Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GjNVpV53SR.exe

Overview

General Information

Sample name:GjNVpV53SR.exe
renamed because original name is a hash value
Original sample name:cf118a2c4586551e6eae18e41b52842a.exe
Analysis ID:1550364
MD5:cf118a2c4586551e6eae18e41b52842a
SHA1:4e3518b74b2ae236777986f27d45d8d70358256e
SHA256:dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58
Tags:exeuser-abuse_ch
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Quasar RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • GjNVpV53SR.exe (PID: 6320 cmdline: "C:\Users\user\Desktop\GjNVpV53SR.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
    • GjNVpV53SR.exe (PID: 2000 cmdline: "C:\Users\user\Desktop\GjNVpV53SR.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
      • shellhost.exe (PID: 5776 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
        • shellhost.exe (PID: 5960 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
  • shellhost.exe (PID: 3412 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
    • shellhost.exe (PID: 5376 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
  • shellhost.exe (PID: 2756 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
    • shellhost.exe (PID: 6564 cmdline: "C:\Users\user\AppData\Roaming\Code\shellhost.exe" MD5: CF118A2C4586551E6EAE18E41B52842A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

Threatname: Quasar

{"Version": "1.4.1", "Host:Port": "goooooooool.com:1337;", "SubDirectory": "Code", "InstallName": "shellhost.exe", "MutexName": "771ac64-b9299-43dc-b9229-3a828da05", "Tag": "CHING-CHONG", "LogDirectoryName": "syslogs"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    00000000.00000002.2089459742.00000000081B0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000007.00000002.2671682402.0000000006006000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 26 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.shellhost.exe.6006678.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.GjNVpV53SR.exe.81b0000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                6.2.shellhost.exe.412a3f0.1.raw.unpackJoeSecurity_QuasarYara detected Quasar RATJoe Security
                  6.2.shellhost.exe.412a3f0.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    6.2.shellhost.exe.412a3f0.1.raw.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
                    • 0x28eed8:$x1: Quasar.Common.Messages
                    • 0x29f201:$x1: Quasar.Common.Messages
                    • 0x2ab832:$x4: Uninstalling... good bye :-(
                    • 0x2ad027:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
                    Click to see the 31 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Code\shellhost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\GjNVpV53SR.exe, ProcessId: 2000, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShellHost

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-06T17:30:19.843074+010020229301A Network Trojan was detected52.149.20.212443192.168.2.449730TCP
                    2024-11-06T17:30:58.149282+010020229301A Network Trojan was detected52.149.20.212443192.168.2.449736TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: goooooooool.comAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000004.00000002.2081472410.0000000002F61000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Quasar {"Version": "1.4.1", "Host:Port": "goooooooool.com:1337;", "SubDirectory": "Code", "InstallName": "shellhost.exe", "MutexName": "771ac64-b9299-43dc-b9229-3a828da05", "Tag": "CHING-CHONG", "LogDirectoryName": "syslogs"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeReversingLabs: Detection: 47%
                    Multi AV Scanner detection for submitted file
                    Source: GjNVpV53SR.exeReversingLabs: Detection: 47%
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2427586687.000000000327B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 2000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5960, type: MEMORYSTR
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: GjNVpV53SR.exeJoe Sandbox ML: detected
                    Source: GjNVpV53SR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: GjNVpV53SR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GjNVpV53SR.exe, 00000000.00000002.2056401813.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004151000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004063000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GjNVpV53SR.exe, 00000000.00000002.2056401813.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004151000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004063000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 0551DB14h0_2_0551DA90
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 0551DB14h0_2_0551DA80
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 0555D48Ah0_2_0555D400
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0555B780
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0555B788
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 0555D48Ah0_2_0555D647
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 05556B38h0_2_05556B50
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 0555D48Ah0_2_0555D3F0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 05556B38h0_2_05556A78
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then jmp 05556B38h0_2_05556A80
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_081ADA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C2DB14h5_2_05C2DA80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C2DB14h5_2_05C2DA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C6D48Ah5_2_05C6D400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_05C6B780
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_05C6B788
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C6D48Ah5_2_05C6D647
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C6D48Ah5_2_05C6D3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C66B38h5_2_05C66A80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 05C66B38h5_2_05C66A78
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_07C3DA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 0516DB14h6_2_0516DA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 0516DB14h6_2_0516DA80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 051AD48Ah6_2_051AD400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_051AB788
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_051AB780
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 051AD48Ah6_2_051AD647
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 051AD48Ah6_2_051AD3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 051A6B38h6_2_051A6A78
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 051A6B38h6_2_051A6A80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h6_2_072DDA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E3DB14h7_2_02E3DA80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E3DB14h7_2_02E3DA90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E76B38h7_2_02E76A80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E76B38h7_2_02E76A78
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E7D48Ah7_2_02E7D3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E7D48Ah7_2_02E7D647
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_02E7B780
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_02E7B788
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then jmp 02E7D48Ah7_2_02E7D400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h7_2_07B0DA90

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: goooooooool.com
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49832 -> 80.78.28.83:1337
                    Source: Joe Sandbox ViewASN Name: CYBERDYNELR CYBERDYNELR
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49730
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49736
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: goooooooool.com
                    Source: GjNVpV53SR.exe, 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2081472410.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000008.00000002.2936274008.0000000002C9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is/
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000008.00000002.2936274008.0000000002CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354sCannot

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Installs a global keyboard hook
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Code\shellhost.exeJump to behavior

                    E-Banking Fraud

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2427586687.000000000327B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 2000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5960, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05558508 NtProtectVirtualMemory,0_2_05558508
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05559D90 NtResumeThread,0_2_05559D90
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05558500 NtProtectVirtualMemory,0_2_05558500
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05559D88 NtResumeThread,0_2_05559D88
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C69D90 NtResumeThread,5_2_05C69D90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C68508 NtProtectVirtualMemory,5_2_05C68508
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C69D88 NtResumeThread,5_2_05C69D88
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C68500 NtProtectVirtualMemory,5_2_05C68500
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A8508 NtProtectVirtualMemory,6_2_051A8508
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A9D90 NtResumeThread,6_2_051A9D90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A8500 NtProtectVirtualMemory,6_2_051A8500
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A9D88 NtResumeThread,6_2_051A9D88
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E79D90 NtResumeThread,7_2_02E79D90
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E78508 NtProtectVirtualMemory,7_2_02E78508
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E79D88 NtResumeThread,7_2_02E79D88
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E78500 NtProtectVirtualMemory,7_2_02E78500
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_01B4B9300_2_01B4B930
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_01B4BF800_2_01B4BF80
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0551A4100_2_0551A410
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05554D400_2_05554D40
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05555C980_2_05555C98
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05551F480_2_05551F48
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_055529980_2_05552998
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05555DCD0_2_05555DCD
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_055575F80_2_055575F8
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0555D4000_2_0555D400
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05555C870_2_05555C87
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05553FD00_2_05553FD0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05553FE00_2_05553FE0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_055529870_2_05552987
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_055523580_2_05552358
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0555D3F00_2_0555D3F0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A521280_2_05A52128
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A5211A0_2_05A5211A
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A58FE90_2_05A58FE9
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A58A5E0_2_05A58A5E
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFD3100_2_07FFD310
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF19A30_2_07FF19A3
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFE0D00_2_07FFE0D0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF00400_2_07FF0040
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFC3A20_2_07FFC3A2
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFD3000_2_07FFD300
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFBEC00_2_07FFBEC0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF66B80_2_07FF66B8
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FFBEB00_2_07FFBEB0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF66A70_2_07FF66A7
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF3E000_2_07FF3E00
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF3DF00_2_07FF3DF0
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF54900_2_07FF5490
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF54800_2_07FF5480
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF001F0_2_07FF001F
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080DC9400_2_080DC940
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D85C70_2_080D85C7
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D00060_2_080D0006
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D00400_2_080D0040
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080DDB480_2_080DDB48
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080DCC670_2_080DCC67
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D85C70_2_080D85C7
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D95200_2_080D9520
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D95300_2_080D9530
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_081AEFC80_2_081AEFC8
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_081A00060_2_081A0006
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_081A00400_2_081A0040
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0845ED600_2_0845ED60
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_084400060_2_08440006
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0845E0100_2_0845E010
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 4_2_015BEFE44_2_015BEFE4
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0153B9305_2_0153B930
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0153BF805_2_0153BF80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_057021285_2_05702128
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0570211B5_2_0570211B
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05708F695_2_05708F69
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C2A6905_2_05C2A690
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C64D405_2_05C64D40
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C65C985_2_05C65C98
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C61F485_2_05C61F48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C65DCD5_2_05C65DCD
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C675F85_2_05C675F8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C65C875_2_05C65C87
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C6D4005_2_05C6D400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C63FD05_2_05C63FD0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C63FE05_2_05C63FE0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C629875_2_05C62987
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C629985_2_05C62998
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C6D3F05_2_05C6D3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C623585_2_05C62358
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC85C75_2_07AC85C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC95305_2_07AC9530
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07ACC9405_2_07ACC940
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC7E315_2_07AC7E31
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC95205_2_07AC9520
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC85C75_2_07AC85C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07ACCC675_2_07ACCC67
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07ACDB485_2_07ACDB48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC00065_2_07AC0006
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC00405_2_07AC0040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07C3EFC85_2_07C3EFC8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07C300405_2_07C30040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07C300235_2_07C30023
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07E4ED605_2_07E4ED60
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07E300075_2_07E30007
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07E4E0105_2_07E4E010
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07E3001F5_2_07E3001F
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0254B9306_2_0254B930
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0254BF806_2_0254BF80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_04D88F696_2_04D88F69
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_04D889DE6_2_04D889DE
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_04D8211A6_2_04D8211A
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_04D821286_2_04D82128
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0516A4106_2_0516A410
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A4D406_2_051A4D40
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A5C986_2_051A5C98
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A1F486_2_051A1F48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A29986_2_051A2998
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A5DCD6_2_051A5DCD
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A75F86_2_051A75F8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051AD4006_2_051AD400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A5C876_2_051A5C87
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A3FD06_2_051A3FD0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A3FE06_2_051A3FE0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A29876_2_051A2987
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051A23586_2_051A2358
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_051AD3F06_2_051AD3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_071695306_2_07169530
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_071685C76_2_071685C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0716C9406_2_0716C940
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_07167E316_2_07167E31
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_071695206_2_07169520
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0716CC676_2_0716CC67
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_071685C76_2_071685C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0716DB486_2_0716DB48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_0716003D6_2_0716003D
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_071600406_2_07160040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_072DEFC86_2_072DEFC8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_072D00066_2_072D0006
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_072D00406_2_072D0040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_074EED606_2_074EED60
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 6_2_074EE0106_2_074EE010
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_014AB9307_2_014AB930
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_014ABF807_2_014ABF80
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E3A4107_2_02E3A410
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E33CA27_2_02E33CA2
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E71F487_2_02E71F48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E75C987_2_02E75C98
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E74D407_2_02E74D40
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E7D3F07_2_02E7D3F0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E723587_2_02E72358
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E729877_2_02E72987
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E729987_2_02E72998
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E73FE07_2_02E73FE0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E73FD07_2_02E73FD0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E75C877_2_02E75C87
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E7D4007_2_02E7D400
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E775F87_2_02E775F8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_02E75DCD7_2_02E75DCD
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_055C211B7_2_055C211B
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_055C21287_2_055C2128
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_055C89DE7_2_055C89DE
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5D3107_2_07A5D310
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A519A37_2_07A519A3
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A500407_2_07A50040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5CFA87_2_07A5CFA8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5D3007_2_07A5D300
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5C3487_2_07A5C348
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A566A77_2_07A566A7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5BEB07_2_07A5BEB0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A566B87_2_07A566B8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A5BEC07_2_07A5BEC0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A53E007_2_07A53E00
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A53DF07_2_07A53DF0
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A554827_2_07A55482
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A554907_2_07A55490
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07A500077_2_07A50007
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B0EFC87_2_07B0EFC8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B000067_2_07B00006
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B000407_2_07B00040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B485C77_2_07B485C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B4C9407_2_07B4C940
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B47E317_2_07B47E31
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B495307_2_07B49530
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B495207_2_07B49520
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B485C77_2_07B485C7
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B4CC677_2_07B4CC67
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B4DB487_2_07B4DB48
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B400397_2_07B40039
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07B400407_2_07B40040
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07EBED607_2_07EBED60
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07EA00327_2_07EA0032
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 7_2_07EBE0107_2_07EBE010
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 8_2_0121F03C8_2_0121F03C
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 10_2_0139F03C10_2_0139F03C
                    Source: GjNVpV53SR.exe, 00000000.00000002.2056401813.0000000005BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename, vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2037965466.00000000017FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename, vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000000.1678596610.00000000011F8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehourprojections.exe@ vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2038954790.0000000003501000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGlienrawtjc.dll" vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000F20000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename, vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exeBinary or memory string: OriginalFilenamehourprojections.exe@ vs GjNVpV53SR.exe
                    Source: GjNVpV53SR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: GjNVpV53SR.exe, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: GjNVpV53SR.exe, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: GjNVpV53SR.exe, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: GjNVpV53SR.exe, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.csCryptographic APIs: 'CreateDecryptor'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/3@1/1
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile created: C:\Users\user\AppData\Roaming\CodeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\771ac64-b9299-43dc-b9229-3a828da05
                    Source: GjNVpV53SR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: GjNVpV53SR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: GjNVpV53SR.exeReversingLabs: Detection: 47%
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile read: C:\Users\user\Desktop\GjNVpV53SR.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\GjNVpV53SR.exe "C:\Users\user\Desktop\GjNVpV53SR.exe"
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\Desktop\GjNVpV53SR.exe "C:\Users\user\Desktop\GjNVpV53SR.exe"
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\Desktop\GjNVpV53SR.exe "C:\Users\user\Desktop\GjNVpV53SR.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: GjNVpV53SR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: GjNVpV53SR.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: GjNVpV53SR.exeStatic file information: File size 2315776 > 1048576
                    Source: GjNVpV53SR.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x234c00
                    Source: GjNVpV53SR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GjNVpV53SR.exe, 00000000.00000002.2056401813.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004151000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004063000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GjNVpV53SR.exe, 00000000.00000002.2056401813.0000000005BD0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004151000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004063000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.cs.Net Code: Type.GetTypeFromHandle(PuBOCP9a9UVFNB8O6IK.EbZJoTeWgl(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(PuBOCP9a9UVFNB8O6IK.EbZJoTeWgl(16777252)),Type.GetTypeFromHandle(PuBOCP9a9UVFNB8O6IK.EbZJoTeWgl(16777284))})
                    .NET source code contains potential unpacker
                    Source: GjNVpV53SR.exe, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                    Source: GjNVpV53SR.exe, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                    Source: GjNVpV53SR.exe, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 7.2.shellhost.exe.6006678.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.81b0000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.65a6678.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.6226c38.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2089459742.00000000081B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2671682402.0000000006006000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2057873112.0000000006021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05510448 pushfd ; retn 0740h0_2_055109F5
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0555DE85 push esp; iretd 0_2_0555DE86
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0555E1D0 push esp; iretd 0_2_0555E1D1
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0555E0F7 push esp; iretd 0_2_0555E0F8
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A511BE push esp; iretd 0_2_05A511BF
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A565FC push E801AFA9h; ret 0_2_05A56601
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A52118 push esp; retf 0_2_05A52119
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A508FE push esp; iretd 0_2_05A50906
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A510C1 push esp; iretd 0_2_05A510C9
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A5100A push esp; iretd 0_2_05A5100B
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_05A5185D push esp; iretd 0_2_05A51865
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_07FF935B pushad ; iretd 0_2_07FF9361
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080DFC86 push FFFFFF8Bh; iretd 0_2_080DFC88
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_080D35DB push esi; retf 0_2_080D35DE
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_081A0E32 push FFFFFFE9h; ret 0_2_081A0E39
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeCode function: 0_2_0844197E push cs; retf 0_2_0844197F
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0153338D push FFFFFFFEh; retf 5_2_01533394
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05702118 push esp; retf 5_2_05702119
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_057011BE push esp; iretd 5_2_057011BF
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0570185D push esp; iretd 5_2_05701865
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_0570100A push esp; iretd 5_2_0570100B
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_057008FE push esp; iretd 5_2_05700906
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_057010C1 push esp; iretd 5_2_057010C9
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C2A402 push es; retn 0004h5_2_05C2A3FC
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C6DE85 push esp; iretd 5_2_05C6DE86
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C6E1D0 push esp; iretd 5_2_05C6E1D1
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_05C6E0F7 push esp; iretd 5_2_05C6E0F8
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC9FE7 push 0000005Eh; iretd 5_2_07AC9FEE
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07AC35DB push esi; retf 5_2_07AC35DE
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07C30E2F push FFFFFFE9h; ret 5_2_07C30E39
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeCode function: 5_2_07E3197E push cs; retf 5_2_07E3197F
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, PuBOCP9a9UVFNB8O6IK.csHigh entropy of concatenated method names: 'EbZJoTeWgl', 'enmJ3VuEIo', 'GoL0Y9C31mDUICraDp5', 'DsXCZ1CfKruVHT3E8KW', 'ioZrLqCPlA6v4gf7MTN', 'cIW4ypCgjLxofaPjJ63', 'Pxkv8gCLEwURZhuJpBm'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'lSeK6sQIqvEIGppTmWN'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, BgJxou9lQfcB8ndcXpo.csHigh entropy of concatenated method names: 'p4M9nltqHw', 'ATd9ED5Wdv', 't7t9wRmAZ4', 'vSe9Uy4G3V', 'kMt9OMUjbT', 'hcy9udVnaP', 'HuH9bGmllv', 'nEm9XIoKIO', 'IYl9kQOrkQ', 'uI89ylBUrH'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, hkKDPANDR3UvIGk7WQt.csHigh entropy of concatenated method names: 'CP7F8vQRsJGZug2b3vC', 'vGhecnQn9TA8mN9KGN6', 'bfv99EcXS3', 'PBTHhEQObwZY5ZIoQui', 'cm407kQuUJhUSVnAV5j', 'L3mogPQbLip3csObW3A', 'IphjgdQXgfdiFY2w1GY', 'DD6uPMQkVc02nKaMHZu', 'Ea8YEfQyxQZx3oK3Wdy', 'oMj4b7QzJIWNjBYFNuC'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, XRHseGKT9dZPwQnFISK.csHigh entropy of concatenated method names: 'h07KI3dL3P', 'G6LK5vkHwh', 'E3yKSq3mVS', 'lbtKoarQ3I', 'FHxK34IboN', 'i3wKf989IS', 'XU0KPuxOiU', 'uirKgHjOOe', 'aLTKLbykyk', 'shpKB3fOvF'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, ki7AfEN3HvT2IbMIa8n.csHigh entropy of concatenated method names: 'ApyNPMnj56', 'biPNgEZ8GR', 'EJ3b3TiiyPOAB7tyGcp', 'hrNUo7iQteNmR5CTqBI', 'wI5xx1iC435PJ3myLMV', 'diDXfGid0DDVNanKwrP', 'IDftSTisXFxl6D1eyam', 'DrRsVbiA2GEpG6kCASo', 'WON9Siih0OLMmmq6rPg', 'y3mLKDiJ6RB6Fjsdxe1'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, Bu8pWh9zIIEKhWkd1VN.csHigh entropy of concatenated method names: 'uKpfpRYXK7', 'yEKf0laPRx', 'glYftBuo57', 'GDnfxW01HI', 'kLhf4yrD4p', 'P1Nf6E2Iy1', 'i9RfG6BxjQ', 'Unh5Mi9y88', 'roIfHVkqZe', 'c6nfafMiSo'
                    Source: 0.2.GjNVpV53SR.exe.5126dd0.1.raw.unpack, eFt1Tg1a24nW93tnwJw.csHigh entropy of concatenated method names: 'cLP1e0ZA53', 'EIt1miMveA', 'IGv1DPgRWp', 'GEf1lJ8JdO', 'HbH1ZuSuS7', 'vcVepwlvnsop7YQkeKs', 'HXxsOPlo53erSoo1Prh', 'tUjwDFl36WAvb3YuCmt', 'l1pLCAlfbg1fQXEafNL', 'u3fvsYlPe7uk5ONH0t9'
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile created: C:\Users\user\AppData\Roaming\Code\shellhost.exeJump to dropped file
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellHostJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellHostJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile opened: C:\Users\user\Desktop\GjNVpV53SR.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeFile opened: C:\Users\user\AppData\Roaming\Code\shellhost.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeFile opened: C:\Users\user\AppData\Roaming\Code\shellhost.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: GjNVpV53SR.exe, 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 1B40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 3500000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 5500000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 6020000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 7020000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 2F60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: 1510000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 14F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 5C10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 5780000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 5150000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 6150000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 14A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 5A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 6A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 1210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 1390000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 4E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 1200000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2C50000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory allocated: 2A10000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeWindow / User API: threadDelayed 4004Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeWindow / User API: threadDelayed 5830Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exe TID: 6532Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exe TID: 6532Thread sleep time: -32967s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exe TID: 5852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 4208Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 4208Thread sleep time: -32967s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 2208Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 2208Thread sleep time: -32967s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 6552Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 6552Thread sleep time: -32967s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 5780Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 1640Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exe TID: 1784Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeThread delayed: delay time: 922337203685477
                    Source: shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: shellhost.exe, 00000008.00000002.2932620557.0000000000DD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeMemory written: C:\Users\user\Desktop\GjNVpV53SR.exe base: C00000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory written: C:\Users\user\AppData\Roaming\Code\shellhost.exe base: 960000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory written: C:\Users\user\AppData\Roaming\Code\shellhost.exe base: C00000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeMemory written: C:\Users\user\AppData\Roaming\Code\shellhost.exe base: 970000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\Desktop\GjNVpV53SR.exe "C:\Users\user\Desktop\GjNVpV53SR.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeProcess created: C:\Users\user\AppData\Roaming\Code\shellhost.exe "C:\Users\user\AppData\Roaming\Code\shellhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Users\user\Desktop\GjNVpV53SR.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Users\user\Desktop\GjNVpV53SR.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Users\user\AppData\Roaming\Code\shellhost.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Code\shellhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\GjNVpV53SR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2427586687.000000000327B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 2000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5960, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.GjNVpV53SR.exe.c00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.shellhost.exe.412a3f0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.shellhost.exe.4baa428.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GjNVpV53SR.exe.48acb28.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2427586687.000000000327B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 6320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: GjNVpV53SR.exe PID: 2000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5776, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 3412, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 2756, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: shellhost.exe PID: 5960, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    Registry Run Keys / Startup Folder                    		111
                    Process Injection                    		1
                    Masquerading                    		11
                    Input Capture                    		21
                    Security Software Discovery                    		Remote Services11
                    Input Capture                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		1
                    Registry Run Keys / Startup Folder                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol11
                    Archive Collected Data                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		31
                    Virtualization/Sandbox Evasion                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets12
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Hidden Files and Directories                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                    Obfuscated Files or Information                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                    Software Packing                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    DLL Side-Loading                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550364 Sample: GjNVpV53SR.exe Startdate: 06/11/2024 Architecture: WINDOWS Score: 100 35 goooooooool.com 2->35 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 Antivirus detection for URL or domain 2->45 47 10 other signatures 2->47 9 GjNVpV53SR.exe 2 2->9         started        12 shellhost.exe 2 2->12         started        14 shellhost.exe 2 2->14         started        signatures3 process4 signatures5 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->55 57 Injects a PE file into a foreign processes 9->57 16 GjNVpV53SR.exe 1 5 9->16         started        20 shellhost.exe 12->20         started        22 shellhost.exe 3 14->22         started        process6 file7 31 C:\Users\user\AppData\...\shellhost.exe, PE32 16->31 dropped 33 C:\Users\user\AppData\...behaviorgraphjNVpV53SR.exe.log, ASCII 16->33 dropped 39 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->39 24 shellhost.exe 2 16->24         started        signatures8 process9 signatures10 49 Multi AV Scanner detection for dropped file 24->49 51 Machine Learning detection for dropped file 24->51 53 Injects a PE file into a foreign processes 24->53 27 shellhost.exe 2 24->27         started        process11 dnsIp12 37 goooooooool.com 80.78.28.83, 1337, 49832, 49889 CYBERDYNELR Cyprus 27->37 59 Hides that the sample has been downloaded from the Internet (zone.identifier) 27->59 61 Installs a global keyboard hook 27->61 signatures13

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    GjNVpV53SR.exe47%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    GjNVpV53SR.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Code\shellhost.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Code\shellhost.exe47%ReversingLabsByteCode-MSIL.Trojan.Zilla

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    goooooooool.com100%Avira URL Cloudmalware

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    goooooooool.com
                    		80.78.28.83
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      goooooooool.comtrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netGjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netiGjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://stackoverflow.com/q/14436606/23354GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000008.00000002.2936274008.0000000002CA2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mgravell/protobuf-netJGjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354sCannotGjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://ipwho.is/GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGjNVpV53SR.exe, 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2038954790.00000000039EE000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2081472410.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.0000000003486000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2532547396.000000000299C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000349F000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000008.00000002.2936274008.0000000002C9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/11564914/23354;GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmp, GjNVpV53SR.exe, 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, GjNVpV53SR.exe, 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, shellhost.exe, 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://stackoverflow.com/q/2152978/23354GjNVpV53SR.exe, 00000000.00000002.2086319595.00000000078E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          80.78.28.83
                                          		goooooooool.comCyprus
                                          		37560CYBERDYNELRtrue

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1550364
                                          Start date and time:2024-11-06 17:29:09 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 9m 6s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:12
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:GjNVpV53SR.exe
                                          renamed because original name is a hash value
                                          Original Sample Name:cf118a2c4586551e6eae18e41b52842a.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@13/3@1/1
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 95%
                                          • Number of executed functions: 615
                                          • Number of non-executed functions: 40
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • VT rate limit hit for: GjNVpV53SR.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          11:30:33API Interceptor3x Sleep call for process: GjNVpV53SR.exe modified
                                          11:31:11API Interceptor15873x Sleep call for process: shellhost.exe modified
                                          16:30:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ShellHost "C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                          16:30:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ShellHost "C:\Users\user\AppData\Roaming\Code\shellhost.exe"

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          80.78.28.83ponos.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                            SecuriteInfo.com.Heuristic.HEUR.AGEN.1313656.13208.30309.exeGet hashmaliciousAsyncRAT, DcRatBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              goooooooool.componos.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 80.78.28.83
                                              SecuriteInfo.com.Heuristic.HEUR.AGEN.1313656.13208.30309.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 80.78.28.83

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CYBERDYNELRp-p.c-440.DUSK.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              PhysXCooking64.dll.dllGet hashmaliciousBazar LoaderBrowse
                                              • 80.78.24.30
                                              FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                              • 80.78.24.30
                                              PhysXCooking64.dll.dllGet hashmaliciousBazar Loader, BruteRatelBrowse
                                              • 80.78.24.30
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129
                                              na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 185.193.127.129

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GjNVpV53SR.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\GjNVpV53SR.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1119
                                              Entropy (8bit):5.345080863654519
                                              Encrypted:false
                                              SSDEEP:24:ML9E4KiE4Kx1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MxHKiHKx1qHiYHKh3oPtHo6hAHKze0Hj
                                              MD5:E6726BABA80C39624BADA32F0CCE6B54
                                              SHA1:4C769FA8A02DBE33AA9084040A9E6C70230334FA
                                              SHA-256:6A9F9C628B47AFC2A34A71826450A12D9293709BF977E72C04102F9DDD3705E0
                                              SHA-512:BBCCE0FCC59D29116253E71ECC786B8E3BA19D9A3124F36FEC9963C7F47016F145C76C18C5AD0FB6186ADEA69652BA99F29EF5AB5E71EFDD7EC07A82BB366960
                                              Malicious:true
                                              Reputation:moderate, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\shellhost.exe.log

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1119
                                              Entropy (8bit):5.345080863654519
                                              Encrypted:false
                                              SSDEEP:24:ML9E4KiE4Kx1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MxHKiHKx1qHiYHKh3oPtHo6hAHKze0Hj
                                              MD5:E6726BABA80C39624BADA32F0CCE6B54
                                              SHA1:4C769FA8A02DBE33AA9084040A9E6C70230334FA
                                              SHA-256:6A9F9C628B47AFC2A34A71826450A12D9293709BF977E72C04102F9DDD3705E0
                                              SHA-512:BBCCE0FCC59D29116253E71ECC786B8E3BA19D9A3124F36FEC9963C7F47016F145C76C18C5AD0FB6186ADEA69652BA99F29EF5AB5E71EFDD7EC07A82BB366960
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                              C:\Users\user\AppData\Roaming\Code\shellhost.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\GjNVpV53SR.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):2315776
                                              Entropy (8bit):7.954314882104166
                                              Encrypted:false
                                              SSDEEP:49152:a7ptnb2Lrccd46i8IfuCnAaYMXmJR1CfWmO9xbHRFV8HU:o92L+6i8IAZJ6+zDx/m
                                              MD5:CF118A2C4586551E6EAE18E41B52842A
                                              SHA1:4E3518B74B2AE236777986F27D45D8D70358256E
                                              SHA-256:DDDF4EC4D813131CD65AB7386154DB7ED9D63CE84E4704A5532E7AA22E624C58
                                              SHA-512:121276892DDA96E7E67416EAD523C6FE3BFB7F32D6A24D3B7A494BFE82BE03430010907D8BA8EB0C4EB5248F958EE489788C32D2295F190EE3B6502C3358A8D3
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 47%
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$g.................L#..........k#.. ....#...@.. ........................#...........`.................................Pk#.J.....#.......................#...................................................... ............... ..H............text....K#.. ...L#................. ..`.rsrc.........#......N#.............@..@.reloc........#......T#.............@..B.................k#.....H.......h....+..........X....n ..........................................(....(....*>+......*s....+...(:...*.0..j........8B....+.+...(....+..+.&...8....8/...9....8+...80....r...p(;...o<....r[..p(;...o=.....o>....o?...o@....sA.........sB.....+.+....ioC.....oD...../..+..+...,...oE....-....,..,...oE.....,..oE.......,r.(F.....sG...%r...poH...%r...poH.......oI...oJ...,P.,...oK......,....+4.....&......,......oL... .......oM...&..&.....,..X.......i2.*.8.....8.....8....(N...8.....8..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.954314882104166
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:GjNVpV53SR.exe
                                              File size:2'315'776 bytes
                                              MD5:cf118a2c4586551e6eae18e41b52842a
                                              SHA1:4e3518b74b2ae236777986f27d45d8d70358256e
                                              SHA256:dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58
                                              SHA512:121276892dda96e7e67416ead523c6fe3bfb7f32d6a24d3b7a494bfe82be03430010907d8ba8eb0c4eb5248f958ee489788c32d2295f190ee3b6502c3358a8d3
                                              SSDEEP:49152:a7ptnb2Lrccd46i8IfuCnAaYMXmJR1CfWmO9xbHRFV8HU:o92L+6i8IAZJ6+zDx/m
                                              TLSH:15B5236AB7C80F32C68D893BF0C7A5654B35F4A6E34FD70515480EFA4C13B994A92B93
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$g.................L#..........k#.. ....#...@.. ........................#...........`................................

