy Hash: 60A0123150C4005ED6024A10D90A449BA11F790300711C525B0C442014C7300C10E580