                                              File Icon

                                              Icon Hash:90cececece8e8eb0

                                              Static PE Info

                                              General

                                              Entrypoint:0x636b9a
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x6724B8D9 [Fri Nov 1 11:17:45 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x236b500x4a.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2380000x5ce.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x23a0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x234ba00x234c002d0534f79feb2df17b73e3e7ee8daacfunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0x2380000x5ce0x6003aeae60509aa854f91b1c2ea176a0190False0.4270833333333333data4.169804150134478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x23a0000xc0x20055818810df6429006e938a22864f632aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_VERSION0x23805c0x34cdata0.4087677725118483
                                              RT_MANIFEST0x2383e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-11-06T17:30:19.843074+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.449730TCP
                                              2024-11-06T17:30:58.149282+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.449736TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 6, 2024 17:31:17.983884096 CET498321337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:17.989001989 CET13374983280.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:17.989084959 CET498321337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:18.002778053 CET498321337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:18.007736921 CET13374983280.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:26.470901966 CET13374983280.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:26.470966101 CET498321337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:26.561860085 CET498321337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:26.566694021 CET13374983280.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:30.522238016 CET498891337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:30.527335882 CET13374988980.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:30.527410030 CET498891337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:30.527894020 CET498891337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:30.532712936 CET13374988980.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:39.010746956 CET13374988980.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:39.010869980 CET498891337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:39.011419058 CET498891337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:39.016211033 CET13374988980.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:42.940346003 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:42.945341110 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:42.945460081 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:42.945728064 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:42.950565100 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:51.962086916 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:51.962188959 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:51.962289095 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:51.962332010 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:51.962944984 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:51.962980032 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:51.963042021 CET499551337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:51.971321106 CET13374995580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:55.784153938 CET500051337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:55.789052010 CET13375000580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:31:55.789262056 CET500051337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:55.789593935 CET500051337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:31:55.794547081 CET13375000580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:32:04.274669886 CET13375000580.78.28.83192.168.2.4
                                              Nov 6, 2024 17:32:04.274780989 CET500051337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:32:04.275085926 CET500051337192.168.2.480.78.28.83
                                              Nov 6, 2024 17:32:04.279905081 CET13375000580.78.28.83192.168.2.4

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 6, 2024 17:31:17.935501099 CET4964853192.168.2.41.1.1.1
                                              Nov 6, 2024 17:31:17.973043919 CET53496481.1.1.1192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Nov 6, 2024 17:31:17.935501099 CET192.168.2.41.1.1.10xbbbbStandard query (0)goooooooool.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Nov 6, 2024 17:31:17.973043919 CET1.1.1.1192.168.2.40xbbbbNo error (0)goooooooool.com80.78.28.83A (IP address)IN (0x0001)false

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:11:30:00
                                              Start date:06/11/2024
                                              Path:C:\Users\user\Desktop\GjNVpV53SR.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\GjNVpV53SR.exe"
                                              Imagebase:0xfc0000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2038954790.00000000037DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2089459742.00000000081B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2038954790.000000000356C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2049579577.0000000004783000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2057873112.0000000006021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2049579577.0000000004C27000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:11:30:36
                                              Start date:06/11/2024
                                              Path:C:\Users\user\Desktop\GjNVpV53SR.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\GjNVpV53SR.exe"
                                              Imagebase:0x5f0000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000004.00000002.2062687444.0000000000C02000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:11:30:38
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0xa50000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2427586687.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.2427586687.000000000327B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.2480374136.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.2445691251.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 47%, ReversingLabs
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:11:30:49
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0xf0000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000006.00000002.2532547396.0000000002743000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000006.00000002.2551134548.0000000004001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:11:30:57
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0xa20000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2622461169.000000000307C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2671682402.0000000006006000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000007.00000002.2648382411.0000000004732000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:11:31:15
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0x800000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:10
                                              Start time:11:31:25
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0x5d0000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:11:31:33
                                              Start date:06/11/2024
                                              Path:C:\Users\user\AppData\Roaming\Code\shellhost.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Code\shellhost.exe"
                                              Imagebase:0x370000
                                              File size:2'315'776 bytes
                                              MD5 hash:CF118A2C4586551E6EAE18E41B52842A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:12.6%
                                                Dynamic/Decrypted Code Coverage:95.2%
                                                Signature Coverage:2.1%
                                                Total number of Nodes:419
                                                Total number of Limit Nodes:45
                                                execution_graph 60796 1afd01c 60797 1afd034 60796->60797 60798 1afd08f 60797->60798 60800 81ae330 60797->60800 60801 81ae389 60800->60801 60804 81ae8c0 60801->60804 60802 81ae3be 60805 81ae8ed 60804->60805 60808 81aea83 60805->60808 60809 81ad748 60805->60809 60808->60802 60811 81ad76f 60809->60811 60813 81adc48 60811->60813 60814 81adc91 VirtualProtect 60813->60814 60816 81ad82c 60814->60816 60816->60802 60361 80d7308 60362 80d7312 60361->60362 60366 5a52838 60362->60366 60370 5a52848 60362->60370 60363 80d6f87 60367 5a52848 60366->60367 60368 5a52873 60367->60368 60374 5a528fa 60367->60374 60368->60363 60371 5a5285d 60370->60371 60372 5a52873 60371->60372 60373 5a528fa 10 API calls 60371->60373 60372->60363 60373->60372 60375 5a528df 60374->60375 60376 5a52902 60374->60376 60376->60375 60379 5a542e0 60376->60379 60391 5a542d2 60376->60391 60380 5a542f5 60379->60380 60404 5a54330 60380->60404 60407 5a548f1 60380->60407 60410 5a543b1 60380->60410 60413 5a5468b 60380->60413 60416 5a546bb 60380->60416 60419 5a5447e 60380->60419 60422 5a5431f 60380->60422 60425 5a5478f 60380->60425 60428 5a54622 60380->60428 60392 5a542b7 60391->60392 60393 5a542da 60391->60393 60392->60375 60395 5a543b1 10 API calls 60393->60395 60396 5a548f1 10 API calls 60393->60396 60397 5a54330 10 API calls 60393->60397 60398 5a54622 10 API calls 60393->60398 60399 5a5478f 10 API calls 60393->60399 60400 5a5431f 10 API calls 60393->60400 60401 5a5447e 10 API calls 60393->60401 60402 5a546bb 10 API calls 60393->60402 60403 5a5468b 10 API calls 60393->60403 60394 5a54317 60394->60375 60395->60394 60396->60394 60397->60394 60398->60394 60399->60394 60400->60394 60401->60394 60402->60394 60403->60394 60405 5a5435d 60404->60405 60431 5a54d18 60405->60431 60408 5a5439b 60407->60408 60409 5a54d18 10 API calls 60408->60409 60409->60408 60411 5a5439b 60410->60411 60412 5a54d18 10 API calls 60411->60412 60412->60411 60414 5a5439b 60413->60414 60415 5a54d18 10 API calls 60414->60415 60415->60414 60417 5a5439b 60416->60417 60418 5a54d18 10 API calls 60417->60418 60418->60417 60420 5a5439b 60419->60420 60421 5a54d18 10 API calls 60420->60421 60421->60420 60423 5a54330 60422->60423 60424 5a54d18 10 API calls 60423->60424 60424->60423 60426 5a5439b 60425->60426 60427 5a54d18 10 API calls 60426->60427 60427->60426 60429 5a5439b 60428->60429 60430 5a54d18 10 API calls 60429->60430 60430->60429 60432 5a54d3d 60431->60432 60433 5a54d5f 60432->60433 60475 5a54ee5 60432->60475 60480 5a55c9b 60432->60480 60485 5a55dde 60432->60485 60490 5a5551e 60432->60490 60495 5a552d2 60432->60495 60503 5a561d3 60432->60503 60508 5a551d0 60432->60508 60516 5a56256 60432->60516 60521 5a55d97 60432->60521 60526 5a55557 60432->60526 60534 5a5510a 60432->60534 60539 5a55bc8 60432->60539 60544 5a55388 60432->60544 60552 5a5524e 60432->60552 60557 5a5508c 60432->60557 60562 5a55bc3 60432->60562 60567 5a55383 60432->60567 60572 5a55183 60432->60572 60577 5a55a80 60432->60577 60585 5a55347 60432->60585 60590 5a55b45 60432->60590 60595 5a554fa 60432->60595 60600 5a561bb 60432->60600 60605 5a559f8 60432->60605 60610 5a54d78 60432->60610 60615 5a5577e 60432->60615 60623 5a55a3f 60432->60623 60627 5a5567d 60432->60627 60635 5a55733 60432->60635 60640 5a55970 60432->60640 60645 5a55835 60432->60645 60650 5a54faa 60432->60650 60655 5a5592b 60432->60655 60660 5a555e8 60432->60660 60665 5a54d68 60432->60665 60670 5a54e69 60432->60670 60677 5a555ed 60432->60677 60682 5a55a22 60432->60682 60687 5a54ea4 60432->60687 60692 5a55c65 60432->60692 60697 5a55425 60432->60697 60433->60405 60477 5a54e50 60475->60477 60476 5a54e5b 60476->60476 60477->60476 60702 5559b72 60477->60702 60706 5559b78 60477->60706 60482 5a54e50 60480->60482 60481 5a54e5b 60481->60481 60482->60481 60483 5559b72 WriteProcessMemory 60482->60483 60484 5559b78 WriteProcessMemory 60482->60484 60483->60482 60484->60482 60487 5a54e50 60485->60487 60486 5a54e5b 60486->60486 60487->60486 60488 5559b72 WriteProcessMemory 60487->60488 60489 5559b78 WriteProcessMemory 60487->60489 60488->60487 60489->60487 60492 5a54e50 60490->60492 60491 5a54e5b 60491->60491 60492->60491 60493 5559b72 WriteProcessMemory 60492->60493 60494 5559b78 WriteProcessMemory 60492->60494 60493->60492 60494->60492 60496 5a552dc 60495->60496 60710 5a57e52 60496->60710 60715 5a57e58 60496->60715 60497 5a54e5b 60497->60497 60498 5a54e50 60498->60497 60499 5559b72 WriteProcessMemory 60498->60499 60500 5559b78 WriteProcessMemory 60498->60500 60499->60498 60500->60498 60505 5a54de1 60503->60505 60504 5a54e5b 60504->60433 60504->60504 60505->60504 60506 5559b72 WriteProcessMemory 60505->60506 60507 5559b78 WriteProcessMemory 60505->60507 60506->60505 60507->60505 60509 5a551e8 60508->60509 60728 5a56440 60509->60728 60733 5a56450 60509->60733 60510 5a54e5b 60510->60510 60511 5a54e50 60511->60510 60512 5559b72 WriteProcessMemory 60511->60512 60513 5559b78 WriteProcessMemory 60511->60513 60512->60511 60513->60511 60518 5a54de1 60516->60518 60517 5a54e5b 60517->60433 60517->60517 60518->60517 60519 5559b72 WriteProcessMemory 60518->60519 60520 5559b78 WriteProcessMemory 60518->60520 60519->60518 60520->60518 60523 5a54e50 60521->60523 60522 5a54e5b 60522->60522 60523->60522 60524 5559b72 WriteProcessMemory 60523->60524 60525 5559b78 WriteProcessMemory 60523->60525 60524->60523 60525->60523 60527 5a55578 60526->60527 60532 5a57e52 2 API calls 60527->60532 60533 5a57e58 2 API calls 60527->60533 60528 5a54e5b 60528->60528 60529 5a54e50 60529->60528 60530 5559b72 WriteProcessMemory 60529->60530 60531 5559b78 WriteProcessMemory 60529->60531 60530->60529 60531->60529 60532->60529 60533->60529 60536 5a54e50 60534->60536 60535 5a54e5b 60535->60535 60536->60535 60537 5559b72 WriteProcessMemory 60536->60537 60538 5559b78 WriteProcessMemory 60536->60538 60537->60536 60538->60536 60540 5a54e50 60539->60540 60541 5a54e5b 60540->60541 60542 5559b72 WriteProcessMemory 60540->60542 60543 5559b78 WriteProcessMemory 60540->60543 60541->60541 60542->60540 60543->60540 60545 5a55395 60544->60545 60550 5a57e52 2 API calls 60545->60550 60551 5a57e58 2 API calls 60545->60551 60546 5a54e5b 60546->60546 60547 5a54e50 60547->60546 60548 5559b72 WriteProcessMemory 60547->60548 60549 5559b78 WriteProcessMemory 60547->60549 60548->60547 60549->60547 60550->60547 60551->60547 60554 5a54e50 60552->60554 60553 5a54e5b 60553->60553 60554->60553 60555 5559b72 WriteProcessMemory 60554->60555 60556 5559b78 WriteProcessMemory 60554->60556 60555->60554 60556->60554 60559 5a54e50 60557->60559 60558 5a54e5b 60558->60558 60559->60558 60560 5559b72 WriteProcessMemory 60559->60560 60561 5559b78 WriteProcessMemory 60559->60561 60560->60559 60561->60559 60564 5a54e50 60562->60564 60563 5a54e5b 60563->60563 60564->60563 60565 5559b72 WriteProcessMemory 60564->60565 60566 5559b78 WriteProcessMemory 60564->60566 60565->60564 60566->60564 60569 5a54e50 60567->60569 60568 5a54e5b 60568->60568 60569->60568 60570 5559b72 WriteProcessMemory 60569->60570 60571 5559b78 WriteProcessMemory 60569->60571 60570->60569 60571->60569 60574 5a54e50 60572->60574 60573 5a54e5b 60573->60573 60574->60573 60575 5559b72 WriteProcessMemory 60574->60575 60576 5559b78 WriteProcessMemory 60574->60576 60575->60574 60576->60574 60578 5a55aa2 60577->60578 60583 5559b72 WriteProcessMemory 60578->60583 60584 5559b78 WriteProcessMemory 60578->60584 60579 5a54e5b 60579->60579 60580 5a54e50 60580->60579 60581 5559b72 WriteProcessMemory 60580->60581 60582 5559b78 WriteProcessMemory 60580->60582 60581->60580 60582->60580 60583->60580 60584->60580 60586 5a54e50 60585->60586 60587 5a54e5b 60586->60587 60588 5559b72 WriteProcessMemory 60586->60588 60589 5559b78 WriteProcessMemory 60586->60589 60587->60587 60588->60586 60589->60586 60592 5a54e50 60590->60592 60591 5a54e5b 60591->60591 60592->60591 60593 5559b72 WriteProcessMemory 60592->60593 60594 5559b78 WriteProcessMemory 60592->60594 60593->60592 60594->60592 60596 5a55507 60595->60596 60756 5559d90 60596->60756 60760 5559d88 60596->60760 60597 5a55ba3 60602 5a54de1 60600->60602 60601 5a54e5b 60601->60433 60602->60601 60603 5559b72 WriteProcessMemory 60602->60603 60604 5559b78 WriteProcessMemory 60602->60604 60603->60602 60604->60602 60606 5a54e50 60605->60606 60607 5a54e5b 60606->60607 60608 5559b72 WriteProcessMemory 60606->60608 60609 5559b78 WriteProcessMemory 60606->60609 60607->60607 60608->60606 60609->60606 60612 5a54dab 60610->60612 60611 5a54e5b 60611->60433 60611->60611 60612->60611 60613 5559b72 WriteProcessMemory 60612->60613 60614 5559b78 WriteProcessMemory 60612->60614 60613->60612 60614->60612 60616 5a55788 60615->60616 60619 5a57e52 2 API calls 60616->60619 60620 5a57e58 2 API calls 60616->60620 60617 5a54e5b 60617->60617 60618 5a54e50 60618->60617 60621 5559b72 WriteProcessMemory 60618->60621 60622 5559b78 WriteProcessMemory 60618->60622 60619->60618 60620->60618 60621->60618 60622->60618 60764 5a58078 60623->60764 60769 5a5806a 60623->60769 60624 5a55a57 60628 5a55556 60627->60628 60630 5a54e50 60627->60630 60631 5a57e52 2 API calls 60628->60631 60632 5a57e58 2 API calls 60628->60632 60629 5a54e5b 60629->60629 60630->60629 60633 5559b72 WriteProcessMemory 60630->60633 60634 5559b78 WriteProcessMemory 60630->60634 60631->60630 60632->60630 60633->60630 60634->60630 60637 5a54e50 60635->60637 60636 5a54e5b 60636->60636 60637->60636 60638 5559b72 WriteProcessMemory 60637->60638 60639 5559b78 WriteProcessMemory 60637->60639 60638->60637 60639->60637 60642 5a54e50 60640->60642 60641 5a54e5b 60641->60641 60642->60641 60643 5559b72 WriteProcessMemory 60642->60643 60644 5559b78 WriteProcessMemory 60642->60644 60643->60642 60644->60642 60646 5a54e50 60645->60646 60647 5a54e5b 60646->60647 60648 5559b72 WriteProcessMemory 60646->60648 60649 5559b78 WriteProcessMemory 60646->60649 60647->60647 60648->60646 60649->60646 60652 5a54e50 60650->60652 60651 5a54e5b 60651->60651 60652->60651 60653 5559b72 WriteProcessMemory 60652->60653 60654 5559b78 WriteProcessMemory 60652->60654 60653->60652 60654->60652 60657 5a54e50 60655->60657 60656 5a54e5b 60656->60656 60657->60656 60658 5559b72 WriteProcessMemory 60657->60658 60659 5559b78 WriteProcessMemory 60657->60659 60658->60657 60659->60657 60662 5a54e50 60660->60662 60661 5a54e5b 60661->60661 60662->60661 60663 5559b72 WriteProcessMemory 60662->60663 60664 5559b78 WriteProcessMemory 60662->60664 60663->60662 60664->60662 60667 5a54d78 60665->60667 60666 5a54e5b 60666->60433 60666->60666 60667->60666 60668 5559b72 WriteProcessMemory 60667->60668 60669 5559b78 WriteProcessMemory 60667->60669 60668->60667 60669->60667 60782 5a57d70 60670->60782 60787 5a57d62 60670->60787 60671 5a54e5b 60671->60671 60672 5a54e50 60672->60671 60675 5559b72 WriteProcessMemory 60672->60675 60676 5559b78 WriteProcessMemory 60672->60676 60675->60672 60676->60672 60679 5a54e50 60677->60679 60678 5a54e5b 60678->60678 60679->60678 60680 5559b72 WriteProcessMemory 60679->60680 60681 5559b78 WriteProcessMemory 60679->60681 60680->60679 60681->60679 60684 5a54e50 60682->60684 60683 5a54e5b 60683->60683 60684->60683 60685 5559b72 WriteProcessMemory 60684->60685 60686 5559b78 WriteProcessMemory 60684->60686 60685->60684 60686->60684 60689 5a54e50 60687->60689 60688 5a54e5b 60688->60688 60689->60688 60690 5559b72 WriteProcessMemory 60689->60690 60691 5559b78 WriteProcessMemory 60689->60691 60690->60689 60691->60689 60694 5a54e50 60692->60694 60693 5a54e5b 60693->60693 60694->60693 60695 5559b72 WriteProcessMemory 60694->60695 60696 5559b78 WriteProcessMemory 60694->60696 60695->60694 60696->60694 60699 5a54e50 60697->60699 60698 5a54e5b 60698->60698 60699->60698 60700 5559b72 WriteProcessMemory 60699->60700 60701 5559b78 WriteProcessMemory 60699->60701 60700->60699 60701->60699 60703 5559b78 WriteProcessMemory 60702->60703 60705 5559c5d 60703->60705 60705->60477 60707 5559bc4 WriteProcessMemory 60706->60707 60709 5559c5d 60707->60709 60709->60477 60711 5a57e58 60710->60711 60720 5559a10 60711->60720 60724 5559a18 60711->60724 60712 5a57e8f 60712->60498 60716 5a57e6d 60715->60716 60718 5559a10 VirtualAllocEx 60716->60718 60719 5559a18 VirtualAllocEx 60716->60719 60717 5a57e8f 60717->60498 60718->60717 60719->60717 60721 5559a5c VirtualAllocEx 60720->60721 60723 5559ad4 60721->60723 60723->60712 60725 5559a5c VirtualAllocEx 60724->60725 60727 5559ad4 60725->60727 60727->60712 60729 5a56450 60728->60729 60730 5a56489 60729->60730 60738 5a56ac7 60729->60738 60743 5a56b48 60729->60743 60730->60511 60734 5a56467 60733->60734 60735 5a56489 60734->60735 60736 5a56ac7 2 API calls 60734->60736 60737 5a56b48 2 API calls 60734->60737 60735->60511 60736->60735 60737->60735 60739 5a56adb 60738->60739 60748 55590f5 60739->60748 60752 5559100 60739->60752 60744 5a56b70 60743->60744 60746 55590f5 CreateProcessA 60744->60746 60747 5559100 CreateProcessA 60744->60747 60745 5a56d8a 60746->60745 60747->60745 60750 5559180 CreateProcessA 60748->60750 60751 555937c 60750->60751 60754 5559180 CreateProcessA 60752->60754 60755 555937c 60754->60755 60757 5559dd9 NtResumeThread 60756->60757 60759 5559e30 60757->60759 60759->60597 60761 5559d90 NtResumeThread 60760->60761 60763 5559e30 60761->60763 60763->60597 60765 5a5808d 60764->60765 60774 55594b8 60765->60774 60778 55594b0 60765->60778 60766 5a580a6 60766->60624 60770 5a58078 60769->60770 60772 55594b0 Wow64SetThreadContext 60770->60772 60773 55594b8 Wow64SetThreadContext 60770->60773 60771 5a580a6 60771->60624 60772->60771 60773->60771 60775 5559501 Wow64SetThreadContext 60774->60775 60777 5559579 60775->60777 60777->60766 60779 5559501 Wow64SetThreadContext 60778->60779 60781 5559579 60779->60781 60781->60766 60783 5a57d85 60782->60783 60785 55594b0 Wow64SetThreadContext 60783->60785 60786 55594b8 Wow64SetThreadContext 60783->60786 60784 5a57d9e 60784->60672 60785->60784 60786->60784 60788 5a57d70 60787->60788 60790 55594b0 Wow64SetThreadContext 60788->60790 60791 55594b8 Wow64SetThreadContext 60788->60791 60789 5a57d9e 60789->60672 60790->60789 60791->60789 60792 81aee10 60793 81aee54 VirtualAlloc 60792->60793 60795 81aeec1 60793->60795 60817 80d7156 60818 80d7160 60817->60818 60822 551e558 60818->60822 60827 551e548 60818->60827 60819 80d719e 60823 551e56d 60822->60823 60832 551e598 60823->60832 60837 551e588 60823->60837 60824 551e583 60824->60819 60828 551e558 60827->60828 60830 551e598 2 API calls 60828->60830 60831 551e588 2 API calls 60828->60831 60829 551e583 60829->60819 60830->60829 60831->60829 60833 551e5c2 60832->60833 60834 551e606 60833->60834 60842 555c170 60833->60842 60847 555c162 60833->60847 60834->60824 60838 551e598 60837->60838 60839 551e606 60838->60839 60840 555c170 2 API calls 60838->60840 60841 555c162 2 API calls 60838->60841 60839->60824 60840->60838 60841->60838 60843 555c185 60842->60843 60852 5554a10 60843->60852 60856 5554a18 60843->60856 60844 555c1a0 60844->60833 60848 555c170 60847->60848 60850 5554a10 SleepEx 60848->60850 60851 5554a18 SleepEx 60848->60851 60849 555c1a0 60849->60833 60850->60849 60851->60849 60853 5554a18 SleepEx 60852->60853 60855 5554abc 60853->60855 60855->60844 60857 5554a5c SleepEx 60856->60857 60859 5554abc 60857->60859 60859->60844 60860 1b4b7e8 60861 1b4b805 60860->60861 60862 1b4b815 60861->60862 60868 81a8b88 60861->60868 60873 81a8afb 60861->60873 60877 81a9835 60861->60877 60881 81aa062 60861->60881 60885 81a55ee 60861->60885 60869 81a8b8b 60868->60869 60870 81a8b16 60868->60870 60871 81a8b41 60870->60871 60872 81ad748 VirtualProtect 60870->60872 60872->60871 60874 81a8b1a 60873->60874 60876 81ad748 VirtualProtect 60874->60876 60875 81a8b41 60876->60875 60880 81ad748 VirtualProtect 60877->60880 60878 81a5fdb 60878->60877 60879 81a01d2 60878->60879 60880->60878 60882 81aa081 60881->60882 60884 81ad748 VirtualProtect 60882->60884 60883 81a01d2 60884->60883 60887 81ad748 VirtualProtect 60885->60887 60886 81a01d2 60887->60886 60888 5558508 60889 5558557 NtProtectVirtualMemory 60888->60889 60891 55585cf 60889->60891

                                                Executed Functions

                                                Function 080DC940 Relevance: 16.2, Strings: 12, Instructions: 1178COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                • API String ID: 0-312445597
                                                • Opcode ID: 3eae8ec80199460c0ae1d2ec0528497d588015a8728f5d1f444b9608b7eaf5c0
                                                • Instruction ID: 8be6fd770dbc064477563509858dc8bcf4cc9ed330e9f0b3742bcd5654836b2b
                                                • Opcode Fuzzy Hash: 3eae8ec80199460c0ae1d2ec0528497d588015a8728f5d1f444b9608b7eaf5c0
                                                • Instruction Fuzzy Hash: A5B20674A00218CFDB54CFA8C984BADB7F6BB88301F158599E905AB3A5DB71EC85CF50
                                                Function 080DCC67 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                • API String ID: 0-2546334966
                                                • Opcode ID: 5401302cc5c0a8d0c9346485fe4aff8aaac633f2557069ed0d3151140f448dd2
                                                • Instruction ID: 9a86be470e521fe51c7fc1fabfa736dd8bca83a6cd125537c8973a185fe57b8e
                                                • Opcode Fuzzy Hash: 5401302cc5c0a8d0c9346485fe4aff8aaac633f2557069ed0d3151140f448dd2
                                                • Instruction Fuzzy Hash: 1622D774A00218CFDB64CF64C984BADB7B2FF48305F1581A9E909AB3A5DB74AD85CF50
                                                Function 081AEFC8 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 682 81aefc8-81aefe9 683 81aefeb 682->683 684 81aeff0-81af0d7 682->684 683->684 686 81af7d9-81af801 684->686 687 81af0dd-81af21e 684->687 690 81aff07-81aff10 686->690 731 81af7a2-81af7cc 687->731 732 81af224-81af27f 687->732 692 81af80f-81af819 690->692 693 81aff16-81aff2d 690->693 694 81af81b 692->694 695 81af820-81af914 692->695 694->695 713 81af93e 695->713 714 81af916-81af922 695->714 718 81af944-81af964 713->718 716 81af92c-81af932 714->716 717 81af924-81af92a 714->717 719 81af93c 716->719 717->719 722 81af966-81af9bf 718->722 723 81af9c4-81afa44 718->723 719->718 735 81aff04 722->735 745 81afa9b-81afade 723->745 746 81afa46-81afa99 723->746 742 81af7ce 731->742 743 81af7d6 731->743 739 81af281 732->739 740 81af284-81af28f 732->740 735->690 739->740 744 81af6b7-81af6bd 740->744 742->743 743->686 747 81af6c3-81af73f call 81ad268 744->747 748 81af294-81af2b2 744->748 768 81afae9-81afaf2 745->768 746->768 790 81af78c-81af792 747->790 750 81af309-81af31e 748->750 751 81af2b4-81af2b8 748->751 754 81af320 750->754 755 81af325-81af33b 750->755 751->750 756 81af2ba-81af2c5 751->756 754->755 758 81af33d 755->758 759 81af342-81af359 755->759 760 81af2fb-81af301 756->760 758->759 765 81af35b 759->765 766 81af360-81af376 759->766 763 81af303-81af304 760->763 764 81af2c7-81af2cb 760->764 767 81af387-81af3f2 763->767 769 81af2cd 764->769 770 81af2d1-81af2e9 764->770 765->766 771 81af378 766->771 772 81af37d-81af384 766->772 774 81af406-81af5bb 767->774 775 81af3f4-81af400 767->775 777 81afb52-81afb61 768->777 769->770 778 81af2eb 770->778 779 81af2f0-81af2f8 770->779 771->772 772->767 788 81af61f-81af634 774->788 789 81af5bd-81af5c1 774->789 775->774 780 81afb63-81afbeb 777->780 781 81afaf4-81afb1c 777->781 778->779 779->760 819 81afd64-81afd70 780->819 785 81afb1e 781->785 786 81afb23-81afb4c 781->786 785->786 786->777 791 81af63b-81af65c 788->791 792 81af636 788->792 789->788 793 81af5c3-81af5d2 789->793 795 81af741-81af789 call 81ad6c8 * 2 790->795 796 81af794-81af79a 790->796 797 81af65e 791->797 798 81af663-81af682 791->798 792->791 800 81af611-81af617 793->800 795->790 796->731 797->798 802 81af689-81af6a9 798->802 803 81af684 798->803 805 81af619-81af61a 800->805 806 81af5d4-81af5d8 800->806 811 81af6ab 802->811 812 81af6b0 802->812 803->802 814 81af6b4 805->814 809 81af5da-81af5de 806->809 810 81af5e2-81af603 806->810 809->810 815 81af60a-81af60e 810->815 816 81af605 810->816 811->812 812->814 814->744 815->800 816->815 821 81afbf0-81afbf9 819->821 822 81afd76-81afdd1 819->822 823 81afbfb 821->823 824 81afc02-81afd58 821->824 837 81afe08-81afe32 822->837 838 81afdd3-81afe06 822->838 823->824 826 81afc08-81afc48 823->826 827 81afc4d-81afc8d 823->827 828 81afc92-81afcd2 823->828 829 81afcd7-81afd17 823->829 840 81afd5e 824->840 826->840 827->840 828->840 829->840 846 81afe3b-81afece 837->846 838->846 840->819 850 81afed5-81afef5 846->850 850->735
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJcq$Te^q$pbq$xbaq$TE
                                                • API String ID: 0-1555659734
                                                • Opcode ID: f13cb0bf0613afea368215476d961da3c1792acd2b7818a909a115efada89751
                                                • Instruction ID: 15e113ec4405f76540a70acd0b72d61af541da2e06f77e8d601cdc4698ee355d
                                                • Opcode Fuzzy Hash: f13cb0bf0613afea368215476d961da3c1792acd2b7818a909a115efada89751
                                                • Instruction Fuzzy Hash: FAA2B575A00628CFDB65CF69C984A99BBB2FF89304F1581E9D50DAB325DB319E81CF40
                                                Function 07FF0040 Relevance: 5.1, Strings: 3, Instructions: 1335COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 935 7ff0040-7ff006e 936 7ff0075-7ff0197 935->936 937 7ff0070 935->937 941 7ff01bb-7ff01c7 936->941 942 7ff0199-7ff01af 936->942 937->936 943 7ff01ce-7ff01d3 941->943 944 7ff01c9 941->944 1220 7ff01b5 call 7ff2b78 942->1220 1221 7ff01b5 call 7ff2bd0 942->1221 1222 7ff01b5 call 7ff2bc0 942->1222 945 7ff020b-7ff0254 943->945 946 7ff01d5-7ff01e1 943->946 944->943 957 7ff025b-7ff0520 945->957 958 7ff0256 945->958 948 7ff01e8-7ff0206 946->948 949 7ff01e3 946->949 950 7ff196f-7ff1975 948->950 949->948 952 7ff1977-7ff1997 950->952 953 7ff19a0 950->953 952->953 956 7ff19a1 953->956 956->956 983 7ff0f50-7ff0f5c 957->983 958->957 984 7ff0525-7ff0531 983->984 985 7ff0f62-7ff0f9a 983->985 986 7ff0538-7ff065d 984->986 987 7ff0533 984->987 994 7ff1074-7ff107a 985->994 1022 7ff065f-7ff0697 986->1022 1023 7ff069d-7ff0726 986->1023 987->986 995 7ff0f9f-7ff101c 994->995 996 7ff1080-7ff10b8 994->996 1011 7ff104f-7ff1071 995->1011 1012 7ff101e-7ff1022 995->1012 1006 7ff1416-7ff141c 996->1006 1009 7ff10bd-7ff12bf 1006->1009 1010 7ff1422-7ff146a 1006->1010 1103 7ff135e-7ff1362 1009->1103 1104 7ff12c5-7ff1359 1009->1104 1019 7ff146c-7ff14df 1010->1019 1020 7ff14e5-7ff1530 1010->1020 1011->994 1012->1011 1015 7ff1024-7ff104c 1012->1015 1015->1011 1019->1020 1040 7ff1939-7ff193f 1020->1040 1022->1023 1050 7ff0728-7ff0730 1023->1050 1051 7ff0735-7ff07b9 1023->1051 1043 7ff1535-7ff15b7 1040->1043 1044 7ff1945-7ff196d 1040->1044 1063 7ff15df-7ff15eb 1043->1063 1064 7ff15b9-7ff15d4 1043->1064 1044->950 1053 7ff0f41-7ff0f4d 1050->1053 1076 7ff07bb-7ff07c3 1051->1076 1077 7ff07c8-7ff084c 1051->1077 1053->983 1065 7ff15ed 1063->1065 1066 7ff15f2-7ff15fe 1063->1066 1064->1063 1065->1066 1068 7ff1611-7ff1620 1066->1068 1069 7ff1600-7ff160c 1066->1069 1074 7ff1629-7ff1901 1068->1074 1075 7ff1622 1068->1075 1073 7ff1920-7ff1936 1069->1073 1073->1040 1109 7ff190c-7ff1918 1074->1109 1075->1074 1078 7ff162f-7ff166c 1075->1078 1079 7ff169d-7ff1715 1075->1079 1080 7ff171a-7ff1783 1075->1080 1081 7ff1788-7ff17f1 1075->1081 1082 7ff17f6-7ff185e 1075->1082 1076->1053 1128 7ff084e-7ff0856 1077->1128 1129 7ff085b-7ff08df 1077->1129 1113 7ff1676-7ff1698 1078->1113 1079->1109 1080->1109 1081->1109 1115 7ff18d2-7ff18d8 1082->1115 1111 7ff13bf-7ff13fc 1103->1111 1112 7ff1364-7ff13bd 1103->1112 1126 7ff13fd-7ff1413 1104->1126 1109->1073 1111->1126 1112->1126 1113->1109 1117 7ff18da-7ff18e4 1115->1117 1118 7ff1860-7ff18be 1115->1118 1117->1109 1134 7ff18c5-7ff18cf 1118->1134 1135 7ff18c0 1118->1135 1126->1006 1128->1053 1141 7ff08ee-7ff0972 1129->1141 1142 7ff08e1-7ff08e9 1129->1142 1134->1115 1135->1134 1148 7ff0974-7ff097c 1141->1148 1149 7ff0981-7ff0a05 1141->1149 1142->1053 1148->1053 1155 7ff0a07-7ff0a0f 1149->1155 1156 7ff0a14-7ff0a98 1149->1156 1155->1053 1162 7ff0a9a-7ff0aa2 1156->1162 1163 7ff0aa7-7ff0b2b 1156->1163 1162->1053 1169 7ff0b2d-7ff0b35 1163->1169 1170 7ff0b3a-7ff0bbe 1163->1170 1169->1053 1176 7ff0bcd-7ff0c51 1170->1176 1177 7ff0bc0-7ff0bc8 1170->1177 1183 7ff0c53-7ff0c5b 1176->1183 1184 7ff0c60-7ff0ce4 1176->1184 1177->1053 1183->1053 1190 7ff0ce6-7ff0cee 1184->1190 1191 7ff0cf3-7ff0d77 1184->1191 1190->1053 1197 7ff0d79-7ff0d81 1191->1197 1198 7ff0d86-7ff0e0a 1191->1198 1197->1053 1204 7ff0e0c-7ff0e14 1198->1204 1205 7ff0e19-7ff0e9d 1198->1205 1204->1053 1211 7ff0e9f-7ff0ea7 1205->1211 1212 7ff0eac-7ff0f30 1205->1212 1211->1053 1218 7ff0f3c-7ff0f3e 1212->1218 1219 7ff0f32-7ff0f3a 1212->1219 1218->1053 1219->1053 1220->941 1221->941 1222->941
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2$$^q${,+
                                                • API String ID: 0-2351709004
                                                • Opcode ID: 53df347342369c82c33380ed8aba0c982a41c5f3e24248e00d2d35e2f209bf15
                                                • Instruction ID: 9471f4cd79ab7722786a00bd7e4fee81c4e4330d39d2bb44afdb471aa15be551
                                                • Opcode Fuzzy Hash: 53df347342369c82c33380ed8aba0c982a41c5f3e24248e00d2d35e2f209bf15
                                                • Instruction Fuzzy Hash: 79E2B2B4A002298FDB65DF68D8987DABBF6FB89300F1081E9D509A7355DB349E85CF40
                                                Function 05554D40 Relevance: 3.1, Strings: 2, Instructions: 635COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1618 5554d40-5554d61 1619 5554d63 1618->1619 1620 5554d68-5554ddd 1618->1620 1619->1620 1730 5554de3 call 5555918 1620->1730 1731 5554de3 call 5555908 1620->1731 1625 5554de9-5554e36 1628 5554e45 1625->1628 1629 5554e38-5554e43 1625->1629 1630 5554e4f-5554f6a call 5553ef8 call 5553c20 1628->1630 1629->1630 1643 5554f7c-5554fa7 1630->1643 1644 5554f6c-5554f72 1630->1644 1645 55557e6-5555802 1643->1645 1644->1643 1646 5554fac-555512a call 5553ef8 call 5553c20 1645->1646 1647 5555808-5555823 1645->1647 1660 555513c-55552fc call 5553ef8 call 5553c20 1646->1660 1661 555512c-5555132 1646->1661 1675 5555361-555536b 1660->1675 1676 55552fe-5555302 1660->1676 1661->1660 1677 55555c8-55555e7 1675->1677 1678 5555304-5555305 1676->1678 1679 555530a-555535c call 5553ef8 call 5553c20 1676->1679 1680 5555370-55554d1 call 5553ef8 call 5553c20 1677->1680 1681 55555ed-5555617 call 5554930 1677->1681 1682 555566d-55556d8 1678->1682 1679->1682 1721 55554d7-55555be call 5553ef8 call 5553c20 1680->1721 1722 55555c1-55555c2 1680->1722 1692 5555619-5555667 call 5553ef8 call 5553c20 1681->1692 1693 555566a-555566b 1681->1693 1704 55556ea-5555732 1682->1704 1705 55556da-55556e0 1682->1705 1692->1693 1693->1682 1707 55557ce-55557e3 1704->1707 1708 5555738-55557cd call 5553ef8 call 5553c20 1704->1708 1705->1704 1707->1645 1708->1707 1721->1722 1722->1677 1730->1625 1731->1625
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: fcq$8
                                                • API String ID: 0-89531850
                                                • Opcode ID: 836b8f213500dce77c693b26f1cc8301bce6b91c55e73fe0668b020bb82facd9
                                                • Instruction ID: d799bdfb745191c7566120660270df9726a956569be48394f839a2d0a79ab9b0
                                                • Opcode Fuzzy Hash: 836b8f213500dce77c693b26f1cc8301bce6b91c55e73fe0668b020bb82facd9
                                                • Instruction Fuzzy Hash: F262D475E002299FDB64DF68C854AD9B7B2FB89310F1086AAD90DA7354DB30AEC5CF50
                                                Function 07FFE0D0 Relevance: 3.1, Strings: 2, Instructions: 571COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1732 7ffe0d0-7ffe0d5 1733 7ffe0dd-7ffe0e7 1732->1733 1735 7ffe10d-7ffe110 1733->1735 1736 7ffe0e9-7ffe107 1733->1736 1737 7ffe116-7ffe11c 1735->1737 1738 7ffe295-7ffe29c 1735->1738 1736->1735 1741 7ffe2de-7ffe329 1736->1741 1737->1738 1740 7ffe122-7ffe12b 1737->1740 1744 7ffe12d-7ffe13c 1740->1744 1745 7ffe163-7ffe169 1740->1745 1759 7ffe32b-7ffe338 1741->1759 1760 7ffe362-7ffe364 1741->1760 1744->1745 1752 7ffe13e-7ffe157 1744->1752 1747 7ffe16f-7ffe178 1745->1747 1748 7ffe274-7ffe27a 1745->1748 1747->1748 1755 7ffe17e-7ffe18a 1747->1755 1748->1738 1750 7ffe27c-7ffe28c 1748->1750 1750->1738 1758 7ffe28e-7ffe293 1750->1758 1752->1745 1761 7ffe159-7ffe15c 1752->1761 1764 7ffe228-7ffe26c 1755->1764 1765 7ffe190-7ffe1b8 1755->1765 1758->1738 1759->1760 1768 7ffe33a-7ffe360 1759->1768 1763 7ffe7af-7ffe7b6 1760->1763 1761->1745 1764->1748 1765->1764 1776 7ffe1ba-7ffe1f7 1765->1776 1768->1760 1780 7ffe369-7ffe39d 1768->1780 1776->1764 1790 7ffe1f9-7ffe226 1776->1790 1788 7ffe3a3-7ffe3ac 1780->1788 1789 7ffe440-7ffe44f 1780->1789 1791 7ffe7b7-7ffe7c3 1788->1791 1792 7ffe3b2-7ffe3c5 1788->1792 1797 7ffe48e 1789->1797 1798 7ffe451-7ffe467 1789->1798 1790->1748 1801 7ffe42e-7ffe43a 1792->1801 1802 7ffe3c7-7ffe3e0 1792->1802 1800 7ffe490-7ffe495 1797->1800 1806 7ffe469-7ffe485 1798->1806 1807 7ffe487-7ffe48c 1798->1807 1804 7ffe4d8-7ffe4f4 1800->1804 1805 7ffe497-7ffe4b8 1800->1805 1801->1788 1801->1789 1802->1801 1821 7ffe3e2-7ffe3f0 1802->1821 1813 7ffe5bc-7ffe5c5 1804->1813 1814 7ffe4fa-7ffe503 1804->1814 1805->1804 1825 7ffe4ba 1805->1825 1806->1800 1807->1800 1817 7ffe7ad 1813->1817 1818 7ffe5cb 1813->1818 1814->1791 1819 7ffe509-7ffe526 1814->1819 1817->1763 1822 7ffe5d9-7ffe5e7 1818->1822 1823 7ffe636-7ffe644 1818->1823 1824 7ffe5d2-7ffe5d4 1818->1824 1843 7ffe52c-7ffe542 1819->1843 1844 7ffe5aa-7ffe5b6 1819->1844 1821->1801 1829 7ffe3f2-7ffe3f6 1821->1829 1834 7ffe5ff-7ffe602 1822->1834 1835 7ffe5e9-7ffe5ef 1822->1835 1836 7ffe65c-7ffe65f 1823->1836 1837 7ffe646-7ffe64c 1823->1837 1824->1763 1827 7ffe4bd-7ffe4d6 1825->1827 1827->1804 1829->1791 1833 7ffe3fc-7ffe415 1829->1833 1833->1801 1865 7ffe417-7ffe42b 1833->1865 1845 7ffe60b-7ffe619 1834->1845 1846 7ffe604-7ffe606 1834->1846 1839 7ffe5f3-7ffe5f5 1835->1839 1840 7ffe5f1 1835->1840 1847 7ffe665-7ffe673 1836->1847 1848 7ffe6f0-7ffe701 1836->1848 1841 7ffe64e 1837->1841 1842 7ffe650-7ffe652 1837->1842 1839->1834 1840->1834 1841->1836 1842->1836 1843->1844 1871 7ffe544-7ffe552 1843->1871 1844->1813 1844->1814 1854 7ffe61b-7ffe621 1845->1854 1855 7ffe631 1845->1855 1846->1763 1856 7ffe68b-7ffe69e 1847->1856 1857 7ffe675-7ffe67b 1847->1857 1859 7ffe719-7ffe71c 1848->1859 1860 7ffe703-7ffe709 1848->1860 1861 7ffe625-7ffe627 1854->1861 1862 7ffe623 1854->1862 1855->1763 1873 7ffe6b6-7ffe6c3 1856->1873 1874 7ffe6a0-7ffe6a6 1856->1874 1863 7ffe67f-7ffe681 1857->1863 1864 7ffe67d 1857->1864 1859->1817 1869 7ffe722-7ffe733 1859->1869 1866 7ffe70d-7ffe70f 1860->1866 1867 7ffe70b 1860->1867 1861->1855 1862->1855 1863->1856 1864->1856 1865->1801 1866->1859 1867->1859 1877 7ffe74b-7ffe75b 1869->1877 1878 7ffe735-7ffe73b 1869->1878 1871->1844 1881 7ffe554-7ffe558 1871->1881 1873->1848 1888 7ffe6c5-7ffe6d3 1873->1888 1879 7ffe6aa-7ffe6ac 1874->1879 1880 7ffe6a8 1874->1880 1889 7ffe75d-7ffe763 1877->1889 1890 7ffe773-7ffe780 1877->1890 1882 7ffe73f-7ffe741 1878->1882 1883 7ffe73d 1878->1883 1879->1873 1880->1873 1881->1791 1886 7ffe55e-7ffe587 1881->1886 1882->1877 1883->1877 1886->1844 1906 7ffe589-7ffe5a7 1886->1906 1895 7ffe6eb 1888->1895 1896 7ffe6d5-7ffe6db 1888->1896 1893 7ffe767-7ffe769 1889->1893 1894 7ffe765 1889->1894 1890->1817 1898 7ffe782-7ffe793 1890->1898 1893->1890 1894->1890 1895->1763 1899 7ffe6df-7ffe6e1 1896->1899 1900 7ffe6dd 1896->1900 1904 7ffe7ab 1898->1904 1905 7ffe795-7ffe79b 1898->1905 1899->1895 1900->1895 1904->1763 1907 7ffe79f-7ffe7a1 1905->1907 1908 7ffe79d 1905->1908 1906->1844 1907->1904 1908->1904
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Pl^q$$^q
                                                • API String ID: 0-2677662154
                                                • Opcode ID: a4eee5c6f39e139f529545cb878f90ed2ba20c6a42cc6eb9cb08917b5074885e
                                                • Instruction ID: 54a5bf04cd57ae4e387b6d0e5bd621a016c96d7447335a639d2ca298b2bed026
                                                • Opcode Fuzzy Hash: a4eee5c6f39e139f529545cb878f90ed2ba20c6a42cc6eb9cb08917b5074885e
                                                • Instruction Fuzzy Hash: 7E2227B4B10209CFDB14DF28C988A6A77E6BF89700B1984A9D606CB3B5DF35EC41CB51
                                                Function 01B4B930 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2066 1b4b930-1b4b94a 2067 1b4b951-1b4b958 2066->2067 2068 1b4b94c 2066->2068 2069 1b4b963-1b4bbd6 2067->2069 2068->2067
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$4'^q
                                                • API String ID: 0-2697143702
                                                • Opcode ID: 99255d5765b6da657772200602b3d5bad5e38f00ffadd6dbb56b582cd75863a3
                                                • Instruction ID: 67966f7464512b90ed4e5d81e23abf454fdfa867459bd58dd25e61781cbfa417
                                                • Opcode Fuzzy Hash: 99255d5765b6da657772200602b3d5bad5e38f00ffadd6dbb56b582cd75863a3
                                                • Instruction Fuzzy Hash: AA711C75E002058FD718DFAAE54469EBBF3FFC9305F04C029D1089B269EB38588ADB54
                                                Function 0551A410 Relevance: 1.9, Strings: 1, Instructions: 694COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: cc3d285dbbc2d1f083b33bbe0a9e2fce2889608f342b471a8d9e14e5b52f85e8
                                                • Instruction ID: ca1b8f0785400d4670260cf9c9b2f4562648651a4990814f89c37ea0cd1f4dfc
                                                • Opcode Fuzzy Hash: cc3d285dbbc2d1f083b33bbe0a9e2fce2889608f342b471a8d9e14e5b52f85e8
                                                • Instruction Fuzzy Hash: 9A429B74B012158FDB19DFA9C594A6EBBF2FF88300F248929D81AD7381DB34A941CBD4
                                                Function 080D85C7 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: e5bbc8cfb5e6bf8a51a3203ca8c57c88db5c52c38de1a9920a8a2bc2d142be1f
                                                • Instruction ID: 8482795c3a752c1ce3198a50bd89d715e46deb345ca91cc52b6ca8f5e6b00bc5
                                                • Opcode Fuzzy Hash: e5bbc8cfb5e6bf8a51a3203ca8c57c88db5c52c38de1a9920a8a2bc2d142be1f
                                                • Instruction Fuzzy Hash: 53F1EFB4A01318CFEB64DFA8D844BAEB7F6FB49301F1084A9D50AA7254DB345D85CF51
                                                Function 05558508 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 055585BD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: 4efec22a8028166224ea8deafae89f666f1d021d28458e3fcba6abd13cc48281
                                                • Instruction ID: 2ad7eb446a2bf5ffeb5d348a0248f3c1755ef54d533d3d46b97ac03a0b9cc675
                                                • Opcode Fuzzy Hash: 4efec22a8028166224ea8deafae89f666f1d021d28458e3fcba6abd13cc48281
                                                • Instruction Fuzzy Hash: 334179B9D04258DFCF10CFA9D980ADEFBB1BB49320F10942AE819B7210D735A945CF58
                                                Function 05558500 Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 055585BD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: e57ecea2bfdc9f84c8772d39c7725702f58ede9149383882d207bd89590d7bcb
                                                • Instruction ID: a0ed9f45802deb504931f5eb7a659a2feb519bbc220ec8309dd7f93a905821a7
                                                • Opcode Fuzzy Hash: e57ecea2bfdc9f84c8772d39c7725702f58ede9149383882d207bd89590d7bcb
                                                • Instruction Fuzzy Hash: 9C4177B9D04259DFCF10CFA9D980AEEFBB1BB49310F20942AE819B7210D735A945CF58
                                                Function 05559D88 Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 05559E1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 85017ffe140d6feeb24efd62b70932590bf72394b13bb775e3b6487726559f52
                                                • Instruction ID: c2d2a780b940fe67ba0c6bb9ab67b3cffda596fb673475aae44b7961d0f6f736
                                                • Opcode Fuzzy Hash: 85017ffe140d6feeb24efd62b70932590bf72394b13bb775e3b6487726559f52
                                                • Instruction Fuzzy Hash: BC319BB5D012189FCB10CFA9D980ADEFBF5BB49320F10942AE855B7210C779A945CF94
                                                Function 05559D90 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 05559E1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 608b3e305ee8d7f5c2d831eb73effee06fbd24748755ac5d731f947ac48107d8
                                                • Instruction ID: f26ed253a48ad1e16c8df073d46ee07a45764087d69702efa9dab1f4b18f8550
                                                • Opcode Fuzzy Hash: 608b3e305ee8d7f5c2d831eb73effee06fbd24748755ac5d731f947ac48107d8
                                                • Instruction Fuzzy Hash: C431AAB5D01218DFCB10CFA9D980ADEFBF5BB49320F10942AE815B7210C739A945CF94
                                                Function 05551F48 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH^q
                                                • API String ID: 0-2549759414
                                                • Opcode ID: 43d192bec15240a13a89cbd9daa56c7b59950dd567728450206c2638df32adf2
                                                • Instruction ID: fb56b184850e9dcc153fa90473a62a87da4aea9bcf08e84f91de264d71929d11
                                                • Opcode Fuzzy Hash: 43d192bec15240a13a89cbd9daa56c7b59950dd567728450206c2638df32adf2
                                                • Instruction Fuzzy Hash: 9AD10478E05218CFDB14CFA9D854BAEBBF2FF49310F1084AAD90AA7254DB745989CF41
                                                Function 0845ED60 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Deq
                                                • API String ID: 0-948982800
                                                • Opcode ID: ed0f896a30401412fb6e622c4a681909115644bee1dca46dbf93321db3711eaf
                                                • Instruction ID: 9a37057b5c61249949ce1f83eabf0a015972cb093cc66a397b5514e670b62bbd
                                                • Opcode Fuzzy Hash: ed0f896a30401412fb6e622c4a681909115644bee1dca46dbf93321db3711eaf
                                                • Instruction Fuzzy Hash: D4D1BF78A00218CFDB54CFA9D984A9DBBF2FF89301F1080A9D409AB365DB35AD85CF51
                                                Function 05552998 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4|cq
                                                • API String ID: 0-1781815312
                                                • Opcode ID: 8f22c2fa17fa056a659a946ccb91417aa50f2bbd7087f6bef6c20937485aa333
                                                • Instruction ID: b377b471505da6767ea0cbb9a44781892bcf60e9fb2d4e94a4c66ce77d8ebe80
                                                • Opcode Fuzzy Hash: 8f22c2fa17fa056a659a946ccb91417aa50f2bbd7087f6bef6c20937485aa333
                                                • Instruction Fuzzy Hash: F1C1C278A01218CFEB64DF68D894BA9B7B2FB89310F0081EAD90DA7345DB345E84CF51
                                                Function 07FFD300 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: f7f5374d3c8d433e5f4fdbe2a849edccd812af32e98c5851493f3df341190d48
                                                • Instruction ID: 3bc20ba7d8f63e9bfd8aef4660fe743ca7a2520a83536cabdf6bd0ec79303a01
                                                • Opcode Fuzzy Hash: f7f5374d3c8d433e5f4fdbe2a849edccd812af32e98c5851493f3df341190d48
                                                • Instruction Fuzzy Hash: 7EA1E3B4E05209CFDB24DFA9D894B9DBBF6FF49304F1880AAD509A7261DB749985CF00
                                                Function 07FFD310 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 5de0c3b6f6001ea81b0da7d83e1c27a71a45423e3f6a998b12e8a124ac1753b1
                                                • Instruction ID: 631ec13f29febc50f92f414b0c7caf08f3a76db41f00e68614132d5d73af6ed1
                                                • Opcode Fuzzy Hash: 5de0c3b6f6001ea81b0da7d83e1c27a71a45423e3f6a998b12e8a124ac1753b1
                                                • Instruction Fuzzy Hash: 00A116B4E05208CFDB14DFA9D8A4B9DBBF6FF49304F1880A9D509A7261DB349985CF00
                                                Function 07FF19A3 Relevance: .5, Instructions: 539COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2b0ea0fe7468944a6f2e214caa074a077e6f71aad4292b918ed50881315b695
                                                • Instruction ID: f67429e1169b48f1d77d11546e15a8426bdf9d277351367bf21bedc48ceff620
                                                • Opcode Fuzzy Hash: f2b0ea0fe7468944a6f2e214caa074a077e6f71aad4292b918ed50881315b695
                                                • Instruction Fuzzy Hash: 825290B4A00629CFCB64DF28C988B9ABBB6FB49301F1085D9D50DA7355DB34AE85CF50
                                                Function 05555C87 Relevance: .2, Instructions: 209COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 950b14777ffb3893774a46bb54d1b99064725e2d115957db5db9b27e25cfba60
                                                • Instruction ID: 2359e0151b8023cbbf2d6b226fa41b30bbd7df59169020ee8ea8047b76ce9a18
                                                • Opcode Fuzzy Hash: 950b14777ffb3893774a46bb54d1b99064725e2d115957db5db9b27e25cfba60
                                                • Instruction Fuzzy Hash: 9691E574A002188FDB54DFA9C954BAEBBF2BF89300F5085AAD50DA7354DB309E858F51
                                                Function 05555C98 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba202058dd19072ddba2498ad25544e918e9df7919989cadfe6227226128ba24
                                                • Instruction ID: 1c5f85f2da470acb992bac4e90d1dc0dfed6c1d72af323260ff5ba3aafbbc46a
                                                • Opcode Fuzzy Hash: ba202058dd19072ddba2498ad25544e918e9df7919989cadfe6227226128ba24
                                                • Instruction Fuzzy Hash: BF91F674A002188FDB54DFA9C954BAEBBF6FF89300F5084AAD50DA7354DB309E858F51
                                                Function 05555DCD Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd53690d252676d2eb37565e925e08720b1d91253af739bed163557580ca1ce7
                                                • Instruction ID: 275ada0ffe6b9d186628dc3c537b08d69cdfcd083efc99bc73308c0a4da2ba49
                                                • Opcode Fuzzy Hash: bd53690d252676d2eb37565e925e08720b1d91253af739bed163557580ca1ce7
                                                • Instruction Fuzzy Hash: 5181B474A002189FDB54DFA8C954BAABBF2FF89300F5085AAD50DA7354DB30AE85CF51
                                                Function 07FF001F Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70902960014818f2d90dbdf1e9955563a149b6df63313c5ed2b0ed99acac6810
                                                • Instruction ID: aa140b56ee4f34ff440e896e17a2cd1910b8ba8ec384c47ad1c22900501879f7
                                                • Opcode Fuzzy Hash: 70902960014818f2d90dbdf1e9955563a149b6df63313c5ed2b0ed99acac6810
                                                • Instruction Fuzzy Hash: 2D51ECB1E00A198BDB28CF6BDC4429AFBF3BFC9301F18C1A9D5089B265DB3459858F50
                                                Function 05511308 Relevance: 7.7, Strings: 6, Instructions: 156COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 639 5511308-5511354 643 55114d2-551150e 639->643 644 551135a-551136c 639->644 647 55113bc-5511405 644->647 648 551136e-55113ba 644->648 664 5511408-5511448 647->664 648->664 669 5511452-551145c 664->669 670 551144a-5511450 664->670 671 551145f-55114a2 669->671 670->671 678 55114a4-55114c0 671->678 679 55114c8-55114cf 671->679 678->679
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                • API String ID: 0-723292480
                                                • Opcode ID: 18ace7c625c2f3c1239d3b1e92fb68023fa5675f67336cf140658a38f52049c5
                                                • Instruction ID: 08fcdc8e972a9ae7d818efe08593be83fdfcf4094b8951bdf4072d94efb64d26
                                                • Opcode Fuzzy Hash: 18ace7c625c2f3c1239d3b1e92fb68023fa5675f67336cf140658a38f52049c5
                                                • Instruction Fuzzy Hash: D551D470A402098FC708DB79C5546AEBBE7BFC8300F10896DC5099B3A9DF75ED4A87A1
                                                Function 07FFE8D0 Relevance: 6.6, Strings: 5, Instructions: 350COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 852 7ffe8d0-7ffe8f8 854 7ffe8fe-7ffe902 852->854 855 7ffe9e4-7ffea09 852->855 856 7ffe916-7ffe91a 854->856 857 7ffe904-7ffe910 854->857 862 7ffea10-7ffea34 855->862 858 7ffea3b-7ffea60 856->858 859 7ffe920-7ffe937 856->859 857->856 857->862 877 7ffea67-7ffeaba 858->877 870 7ffe94b-7ffe94f 859->870 871 7ffe939-7ffe945 859->871 862->858 872 7ffe97b-7ffe994 870->872 873 7ffe951-7ffe96a 870->873 871->870 871->877 884 7ffe9bd-7ffe9e1 872->884 885 7ffe996-7ffe9ba 872->885 873->872 886 7ffe96c-7ffe96f 873->886 894 7ffeabc-7ffeadc 877->894 895 7ffeaf2-7ffeb17 877->895 890 7ffe978 886->890 890->872 902 7ffeb1e-7ffeb72 894->902 903 7ffeade-7ffeaef 894->903 895->902 909 7ffec19-7ffec67 902->909 910 7ffeb78-7ffeb84 902->910 922 7ffec69-7ffec8d 909->922 923 7ffec97-7ffec9d 909->923 913 7ffeb8e-7ffeba2 910->913 914 7ffeb86-7ffeb8d 910->914 918 7ffeba4-7ffebc9 913->918 919 7ffec11-7ffec18 913->919 929 7ffec0c-7ffec0f 918->929 930 7ffebcb-7ffebe5 918->930 922->923 925 7ffec8f 922->925 926 7ffecaf-7ffecbe 923->926 927 7ffec9f-7ffecac 923->927 925->923 929->918 929->919 930->929 932 7ffebe7-7ffebf0 930->932 933 7ffebff-7ffec0b 932->933 934 7ffebf2-7ffebf5 932->934 934->933
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$(bq$(bq$(bq$(bq
                                                • API String ID: 0-2298650571
                                                • Opcode ID: 139cffb372aefe65479ca4fcb93095a010db610cf1d345ce01557dc6295166fc
                                                • Instruction ID: b51687101b299f577ccf7f6681484bf2c6f89d5ef8ed38a4ff2c062cbb54556e
                                                • Opcode Fuzzy Hash: 139cffb372aefe65479ca4fcb93095a010db610cf1d345ce01557dc6295166fc
                                                • Instruction Fuzzy Hash: BAC1E4717042558FC714DF69D854AAE7BE6FF88210B18817AE905CB3A2CF39DC06CBA1
                                                Function 05510448 Relevance: 4.2, Strings: 3, Instructions: 444COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1223 5510448-5510470 1225 5510472-55104b9 1223->1225 1226 55104be-55104cc 1223->1226 1269 5510915-551091c 1225->1269 1227 55104db 1226->1227 1228 55104ce-55104d9 1226->1228 1229 55104dd-55104e4 1227->1229 1228->1229 1232 55104ea-55104ee 1229->1232 1233 55105cd-55105d1 1229->1233 1236 55104f4-55104f8 1232->1236 1237 551091d-5510945 1232->1237 1234 55105d3-55105e2 1233->1234 1235 5510627-5510631 1233->1235 1247 55105e6-55105eb 1234->1247 1241 5510633-5510642 1235->1241 1242 551066a-5510690 1235->1242 1239 551050a-5510568 1236->1239 1240 55104fa-5510504 1236->1240 1245 551094c-5510976 1237->1245 1277 55109db-55109f4 1239->1277 1278 551056e-55105c8 1239->1278 1240->1239 1240->1245 1251 5510648-5510665 1241->1251 1252 551097e-5510994 1241->1252 1265 5510692-551069b 1242->1265 1266 551069d 1242->1266 1245->1252 1253 55105e4 1247->1253 1254 55105ed-5510622 1247->1254 1251->1269 1279 551099c-55109d4 1252->1279 1253->1247 1254->1269 1270 551069f-55106c7 1265->1270 1266->1270 1282 5510798-551079c 1270->1282 1283 55106cd-55106e6 1270->1283 1278->1269 1279->1277 1287 5510816-5510820 1282->1287 1288 551079e-55107b7 1282->1288 1283->1282 1303 55106ec-55106fb 1283->1303 1290 5510822-551082c 1287->1290 1291 551087d-5510886 1287->1291 1288->1287 1307 55107b9-55107c8 1288->1307 1304 5510832-5510844 1290->1304 1305 551082e-5510830 1290->1305 1295 5510888-55108b6 1291->1295 1296 55108be-551090b 1291->1296 1295->1296 1346 551090d call 5510c90 1296->1346 1347 551090d call 5510c7f 1296->1347 1318 5510713-5510728 1303->1318 1319 55106fd-5510703 1303->1319 1309 5510846-5510848 1304->1309 1305->1309 1323 55107e0-55107eb 1307->1323 1324 55107ca-55107d0 1307->1324 1315 5510876-551087b 1309->1315 1316 551084a-551084e 1309->1316 1311 5510913 1311->1269 1315->1290 1315->1291 1320 5510850-5510869 1316->1320 1321 551086c-551086f 1316->1321 1329 551072a-5510756 1318->1329 1330 551075c-5510765 1318->1330 1325 5510705 1319->1325 1326 5510707-5510709 1319->1326 1320->1321 1321->1315 1323->1277 1335 55107f1-5510814 1323->1335 1333 55107d2 1324->1333 1334 55107d4-55107d6 1324->1334 1325->1318 1326->1318 1329->1279 1329->1330 1330->1277 1332 551076b-5510792 1330->1332 1332->1282 1332->1303 1333->1323 1334->1323 1335->1287 1335->1307 1346->1311 1347->1311
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hbq$Hbq$Hbq
                                                • API String ID: 0-2297679979
                                                • Opcode ID: ff2f35f129deffbb06a0f748fbb5155243fe89a6375c2bf0e80bad1291596e7e
                                                • Instruction ID: af29fb5021a64f483e5b21772e1afdc4bd82c1171b6f2a439cd5c21ff347168d
                                                • Opcode Fuzzy Hash: ff2f35f129deffbb06a0f748fbb5155243fe89a6375c2bf0e80bad1291596e7e
                                                • Instruction Fuzzy Hash: 38024F70A00604DFDB24DFA5C498AAEBBF2FF88300F148529D5469B7A5DB35EC85CB54
                                                Function 05511D00 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1348 5511d00-5511d2b 1463 5511d2d call 5512220 1348->1463 1464 5511d2d call 5512209 1348->1464 1349 5511d33-5511d3d 1350 5511d5f-5511d75 call 5511b08 1349->1350 1351 5511d3f-5511d42 1349->1351 1357 55120eb-55120ff 1350->1357 1358 5511d7b-5511d87 1350->1358 1465 5511d44 call 5512670 1351->1465 1466 5511d44 call 5512618 1351->1466 1467 5511d44 call 5512608 1351->1467 1353 5511d4a-5511d4c 1353->1350 1355 5511d4e-5511d56 1353->1355 1355->1350 1368 551213f-5512148 1357->1368 1359 5511eb8-5511ebf 1358->1359 1360 5511d8d-5511d90 1358->1360 1363 5511ec5-5511ece 1359->1363 1364 5511fee-5512028 call 5511510 1359->1364 1361 5511d93-5511d9c 1360->1361 1366 55121e0 1361->1366 1367 5511da2-5511db6 1361->1367 1363->1364 1369 5511ed4-5511fe0 call 5511510 call 5511aa0 call 5511510 1363->1369 1461 551202b call 55148a1 1364->1461 1462 551202b call 55148b0 1364->1462 1375 55121e5-55121e9 1366->1375 1383 5511ea8-5511eb2 1367->1383 1384 5511dbc-5511e51 call 5511b08 * 2 call 5511510 call 5511aa0 call 5511b48 call 5511bf0 call 5511c58 1367->1384 1371 551214a-5512151 1368->1371 1372 551210d-5512116 1368->1372 1459 5511fe2 1369->1459 1460 5511feb 1369->1460 1373 5512153-5512196 call 5511510 1371->1373 1374 551219f-55121a6 1371->1374 1372->1366 1377 551211c-551212e 1372->1377 1373->1374 1385 55121a8-55121b8 1374->1385 1386 55121cb-55121de 1374->1386 1381 55121f4 1375->1381 1382 55121eb 1375->1382 1394 5512130-5512135 1377->1394 1395 551213e 1377->1395 1392 55121f5 1381->1392 1382->1381 1383->1359 1383->1361 1439 5511e70-5511ea3 call 5511c58 1384->1439 1440 5511e53-5511e6b call 5511bf0 call 5511510 call 55117c0 1384->1440 1385->1386 1397 55121ba-55121c2 1385->1397 1386->1375 1392->1392 1468 5512138 call 5515041 1394->1468 1469 5512138 call 5515050 1394->1469 1395->1368 1397->1386 1407 5512031-5512052 1416 551205d-55120e2 call 5511510 1407->1416 1416->1357 1439->1383 1440->1439 1459->1460 1460->1364 1461->1407 1462->1407 1463->1349 1464->1349 1465->1353 1466->1353 1467->1353 1468->1395 1469->1395
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$4'^q$4'^q
                                                • API String ID: 0-1196845430
                                                • Opcode ID: ed4add4e87bb26ab1f1c8daba493f4f16ec9ee65fdedeed12e78af1577dcf9d3
                                                • Instruction ID: 1bfc100a2c7529ceaf241ba13bcf65cb286f7a1991e23116ee2958e303ec0091
                                                • Opcode Fuzzy Hash: ed4add4e87bb26ab1f1c8daba493f4f16ec9ee65fdedeed12e78af1577dcf9d3
                                                • Instruction Fuzzy Hash: C5F1C834B00519DFDB04DFA4D998A9DBBB2FF88300F118199E906AB3A5DB35EC46CB54
                                                Function 055166E0 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1470 55166e0-55166f0 1471 55166f6-55166fa 1470->1471 1472 5516809-551682e 1470->1472 1473 5516700-5516709 1471->1473 1474 5516835-551685a 1471->1474 1472->1474 1475 5516861-5516897 1473->1475 1476 551670f-5516736 1473->1476 1474->1475 1493 551689e-55168f4 1475->1493 1487 551673c-551673e 1476->1487 1488 55167fe-5516808 1476->1488 1489 5516740-5516743 1487->1489 1490 551675f-5516761 1487->1490 1492 5516749-5516753 1489->1492 1489->1493 1494 5516764-5516768 1490->1494 1492->1493 1495 5516759-551675d 1492->1495 1508 55168f6-551690a 1493->1508 1509 5516918-551692f 1493->1509 1496 55167c9-55167d5 1494->1496 1497 551676a-5516779 1494->1497 1495->1490 1495->1494 1496->1493 1500 55167db-55167f8 1496->1500 1497->1493 1504 551677f-55167c6 1497->1504 1500->1487 1500->1488 1504->1496 1584 551690d call 5516c70 1508->1584 1585 551690d call 5516df8 1508->1585 1586 551690d call 5516f58 1508->1586 1587 551690d call 5516c5f 1508->1587 1516 5516a20-5516a30 1509->1516 1517 5516935-5516a1b call 5511b08 call 5511510 * 2 call 5511b48 call 5515718 call 5511510 call 55148b0 call 55123b0 1509->1517 1514 5516913 1519 5516b43-5516b4e 1514->1519 1526 5516a36-5516b10 call 5511b08 * 2 call 55122c0 call 5511510 * 2 call 55117c0 call 5511c58 call 5511510 1516->1526 1527 5516b1e-5516b3a call 5511510 1516->1527 1517->1516 1528 5516b50-5516b60 1519->1528 1529 5516b7d-5516b9e call 5511c58 1519->1529 1580 5516b12 1526->1580 1581 5516b1b 1526->1581 1527->1519 1538 5516b70-5516b78 call 55123b0 1528->1538 1539 5516b62-5516b68 1528->1539 1538->1529 1539->1538 1580->1581 1581->1527 1584->1514 1585->1514 1586->1514 1587->1514
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$(bq$Hbq
                                                • API String ID: 0-2835675688
                                                • Opcode ID: 8377184ed8da41563b895a7a4bb80f69d98fd1b9c2f6b28458e296275e888a79
                                                • Instruction ID: e85f5d8c87a88165e7d123aef3715bb23c834e9d4cafa46f66fc0f9be44cecad
                                                • Opcode Fuzzy Hash: 8377184ed8da41563b895a7a4bb80f69d98fd1b9c2f6b28458e296275e888a79
                                                • Instruction Fuzzy Hash: E9E11D34B00209DFDB04EF64D5989ADBBB2FF89300F118569E906AB364DB30ED46CB95
                                                Function 05510C90 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1912 5510c90-5510cb7 1914 5510d05-5510d1f 1912->1914 1915 5510cb8 1912->1915 1927 5510d21-5510d27 1914->1927 1928 5510d29-5510d38 1914->1928 1916 5510cb9-5510cbb 1915->1916 1918 5510cd7-5510cdb 1916->1918 1919 5510cbd-5510cc7 1916->1919 1922 5510cdd-5510ce3 1918->1922 1923 5510cff-5510d03 1918->1923 1920 5510fe7-5510ffc 1919->1920 1921 5510ccd-5510cd1 1919->1921 1932 5510ffe-551100b 1920->1932 1921->1918 1925 5510e55-5510e58 1921->1925 1922->1920 1926 5510ce9-5510cf6 1922->1926 1923->1914 1923->1916 1925->1920 1929 5510e5e-5510ed6 1925->1929 1926->1923 1937 5510cf8 1926->1937 1931 5510d3e-5510d77 1927->1931 1928->1931 1941 5510edd-5510f25 1928->1941 1929->1941 1962 5510d87-5510d9c 1931->1962 1963 5510d79-5510d80 1931->1963 1935 551100d-5511019 1932->1935 1939 5511079-551107d 1935->1939 1940 551101b-5511021 1935->1940 1937->1923 1939->1935 1942 551107f-5511086 1939->1942 1944 5511023-551102a 1940->1944 1945 5511087-55110a3 1940->1945 1975 5510f2c-5510f62 1941->1975 1944->1945 1948 551102c-5511032 1944->1948 1957 55110ac-55110ad 1945->1957 1951 5511073-5511077 1948->1951 1952 5511034-551103f 1948->1952 1951->1939 1951->1940 1952->1945 1955 5511041-551104b 1952->1955 1955->1945 1958 551104d-551106c 1955->1958 1958->1951 1974 5510da2-5510dc3 1962->1974 1962->1975 1963->1962 1965 5510d82-5510d84 1963->1965 1965->1962 1982 5510dc5-5510dd2 1974->1982 1983 5510df4-5510e04 1974->1983 1998 5510f69-5510f8d 1975->1998 1989 5510de2 1982->1989 1990 5510dd4-5510de0 1982->1990 1987 5510e06-5510e26 1983->1987 1988 5510e28 1983->1988 1993 5510e2a-5510e3f 1987->1993 1988->1993 1992 5510de7-5510dea 1989->1992 1990->1992 1997 5510df0 1992->1997 1992->1998 1995 5510e41-5510e45 1993->1995 1996 5510e4b-5510e52 1993->1996 1995->1996 1999 5510f94-5510fe0 1995->1999 1997->1983 1998->1999 1999->1920
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hbq$Hbq
                                                • API String ID: 0-4258043069
                                                • Opcode ID: 9f8139ca6c9c36ca6430901757f952e1e483312815c35606d377a18937b21e21
                                                • Instruction ID: e999347a4dcb3023d19e257d2a4e27cf4955f20c93bcbf67f7f065e412b2a975
                                                • Opcode Fuzzy Hash: 9f8139ca6c9c36ca6430901757f952e1e483312815c35606d377a18937b21e21
                                                • Instruction Fuzzy Hash: 35D1B0306045459FDB04DF29C484AAEBBF6FF88304F158569E8098B3A5DB34FD86CB95
                                                Function 080DE268 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2009 80de268-80de27a 2010 80de36e-80de393 2009->2010 2011 80de280-80de282 2009->2011 2013 80de39a-80de3be 2010->2013 2012 80de288-80de294 2011->2012 2011->2013 2018 80de2a8-80de2b8 2012->2018 2019 80de296-80de2a2 2012->2019 2024 80de3c5-80de3e9 2013->2024 2018->2024 2025 80de2be-80de2cc 2018->2025 2019->2018 2019->2024 2029 80de3f0-80de475 call 80dbac8 2024->2029 2025->2029 2030 80de2d2-80de2d7 2025->2030 2054 80de47a-80de488 call 80dd970 2029->2054 2063 80de2d9 call 80de258 2030->2063 2064 80de2d9 call 80de268 2030->2064 2065 80de2d9 call 80de458 2030->2065 2032 80de2df-80de328 2047 80de34b-80de36b call 80dc770 2032->2047 2048 80de32a-80de343 2032->2048 2048->2047 2059 80de48a-80de490 2054->2059 2060 80de4a0-80de4a2 2054->2060 2061 80de494-80de496 2059->2061 2062 80de492 2059->2062 2061->2060 2062->2060 2063->2032 2064->2032 2065->2032
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: dfdb08fdbb0bce62b12c25443d7b73e13ad1eaec8e205cc85544c9259f992276
                                                • Instruction ID: 3e6d8dbc8a7dd94c1f516f951f81e66558d9cce7c2e1d2ce2a2e6cdbdbc82586
                                                • Opcode Fuzzy Hash: dfdb08fdbb0bce62b12c25443d7b73e13ad1eaec8e205cc85544c9259f992276
                                                • Instruction Fuzzy Hash: 6C5176757003449FC729AF38C85856EBBE7EF89211B21446DD8068B7A5CF35EC06CB91
                                                Function 080DADA8 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2213 80dada8-80dadb7 2214 80dadbd-80dadc9 2213->2214 2215 80daed0-80daef5 2213->2215 2218 80daefc-80daf6e 2214->2218 2219 80dadcf-80dadd7 2214->2219 2215->2218 2225 80dade2-80dade6 2219->2225 2226 80dadf9-80dae10 2225->2226 2227 80dade8-80dadf7 2225->2227 2233 80dae1a-80dae1c 2226->2233 2234 80dae12 2226->2234 2227->2226 2238 80dae23-80dae30 2233->2238 2236 80dae1e 2234->2236 2237 80dae14-80dae18 2234->2237 2236->2238 2237->2233 2237->2236 2239 80dae38-80dae3b 2238->2239 2240 80dae32-80dae36 2238->2240 2242 80dae3e-80dae46 2239->2242 2240->2242 2243 80dae48-80dae50 2242->2243 2244 80dae52 2242->2244 2246 80dae56-80daeb5 2243->2246 2244->2246 2249 80daec9-80daecd 2246->2249 2250 80daeb7-80daec1 2246->2250 2250->2249
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: 1186a2732508fcfa789ac2a41d728882c10569768dbec574b48c587858b58737
                                                • Instruction ID: e7be875ebd9244c959c89cbd45d8ed4f217d7a047ffd221fb4e1f48c8a07e195
                                                • Opcode Fuzzy Hash: 1186a2732508fcfa789ac2a41d728882c10569768dbec574b48c587858b58737
                                                • Instruction Fuzzy Hash: B741DF713047518FD325DF3AD44435ABBE2EF85311F108A2ED09A8B7A5DB74E849CB91
                                                Function 055112F8 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$pbq
                                                • API String ID: 0-3872760177
                                                • Opcode ID: 4dd3f65ab54a836a2550192dff6b186627281841d728a615e870352f5341c2b5
                                                • Instruction ID: 755e04d978d409a3dbbbea9d6d5d2281f9aefdac5bf1b56bbc76a66cee1bf9e1
                                                • Opcode Fuzzy Hash: 4dd3f65ab54a836a2550192dff6b186627281841d728a615e870352f5341c2b5
                                                • Instruction Fuzzy Hash: ED41E231A402059FC715DF68C9446AEBBF7FF88300F108929D5099B369DB75ED4A8BA1
                                                Function 05517940 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: 9e076f3b4a14fa2483c61d366d8bfd6410e22e82de7d98fb1315778f9b06731c
                                                • Instruction ID: 07c91474f721acba9b721f8b7646beca1a7723ae79d1b3e5477d112d803713b8
                                                • Opcode Fuzzy Hash: 9e076f3b4a14fa2483c61d366d8bfd6410e22e82de7d98fb1315778f9b06731c
                                                • Instruction Fuzzy Hash: E231D2312082845FC702DB69D85459EBFE6EF8A20071441ABE449CB3A2DF359D09C7A6
                                                Function 05A54D78 Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -$=
                                                • API String ID: 0-1716822294
                                                • Opcode ID: d0b4c3d5dbc92369cf6061456697b2baebd77a1dd940f358a748dcb5407f805f
                                                • Instruction ID: 485d1e5e7bad8d6294a8ff5d91c8e27bc9b6b6c926a871685c8477fcbcac3d2c
                                                • Opcode Fuzzy Hash: d0b4c3d5dbc92369cf6061456697b2baebd77a1dd940f358a748dcb5407f805f
                                                • Instruction Fuzzy Hash: A141D275D05228DBEB64CF6AD844FECBBB6BB89310F10C1AAD81DA7250CB355A85CF50
                                                Function 05A552D2 Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,$8
                                                • API String ID: 0-402407342
                                                • Opcode ID: 3f1cc10b9bd09f6a774abed95859cbe0278fca32f326df906a3f5cc10c414b7e
                                                • Instruction ID: b797024395ac695abfc2796002030d022bc26ed36f9fa073377f889ec6e301c8
                                                • Opcode Fuzzy Hash: 3f1cc10b9bd09f6a774abed95859cbe0278fca32f326df906a3f5cc10c414b7e
                                                • Instruction Fuzzy Hash: 22118A78901268DFEB61DF58D994FECBBB6BB49314F1084A9E909A6240C7355E85CF40
                                                Function 07FF817D Relevance: 2.5, Strings: 2, Instructions: 24COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: L$v
                                                • API String ID: 0-3461322777
                                                • Opcode ID: 3313265ae6f8095e84df44a0bb6d88893028af5cef7a61d9fc6677843caf4de8
                                                • Instruction ID: a5685133dee56bd7b5f509cf9cc27f1037013699af7f47b94b0f56cb996c0604
                                                • Opcode Fuzzy Hash: 3313265ae6f8095e84df44a0bb6d88893028af5cef7a61d9fc6677843caf4de8
                                                • Instruction Fuzzy Hash: 15F058B0C49256DFCB50DF24D898AAEBBB0FF45310F1440EAE909A7222CF315945DF94
                                                Function 05512BE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq
                                                • API String ID: 0-2474004448
                                                • Opcode ID: 4ede8fb8fba6c3c54c54e66f184b4421d9ef491c96e7481b97de2a74804c4d15
                                                • Instruction ID: 4ac3fbac254881dc89cf861854fb6dc2c0b90b58fbcdf82469a78755b26bc2c5
                                                • Opcode Fuzzy Hash: 4ede8fb8fba6c3c54c54e66f184b4421d9ef491c96e7481b97de2a74804c4d15
                                                • Instruction Fuzzy Hash: 585217B5A002289FDB24DF69C995BEDBBF2BF88300F1544E9E509A7351DA309D81CF61
                                                Function 07FFD8B8 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (_^q
                                                • API String ID: 0-538443824
                                                • Opcode ID: ccd6b29d292e64761495f119ac28b7577c7ef7ba0ba6a09a62c908ef7338cdb1
                                                • Instruction ID: a1781bfb53c2a3c4778b569899b087eb8e097c3fd59d655dfc78dc99bb24de05
                                                • Opcode Fuzzy Hash: ccd6b29d292e64761495f119ac28b7577c7ef7ba0ba6a09a62c908ef7338cdb1
                                                • Instruction Fuzzy Hash: 07227D75B102059FDB14DF68C494A6DB7F2FF88300F188069EA05AB3A5CB75EC45CB90
                                                Function 055590F5 Relevance: 1.8, APIs: 1, Instructions: 268processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05559367
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 79633508de3d53620ade6bda8dc42b79a1f9b47fddb5f0fb654e2b005ef17059
                                                • Instruction ID: 0b564d259a4e81162332337e8a4c206092e7b60ddd1e163e7cfd60a9054515d0
                                                • Opcode Fuzzy Hash: 79633508de3d53620ade6bda8dc42b79a1f9b47fddb5f0fb654e2b005ef17059
                                                • Instruction Fuzzy Hash: 7BA113B4D00219CFDF10CFA9C895BEDBBB1BF49314F14916AE859A7280DB389985CF85
                                                Function 05559100 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05559367
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: d3d8f33eaa0501c0f0cb89aca563363d4a21235a29ceea5cf96ddb16681aa3e3
                                                • Instruction ID: 8b33c697613b6c53b7c87659da620ba8efe2d4552192347b19e9e62b1a1256f6
                                                • Opcode Fuzzy Hash: d3d8f33eaa0501c0f0cb89aca563363d4a21235a29ceea5cf96ddb16681aa3e3
                                                • Instruction Fuzzy Hash: 10A103B4D00218CFDF10CFA9C895BEDBBF1BB49310F14916AE859A7280DB789985CF95
                                                Function 05559B72 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05559C4B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: b582cb33ccc86f2022d3aa27dc9dade0568279bc82cb9922f5cf74595386fd0b
                                                • Instruction ID: 57f509598b0aa99e34f699dcc4f98e53aec4f015d381b697ff5158a682efb800
                                                • Opcode Fuzzy Hash: b582cb33ccc86f2022d3aa27dc9dade0568279bc82cb9922f5cf74595386fd0b
                                                • Instruction Fuzzy Hash: 834199B5D01258DFCB00CFA9D984ADEFBF1BB49310F24902AE819B7210D739AA45CF64
                                                Function 05559B78 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05559C4B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 7387a43afcc6eb2aa91b11a77552704309cb91b095453ffb3dcd05f8300295f7
                                                • Instruction ID: e9cdf049770986eb3f08176ce45e9da278c3770df52c14f9c63c1e365f491053
                                                • Opcode Fuzzy Hash: 7387a43afcc6eb2aa91b11a77552704309cb91b095453ffb3dcd05f8300295f7
                                                • Instruction Fuzzy Hash: 0F4199B5D01258DFCB00CFA9D984ADEFBF1BB49310F20902AE819B7210D739AA45CF64
                                                Function 01B4141C Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `Q^q
                                                • API String ID: 0-1948671464
                                                • Opcode ID: 20942a8777322ab55fc62a90f28d6a3e6b194965933cd05a0d435f34487e3ee1
                                                • Instruction ID: 5a3eae8da777e0e6f8eed9470fbca9127bde402739a536055d98509b39d74f64
                                                • Opcode Fuzzy Hash: 20942a8777322ab55fc62a90f28d6a3e6b194965933cd05a0d435f34487e3ee1
                                                • Instruction Fuzzy Hash: 77D16D34E002169FDB05DFA8C494BAEBBF2FF84304F14C169E5059B2A5DB75AC86DB81
                                                Function 05559A10 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05559AC2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: ae8c61ceb3f06abc3251a54919b3d5b7972549b399ecfc34f150c7ea3c2a0e04
                                                • Instruction ID: 8a5c374fbf89eebda96ee8535c31c3ec2781255f9b6aa77852abe6fba208383d
                                                • Opcode Fuzzy Hash: ae8c61ceb3f06abc3251a54919b3d5b7972549b399ecfc34f150c7ea3c2a0e04
                                                • Instruction Fuzzy Hash: 4B3197B9D04258DFCF10CFA9D980ADEFBB1BB49320F10942AE815BB210D735A945CF68
                                                Function 05559A18 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05559AC2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 2cf2b34d5b47358609c02775a8def34ccd1bd4a287b0d69162c973e369a7c509
                                                • Instruction ID: d07e8201e1f8aa271feb9fab1a9d9097b53c5b21d820dd6f18403025381da47a
                                                • Opcode Fuzzy Hash: 2cf2b34d5b47358609c02775a8def34ccd1bd4a287b0d69162c973e369a7c509
                                                • Instruction Fuzzy Hash: 4D3187B9D04258DFCF10CFA9D980ADEFBB5BB49320F10942AE815B7210D735A945CF68
                                                Function 055594B0 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05559567
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 8e01a4b285897f86c65c735670b8a2d80d532f3f1b52585d21c38bfad76ba4e8
                                                • Instruction ID: b3933b8a273a45130d1aecab4b43220513ea8df012da71c033455505ba101238
                                                • Opcode Fuzzy Hash: 8e01a4b285897f86c65c735670b8a2d80d532f3f1b52585d21c38bfad76ba4e8
                                                • Instruction Fuzzy Hash: 8341ABB5D012589FCB10CFA9D984AEEBBF1BF49324F24802AE415B7250D7389985CF54
                                                Function 081ADC48 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 081ADCEC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 75490bcd54a9eb3f2ccab4b65a3d1a2c4992ce611c642ef9d6d8904006a54ea3
                                                • Instruction ID: 2e326198c3dcab26074eaebc840149e68a3316a74fff66992f6a7a2223cb16ba
                                                • Opcode Fuzzy Hash: 75490bcd54a9eb3f2ccab4b65a3d1a2c4992ce611c642ef9d6d8904006a54ea3
                                                • Instruction Fuzzy Hash: CB3197B8D012589FCF14CFA9D984ADEFBB1BF49310F20942AE819B7214D735A945CF68
                                                Function 055594B8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05559567
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 8223813dc305827464806939857421839d0e0371fa9ebafda779c33bd7aa4095
                                                • Instruction ID: 9a16ca8ecc3b471bcf06b7e9e2b43f16dcf84f2a14976e655ca4b18404fb7e9c
                                                • Opcode Fuzzy Hash: 8223813dc305827464806939857421839d0e0371fa9ebafda779c33bd7aa4095
                                                • Instruction Fuzzy Hash: 07318AB5D012589FCB10DFA9D984AEEBBF1BB49320F24802AE419B7250D738A985CF54
                                                Function 05554A10 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: 9b9a03c916663bc02c1b9e2abcf9fdf9a2f03a6c26e1db931100ddd6ae89d3e2
                                                • Instruction ID: 4bc49c32e3c7350bcd02cf547f3722c914c58c6dbf450f0d6ad4bdf1f4b41aaf
                                                • Opcode Fuzzy Hash: 9b9a03c916663bc02c1b9e2abcf9fdf9a2f03a6c26e1db931100ddd6ae89d3e2
                                                • Instruction Fuzzy Hash: 1031BBB5D012589FCB10CFA9D980ADEFBF5BB49320F24942AE814B7250D735A945CF98
                                                Function 05554A18 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: 6b6f0de4750a5a72f01c01d8c5df0377345fbade1a25a809498e6e7c8d16af39
                                                • Instruction ID: 87275ceba1b5df09c8549fccc03dc9f12e70429888c50f93bf2e128926bc775a
                                                • Opcode Fuzzy Hash: 6b6f0de4750a5a72f01c01d8c5df0377345fbade1a25a809498e6e7c8d16af39
                                                • Instruction Fuzzy Hash: B231CAB4D012589FCB10CFA9D980ADEFBF5BB49320F14842AE814B7210C738A945CFA8
                                                Function 05516C70 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: fbb6348ddd6a492ce43b6851ac6731a82123a790b5b34a06dd87a7b54d634f1f
                                                • Instruction ID: 6a66b814fba1531f76aa569dac34effb6ecc18f242d943ea68b6c108c7923706
                                                • Opcode Fuzzy Hash: fbb6348ddd6a492ce43b6851ac6731a82123a790b5b34a06dd87a7b54d634f1f
                                                • Instruction Fuzzy Hash: 6BA1D1313042419FD7169F64D854E6A7FB3FF89300B1581AAE50A8F7A2CB36EC42CB85
                                                Function 07FF8F4E Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (*F
                                                • API String ID: 0-3990175395
                                                • Opcode ID: fb2a2c461a5446c2b83a046980921a45eff642f7826071c5cc8d75ffa1e58bc1
                                                • Instruction ID: 379d5ae84f231064400894b7208b135bdf7c06a138ccdcc625a58bd17d3ebd0f
                                                • Opcode Fuzzy Hash: fb2a2c461a5446c2b83a046980921a45eff642f7826071c5cc8d75ffa1e58bc1
                                                • Instruction Fuzzy Hash: 14B1D4B4D05209CFDB10DFA8D4487ADBBB1FF4A340F24812AE519AB364DB789985CF51
                                                Function 05511CF0 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: ac94c882d960385decd06090139e7cad6af083db18d758e72eb4c5cf3a073810
                                                • Instruction ID: edba92aefbc2da849f0a2b074033c31dd7d1b8167e99e2ded69b0800f782a6aa
                                                • Opcode Fuzzy Hash: ac94c882d960385decd06090139e7cad6af083db18d758e72eb4c5cf3a073810
                                                • Instruction Fuzzy Hash: 6DA1DB34B10519DFDB04EFA4D998A9DBBB2FF88300F118199E906AB365DB30EC46CB54
                                                Function 07FF2B78 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJcq
                                                • API String ID: 0-1911830065
                                                • Opcode ID: eafef9fc4036281926ffca8914c6bb7e9f43761d0c4c50a4dd7bc2749e1e5dae
                                                • Instruction ID: cc1533dd6141d63fd034ca1656cf44a004a650da5525ef556318187bbea8a5ad
                                                • Opcode Fuzzy Hash: eafef9fc4036281926ffca8914c6bb7e9f43761d0c4c50a4dd7bc2749e1e5dae
                                                • Instruction Fuzzy Hash: 4791E4B8E00209DFDB05DFA8D4986AEBBF6FF89300F208069D519AB365DB345946CF51
                                                Function 05518BF8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: a196116503f3b71d2195eb9a963baa1d13120904edcc8bb9521ec8f2ae86366f
                                                • Instruction ID: 50ce97298f27c42a604ee34f8ee80e2a50d13954eb7fec59b6ad59f326fab0b1
                                                • Opcode Fuzzy Hash: a196116503f3b71d2195eb9a963baa1d13120904edcc8bb9521ec8f2ae86366f
                                                • Instruction Fuzzy Hash: A0717E34700615CFDB14EF64D498AAEBBB2BFC8300F508569D9069B3A4EF74AD46CB84
                                                Function 07FF2BF9 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJcq
                                                • API String ID: 0-1911830065
                                                • Opcode ID: 3549bff6959b6bea90150d9f5d2f7a6ef22f921ffd2adae038f4512632f66436
                                                • Instruction ID: 719e02ab5efd87a7c82c1dd76d02b7d99327bedf7fd213bb55e371842c224636
                                                • Opcode Fuzzy Hash: 3549bff6959b6bea90150d9f5d2f7a6ef22f921ffd2adae038f4512632f66436
                                                • Instruction Fuzzy Hash: 3D71D5B8E002099FDB05DFA8D4986EEBBF6FF89300F208069D515AB358DB345945CF51
                                                Function 07FF2C08 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJcq
                                                • API String ID: 0-1911830065
                                                • Opcode ID: 1c8eec77160e6803b4bbbc7b6ad1bbae5d61806cd17d7c36080e980caf9e9b08
                                                • Instruction ID: 469d60f774cd6a0acf35eb1ba39262ff145d5dcd6ae1beaff8dd6c5f802cadde
                                                • Opcode Fuzzy Hash: 1c8eec77160e6803b4bbbc7b6ad1bbae5d61806cd17d7c36080e980caf9e9b08
                                                • Instruction Fuzzy Hash: 2771B3B8E002099FDB04DFA8D4986AEBBF6FF89304F208069E519A7358DB345945CF51
                                                Function 080DB350 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: 998487ed4dc2c08fc339d0b9d551c3f4645cee6bf68b03b34b7d083ec530e124
                                                • Instruction ID: 2f409405fe2c65a27b7bc2efc220a45b4cb66c967f276d18c9ee46ef5ce091a7
                                                • Opcode Fuzzy Hash: 998487ed4dc2c08fc339d0b9d551c3f4645cee6bf68b03b34b7d083ec530e124
                                                • Instruction Fuzzy Hash: 7551C436A00716CFCB00DF58C49496AFBB6FF89321B168659E9159B342DB34F852CBD4
                                                Function 080DA398 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: pbq
                                                • API String ID: 0-3896149868
                                                • Opcode ID: 237b89a2f0a95febac122db52615cea76451204993a2a75234f16563811361ae
                                                • Instruction ID: 928cfd6c3080e5cf832fae2608274b133ad00aea6e351c67da3a0639ce9bde9c
                                                • Opcode Fuzzy Hash: 237b89a2f0a95febac122db52615cea76451204993a2a75234f16563811361ae
                                                • Instruction Fuzzy Hash: 70512B76640104AFCB459FA8C914D6A7FF7FF8C3107168098E2099B376DA36DC62EB51
                                                Function 05515DA8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: c9a5873cd77c449e2de30d6e82474790e3d79fb2f01f615a554f154811b0e5fe
                                                • Instruction ID: f662dd963d8bac5ad98e64618e088de6cf2c204b7c99ce97f6b86d965692ee8d
                                                • Opcode Fuzzy Hash: c9a5873cd77c449e2de30d6e82474790e3d79fb2f01f615a554f154811b0e5fe
                                                • Instruction Fuzzy Hash: 9D417C34B106198FDB15EB64C498A6EBBB7BFC8600F104469E907EB394EF749C06CB95
                                                Function 080DC230 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq
                                                • API String ID: 0-2474004448
                                                • Opcode ID: d17dbdf690d1fb89678407a0b6fa2ff223073d75f2408333424a5673e749a1b7
                                                • Instruction ID: 6a1f7241722858368ea86f6ab66a3da9b4c0f45d473db14486e48a1d133f6c5f
                                                • Opcode Fuzzy Hash: d17dbdf690d1fb89678407a0b6fa2ff223073d75f2408333424a5673e749a1b7
                                                • Instruction Fuzzy Hash: 2B41AF367002158FCB05EF69C8549AEBBF2FF89321B25816AE906DB361CB31DD41CB91
                                                Function 055157A0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 55c4fa852c738a9850749f56a65ebecad50ec970e6d065325e994f3154bdcece
                                                • Instruction ID: b653252fd93e70bac0a75ac6c93203760f6b948d0f1d32b77cef8270be2dc6a9
                                                • Opcode Fuzzy Hash: 55c4fa852c738a9850749f56a65ebecad50ec970e6d065325e994f3154bdcece
                                                • Instruction Fuzzy Hash: DA417C317406109FD308DB28D999B2B7BE6BBC9B10F104568E60ACF3A5DE75EC42CB91
                                                Function 01B42C82 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: b6e39b892ef2718487b0d2554ce4ab923d6dcad62280dc3bd669e9903349aa6d
                                                • Instruction ID: fa8f98eb68010733253fd57b1ac8001088d26851bd7fe521b90106ae404f363a
                                                • Opcode Fuzzy Hash: b6e39b892ef2718487b0d2554ce4ab923d6dcad62280dc3bd669e9903349aa6d
                                                • Instruction Fuzzy Hash: 47413874E0020A9FCB19CFA9E4845ADBBF1FB48300F20CAE6E845EB255D7349946EB50
                                                Function 055157B0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 0977d5786f584d37119fe313095ae7489a991284a6cc3624ab0adc4075ca2460
                                                • Instruction ID: 136187090e2047d4213f42e6db239a0f9b144923dc4144a3254eca80056f151e
                                                • Opcode Fuzzy Hash: 0977d5786f584d37119fe313095ae7489a991284a6cc3624ab0adc4075ca2460
                                                • Instruction Fuzzy Hash: 39317C357406009FD708DB28C998F2B7BEABBC8700F104468E60A8B3A5DE75EC42CB90
                                                Function 05512101 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 8c57db89bcba6d741a2d221dfbf520442713afcd726e4682778b929dcdc945b4
                                                • Instruction ID: a86b3b13186854b3d077120ecef5d742c0c2fdf45260236abf43456bdfa503a7
                                                • Opcode Fuzzy Hash: 8c57db89bcba6d741a2d221dfbf520442713afcd726e4682778b929dcdc945b4
                                                • Instruction Fuzzy Hash: 0341E578B40118DFD708DF64D999A9EBBB2FF88304F104598E9069B3A5DB75EC42CB44
                                                Function 05511171 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 587258bc38863e813ed9c9c3089af9c9aa03f138a7a37de0425c3bd799655310
                                                • Instruction ID: 11358f5833de00b96e8ceb2b2d668f212e330ab8f890ff07cf666c22e46b65f9
                                                • Opcode Fuzzy Hash: 587258bc38863e813ed9c9c3089af9c9aa03f138a7a37de0425c3bd799655310
                                                • Instruction Fuzzy Hash: DE219136600204AFCF158FA5D8549A9BFB3FF8D320B0540A9EA099B365CA72DC56DB90
                                                Function 081AEE10 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 081AEEAF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 8f345abaa1124640012fb3426edfaa73ff2dd53d5e3b64d37605d31c7e1761a5
                                                • Instruction ID: 66f9272b6b1e3b23f1183d635110d51529f9a29ff54e8435a1cea71551d7f8fe
                                                • Opcode Fuzzy Hash: 8f345abaa1124640012fb3426edfaa73ff2dd53d5e3b64d37605d31c7e1761a5
                                                • Instruction Fuzzy Hash: 2F31A8B9D002589FCF14CFA9D980AEEFBB1BF49310F10942AE814B7210D735A945CFA8
                                                Function 05515D97 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 963b8e8cbb98666e9fa90c441e6dd74a432c0c6213e3bade20b85a8e34be9384
                                                • Instruction ID: 2cc02abe6b24bac2985f9a8768c50a795a990700089d49a57b7c8dd50f0e0dd1
                                                • Opcode Fuzzy Hash: 963b8e8cbb98666e9fa90c441e6dd74a432c0c6213e3bade20b85a8e34be9384
                                                • Instruction Fuzzy Hash: EC218170B002199BDB15AB658498A6EBBEBBFD8700F10446AE907EB384DF745C46CB94
                                                Function 05511180 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 016f1dc429a0e41bc577335daac56bf19dac6490b23f1c4f7c7b743735d3a6b4
                                                • Instruction ID: a941705c2ac25882b3ecac7e961a4d7439e0dc330ebf077122c89abf561a76d3
                                                • Opcode Fuzzy Hash: 016f1dc429a0e41bc577335daac56bf19dac6490b23f1c4f7c7b743735d3a6b4
                                                • Instruction Fuzzy Hash: 4E219131700104DFCF199FA5D948969BFB3FF8C310B0540A8EA0A9B365CA72DC46CB90
                                                Function 080DEF70 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<^q
                                                • API String ID: 0-1680888324
                                                • Opcode ID: e7cdeccb95f7b6cf9245538bdf3ce9aaafcd04dd7124d58ff4dd82d21702ef57
                                                • Instruction ID: 2e3a4e7ad7263a2f8c68e9f87276c787cf1c2cf08fc5f9e8901915a5cdf58488
                                                • Opcode Fuzzy Hash: e7cdeccb95f7b6cf9245538bdf3ce9aaafcd04dd7124d58ff4dd82d21702ef57
                                                • Instruction Fuzzy Hash: 68215E313043949FDB16DF2AD8549AA7BEAFF8A211B1540A6F845CF3B1CA35DC51CB60
                                                Function 01B41070 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: caa1299689dfd896f0c0c6cfbdbe3acd3d24affd59f84e206b0bb77feafefef3
                                                • Instruction ID: 53651a8cc19eb638101fdee4e4042f8d607a120b07cd71970563ed2c6d1ac51e
                                                • Opcode Fuzzy Hash: caa1299689dfd896f0c0c6cfbdbe3acd3d24affd59f84e206b0bb77feafefef3
                                                • Instruction Fuzzy Hash: 52210674B50114CFCB48DF6DD998AA8BBF2BF48610F258199E506DB375CB70AC41DB40
                                                Function 080DEF80 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<^q
                                                • API String ID: 0-1680888324
                                                • Opcode ID: d42a6450b5cf5fa818501f41fca15608d1b149fdf78d36c9f72995591cc52b54
                                                • Instruction ID: 013e4eb5680c8f667266390b67229a8d667fc819ee1e2691dca5df8f1897170e
                                                • Opcode Fuzzy Hash: d42a6450b5cf5fa818501f41fca15608d1b149fdf78d36c9f72995591cc52b54
                                                • Instruction Fuzzy Hash: 26215E713003989FCB15CF2AC844AAA7BEAAF89212B0540A5FC45CF3B1DA35DC51CB60
                                                Function 080DC222 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq
                                                • API String ID: 0-2474004448
                                                • Opcode ID: 99a538b52297b740f9a3fda8c175d0ec7c864096215d3cd3f3edcab78003f485
                                                • Instruction ID: 9a15700c7a83a606beb6d0c626c28415b80d186ac47d07c075e28a66685fba08
                                                • Opcode Fuzzy Hash: 99a538b52297b740f9a3fda8c175d0ec7c864096215d3cd3f3edcab78003f485
                                                • Instruction Fuzzy Hash: 49216A356002069FCB05DF69C9949AEBBF6EF8A311F2580AAE901DB365D730EC01CB91
                                                Function 0844218F Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: T
                                                • API String ID: 0-3187964512
                                                • Opcode ID: 36445c6dff83da386d45c6b2f362a629b3560eec3a7260ace629d1030b745ff2
                                                • Instruction ID: 056a73867a99c44eec4a11508323663f22ba14c35abd69245946365fcf05bba5
                                                • Opcode Fuzzy Hash: 36445c6dff83da386d45c6b2f362a629b3560eec3a7260ace629d1030b745ff2
                                                • Instruction Fuzzy Hash: 78318C78A042288FDBA5CF18C898AD9B7F5FB49300F0481D9E84DA7355DB349F858F50
                                                Function 05A55A80 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 1
                                                • API String ID: 0-2212294583
                                                • Opcode ID: 247d378b182f3bbfe0c90d25e5ac8c17d6b8248623f60c57935e0f3f01f09c9f
                                                • Instruction ID: 86e1f2954a2d1621f718d38c6c5cfad717609709f08c2578c19d29901da17d3c
                                                • Opcode Fuzzy Hash: 247d378b182f3bbfe0c90d25e5ac8c17d6b8248623f60c57935e0f3f01f09c9f
                                                • Instruction Fuzzy Hash: F1319C74904268DFEB61CB64D844FD9B7B6BB49304F4084E9E91DA7240DB755ECADF00
                                                Function 08442144 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: T
                                                • API String ID: 0-3187964512
                                                • Opcode ID: 740dd3050576b5f67d7f603acc27634f0a42013b0b6c05ab8630c0e79adc9ab6
                                                • Instruction ID: 3f075cd30ec829d1da47781ce353568e8c0c587000d11ae9a592b7deffcdabf4
                                                • Opcode Fuzzy Hash: 740dd3050576b5f67d7f603acc27634f0a42013b0b6c05ab8630c0e79adc9ab6
                                                • Instruction Fuzzy Hash: 1521D678909268CFDB65CB24C8989D9BBF1FB49304F0480D9E849A7355CB359E85DF60
                                                Function 01B41301 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8bq
                                                • API String ID: 0-187764589
                                                • Opcode ID: 9843a510fc434827fc46597e2c83884d463d912b4f932f23f4699e4d216aabca
                                                • Instruction ID: 115170415f401c33deba7bc3fa6747e8796420b1956977efd07bad14e4d5300e
                                                • Opcode Fuzzy Hash: 9843a510fc434827fc46597e2c83884d463d912b4f932f23f4699e4d216aabca
                                                • Instruction Fuzzy Hash: 41017134A04245EFCB049B7DD5445ACBBB1FF85304B0481EAD84697A65CB30AD859B45
                                                Function 05A5577E Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 2374d9a1c30b54ab9534ff686a54d106edfba32ae973bce179fa01204f5936fb
                                                • Instruction ID: 0d4e3e1e86e41f99e8a0ae6153044774456fc97eefefa9f5bfdc3704be042d5a
                                                • Opcode Fuzzy Hash: 2374d9a1c30b54ab9534ff686a54d106edfba32ae973bce179fa01204f5936fb
                                                • Instruction Fuzzy Hash: DA119C74A012689FDB64DF24E894BDCBBF2BB49310F2084A9E909A7240CB316E85CF00
                                                Function 05A5567D Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ;
                                                • API String ID: 0-1661535913
                                                • Opcode ID: db7f12fbf1abfc103f04d42d1ba730120cdbe13ba879080ae5508bdce06c9e5b
                                                • Instruction ID: 8f32fb2102a0201b0d044cd94287d305f7ae7e9a77fd2559adb7a6563fcd0785
                                                • Opcode Fuzzy Hash: db7f12fbf1abfc103f04d42d1ba730120cdbe13ba879080ae5508bdce06c9e5b
                                                • Instruction Fuzzy Hash: 72119B74941268CFEB61CF24D894FDDBBB6BB09310F1044EAE909A6290C7769EC5CF00
                                                Function 05A55388 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: e094da5570aa99963c63d9dbc1634327f0d59c5656452b22cf77cfe00d3639a7
                                                • Instruction ID: 1afd87b195e640062eac023b0a3146f8d7c284c36e1a9670f34959f43f461f58
                                                • Opcode Fuzzy Hash: e094da5570aa99963c63d9dbc1634327f0d59c5656452b22cf77cfe00d3639a7
                                                • Instruction Fuzzy Hash: 36118A78901268DFEB60DF54D994FECBBB6BB49310F1084A9E909A6240C7355E85CF40
                                                Function 080D7044 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: d3a4108cfdf5024ea02349810ad120bdd8c48d3122c01596a307f21d7de9b6f7
                                                • Instruction ID: 6864d7298eb4697f5d54548297b12a66edc36511db6f39495a13e6fa00f8ad4b
                                                • Opcode Fuzzy Hash: d3a4108cfdf5024ea02349810ad120bdd8c48d3122c01596a307f21d7de9b6f7
                                                • Instruction Fuzzy Hash: F30184B4A00318CFDB50DFA8D884B9DB7B2FB49315F10419AE549A7344CB345D85CF91
                                                Function 05A554FA Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: >
                                                • API String ID: 0-325317158
                                                • Opcode ID: bb90cb7d6eedbf632dc4f46235473a0e30b7a5b1d06ac36ecd30914693428269
                                                • Instruction ID: dad511e42a02efb6bd969a91e6038ac86760780392a6848b6bfcf92d1047ce30
                                                • Opcode Fuzzy Hash: bb90cb7d6eedbf632dc4f46235473a0e30b7a5b1d06ac36ecd30914693428269
                                                • Instruction Fuzzy Hash: 2FF0CF74901129CBCBA4DF10D884FEDB7B6BB48310F1184AA881AA7280DB319ECACF05
                                                Function 05A54E69 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 109a6ac4599b009628481d7ace5de84d67ef7d47b0fa0b15406552672c447487
                                                • Instruction ID: 07f11a96929be8cf668041f7d804594cca9be707f2f105f92384575b9888de6a
                                                • Opcode Fuzzy Hash: 109a6ac4599b009628481d7ace5de84d67ef7d47b0fa0b15406552672c447487
                                                • Instruction Fuzzy Hash: 63E0C239905268CFEF20DF21D884FDDBBB5AB06314F5084A5D809A2250C3359A86CF01
                                                Function 05A55C10 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 8ea973c9aad246e219a209d87bfde39b83f033d69426e44049f7a08b312619d1
                                                • Instruction ID: dfd2de94d912a12608b8674a11063ae22309b6d8dc3e8ddd5dee24f0ba7a9fe1
                                                • Opcode Fuzzy Hash: 8ea973c9aad246e219a209d87bfde39b83f033d69426e44049f7a08b312619d1
                                                • Instruction Fuzzy Hash: 74E0EC35604618DFDF11DB54DC48FAAB7B6FB49300F1480C4E60D6B254C7365D859F50
                                                Function 05A55A3F Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: f52fb28df9a977cc826be7baaa011b4a27378a2d814cd0357936f681066ac832
                                                • Instruction ID: 814fc76ca0d8896bd997ecfc4e23b49a8fbcaa873a1d4202a32d199d75f2bd71
                                                • Opcode Fuzzy Hash: f52fb28df9a977cc826be7baaa011b4a27378a2d814cd0357936f681066ac832
                                                • Instruction Fuzzy Hash: 56E0BD79904228CFDF25DF60D908BD8BBB6BB08345F0085E68A1962251C3B84B89CF00
                                                Function 07FF6E41 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: T
                                                • API String ID: 0-3187964512
                                                • Opcode ID: ea9c46cbe19f299e05b2c4e7082236dcef5d0628812db1f5adcecd85c652a57f
                                                • Instruction ID: d6db22dabf4c6294f69eaffea47d378621d5946873762daa436a163244c03b46
                                                • Opcode Fuzzy Hash: ea9c46cbe19f299e05b2c4e7082236dcef5d0628812db1f5adcecd85c652a57f
                                                • Instruction Fuzzy Hash: 45D06774911619CFCB20CF54CC8869EB7B1BF49305F1001D9C50CA2350CB715E85CF44
                                                Function 07FF7CAD Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: L
                                                • API String ID: 0-2909332022
                                                • Opcode ID: 30cd1b581cd8ce1d4e14ca0f6bbe2cf43602689f8dba8dbf194afc0c2a6c3967
                                                • Instruction ID: fcd643a14ffc24152372c40663d3fc35567fab6700bfa073cf30111106f83640
                                                • Opcode Fuzzy Hash: 30cd1b581cd8ce1d4e14ca0f6bbe2cf43602689f8dba8dbf194afc0c2a6c3967
                                                • Instruction Fuzzy Hash: FAD052B4C42008CFDB40CF40C844AADBBF0AF08200F10808A9448B3320CE30AE41CF84
                                                Function 05515FE8 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adb609569c8702964dd80a785da28b3e0183daf45e2393e832fdcc23fb055761
                                                • Instruction ID: 1cd7ca8ee7f95706e1f6fdd1c64046aa3c0686d98c207b770dfc525223a24c1d
                                                • Opcode Fuzzy Hash: adb609569c8702964dd80a785da28b3e0183daf45e2393e832fdcc23fb055761
                                                • Instruction Fuzzy Hash: 8F12E734B002198FDB14EF64C998A9DBBB2BF89300F5185A8D94AAB755DF70ED85CF40
                                                Function 05515FD9 Relevance: .2, Instructions: 239COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70184d0b65d7f10c239f285e8ad4cf3b7f7d8dc1a8de7fb8bf51039cb28a7c72
                                                • Instruction ID: c58e9d4e81b630df842bac312f26614f810c071e6b82b8581eea98b2acfab6b0
                                                • Opcode Fuzzy Hash: 70184d0b65d7f10c239f285e8ad4cf3b7f7d8dc1a8de7fb8bf51039cb28a7c72
                                                • Instruction Fuzzy Hash: F8A10D34B002198FDB14DF24C898B99BBB2BF89300F5185A8E94AAB395DF74DD85CF40
                                                Function 05516F90 Relevance: .2, Instructions: 225COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 859bf0a128a8d55572607e4d6f106ddc74bc09b79b6fa373e060c65ef6d535ad
                                                • Instruction ID: d90ec37c8dd65b0ee4386804790a3aeb3ccaeab4b0967ac555a8ddfe627ed29d
                                                • Opcode Fuzzy Hash: 859bf0a128a8d55572607e4d6f106ddc74bc09b79b6fa373e060c65ef6d535ad
                                                • Instruction Fuzzy Hash: 739148347502159FDB05EF68D898AADBBB6FF88700F1040A9E906DB3A1DB34ED41CB94
                                                Function 080DBAC8 Relevance: .2, Instructions: 218COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb5aafb3a7c20474c556999d042bcc706f7571e8c12dc7b603766f24747d7f8b
                                                • Instruction ID: ebdff40d0b4ed4bf6c0ae4c4b310231c5f81f4d6480a6791d1e1aa3509f36a2c
                                                • Opcode Fuzzy Hash: bb5aafb3a7c20474c556999d042bcc706f7571e8c12dc7b603766f24747d7f8b
                                                • Instruction Fuzzy Hash: 46815A35A01308DFCB14DFA4D5A5AADBBF2FF88322F258069E8119B391DB75D941CB90
                                                Function 07FFEDA0 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5855a5c506a143e6200939cc613ae5b68df3f440a8e91d8df4d96c18ec59613c
                                                • Instruction ID: 72fc12220a06389f970538811858b2eee71681016cd22b47a403f855ad97c2f7
                                                • Opcode Fuzzy Hash: 5855a5c506a143e6200939cc613ae5b68df3f440a8e91d8df4d96c18ec59613c
                                                • Instruction Fuzzy Hash: AB8106B5A002198FCB14DF68C58499EBBF5FF88310B1985A9E916DB370DB30ED42CB90
                                                Function 05519FF0 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c28afe17c31d607b0a119bb18d9d7d910a5fbd55d69bdbeb486a03658be44809
                                                • Instruction ID: 9d84a44601d10e92091525e33fe6ec2affe234a6df3d1276aad0c7b54a18518e
                                                • Opcode Fuzzy Hash: c28afe17c31d607b0a119bb18d9d7d910a5fbd55d69bdbeb486a03658be44809
                                                • Instruction Fuzzy Hash: D771C5717053508FEB2B9B68C458A39BFE3BBC5310B598559D89ACF292CB35D881C788
                                                Function 01B430E4 Relevance: .2, Instructions: 197COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c7220c7667ded7c274666ea7f85d373f86e97af04ebafc48ea120f451444ded
                                                • Instruction ID: 61c7786f93575b8a1ebfed005f4f4b40de824266a846e6b7fa4cb88c7dc2d30e
                                                • Opcode Fuzzy Hash: 1c7220c7667ded7c274666ea7f85d373f86e97af04ebafc48ea120f451444ded
                                                • Instruction Fuzzy Hash: 1C719D31A082658FDB19CBACC8905ADFBF1FB48300B1DC6AAD456EB252C734ED45DB50
                                                Function 0551E588 Relevance: .2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67e74a0d102daa05196d92d227a7b701b0a572b46675e710e759cbad6d95f137
                                                • Instruction ID: 36b54ee164e3daa009146be1beff8b9aa3daa170c45457db235b06e3d2569e33
                                                • Opcode Fuzzy Hash: 67e74a0d102daa05196d92d227a7b701b0a572b46675e710e759cbad6d95f137
                                                • Instruction Fuzzy Hash: FD71F474E04218CFEB10DFA9E885BADBFFAFB49314F509429D809A7281DB745889CF45
                                                Function 05A528FA Relevance: .2, Instructions: 182COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c6b5740c3631167a2df016e1972247feffe0a1f5a8d1823935111431df39efe
                                                • Instruction ID: 7a05d68dd8e44cee021a99e62d7416a4c3d53580c4851f7686dcfe7da2aed250
                                                • Opcode Fuzzy Hash: 3c6b5740c3631167a2df016e1972247feffe0a1f5a8d1823935111431df39efe
                                                • Instruction Fuzzy Hash: A491E678A01218DFEB64DFA4D894B9DBBB6FB89300F10819ADA09A7354CB345DC9DF40
                                                Function 05A54330 Relevance: .2, Instructions: 181COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89ddc32fcc30499deac840a940535ea35f25a67d691e1b8a640ba6c996376d5d
                                                • Instruction ID: 3d53b347aa21c6ae517e2adfe3fbee7933728af093161f24617615ec9f022086
                                                • Opcode Fuzzy Hash: 89ddc32fcc30499deac840a940535ea35f25a67d691e1b8a640ba6c996376d5d
                                                • Instruction Fuzzy Hash: C181E5B4A04218CFDF14DFA4D848BEEBBF2FB49310F108169E909A7294C7785989CF55
                                                Function 0551E598 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8a1aba7b6763aa8ae5459c4972584675b637d0b5d2cbc1214bd0390ede6ef4b
                                                • Instruction ID: 8bf66cb7467edc556974108d4fa6c6e84b91a192d3b3594c4428ec3c87338850
                                                • Opcode Fuzzy Hash: b8a1aba7b6763aa8ae5459c4972584675b637d0b5d2cbc1214bd0390ede6ef4b
                                                • Instruction Fuzzy Hash: 79711574E04218CFEB10DFA9E485BADBFFAFB49300F509429D809A7284DB745889CF44
                                                Function 07FFCFA8 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4048276b9c33736cda5a58d3ef965127b5d5372b9abb733856314aec0b981d3a
                                                • Instruction ID: 6b0a0e75153546f330778f7d397e69842ea172f42039d4699756f2c0e1957242
                                                • Opcode Fuzzy Hash: 4048276b9c33736cda5a58d3ef965127b5d5372b9abb733856314aec0b981d3a
                                                • Instruction Fuzzy Hash: 13615AB4E05209DFDB15DFB9D45469DBBB2FF49300F24806AE808AB361DB308A46CF51
                                                Function 01B429A0 Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 016800562761605b00418f09e97bd5db201c99a593ab6dd3ad92f09ff9fe2f87
                                                • Instruction ID: 6d2fbaca00983e80889316ee4496f8c050a94d7ad76de23f7c37078b3f1f4902
                                                • Opcode Fuzzy Hash: 016800562761605b00418f09e97bd5db201c99a593ab6dd3ad92f09ff9fe2f87
                                                • Instruction Fuzzy Hash: C4615034600B028FD729DF69D080626B7F2BF98300F14CAEDD48B87B56DB74E885AB55
                                                Function 05516F80 Relevance: .2, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d3df42bc9f343455a06585c1141be73d72b78baa8356e4f766167bc06b59e9b
                                                • Instruction ID: f56d97af95bbce6dbcc42a1ea0f2b1e3ee75153cba04a74d12b0b90e8afdaa07
                                                • Opcode Fuzzy Hash: 1d3df42bc9f343455a06585c1141be73d72b78baa8356e4f766167bc06b59e9b
                                                • Instruction Fuzzy Hash: 6B613A347502159FDB04DF68D898AADBBB6FF88710F1081A9E906DB3A5DB30ED41CB94
                                                Function 07FFCCB3 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 30948b96e545d596acf67e05be871777747a309c9e713ceae48dc8fdb474ce3b
                                                • Instruction ID: 92108ccc41c2a46a121b1d8a8313ae019e7e5c222b9b1e64f86a6ac40f66f58a
                                                • Opcode Fuzzy Hash: 30948b96e545d596acf67e05be871777747a309c9e713ceae48dc8fdb474ce3b
                                                • Instruction Fuzzy Hash: FE6145B4D0421ECFEB04CFA9D4846EDBBB6FF49300F14802AE515A7264EB785A45CF61
                                                Function 07FFCCC0 Relevance: .2, Instructions: 160COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd726e2ebb459735171ac936520c0efc4cbe14502545aa8fc1448e78eb8b96ce
                                                • Instruction ID: 9307df16923d671bec02155fb340e15629fd6dac52b2743c2143a1d5648b5985
                                                • Opcode Fuzzy Hash: bd726e2ebb459735171ac936520c0efc4cbe14502545aa8fc1448e78eb8b96ce
                                                • Instruction Fuzzy Hash: C06135B4D0422DCFEB04CFA9D4846EDBBB6FF49304F14802AE515A7264DB785A45CF61
                                                Function 07FFC749 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4452c24ff8e043cfd19839815e03d42f045a9b78c8dd26e4a944b063defd5322
                                                • Instruction ID: 70a5b9ee7b107c3e918aa24e01102949fca000970b3d75bede872fc59f132d47
                                                • Opcode Fuzzy Hash: 4452c24ff8e043cfd19839815e03d42f045a9b78c8dd26e4a944b063defd5322
                                                • Instruction Fuzzy Hash: F86106B4D0622DCFDB20CF65D954BA9BBF2BF4A300F1894A9D209A7261DB749D84CF10
                                                Function 01B42188 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed261765b78ff81b65264c468c5a8e297f61e64e5e25d1591f4963a84c45e957
                                                • Instruction ID: 7e5dd462b3d329b7fdac6d7abe97a542bbb64085d443ca5ee6a9f7f0f34ab437
                                                • Opcode Fuzzy Hash: ed261765b78ff81b65264c468c5a8e297f61e64e5e25d1591f4963a84c45e957
                                                • Instruction Fuzzy Hash: 91519035608615DFCB2CCF59F48497EBBB1FB80310B10CAEAF55697604C730A945BBA2
                                                Function 05510C7F Relevance: .1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ea9847e774a00417467b3a08aee60201041c8749840483334f622ae01c0ebc1
                                                • Instruction ID: 590a3741097880496b266dc3398c752588dc5b275d76e87ff1dfe0348f621d48
                                                • Opcode Fuzzy Hash: 5ea9847e774a00417467b3a08aee60201041c8749840483334f622ae01c0ebc1
                                                • Instruction Fuzzy Hash: 74518E3020024ADFEB10DF29C988EA9BBB2FF44318F058265EC158B2A5D734E9D5CF94
                                                Function 055118D0 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20417a52e9bf0da4fd795df70410dbca451f8331895c505a081a9973375353cc
                                                • Instruction ID: 23e3adfc56d423e21a0c12ecf0fb2c17ab48797c34f624e548ff26a667b60e51
                                                • Opcode Fuzzy Hash: 20417a52e9bf0da4fd795df70410dbca451f8331895c505a081a9973375353cc
                                                • Instruction Fuzzy Hash: D1515D34B006099FCB15EF64E459AAEBBB6FF88711F008159E9029B3A4DF349D46CB91
                                                Function 05512618 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a7de33ad36257a303375996ababd9a05757e1581368a5d7077ee7991933033d
                                                • Instruction ID: 23f80a62b20c6deb939b20b3277157e8ce110c3cf6d0ba195d172bc3754b7926
                                                • Opcode Fuzzy Hash: 1a7de33ad36257a303375996ababd9a05757e1581368a5d7077ee7991933033d
                                                • Instruction Fuzzy Hash: 864110353092449FD715CB6AE85495ABFE9FF85220B1980BBE40ECB2A2DF30EC41C795
                                                Function 080D7C50 Relevance: .1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 146dfe5dbc6e3d881fae98b8be9001afe3aeeffdbc836c4730a13d48bd11491a
                                                • Instruction ID: 3305938c8709e035d18c0406b0a22dc70cfe09fd51556e0a4dc70609055f31c3
                                                • Opcode Fuzzy Hash: 146dfe5dbc6e3d881fae98b8be9001afe3aeeffdbc836c4730a13d48bd11491a
                                                • Instruction Fuzzy Hash: BD413B2495A3D49EC763DBBCC8C86E87FE29B42232B1899EDC4448F163C261D50BD793
                                                Function 05519E88 Relevance: .1, Instructions: 125COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3dc12fe37c35d81554a602b1d2d0d2216dbe8081b38fc8c3b258fdbed1815b9
                                                • Instruction ID: 031c7fd3e93a4d87ec6edd0eb08ca97dfdfd6f839b30aee9334effa066d74637
                                                • Opcode Fuzzy Hash: e3dc12fe37c35d81554a602b1d2d0d2216dbe8081b38fc8c3b258fdbed1815b9
                                                • Instruction Fuzzy Hash: 9E41EB31B047249FCB20DB78D55469ABBF2FF88610B04896ED44AC7A90DB30E801CB86
                                                Function 0551A2B8 Relevance: .1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abd32e0818846874fccc133b9feca4d49b27ce8b294bb0bbedbce08211c91e36
                                                • Instruction ID: c216b5971876ba8b62607534a85d9958e5dd1b011c4b306b48f30c53d1fecb65
                                                • Opcode Fuzzy Hash: abd32e0818846874fccc133b9feca4d49b27ce8b294bb0bbedbce08211c91e36
                                                • Instruction Fuzzy Hash: 07416871A007049FDB22CFA9C948A6EFBF2BF88300F18895DD88687A51D731E944CF95
                                                Function 080DBDE8 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf5d00746770bbf265eb2a5f03369ab59c825b4e055172011cdccfb8e33cd417
                                                • Instruction ID: 5f0900a00bad10bd0294bf7f1e6a121910d8d801999ae34a6b5940336a680f4a
                                                • Opcode Fuzzy Hash: bf5d00746770bbf265eb2a5f03369ab59c825b4e055172011cdccfb8e33cd417
                                                • Instruction Fuzzy Hash: E3414D34A00305DFCB24DB68D865BAAB7F6EF89321F15843DE9059B394DB31D845CB90
                                                Function 07FFD050 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 387a71b6705f486b7e86b4f6bf95d5f4ed65f56a00b93b953a5de01ef758471f
                                                • Instruction ID: 146bc83a8d57143d42ea99c10b104409b70843758ec8c9fe9a196cc54b9e437e
                                                • Opcode Fuzzy Hash: 387a71b6705f486b7e86b4f6bf95d5f4ed65f56a00b93b953a5de01ef758471f
                                                • Instruction Fuzzy Hash: FB51E5B4E01209DFDB18DFB9D454A9DBBB2FF89314F24802AD519AB364DB349945CF40
                                                Function 01B41062 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 561962f985fc77a0b54db411b12d8771d38b7ded5c3806ac2931c6f7818ffeb9
                                                • Instruction ID: e124991c7767b708d9898cad42b87f85ea92cea9a96e795b6709db757fdb4f18
                                                • Opcode Fuzzy Hash: 561962f985fc77a0b54db411b12d8771d38b7ded5c3806ac2931c6f7818ffeb9
                                                • Instruction Fuzzy Hash: A7411635A04104CFC708DFACD588AADBBF2FF89310B1981D9E409DB261DB31AC86DB51
                                                Function 055148B0 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e5e82087999c63c34b8be96b9cf1f0e52875f346e7ffa5f278871e7a7028dc4
                                                • Instruction ID: a46e91f840a79193e822ec87483e40f0c970234e5b8be36e7758fac50d22c68f
                                                • Opcode Fuzzy Hash: 7e5e82087999c63c34b8be96b9cf1f0e52875f346e7ffa5f278871e7a7028dc4
                                                • Instruction Fuzzy Hash: 1931E836600508DFDB05DF58D888EA9BBB2FF49321B1640A8E90A9B372C731ED55DB40
                                                Function 080D6B40 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22e6d73e17a7b9198c4ed7837fc862ce3f34762f95f039d38d93e75917348c5d
                                                • Instruction ID: d064a92a3e5a47d081537155f684eb816f4fda2d44f4e3bf67090c7f028d42bf
                                                • Opcode Fuzzy Hash: 22e6d73e17a7b9198c4ed7837fc862ce3f34762f95f039d38d93e75917348c5d
                                                • Instruction Fuzzy Hash: F4410074D053099FDB00CFA8D944BEEBBF6FB49321F10802AE915A7241C7765A89CF91
                                                Function 080DBF78 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 743e9c14c262cb3de105e78c7cd7bbd4a435276027b7fa16fb28fef55cba492b
                                                • Instruction ID: 86752049137722267fcb21a3aa35831451c5c90344456115522879593017b7a7
                                                • Opcode Fuzzy Hash: 743e9c14c262cb3de105e78c7cd7bbd4a435276027b7fa16fb28fef55cba492b
                                                • Instruction Fuzzy Hash: 09418931A003158FDB54CFA5C8446AEBBF2FB88742F00802AE505E73A1D735D94ACB91
                                                Function 07FFE8C0 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 68a3b64f1fe17207ca582e4209b67c8913260a12690a173b7bc9c0d2d8072cd3
                                                • Instruction ID: 164dc826dae03b8454d86d89c798c26ed4c9c9556b65053c2d688d561841281e
                                                • Opcode Fuzzy Hash: 68a3b64f1fe17207ca582e4209b67c8913260a12690a173b7bc9c0d2d8072cd3
                                                • Instruction Fuzzy Hash: 4D31A1B1200205CFDB25DF25D884AAA7BB2FF44354F18806AF945CB2B1CB35D855CBA0
                                                Function 080D746C Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91bc1d84a3d77b0c181864682de62be5c9aa302e4a258b4b30086041031c3264
                                                • Instruction ID: 0c382166cbad025e2327f4f3f5a922929b32b24303b3a5bbe566bf1f72bea2f2
                                                • Opcode Fuzzy Hash: 91bc1d84a3d77b0c181864682de62be5c9aa302e4a258b4b30086041031c3264
                                                • Instruction Fuzzy Hash: 734133B4E40319CFEB24DFA9D844BADBBF2FB8A305F208069D409A7256D7749885CF41
                                                Function 080DAD97 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0c523393a6d4a2d1190e3efff15c830c6fbdb8ead39d82dc4d5c449c1629f3a
                                                • Instruction ID: aef3db21730efa66ce18ff9ed0cf3faaaf56d58b16cbe1a53d982c1203a0d84c
                                                • Opcode Fuzzy Hash: a0c523393a6d4a2d1190e3efff15c830c6fbdb8ead39d82dc4d5c449c1629f3a
                                                • Instruction Fuzzy Hash: A931B271204B618FD330DF2AD58475ABBF2EF85321F108A2DD09A8BAA5D774E449CB51
                                                Function 080D7E31 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ba48801180c6f0de59e0734218780e4b45589494a2c45716240fee049016690
                                                • Instruction ID: ac12235732da6715d7024e6ff753909138ec77de23db141f60a516ca07eab3a3
                                                • Opcode Fuzzy Hash: 5ba48801180c6f0de59e0734218780e4b45589494a2c45716240fee049016690
                                                • Instruction Fuzzy Hash: 28414278E042099FDB08CFA9D8446EEBBF2FB8A300F10C469D515A7355D7389945CF91
                                                Function 07FF4E28 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 942d697400113be478a04cd9d58a3b823d24d9942ee9260f8c0ad96b7c00494b
                                                • Instruction ID: 53b74101553e4d2ca738a2669c0154f3e5de9c4a1a769fc06eeec48f7b6b74cd
                                                • Opcode Fuzzy Hash: 942d697400113be478a04cd9d58a3b823d24d9942ee9260f8c0ad96b7c00494b
                                                • Instruction Fuzzy Hash: B9316DB5E0424A8FCB14DFA9C4405FEFBF5EF8A210F048529C615A73A5DB349945CFA1
                                                Function 080DC934 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 548ed20f8107bc455d869d5d693effba3e6b7cb75542cb7fe75ee54ff8500df3
                                                • Instruction ID: 4215e554bea2c0fa7df1b18b08d46deded720c298cc54a83762458bf1aa5f1b2
                                                • Opcode Fuzzy Hash: 548ed20f8107bc455d869d5d693effba3e6b7cb75542cb7fe75ee54ff8500df3
                                                • Instruction Fuzzy Hash: 5C41F774A01328CFEB64DB28C991FA9B7B2BB48311F1041D9E909AB391C631ED81CF94
                                                Function 055172A8 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88ce44590931efb64c98b0effb91e8165647bb2b15d17f513f08993d885dce40
                                                • Instruction ID: 1ee59c0dc55a56f3e768c9d2a4245d6867a66f425f511bcabdf2ea87ca2c1e3f
                                                • Opcode Fuzzy Hash: 88ce44590931efb64c98b0effb91e8165647bb2b15d17f513f08993d885dce40
                                                • Instruction Fuzzy Hash: 5F311C35A101199BDB14DBA5D855AEEBBB6FF8C311F108025E806B7390CB359D05CBA4
                                                Function 080D6DB0 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ca14dfb3f97ab59868543480f0c99a338078b81ce772d64b577171ce7a9f6236
                                                • Instruction ID: a1ecb34c1bd504b5669caaeebc4f930e947a0b3fe7c7c03cb66333d945547408
                                                • Opcode Fuzzy Hash: ca14dfb3f97ab59868543480f0c99a338078b81ce772d64b577171ce7a9f6236
                                                • Instruction Fuzzy Hash: 6B310078E01309CFCF04CFA9D884AEEBBF2BB5A311F04806AE425A7250D7755944CF90
                                                Function 080D7E40 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb6949edb9b8afd0fcd0fd187f9484f92d1e2170e7d153a77db25dd2b49f6e3d
                                                • Instruction ID: 0b650a6637a5c3ea93609cb48b711de5dc994c48aa12487fe6f3d5d67845972b
                                                • Opcode Fuzzy Hash: cb6949edb9b8afd0fcd0fd187f9484f92d1e2170e7d153a77db25dd2b49f6e3d
                                                • Instruction Fuzzy Hash: 963102B8E04209DBDB08DFAAD8446EEBBF6FB8E301F10C469D519A3354D73899458F90
                                                Function 080DC930 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21d3a10d52a701af40c323ae768c91dfc5750639f6a6644aee172ca4f1095c28
                                                • Instruction ID: aa27b55f9eb76427259d00e0622591d585a16fd6c854495abddebe69a0009cf1
                                                • Opcode Fuzzy Hash: 21d3a10d52a701af40c323ae768c91dfc5750639f6a6644aee172ca4f1095c28
                                                • Instruction Fuzzy Hash: 6A31E774A11328CFEB64DB14C991FA9B7B2BB48311F1041D9E909AB3D1C631ED81CF94
                                                Function 080DE258 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd2d1c1efc555f29c7cc445f63de128bebcf6000da0796afe2ed11ee9df0c211
                                                • Instruction ID: c8676d0f044200f0802d46662df2de1d3b53229496bb02c05c61bc671b8000a4
                                                • Opcode Fuzzy Hash: cd2d1c1efc555f29c7cc445f63de128bebcf6000da0796afe2ed11ee9df0c211
                                                • Instruction Fuzzy Hash: 46314735701701DFC725AF34D85856ABBB3EF85315B14896DE8428B7A1CB36E84ACB90
                                                Function 07FFC97D Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c26a9cccfeac9f43d793ad62fb8e07f35e3cda79e883441e4522e252ad9cbd4c
                                                • Instruction ID: 792dce864df3fb9738311bf0f279bc3af728cbbabb7b3f58ad11df6527a298cb
                                                • Opcode Fuzzy Hash: c26a9cccfeac9f43d793ad62fb8e07f35e3cda79e883441e4522e252ad9cbd4c
                                                • Instruction Fuzzy Hash: E44104B4D0226DCFDB14DFA5C95479DBBF2BF86300F1884A9C209AB264DB749E84CB11
                                                Function 080D6DC0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ccddb66c4336150479a28d6947f7f94937578b08bd17c5dd9cd65a3cfee77b08
                                                • Instruction ID: 3a4cdd2f8b31b8143a3e7d28cefd7f7c5356d23e40a9fbc551a545f5825f0249
                                                • Opcode Fuzzy Hash: ccddb66c4336150479a28d6947f7f94937578b08bd17c5dd9cd65a3cfee77b08
                                                • Instruction Fuzzy Hash: 67310D74E00309CFCF04CFA9D844AEEBBF6BB9A311F04906AE429A7290D7765944CF90
                                                Function 080D6879 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01ffa7d09bcc6311510bdbf53fa92ca3fb96d1af8116a0bb8bbfce32893b30c2
                                                • Instruction ID: 81605e5d25fa5a8bdb4de430de8fa408c93dcc1700dc7feb66752ca66fddd181
                                                • Opcode Fuzzy Hash: 01ffa7d09bcc6311510bdbf53fa92ca3fb96d1af8116a0bb8bbfce32893b30c2
                                                • Instruction Fuzzy Hash: E0313475E002089FDB09DFA8D8995EEBBF6FF88310F00846AE411A7364EB355945CFA1
                                                Function 07FFED40 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ca39607788625409e6e747eae57e1cbdba744a08e539cc903a146f61362a6ccb
                                                • Instruction ID: 25b527ce0a935135acb1bccdcf885999a93a50043bc8cbd0eb20416122fa5d9c
                                                • Opcode Fuzzy Hash: ca39607788625409e6e747eae57e1cbdba744a08e539cc903a146f61362a6ccb
                                                • Instruction Fuzzy Hash: 3D21E2B6A04108DFCB19DFA8D8849DEBBF9FF88310F05417AE505DB661DB30A905CB91
                                                Function 05518BE8 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f8a4f40c3372090e84480a93a55a662fdd34fb0a937be6b7499b123f222a763
                                                • Instruction ID: c22acef7847d3b7ec39ceda2623034213eed6fddb7f2fe5b96ceda33b3ffe67f
                                                • Opcode Fuzzy Hash: 4f8a4f40c3372090e84480a93a55a662fdd34fb0a937be6b7499b123f222a763
                                                • Instruction Fuzzy Hash: F92130323052508FCB16AB64D820AAE7BB6BFC9220F2084ABD505CB392DB359C02C795
                                                Function 07FF4E38 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29e41429a26070ff0317d0238268ba1cf40ac62efa0f79a648f97f9ba64a53b2
                                                • Instruction ID: e833c4155d579e6f97dcb90095077097c5035f6726856969c90356b79f944bef
                                                • Opcode Fuzzy Hash: 29e41429a26070ff0317d0238268ba1cf40ac62efa0f79a648f97f9ba64a53b2
                                                • Instruction Fuzzy Hash: 64314BB0E1424A8FCB14DFA9C4445FEF7F9BF89210F048629C619A73A5DB309945CF91
                                                Function 05518050 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3310aef7527215f18b89124cac9e526282f64ef591a4471f2b1662735462838
                                                • Instruction ID: f0c80d843f1b601f310ee7f490d85b0e5580ce68c75da49bf5dbbbb5aa9f4630
                                                • Opcode Fuzzy Hash: a3310aef7527215f18b89124cac9e526282f64ef591a4471f2b1662735462838
                                                • Instruction Fuzzy Hash: 23219C30B0060ACFCB01EF68D5449AEBBB5FF89300F1046AAD9059B364EB349A46CBD5
                                                Function 01B44340 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5d059fec5ab925f56b925922951e1ea39f13877958af2aaf8e229c0a1b5921f
                                                • Instruction ID: 2857acb6bb4be9312220e0915ca57380c7f41a86c4f20d97ad9a3457a6767fea
                                                • Opcode Fuzzy Hash: a5d059fec5ab925f56b925922951e1ea39f13877958af2aaf8e229c0a1b5921f
                                                • Instruction Fuzzy Hash: E3215A71A08511CFCB5CDB68C484B6EB7F4FB88B14B11C2FAE40ADB221D7209C619B82
                                                Function 01B41B78 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c422778bd3e490294e02df7e765297ea5420d1cc739c26f59b024f5de9af34bf
                                                • Instruction ID: 0cb93a5436291e7c4e2c2f5d484cafb8f7a19cf0f29ca35c6bde1b8b9899d6cc
                                                • Opcode Fuzzy Hash: c422778bd3e490294e02df7e765297ea5420d1cc739c26f59b024f5de9af34bf
                                                • Instruction Fuzzy Hash: 5D218035E08214CBCB1CDB6CE9446E97BB1FB44311F0082A6E506EB651E734BDC8EB95
                                                Function 01B4BBE8 Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e0871916d020c170b5d9f30faec250726a6cbb8634be79dd08123ffc6a1dcdd
                                                • Instruction ID: 955b0b3900d7b34461191d898fe7bb0d80b550b6770f7e45571aaad80eabcfb0
                                                • Opcode Fuzzy Hash: 9e0871916d020c170b5d9f30faec250726a6cbb8634be79dd08123ffc6a1dcdd
                                                • Instruction Fuzzy Hash: 5A314474D00209CFDB08CFA9C684AADBBF5FF89300F10D5A9D505A7222EB789A80DF55
                                                Function 05518060 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a8f27be7b326ca3110ce77b9392dd502a0d82063ea5836a362e593bcc3bd87d
                                                • Instruction ID: c4a19632ed5fcba0ddd7f09ddfb0d0241ffece9d63ce6f07995b1a08d7225a21
                                                • Opcode Fuzzy Hash: 7a8f27be7b326ca3110ce77b9392dd502a0d82063ea5836a362e593bcc3bd87d
                                                • Instruction Fuzzy Hash: D3217674B00A0ACFCB00EF68D5549AEBBB5FFC9700B10456AD506A7364EF34AA46CB95
                                                Function 01B4F798 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 410750aab6eeaf6938fc23003d8fa511885b65d5bde38cc1e46335c6cd1236aa
                                                • Instruction ID: a90485be5254eee00158deac764e223184b250f9f1c27c66f93cabb26e89d070
                                                • Opcode Fuzzy Hash: 410750aab6eeaf6938fc23003d8fa511885b65d5bde38cc1e46335c6cd1236aa
                                                • Instruction Fuzzy Hash: 1A21E6B4E0420DDBEB08DFADC9487EEBAF6FB89300F10C56AD105E3244EB7849459B55
                                                Function 080DBF67 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 54f9cfc687d3c3092d3e792ccd9df64aed015e62103b73d1320e4537055cd71c
                                                • Instruction ID: 23f3b67a77b9be56a8d54afcc9799f335ecdde0c98faace4e20e6053a5203cf0
                                                • Opcode Fuzzy Hash: 54f9cfc687d3c3092d3e792ccd9df64aed015e62103b73d1320e4537055cd71c
                                                • Instruction Fuzzy Hash: 0221BC74A00305CFDB14CFA5C8846AEBBF2FF88751F01806AD846E7361D735980ACB91
                                                Function 055148A1 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77593a8a7c6c14cc3f7e8528b586a5bd0d0afe5460cc4c8707e97b925806e0e9
                                                • Instruction ID: f39760b4e1235199ab0e706549538462aee47314f0dd40b17c84b27953d066e0
                                                • Opcode Fuzzy Hash: 77593a8a7c6c14cc3f7e8528b586a5bd0d0afe5460cc4c8707e97b925806e0e9
                                                • Instruction Fuzzy Hash: 0C211836601145DFDB05CFA9E888DA9BFB2FF49320B0640A9F6059B272D731ED15DB50
                                                Function 080DE000 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9efd33a08a49fb4255278e2a1b9e129cc65f692179a97c915b8c48dbf1a3f42
                                                • Instruction ID: 67d707c17eabd0de351a1810e8df165c949fb538b67b77d84578cb4e74896917
                                                • Opcode Fuzzy Hash: a9efd33a08a49fb4255278e2a1b9e129cc65f692179a97c915b8c48dbf1a3f42
                                                • Instruction Fuzzy Hash: 9A215971A00309DFDB50DFB8C904BAEBBF6AB44341F14806AD519DB290E739DA85CB92
                                                Function 01AFD01C Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038552385.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1afd000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 27bfe4fc6944291f074f22319c57e3539fe1d0ec25e9ea8bf556ba7549ba2f1e
                                                • Instruction ID: 32af0691e5e020d915e6f4b9025b5c1d6beba7632b1bc60b565bbfc59b017cbc
                                                • Opcode Fuzzy Hash: 27bfe4fc6944291f074f22319c57e3539fe1d0ec25e9ea8bf556ba7549ba2f1e
                                                • Instruction Fuzzy Hash: 24212571104240DFDB12DF98D9C4B2ABF65FB84364F24C56DFA0A4B246C336D446C6A2
                                                Function 01B4B7E8 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 304313a20e4f9c33818d606907cdfd535fd3350ebe76b456333ea8b6b26a8876
                                                • Instruction ID: f4bd09c1f38a1fc9928f557256f375961f645a65c55fac684a7d967852b6e132
                                                • Opcode Fuzzy Hash: 304313a20e4f9c33818d606907cdfd535fd3350ebe76b456333ea8b6b26a8876
                                                • Instruction Fuzzy Hash: F8315CB4D01208DFEB48EFA8D6487EEBBF1FB49304F10C1A9D205A3241D7788A84DB91
                                                Function 0551792F Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c002dbdccc8c9dbf90e4e3f0bc0da95d36430e8f68ef2a1ab99d1da6a7e4da9b
                                                • Instruction ID: 7d5a6ac45d629e16210ed5e3a660be8c169e0cfb7ffd7763a2ce2e8164881011
                                                • Opcode Fuzzy Hash: c002dbdccc8c9dbf90e4e3f0bc0da95d36430e8f68ef2a1ab99d1da6a7e4da9b
                                                • Instruction Fuzzy Hash: E6216D36204104AFCB169F59D884D99BBA2FF4D324B1581A5FA098F272D732E946DB50
                                                Function 07FFFE7D Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e3b7fc9e79087247c72fdf149a0084004e97bb0821151aa103dea31ea54305d
                                                • Instruction ID: d851c61cb5b8c616aeaf9bbc5f65d9069fa32f7b6d3feb2fd65c73100d1140c5
                                                • Opcode Fuzzy Hash: 4e3b7fc9e79087247c72fdf149a0084004e97bb0821151aa103dea31ea54305d
                                                • Instruction Fuzzy Hash: 06213775A442098FDB15DF64C980ADDB7F2FF49301F2442A9E441BB3A1CB359D45CBA0
                                                Function 080DAB44 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fdc9158c80681507d22e7f7920fd8422fba166e32f5b965e3199ebf8244a677c
                                                • Instruction ID: 619178287c088084b4e3d8d125e56307f58bab2ee828dc672082c665ef5523fb
                                                • Opcode Fuzzy Hash: fdc9158c80681507d22e7f7920fd8422fba166e32f5b965e3199ebf8244a677c
                                                • Instruction Fuzzy Hash: FD218E35A002199FCB15DFA8D5489DEBFF7EB8C330F148529E811A7390DA359882CBA1
                                                Function 01B41CBE Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6f54715c8b1e44a4358824298f8cf2e7277b1d326ad017daf92245d2e6f93a80
                                                • Instruction ID: 12435c5dfd5b7e4ad2dcde1be1c62dcddf9575db26647abbd3873d4698c99e41
                                                • Opcode Fuzzy Hash: 6f54715c8b1e44a4358824298f8cf2e7277b1d326ad017daf92245d2e6f93a80
                                                • Instruction Fuzzy Hash: 42218E35F40208DFCB08DFA8D49859CBBF2FF49720B2481AAE5059B355CB309C82CB90
                                                Function 05A53010 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ddfc455f238a6cf5d0f374a5eb5f93a6775a6dc4a18abf72ce3eb490dbf971d
                                                • Instruction ID: 74d73d6db3b178e2166061be813de02eb48bcfaeea36e24c01d71ce6965c80d1
                                                • Opcode Fuzzy Hash: 2ddfc455f238a6cf5d0f374a5eb5f93a6775a6dc4a18abf72ce3eb490dbf971d
                                                • Instruction Fuzzy Hash: 7F211574E04209DFCF04DFA9D858AEEBBF6FB89350F10886AD515A3285CB380989CB51
                                                Function 07FF35F6 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b13cef3089e08a5c3ceb25fee8cf7811d37b38dc0ab337e0b1d71ea0653e2dcc
                                                • Instruction ID: 32e1791dd296818af4586f1a6da0b19389d8d56adab15fd68a2ddc5ac8f841f9
                                                • Opcode Fuzzy Hash: b13cef3089e08a5c3ceb25fee8cf7811d37b38dc0ab337e0b1d71ea0653e2dcc
                                                • Instruction Fuzzy Hash: F6318CB4E04228CFDB65DF68D884B9DB7B1BF09300F148299DA49A7351DB345A84CF55
                                                Function 07FF52D0 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b1f1f34fc0ca48692adef0c01713ee560182149869a2f3482e5fafedc8fc9d0
                                                • Instruction ID: a25408cc363aa33eb85441810f0de320cad4d65e2daa1f1bd4467ef70f5f122d
                                                • Opcode Fuzzy Hash: 1b1f1f34fc0ca48692adef0c01713ee560182149869a2f3482e5fafedc8fc9d0
                                                • Instruction Fuzzy Hash: D22169B5D01209CFDB04CFA9C5482EEBBB6FF89310F14946AD505B3260DBB81A59CBA1
                                                Function 07FFFE90 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 456a7201c2aaa7637a5dfc94783f821c1979fde76dd0a6f1d03bef85cde3d48d
                                                • Instruction ID: bde0a0bc6996c849f56f3a4501d8359fc726183bd273aa8a3935c49c5a010dbd
                                                • Opcode Fuzzy Hash: 456a7201c2aaa7637a5dfc94783f821c1979fde76dd0a6f1d03bef85cde3d48d
                                                • Instruction Fuzzy Hash: 58212875A002098FDB04DFA4C680ADDB7F2FF49301F1042A4E505BB3A5CB36AD45CBA0
                                                Function 05A53020 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b85b92d7587a39e1f47e18c4ff40ec11ec2309267006884dca93a1e8f8d1616
                                                • Instruction ID: 2f9d8d3e517a59c35039128cf988b809873449407d6687b4f2d1e877144ae73c
                                                • Opcode Fuzzy Hash: 6b85b92d7587a39e1f47e18c4ff40ec11ec2309267006884dca93a1e8f8d1616
                                                • Instruction Fuzzy Hash: 45211974A04209DFDF00DFA9D848BFEBBF6FB89350F104869D519A3285CB381945CB51
                                                Function 07FFD7D8 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02bf2cf4ebc4f9b9e6a23e93fa0bc782b3db66dbadfe301ed00f7e7d45528df0
                                                • Instruction ID: 863108f3cc311ad461d3a7d066eb9f13a1891a42a69976c38221b89a14d1ed45
                                                • Opcode Fuzzy Hash: 02bf2cf4ebc4f9b9e6a23e93fa0bc782b3db66dbadfe301ed00f7e7d45528df0
                                                • Instruction Fuzzy Hash: 7E2125B4E0420ACFCB14DFA9C5946AEBBF6FF49300F188569D508A7264DB349981CF91
                                                Function 07FF52E0 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80d1671fd8a975da4706bfb8cbc6c6fc2c1b4256a4379c2cce1e538bdf0eabf3
                                                • Instruction ID: 8b4cf7e8706fc09d2dcaf906a43c1212721dbdacd6bd04cc34b3f394a4b5589d
                                                • Opcode Fuzzy Hash: 80d1671fd8a975da4706bfb8cbc6c6fc2c1b4256a4379c2cce1e538bdf0eabf3
                                                • Instruction Fuzzy Hash: 162179B5D01209CFDB04CFEAC5082EEBBB6FF89310F049429D605B3250DBB45A55DBA1
                                                Function 080DA0C8 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1cd544bdc5b9ef8e70808c69b8d9ae9665f40ae4a5659867b68e18b219178cd1
                                                • Instruction ID: 0143ca34ed2f697b57b7a1712a9fe91be0b29d3c9094d7d6db938d7ad0512d7b
                                                • Opcode Fuzzy Hash: 1cd544bdc5b9ef8e70808c69b8d9ae9665f40ae4a5659867b68e18b219178cd1
                                                • Instruction Fuzzy Hash: 1F2162B07502019FC710DB78D95A7AEBBE6EB88310F108639D009DB795DB7599058BE4
                                                Function 080D71AD Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a7244746e869ac80b811ad070e5e40d612c069128dda8946fc79ac6ea020cad
                                                • Instruction ID: 2c73465feff2de14f6c7349b59ff2ab38359b7da71a5a890e6b3b47dde756d62
                                                • Opcode Fuzzy Hash: 5a7244746e869ac80b811ad070e5e40d612c069128dda8946fc79ac6ea020cad
                                                • Instruction Fuzzy Hash: 933114B4A04218CFEB64DF68D898BADB7F2FB89301F1080A9E149A7344CB345D85CF11
                                                Function 080DAB50 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b63e5ba18deed4dc3550d3dc44bd44cf1ce37a4d2776a02801d15581391a2cf
                                                • Instruction ID: a4bdc446e3cf394795e2f31c7aa39956ca8072ce263a51da8c83b471a35ce98c
                                                • Opcode Fuzzy Hash: 9b63e5ba18deed4dc3550d3dc44bd44cf1ce37a4d2776a02801d15581391a2cf
                                                • Instruction Fuzzy Hash: BB217F75A002199FCB049FA8C5449DEBBF7EB8C320F148529E811A7390DB359882CFA0
                                                Function 01AFD006 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038552385.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1afd000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24aa2b66afb0e19dbb7543d93bdcd9f94ef252479c6a0232065ec4367a7f7c5d
                                                • Instruction ID: 95dae4ca56f0b57e197cc0b90cdceff8bf86c4030102d5c7084493c7842b45e9
                                                • Opcode Fuzzy Hash: 24aa2b66afb0e19dbb7543d93bdcd9f94ef252479c6a0232065ec4367a7f7c5d
                                                • Instruction Fuzzy Hash: E821B0750093808FCB03CF64D994716BF71EB86224F28C1DAD9458B657C33A980ACB62
                                                Function 05512308 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ebfcee06a61e241d0a2bc38a5f2b951c4f97610950a721d670c1f9ca12186d29
                                                • Instruction ID: 85523284b8e27ae01624064868345ee0f665f79f610afaf7544a516fe39fecb1
                                                • Opcode Fuzzy Hash: ebfcee06a61e241d0a2bc38a5f2b951c4f97610950a721d670c1f9ca12186d29
                                                • Instruction Fuzzy Hash: 61114F39B00205CFCB14DF69E58486ABBB6FF88611B1141A5ED059B365D731DC42CBA1
                                                Function 01B42040 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae1c3fcb74bf8d8997f59e7e37aeea337c685cc926afcd9770310abc00411875
                                                • Instruction ID: 8d6138e8f5d974b3f76dbcc00fd4ba1af36d427b4631e9e1389563f96cb1f1e9
                                                • Opcode Fuzzy Hash: ae1c3fcb74bf8d8997f59e7e37aeea337c685cc926afcd9770310abc00411875
                                                • Instruction Fuzzy Hash: 95118234A08108DBD71C9A59E518A7EBAE7AF9C650F10C2DAF403A7364CBB18C40F796
                                                Function 080DA0D8 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0567748dd1a47424aa35e597995e18c0a50a63179eb951a80c439c5c7831f4b
                                                • Instruction ID: 59821cd0b4a1c6233c48313ea0bd44f0e83b91dc9115bfbba91f58df25002a15
                                                • Opcode Fuzzy Hash: d0567748dd1a47424aa35e597995e18c0a50a63179eb951a80c439c5c7831f4b
                                                • Instruction Fuzzy Hash: 4E21A5B07102059FC710EB68D9497AEBBFAEB88300F008639D009D7794DF7599058BE4
                                                Function 01B42031 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f471a65b90a762f851729720701817e295963fc5abd5951f91ed2b3036545438
                                                • Instruction ID: d60a5be4511a9ec6ab50511698f6f0a233a9559232cfab60b25d83a28a16f359
                                                • Opcode Fuzzy Hash: f471a65b90a762f851729720701817e295963fc5abd5951f91ed2b3036545438
                                                • Instruction Fuzzy Hash: F2115434A08209DBD71C8A59E5156BEBAF3AB9C210F10C2EBF403A7355DB715C40FB95
                                                Function 01B40F71 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5b7aa9ed9d5160613f8fd62b2c7e92881238be4baabbd6b5044a4b2a35978ac
                                                • Instruction ID: 3a29d828ab817c4e3719479a3835d6c159e7af976fe8b15b851581862c393907
                                                • Opcode Fuzzy Hash: c5b7aa9ed9d5160613f8fd62b2c7e92881238be4baabbd6b5044a4b2a35978ac
                                                • Instruction Fuzzy Hash: 7401F5326407016FC31B666898206FE7BE6FBC525072885BAF515CB360EB58CC4B9B92
                                                Function 055122F8 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b644213a91f3b37402694b6f53fa155956baa82d982f1cc5244575617f8cefd9
                                                • Instruction ID: f7013d20249de7840fc467ad82473797bbc5c7931d3ac66b4a87c6f05ce3b757
                                                • Opcode Fuzzy Hash: b644213a91f3b37402694b6f53fa155956baa82d982f1cc5244575617f8cefd9
                                                • Instruction Fuzzy Hash: F611AC39A042058FD711CF6AD9848AABBB1FF49210B1501AAEC04CF3A2D730DD42CBE4
                                                Function 05A56AC7 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4523cbd16bd5d737a47fb57479cc2df0a076c666b2d0a23856e92cf164aab24b
                                                • Instruction ID: 5240bab1cc62cb18e1ce5bddef8bc3c2f3dd7aa071b9dfbb268b402f3388e650
                                                • Opcode Fuzzy Hash: 4523cbd16bd5d737a47fb57479cc2df0a076c666b2d0a23856e92cf164aab24b
                                                • Instruction Fuzzy Hash: 2521EF75A45219DFDB25CF24CD41FE9B7BABB49310F0081EAE90DA7250DB709A85CF20
                                                Function 01B4FB80 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62483f242d56f6eb8fc3a9689b715037da0291d489215544c2df00aaf99bbb31
                                                • Instruction ID: bcfd36ae0c35e45a0d820c13d27d796a9521d5635d1bff8a96d283d8b92f1dd9
                                                • Opcode Fuzzy Hash: 62483f242d56f6eb8fc3a9689b715037da0291d489215544c2df00aaf99bbb31
                                                • Instruction Fuzzy Hash: B31120B4E00209CBDB08CFAAD8546FEBBB6FB89310F10806AD514E3254DB751A45DBA0
                                                Function 05512220 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 87a3e45f4ab464c81511d9d73f3d6d7d1556e9d7986fa981efccccc8bde16aa1
                                                • Instruction ID: 1780a8a34aa43c2d8a20a7ecac20e34e57d3353610179e264e7d95023973268b
                                                • Opcode Fuzzy Hash: 87a3e45f4ab464c81511d9d73f3d6d7d1556e9d7986fa981efccccc8bde16aa1
                                                • Instruction Fuzzy Hash: 130184363051009FDB14AEAAE4D8D2EBB9BFFE8661714807AE906CB325CE75DC05C794
                                                Function 01B4FE70 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fae0af8b2e30c3548190ef5452a7d6f8f883914341a0978ea24b2d4af5331ad
                                                • Instruction ID: dbb37eb2c7421bfd16b97d769a09103aedf70e5eb5a421a418ecdeb45c3d3af0
                                                • Opcode Fuzzy Hash: 5fae0af8b2e30c3548190ef5452a7d6f8f883914341a0978ea24b2d4af5331ad
                                                • Instruction Fuzzy Hash: 3B1152353402149FCB3AAB3CD41897D77A7EB996927148079E906CB351EF35C802D7A1
                                                Function 080DB4F1 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b384de3db372ae467e808b843e7b71e8b74ffb916eb07715c46791b6450682c
                                                • Instruction ID: 75329772e922f6fbed1ada2046e92ee09598bf971581984c0f768e0b27f2e3dd
                                                • Opcode Fuzzy Hash: 3b384de3db372ae467e808b843e7b71e8b74ffb916eb07715c46791b6450682c
                                                • Instruction Fuzzy Hash: 2611E075B003009FCB608F789815BBE7BF2AB88712F01412AE905DB380EA74C901CBA0
                                                Function 080D723C Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7119b6ccdad50a7722ce2d686d21fbe3ba9f63ecc3d490adb591542401e2147f
                                                • Instruction ID: 69eee0767ebf2aaa5583ca3324695e59807f6171e0918a5b51917bcd18eba9db
                                                • Opcode Fuzzy Hash: 7119b6ccdad50a7722ce2d686d21fbe3ba9f63ecc3d490adb591542401e2147f
                                                • Instruction Fuzzy Hash: 2521F4B4A04218CFEB64DF69D884BADBBF2FB4A301F1080AAE409A7345DB345D85CF11
                                                Function 080DB269 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78d691f1418792e335370a4cfadd77949839fa99183fa925d936edefa98c3b1b
                                                • Instruction ID: bfa7fd2cd7476efe314520564d5cadcd6cd41c0630266f446efb64d4ad7cbb45
                                                • Opcode Fuzzy Hash: 78d691f1418792e335370a4cfadd77949839fa99183fa925d936edefa98c3b1b
                                                • Instruction Fuzzy Hash: 62219F79A42619EFCB04CFA8D5A4AADB7F2BF49311F254058F801EB364CB34AD01CB54
                                                Function 080DB500 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6414a7b3cd550ebb01e84b03e7d294d2a4bfc38ad5d91eac00e3106b9a21211
                                                • Instruction ID: 9ccb3e65976e688f7fcf4dc2776a226eab6793994296a2f7a498618397631cdc
                                                • Opcode Fuzzy Hash: c6414a7b3cd550ebb01e84b03e7d294d2a4bfc38ad5d91eac00e3106b9a21211
                                                • Instruction Fuzzy Hash: 9211A075B003049FCB649F798915BAE7BF2AB88712F01412AE905D7384EA74C901CBA0
                                                Function 07FFC638 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8506472d9a68abe3406d7fb13c0926610c314c3c090eaf165fa4b06a92b2dcc4
                                                • Instruction ID: 52a8e92d426d532a039f6aa1720ce68ec3eee9583db415bd97cff334569cec01
                                                • Opcode Fuzzy Hash: 8506472d9a68abe3406d7fb13c0926610c314c3c090eaf165fa4b06a92b2dcc4
                                                • Instruction Fuzzy Hash: D521F9B5D0522CCFEB58CF6AD844B99BBF6BF89310F0491A9E50CA7261DB744985CF10
                                                Function 01B41B68 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bad99705cf7bd882aeade8f0b344c4adb2402eccfb128e06f8e27c6078144b8f
                                                • Instruction ID: 1a4e31278648b502d66f0650d29a3d79dc6229b8a6448ab381a15017c987a7d5
                                                • Opcode Fuzzy Hash: bad99705cf7bd882aeade8f0b344c4adb2402eccfb128e06f8e27c6078144b8f
                                                • Instruction Fuzzy Hash: FB115E70D08205DFC72CDB6CD554AA97BF2FB44300F1086A9E402AB261E779ADC4EB95
                                                Function 055173D9 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1218b45096d117d95d8dfc99d3fb8786c425ee43a6289831dff608b74e6048aa
                                                • Instruction ID: 8ec3ed7c77d0d3d44fe9bd0a41352ecdadc19e041ab91c7c0ee6293b16542f12
                                                • Opcode Fuzzy Hash: 1218b45096d117d95d8dfc99d3fb8786c425ee43a6289831dff608b74e6048aa
                                                • Instruction Fuzzy Hash: 3401A5313042509FD7269A349494A6A7FA2FBC9214F044569E5464B7D1CB75D843DB84
                                                Function 080DB148 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76474459a39fa366dccbe16f82d4d4e64b1e2bba136affeb11d19be95b250e33
                                                • Instruction ID: ccb9ee147f9cd3a7dcbcd56f8aa6371f373b21ae4196556d09b2b03fcb19f08c
                                                • Opcode Fuzzy Hash: 76474459a39fa366dccbe16f82d4d4e64b1e2bba136affeb11d19be95b250e33
                                                • Instruction Fuzzy Hash: 1101447A340315BFDB109F59DC95FAA77E9FB89721F108066FA15CB290C6B1D8118B90
                                                Function 05515F4A Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f5a09e1104e69b68ec5e3b1a6da29a101a460ffd2a8f72bb95991c0787e09de
                                                • Instruction ID: 696138e762af629b51d57798ecb2f3dd36fed1bc6007d67f1feb7ff9a1f82e3f
                                                • Opcode Fuzzy Hash: 2f5a09e1104e69b68ec5e3b1a6da29a101a460ffd2a8f72bb95991c0787e09de
                                                • Instruction Fuzzy Hash: DA01047AA40104DFCB058F94DA44C58BBB2FF8832170680A5EA0A9F236D732EC56DB90
                                                Function 055190B2 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6db7bd85b47fe5062b03a58439ea58fcfeac34bcdfdfbb74f88aada51ae34f26
                                                • Instruction ID: f76d1fbd3d49837083bee6613337a0c46b878394419b22696f5ea7eba058c24a
                                                • Opcode Fuzzy Hash: 6db7bd85b47fe5062b03a58439ea58fcfeac34bcdfdfbb74f88aada51ae34f26
                                                • Instruction Fuzzy Hash: B801B13A10E3819FD7239B249C608D9BF72BF8222071881EBE5408B693C3319D55C792
                                                Function 01B42526 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4876dece9d61099e2c7cde8a3a9ff09fbe53623b18dfb3d319adb0b9e7214b0
                                                • Instruction ID: 510b010980322d7d2562f9387799794483d125f6612b013e7a017bbe67ac198f
                                                • Opcode Fuzzy Hash: c4876dece9d61099e2c7cde8a3a9ff09fbe53623b18dfb3d319adb0b9e7214b0
                                                • Instruction Fuzzy Hash: B5115235600B01CFDB358F61E8583627BF1FF44315F1089ADE48786AA5DB79E886EB50
                                                Function 07FFD7C9 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0ee62291fd97c11780f57c1adfbc9820b1f1f58ea92622628c8165d79fba40e
                                                • Instruction ID: 6a08c20a197cd39860d86b9adcb8ca7d277979d567b723dfa6557d418224a855
                                                • Opcode Fuzzy Hash: e0ee62291fd97c11780f57c1adfbc9820b1f1f58ea92622628c8165d79fba40e
                                                • Instruction Fuzzy Hash: B3115BB4E0520A8FCB55CFB9D5512AEBFF5BF49300F1885AAD008E7251DB344681CB91
                                                Function 07FF2F40 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ced663e3c6ad3a0a0ec1344258d1335c104d131100046369cb765a9d1e9edf73
                                                • Instruction ID: bc512645e9846d9f6f6fd47f8dcc563a63f4d7d3b33ad140f43343f20c152508
                                                • Opcode Fuzzy Hash: ced663e3c6ad3a0a0ec1344258d1335c104d131100046369cb765a9d1e9edf73
                                                • Instruction Fuzzy Hash: C2018CB4E1520AEFCB41EFE8D40069DBBF4FF49200F1480AAD908D72A1DB359A15DB81
                                                Function 055152E0 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 75098d29e4f4db918345ab42cec937a10d2118ca04978da14b77517da4e04b36
                                                • Instruction ID: 7adc6cc687552e68ef4c3495f6d6ef5eef4e14d2dc5628361efdc4d21d27cca9
                                                • Opcode Fuzzy Hash: 75098d29e4f4db918345ab42cec937a10d2118ca04978da14b77517da4e04b36
                                                • Instruction Fuzzy Hash: 0201DE353016149FC7169B34E45499ABFA2FFC9311710816AE9098B390DF35EC42CBD0
                                                Function 05A56B48 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bbc481cb8a567a7a84b2bfc51f43c319f047eb7061d78a7bf6d72a640423eade
                                                • Instruction ID: 0f053c6cedd227bfc90aae3cba5316c5d857660e1db043c3c760ea8c75b973dc
                                                • Opcode Fuzzy Hash: bbc481cb8a567a7a84b2bfc51f43c319f047eb7061d78a7bf6d72a640423eade
                                                • Instruction Fuzzy Hash: 7E11037198422DDFDB64CF25CD81FE9B7FABB45310F4080E6A609A7250EA309A86CF50
                                                Function 080D3C98 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5cfcf385cbc9a43d34c68fb0bed0196c2c07ab92e2cae95fe82e40fd294b2649
                                                • Instruction ID: f19cd783c9a77fc22eb286e5f6d72f7046e14d0f30d51f81658e5cf015859077
                                                • Opcode Fuzzy Hash: 5cfcf385cbc9a43d34c68fb0bed0196c2c07ab92e2cae95fe82e40fd294b2649
                                                • Instruction Fuzzy Hash: 2C21C5B8A41229CFDB64DF24D984B9ABBB2FB89305F1045E9D40DA7350DB359E94CF01
                                                Function 0551A402 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9e40fe82a8e9386d7b5814f8b414e1ef5ca89fdea0b815304ab7e4ac333135e
                                                • Instruction ID: b89a69aff09755aedf796742c7a73151f3b5681141d01898f0b348a27089a685
                                                • Opcode Fuzzy Hash: a9e40fe82a8e9386d7b5814f8b414e1ef5ca89fdea0b815304ab7e4ac333135e
                                                • Instruction Fuzzy Hash: BA01D231E042189FCB01DFA8D5084DEBFF4FF89310B00816AD415E7310E7349A05CBA1
                                                Function 01B41D98 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08310d0a0372efb66ef0ea42396d653c61ed1a34ec7e6ffcf4e55885ff6c30d6
                                                • Instruction ID: 415a40a4822f53622881c8206bb0772a1d175fecc5bfb8c3f9b08880810d4524
                                                • Opcode Fuzzy Hash: 08310d0a0372efb66ef0ea42396d653c61ed1a34ec7e6ffcf4e55885ff6c30d6
                                                • Instruction Fuzzy Hash: F8111234D0070ADBDB149FA9D458799F7B2FF88310F10C619E495A7355DF709981CB90
                                                Function 080DACD0 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02c7ce3fd82d92f67752b121d2327c9f2d74fc7e6be3d055f27b23d9cd91d02e
                                                • Instruction ID: 78c2238464ea5273e8986f5bf6254ddfdb259241199b95dbcf26431bd9c6e990
                                                • Opcode Fuzzy Hash: 02c7ce3fd82d92f67752b121d2327c9f2d74fc7e6be3d055f27b23d9cd91d02e
                                                • Instruction Fuzzy Hash: A3F04476300215BFCB156E59AC84CAFBF9BFBCD261754843EFA0987350CA3188259790
                                                Function 05A52D10 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9aa295157607360029b669ab472e1b9becfb7937a6cbb7466aeecb8d5233ab64
                                                • Instruction ID: 9a80002a44c7b5d564b04907fb926f8ac78a30b022f76b0829f6cf3b60934d53
                                                • Opcode Fuzzy Hash: 9aa295157607360029b669ab472e1b9becfb7937a6cbb7466aeecb8d5233ab64
                                                • Instruction Fuzzy Hash: 53014C79E04208CBEB14CFA5D044FBDBAF6FF9A321F105029D81AA3251C7785886CF15
                                                Function 055173E8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2379512647c6b5058a5b4434dc251c00d4a1d13ca35be49adf2e650d799465e4
                                                • Instruction ID: ebb29db0ee8157bc4c95a7a5e094b337e6a31a8f540cb0064781baa7272cd775
                                                • Opcode Fuzzy Hash: 2379512647c6b5058a5b4434dc251c00d4a1d13ca35be49adf2e650d799465e4
                                                • Instruction Fuzzy Hash: 010152347002049FDB259A28D498A6B7FA3FBC9350F144568E9564B7D0CBB5EC42DB84
                                                Function 055191B0 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a86d331c999ade0fd28896b2411d3cf4dda6cec41ff7f14322389d8cb5903e8
                                                • Instruction ID: 6b8a6063a18bfbd8026521d85ae792804be24fe62c6a6bfd98bc95006f66bc24
                                                • Opcode Fuzzy Hash: 4a86d331c999ade0fd28896b2411d3cf4dda6cec41ff7f14322389d8cb5903e8
                                                • Instruction Fuzzy Hash: E901D6713441509FE716AB34E8186AA3FA2BB9A300B0080BAE9058F6D1CB36CD82C7D5
                                                Function 07FF5545 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1438cfc669e2ffa5606dcc631dd51635f9a85d5a4515c879063de8a50d367660
                                                • Instruction ID: a86880f38e5db05d2e0b62b62cae55c8167408ffec5b7df1fa81db0beba00d90
                                                • Opcode Fuzzy Hash: 1438cfc669e2ffa5606dcc631dd51635f9a85d5a4515c879063de8a50d367660
                                                • Instruction Fuzzy Hash: 2F1103B4911218CFDB24DFA4C8487A9B7F6BF89309F488094E10EAB265DB348E84CF40
                                                Function 05519120 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6297eb69437aff2d00dc38d1b3e7c031f15ca37fa651464bd362883c9ac67a87
                                                • Instruction ID: 488ee3880288ca2707b4136a1d2ffe05ab3f117229a058420946878574790a33
                                                • Opcode Fuzzy Hash: 6297eb69437aff2d00dc38d1b3e7c031f15ca37fa651464bd362883c9ac67a87
                                                • Instruction Fuzzy Hash: 96F0A43A00E3C19FE72357249C608D57F71BF47250B0981D7E9908B663C2255D9AC792
                                                Function 05519190 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7168554417cf822afc1acde44454ef78eee8b12685f20ea2e023fffae59fb0cf
                                                • Instruction ID: 90b8b8796ee05a459b3f6536b670afdf3985312c7f7a6e81c28c17da5f54468a
                                                • Opcode Fuzzy Hash: 7168554417cf822afc1acde44454ef78eee8b12685f20ea2e023fffae59fb0cf
                                                • Instruction Fuzzy Hash: C6F06D2600E7C05EE7135778AD696D4BFB4BB07250B0E80D7E884CF1A3C21A5A99C7A2
                                                Function 080DC378 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0815ebfdea8decee285b09eb218f41967330ac1749df6fa207d4b9ed23fefff8
                                                • Instruction ID: 864584ee27d0bc15fa6fa3bf6325a6fdd908a974c851113c080f8855ebfce2c5
                                                • Opcode Fuzzy Hash: 0815ebfdea8decee285b09eb218f41967330ac1749df6fa207d4b9ed23fefff8
                                                • Instruction Fuzzy Hash: 74F0AF313001109BD7009A2AC894B6AF7DAFB88611B1080B9E609CB365DA31DC02C7E1
                                                Function 080DA570 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85629a9d7c69e0845f9fe84672b73c75cf5722dda63f48fd1540143a9f84a626
                                                • Instruction ID: 651e1a8d3c76af95eaf0cd5c70a8dc1ac9471f129b226b769657720e97bee134
                                                • Opcode Fuzzy Hash: 85629a9d7c69e0845f9fe84672b73c75cf5722dda63f48fd1540143a9f84a626
                                                • Instruction Fuzzy Hash: FDF02831B093502FE31186589801F5ABFB6EBC9320F15446EE5049B3A5CA65AC41C7D0
                                                Function 01B41205 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cfb1cf7de138496bad678e1cdb3780d8bde09fcac2a882fc3f383797f01ddec
                                                • Instruction ID: 9817a37166785e0f51851cc18392a3829b32622ea0f91f5f8eee5227c87e2464
                                                • Opcode Fuzzy Hash: 2cfb1cf7de138496bad678e1cdb3780d8bde09fcac2a882fc3f383797f01ddec
                                                • Instruction Fuzzy Hash: C4010835B00514CFCB08DF59D5989ADBBF2FF89614F158199D419EB360CB31AD468B81
                                                Function 055118C0 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 282c90c8e55f6f2960d6bfca1ff503406b5e7852964bcbb8e0f328cb51fb9156
                                                • Instruction ID: 183409726cc04b99ff9c02709ac2dbaba1422bb96bc7ed48e19e3e8bc1a374cd
                                                • Opcode Fuzzy Hash: 282c90c8e55f6f2960d6bfca1ff503406b5e7852964bcbb8e0f328cb51fb9156
                                                • Instruction Fuzzy Hash: B3F0FC317001059BDB24DA19D4949ADF7AAFFC8360F044076ED15C7350EB309C56C795
                                                Function 080D783B Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2392f84d346e5419c6fbe04774e4e8202f173017425d0bf3bbb6b17f7d8b76ed
                                                • Instruction ID: 82350d85d1085906e62b116e0f8d2ada3348a7b891350ce5a6842855d19d6978
                                                • Opcode Fuzzy Hash: 2392f84d346e5419c6fbe04774e4e8202f173017425d0bf3bbb6b17f7d8b76ed
                                                • Instruction Fuzzy Hash: 5211A4B8904218CBDB61DF64D8987EEBBF1FB49304F1085A99549A7384DB345D85CF90
                                                Function 05A56440 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bfbd94be3d95770efff828bd3d5166aa0e0f7040c8d904bf9365189e23c6ad3
                                                • Instruction ID: 9276e2ca1ef8daab8280d29780be81bddad8641e825c2f7354dfd15e83ca9bf5
                                                • Opcode Fuzzy Hash: 8bfbd94be3d95770efff828bd3d5166aa0e0f7040c8d904bf9365189e23c6ad3
                                                • Instruction Fuzzy Hash: 74014F7180020AABCF01AFD5DC01AEDBB79FF49320F04C119E95573201D775A552DB90
                                                Function 05515068 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61a190e5282b392d3dff59a952b6ea8fa65818567e222318c13097ef6a87763f
                                                • Instruction ID: c9dcade766e18136d29ac1fd2a0a65e11af3d50f657496bbcbba081e9cafe254
                                                • Opcode Fuzzy Hash: 61a190e5282b392d3dff59a952b6ea8fa65818567e222318c13097ef6a87763f
                                                • Instruction Fuzzy Hash: 38F0C2353042109FC3059B24D854D3A7BB6FFC9721B1482AAE955CB3F1CA32EC02CB50
                                                Function 0551B0E8 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02f417ccecf4fae9d2778f7cbd20687f30221aa5f907b313f6c5e6faba269fda
                                                • Instruction ID: 7d5e4caf4b5c49f76f638a939db3ca6fdfc260564d54dab922e4283973773f40
                                                • Opcode Fuzzy Hash: 02f417ccecf4fae9d2778f7cbd20687f30221aa5f907b313f6c5e6faba269fda
                                                • Instruction Fuzzy Hash: B2F0E971B442151FDB187AB8A4241AD7FEAEB84260F10087AE00DC7780EE359D028399
                                                Function 055152F0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a451eb2831d33844ce3e9803c78af714cbfa11566393bfd2ab7e02fb31da19eb
                                                • Instruction ID: 92443ae3cfdc6413e48bab6a296b118ff14c9c7672240490611303de4642f358
                                                • Opcode Fuzzy Hash: a451eb2831d33844ce3e9803c78af714cbfa11566393bfd2ab7e02fb31da19eb
                                                • Instruction Fuzzy Hash: 88013C75301614DFC7199B24D05891ABBA3FBCD711B108129EA0A8B794CF35EC43CBD5
                                                Function 01B40FA0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a6f570b05228de4b2c9162600dd9e6d1238966d3249042a6ed96b0ded90b6e5
                                                • Instruction ID: a64c8a8eec9ea65525278bd35a4b739d66471d0ffbe31b466b74b0ddf91f1b3f
                                                • Opcode Fuzzy Hash: 1a6f570b05228de4b2c9162600dd9e6d1238966d3249042a6ed96b0ded90b6e5
                                                • Instruction Fuzzy Hash: BDF02B323402105B8209B72D94105BE77CAFAC4650300C579F619DB350EF64EC4A67C1
                                                Function 07FFD290 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3dbb5b8424a67f19d836f251de4f52bb907f041dbbb8641054552539cfd0040
                                                • Instruction ID: 027427aefd8a691ffaaaa184cff2e934d628e31514b9edc5c2e65ced04a9b7c8
                                                • Opcode Fuzzy Hash: f3dbb5b8424a67f19d836f251de4f52bb907f041dbbb8641054552539cfd0040
                                                • Instruction Fuzzy Hash: 60014BB5E05209DFCB51DFE8D8552ADBBF4FF09300F1085AAD808E3251EB349A50CB92
                                                Function 05A542D2 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c54c76d189d752dcca0ce67e4f9747fb5212a723fa83ce579e63a5a83ecc8d66
                                                • Instruction ID: 5542fb746bd16740ee0d855063464f02e5294361dd49cc9a3f13d40a6d581e6c
                                                • Opcode Fuzzy Hash: c54c76d189d752dcca0ce67e4f9747fb5212a723fa83ce579e63a5a83ecc8d66
                                                • Instruction Fuzzy Hash: 67F04F7584510DFBCF01DFD4D901EADBBB5EB49310F508099EC0567250CB369AA5EB40
                                                Function 080DACC2 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e870fde1b389c25ff6da4851470627ee06b754e83c59286f160af02db76f77ad
                                                • Instruction ID: ab81cfd0badcc58161ba8ac32e2b0dbb14144d7c5c9782cd2328c69f137a4e25
                                                • Opcode Fuzzy Hash: e870fde1b389c25ff6da4851470627ee06b754e83c59286f160af02db76f77ad
                                                • Instruction Fuzzy Hash: 98F0E9753043916FC7165F69A884CAB7FA7EF8A320714447EF509CB785C9318C15C7A1
                                                Function 07FF8E28 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eda1548890b2f93423b6f676f2ae3fd4fa9e6303e5d8584f6fe78b58b861f110
                                                • Instruction ID: 4f622179cdfe33771c4c768394742b990249174fe52aa614cba96613780fe9b0
                                                • Opcode Fuzzy Hash: eda1548890b2f93423b6f676f2ae3fd4fa9e6303e5d8584f6fe78b58b861f110
                                                • Instruction Fuzzy Hash: ECF0AFB4908248AFC741DFE8D8106ADBFF4AF09300F14809AE858D7251D6348A21DF51
                                                Function 080DA580 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f7e2ebfba138ed7076ee6cdda555467abb9bce084a5d39ce6a03721bdc12741
                                                • Instruction ID: 33201babb0c73e30e9fc2ec9c063b3a5f57e461639af6f6c9e6bd3c2fc260a2e
                                                • Opcode Fuzzy Hash: 8f7e2ebfba138ed7076ee6cdda555467abb9bce084a5d39ce6a03721bdc12741
                                                • Instruction Fuzzy Hash: AEF0E971B443255FE71486189810B2FF7EBEBC8711F14452DE5059B354DA76FC4187D4
                                                Function 080DA5D8 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc575bb312ef6c5d52d9deaa2969bc6b56c8a1e5c3b6156e096e7ec88657a77d
                                                • Instruction ID: 9422cdf435b9dcca43ad1a5c2e8ee86a758006afdc88d07af8204cd8c20e84de
                                                • Opcode Fuzzy Hash: dc575bb312ef6c5d52d9deaa2969bc6b56c8a1e5c3b6156e096e7ec88657a77d
                                                • Instruction Fuzzy Hash: A1F0E9A2F4D3A05FE31257685C213297BA3DBC5202F1848AFD045CF2E9D95BD846C391
                                                Function 05511120 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95a8df3592f1960ce3f541c6735eb74da470f82d15de6be9c83d006a485c7a40
                                                • Instruction ID: d0581257fe0768267ef3a3808c6c9355bf72bad410d0c3bfe32e83bb541310c7
                                                • Opcode Fuzzy Hash: 95a8df3592f1960ce3f541c6735eb74da470f82d15de6be9c83d006a485c7a40
                                                • Instruction Fuzzy Hash: 0BF089312493465FC7119A69FC848CBFF59EEC12243048537E019CB166DB74DD4A87E0
                                                Function 080DB138 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 556826f516e950026fc0a2c91e393b3e2fd54f5c810ad7c86036b65de151b402
                                                • Instruction ID: 52657029b628c4772982eaf1861c8b35ad0482531f6c0e33ace24e1db66db8bc
                                                • Opcode Fuzzy Hash: 556826f516e950026fc0a2c91e393b3e2fd54f5c810ad7c86036b65de151b402
                                                • Instruction Fuzzy Hash: 37F0B43A304344AFC3048F29E894C8A7BE9FF9962134140AEF905CB321CA71DC05C791
                                                Function 05A53766 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c50210b93ef0079d76c1a6b5e2fb941e322e6168ba85fc76825b40a93f111155
                                                • Instruction ID: 54439e6c1274fce57bf7558872ade0ab2f48305b3bd39950124054954bf8c96f
                                                • Opcode Fuzzy Hash: c50210b93ef0079d76c1a6b5e2fb941e322e6168ba85fc76825b40a93f111155
                                                • Instruction Fuzzy Hash: C711C278A01258CFDB50DF68D894B9DBBB2FB89310F1184AADA09A7351CB345EC9CF41
                                                Function 01B42D10 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8adea4c0c7b559334c5861e33dd96a4ccc83778b1ee4bbfd8641ef1cf522895e
                                                • Instruction ID: ee6fc06f0822a2af01c68640a812e5236efdb6ecd3de2153f06714088b8aa4c9
                                                • Opcode Fuzzy Hash: 8adea4c0c7b559334c5861e33dd96a4ccc83778b1ee4bbfd8641ef1cf522895e
                                                • Instruction Fuzzy Hash: 93F06230A0E3888FC70BD7ADE05419DBFB2AF56301F2981D6E095CB257DA249C46C766
                                                Function 01B412AD Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f365e6bfc4357538dd85008cdb85d4b3582fe8f0d2ec1ea401aefa288044603
                                                • Instruction ID: 59c03fd9299070983387138b4bf68ca1c6e0ead445ba2f0313e68a58cf275143
                                                • Opcode Fuzzy Hash: 2f365e6bfc4357538dd85008cdb85d4b3582fe8f0d2ec1ea401aefa288044603
                                                • Instruction Fuzzy Hash: F3F0B475A48240DFC70CCF7CE4549A8BBF4FF8622471482D6D449C7616C720ACC9EB51
                                                Function 084427EF Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d76936ca7e7887c84cb077cdd93769b1176ae7e824c287480068d3922c55f942
                                                • Instruction ID: 04f8804f90157d7890b9022de68f018f04b80a4d1594c8c5522b0123562489c0
                                                • Opcode Fuzzy Hash: d76936ca7e7887c84cb077cdd93769b1176ae7e824c287480068d3922c55f942
                                                • Instruction Fuzzy Hash: 4611E578A042298FDB25CF14D8989DAB7F1FF8A300F0044D9A80EA7B85D7345E85CF41
                                                Function 01B42108 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 590780e42e11b653255575b8bf727658aa791ff03a74bb3ea01376d199009cc7
                                                • Instruction ID: 084cf0755f15bf515ccaf775b6833d6f682610d5df91df5f5e126ed780432106
                                                • Opcode Fuzzy Hash: 590780e42e11b653255575b8bf727658aa791ff03a74bb3ea01376d199009cc7
                                                • Instruction Fuzzy Hash: 60F09030204B005FD314EB68D98876DFBE3FF88310B508A38D18A8B669CB60AC4987A1
                                                Function 05A58958 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5bd746502f03ed30533101588a4d0a44533b537a48654fddccd1bfd30229be95
                                                • Instruction ID: 3057502047abf199ca95dfaecd59fe960fd5fb2cb3032d932b54d56a9e31bffc
                                                • Opcode Fuzzy Hash: 5bd746502f03ed30533101588a4d0a44533b537a48654fddccd1bfd30229be95
                                                • Instruction Fuzzy Hash: 50019378A00219CFEB54DF59D484B9DBBF6FB49314F208099E849A7350CB785D84CF41
                                                Function 055110D2 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae71ec97453d88853a97f4a4354df920eb0ab6b1412349dd7c2c9f5d64fc430d
                                                • Instruction ID: d8bef07dcdc0d18b38abf23616dd1bac637c3532a2e6bfd9e6d8ebf0bd4cdc4c
                                                • Opcode Fuzzy Hash: ae71ec97453d88853a97f4a4354df920eb0ab6b1412349dd7c2c9f5d64fc430d
                                                • Instruction Fuzzy Hash: 37E02B31B0E6A61BE715053E3C595ABEFE5FFC551074201BFED45CB319C9148C0983A4
                                                Function 05A56450 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2aaec84854ad4cc3bce42848be4d5ca9bf84b055ac522cba94fc7cc251bba035
                                                • Instruction ID: 9f17cd0961e8e79fd8a7246e458bcab95932af65e9a58b8527e85f2887f50a46
                                                • Opcode Fuzzy Hash: 2aaec84854ad4cc3bce42848be4d5ca9bf84b055ac522cba94fc7cc251bba035
                                                • Instruction Fuzzy Hash: 3FF0E771D0020AEBCF01DF99D8009EEBB75FF89320F00C519EA5927250D732A6A6DB90
                                                Function 05515078 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ab2877351e9f83f347abe127082f7ef301ce91ee0c6808b93d376e86365a6df
                                                • Instruction ID: a89900ef173c46d309d9f66a48335744a969bd9739b8ee6e659515ae3c718b0f
                                                • Opcode Fuzzy Hash: 0ab2877351e9f83f347abe127082f7ef301ce91ee0c6808b93d376e86365a6df
                                                • Instruction Fuzzy Hash: 31F0FE393106009FC714DB19D454D3ABBAAFFC9761B1580A9FA46CB760CB71EC42DB90
                                                Function 084411D4 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dffd2070092d281efc0023b8fc0e568735e54f593a7bb27198a758ee57556795
                                                • Instruction ID: 8fe29957ec19c542145a8afbf5ad01177949d9098c0380b77942ee0f024f9395
                                                • Opcode Fuzzy Hash: dffd2070092d281efc0023b8fc0e568735e54f593a7bb27198a758ee57556795
                                                • Instruction Fuzzy Hash: 9E011A78A01228DFEB64DF68D898A9AB3B1FB8A300F1050D8950DA7795CB345EC5CF50
                                                Function 080D9250 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4857cd72f47bbc1d93947e5866045d516a5554e4270f5b2b8953b035c13bc5b9
                                                • Instruction ID: b52b64193923e948bb92051bc663976415a0ad112297a529bf4d96974465cc92
                                                • Opcode Fuzzy Hash: 4857cd72f47bbc1d93947e5866045d516a5554e4270f5b2b8953b035c13bc5b9
                                                • Instruction Fuzzy Hash: 38F02739509308DBC700DFE4E8409A8BFB1EB42321F1081CED88917312CA314A56DB91
                                                Function 080D2DE3 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd6579fbff88533a9239bc96058ed69f7ecc5c92c55a82b844a59f2dfed96925
                                                • Instruction ID: 17d8e99c29cd0d4fccd4539357c4aa0445cdc3c354264416ec93c5d2fd9fb7c5
                                                • Opcode Fuzzy Hash: dd6579fbff88533a9239bc96058ed69f7ecc5c92c55a82b844a59f2dfed96925
                                                • Instruction Fuzzy Hash: 8E01E878901328CFDB60DF24D8887DAB7B2EB0A315F1092E6C45CA6241DB745AC9CF41
                                                Function 05A551D0 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24682bbbf3c2c6c58faefd49b5eb07416919a68d846344b2720cbe963fd269cc
                                                • Instruction ID: 163ffaac29f3765c2739138bb3156be63ba8f3909da7e8caed05079a070e3feb
                                                • Opcode Fuzzy Hash: 24682bbbf3c2c6c58faefd49b5eb07416919a68d846344b2720cbe963fd269cc
                                                • Instruction Fuzzy Hash: 5E01127490065ADBDF11DF58D844EDAB7B6FF48310F108699E969A3220CB31AEC6CF40
                                                Function 05A55557 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f634a4031d2a9c2d01df0a418acac95e38c65eda9cde2017510a584e80fec87a
                                                • Instruction ID: 0f65ce41fd2e4d5e55c3aa3d21b91c6d94e9e20b2392eee7757020a930213cbe
                                                • Opcode Fuzzy Hash: f634a4031d2a9c2d01df0a418acac95e38c65eda9cde2017510a584e80fec87a
                                                • Instruction Fuzzy Hash: 40018974A412689FEB65CF18D894FDCBBB2FB09310F1044EAE909A6290C6369E819F40
                                                Function 01B42CC5 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f45df9b72fbc152079712a9f894f3d4fc0a3edc3e1b1f6d34972d40bd28924d2
                                                • Instruction ID: 29b7b70299b9a432d6e4b1e876a4439c96d32c1c6a1390e114197f7b04af134f
                                                • Opcode Fuzzy Hash: f45df9b72fbc152079712a9f894f3d4fc0a3edc3e1b1f6d34972d40bd28924d2
                                                • Instruction Fuzzy Hash: 5AF09030A093848FC70A87A9E04419DFBB2EF89300F19C1D6E08197257CA209C86C769
                                                Function 07FF2F88 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ceafb2507ec8c110eb816c2e69336285c157266a5be41c845ed9358c843ce432
                                                • Instruction ID: a9461151a8e7496c712bb0bc75343c42832611e355ebcb36e495c676d021e532
                                                • Opcode Fuzzy Hash: ceafb2507ec8c110eb816c2e69336285c157266a5be41c845ed9358c843ce432
                                                • Instruction Fuzzy Hash: 8AF03AB4A0930ADFCB41DFA8D4411DCBBF0EF49210F1480AAD848DB361DB345A02DF81
                                                Function 080DC830 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8059f1be2a5c85ec9919835e93ffe37c21bc06553d18ba1fe7cc4cb8a46c79cc
                                                • Instruction ID: b2e44dfadb6c314f0fd180e1e0ad2d8f44c8cf4040f3e36f92200abf630ffa0e
                                                • Opcode Fuzzy Hash: 8059f1be2a5c85ec9919835e93ffe37c21bc06553d18ba1fe7cc4cb8a46c79cc
                                                • Instruction Fuzzy Hash: 4EF0E271E08308AFDB46CBA4D449ADDBFF6EF40210F14C0AAD045D3281DB384A85CB85
                                                Function 080D75C0 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 451be7bd5d968b1aab9fdc0f43611dfe51a5ff7ec523862a1b6af28db2e392ed
                                                • Instruction ID: 79b2ec980fc4a04452275ef5b1fd32d15846292a9ab86055006cc666f7bdce2d
                                                • Opcode Fuzzy Hash: 451be7bd5d968b1aab9fdc0f43611dfe51a5ff7ec523862a1b6af28db2e392ed
                                                • Instruction Fuzzy Hash: 080193B89042598FDB21DF54D8587AEB7B1FB49304F1085DAD60AA7344DB345E84DF50
                                                Function 05A57448 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d53445670149441102cec32fd40774b7dd56dd0b6bd03c8dabef40921b7dc99
                                                • Instruction ID: bcda7f8ed116be04fcc97155b1a94a601d4556fa7269b5c7977d4d5e1c2b8f72
                                                • Opcode Fuzzy Hash: 9d53445670149441102cec32fd40774b7dd56dd0b6bd03c8dabef40921b7dc99
                                                • Instruction Fuzzy Hash: 3501CCB4A00218CFEB60CF58D884F99BBF2FB49360F508099E90AA7250DB749DC5CF80
                                                Function 0551CC08 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51af8142405a69069c33230b2d93107bb22f3726580b39cf09919a7fff094a71
                                                • Instruction ID: 1173412e7f37c2a6f469ff17193d49ae4789f6f2b19668ac7af35495dd790d11
                                                • Opcode Fuzzy Hash: 51af8142405a69069c33230b2d93107bb22f3726580b39cf09919a7fff094a71
                                                • Instruction Fuzzy Hash: E4F0A730E492889FC702CFA8D8501ECBFB1FB46214F1485EFD88697292C6364E46CB81
                                                Function 07FFD777 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70643a4e16c0f04dc3cc6aecb8576421fb1598154a91634e0e713822fdd43a2e
                                                • Instruction ID: faf2c62378516a84b7bc80d12b9616595cc6e213c34750af3e521fe90e9dd47a
                                                • Opcode Fuzzy Hash: 70643a4e16c0f04dc3cc6aecb8576421fb1598154a91634e0e713822fdd43a2e
                                                • Instruction Fuzzy Hash: D7F03AB5E18209EFC744DFA8D4545DCBBB4EF09300F1080D6E84497365D7348A11CF81
                                                Function 080D70CD Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eba7f955a8a0120eebc27e3a409d54bbd632766406e2b636975e16b0dfffebad
                                                • Instruction ID: 45d1d464b2d926a8e3559b1ff88db3077def95348fa4bd4f5d76ebb3658cf102
                                                • Opcode Fuzzy Hash: eba7f955a8a0120eebc27e3a409d54bbd632766406e2b636975e16b0dfffebad
                                                • Instruction Fuzzy Hash: 9001C0B8A01208CFEB20DF98E898B9DB7F2FB49305F1041AAE509A7344D7385D85CF40
                                                Function 080D6A68 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1867f69fe3115f13b6753998c16ffd33f0c57fcd5cf1de1247ded72b013e377f
                                                • Instruction ID: 149f9d2ee0bc7df77f53adfdf2220c03e1cfd9854b380b6030c4a801635b59c0
                                                • Opcode Fuzzy Hash: 1867f69fe3115f13b6753998c16ffd33f0c57fcd5cf1de1247ded72b013e377f
                                                • Instruction Fuzzy Hash: EDF0ECB5D05308AFC750DFA8D4042ADBFB2EB48311F10C0ABD89897200D2368A41CF90
                                                Function 080D83B0 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed5c31bb315b894ca62d0ac3f3398f9a506b6fd114719047002e3a076a672330
                                                • Instruction ID: 5c75cd33edfc2fa8bf8d7475252276d1f62b464426f7d57a8fe0e30df10e7829
                                                • Opcode Fuzzy Hash: ed5c31bb315b894ca62d0ac3f3398f9a506b6fd114719047002e3a076a672330
                                                • Instruction Fuzzy Hash: 45F05874A0A348AFC781DFA8D8856DCBBF5EB49310F14C0EAE818E7352D6358A02CB41
                                                Function 080D9400 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1dff18c7bcfb6dfb24ff222f376c4d28ae3ed3be320d64da3c1903b0e69305dd
                                                • Instruction ID: 8cd1721949d1d0af064b781e4dca1d6b1dde7a11a9a9f28b735262fa83400630
                                                • Opcode Fuzzy Hash: 1dff18c7bcfb6dfb24ff222f376c4d28ae3ed3be320d64da3c1903b0e69305dd
                                                • Instruction Fuzzy Hash: 54F0F874E49388AFC781DBA8D85469CBFF1AF4A310F54C0DAD8589B352D6354A46CF42
                                                Function 080D6781 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 843f19bcfdcddab060a33bfc33d0b5c910c1a7e19e987f1a168606867c3aa52d
                                                • Instruction ID: 3d966176ea2e5eb711c7a2c8732107a18db3c5a3fe7d4d1efddaa5721d769651
                                                • Opcode Fuzzy Hash: 843f19bcfdcddab060a33bfc33d0b5c910c1a7e19e987f1a168606867c3aa52d
                                                • Instruction Fuzzy Hash: 16F082B4E09348DFC751DFE8E4545ECBBB1AB05310F1081EED4949B351C6355941DF41
                                                Function 05A54D18 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f6aa85e7462a392818846c71cdf8af588fd2529349eb77cb2b579cdde62c847
                                                • Instruction ID: 03c9e4f01107d244654de79b151217bdd79f3f5ae6fd44a3a8861380ee6f661d
                                                • Opcode Fuzzy Hash: 7f6aa85e7462a392818846c71cdf8af588fd2529349eb77cb2b579cdde62c847
                                                • Instruction Fuzzy Hash: 20F08CBA804208AFCB40CF80E841AACBB75EB08310F109158EC0527351D6729A62EB50
                                                Function 05A57031 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99589cf14f8862bcdb7562d42fefe707c0f55e8d5d1174170687095063d37384
                                                • Instruction ID: fc81d66b145fac3ca72ab62ea4adaa6f219a6d29ef5ff5291a274bafea8bfcf7
                                                • Opcode Fuzzy Hash: 99589cf14f8862bcdb7562d42fefe707c0f55e8d5d1174170687095063d37384
                                                • Instruction Fuzzy Hash: 3AF058B4808208ABCB10CFD4D840EACBFF5EB48310F14C09AEC1452391D6368A62EB80
                                                Function 01B41F99 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17a77de4b268a98adec2a55171133cac93caa3ed7a0ee886e3bb3963e4fd1684
                                                • Instruction ID: 539b0595751b8de5db8084b683b8b30a34a0eb0ae138ff57094cedfe7a0c09cb
                                                • Opcode Fuzzy Hash: 17a77de4b268a98adec2a55171133cac93caa3ed7a0ee886e3bb3963e4fd1684
                                                • Instruction Fuzzy Hash: 37E09236F08052DBD71C26ED30185BAEB61AAF9261708C3F7E40BC264ADB7068C36791
                                                Function 07FFB768 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e29ffca00f0649e6c192325d4ffda8dddbed505820423e43998cc0be293de92f
                                                • Instruction ID: 438e188ccb7b2865127d85a22e8894f1a4ee46ef171f869b08e6846ede56b3c9
                                                • Opcode Fuzzy Hash: e29ffca00f0649e6c192325d4ffda8dddbed505820423e43998cc0be293de92f
                                                • Instruction Fuzzy Hash: 1EF08CB4D08209EFCB41CFA8D8446ECBFB1EF4A210F18C0EAE848973A1C6358A55DF41
                                                Function 07FF6660 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a13f1b449a2f0efc58610e26e549f8fe96ce12f5d2df11bc1dd2276e7d7656a
                                                • Instruction ID: fbf6521d455e8dd4745f2f1d42238429a2c15d5a358b8fb5a0ae72d33c672b05
                                                • Opcode Fuzzy Hash: 4a13f1b449a2f0efc58610e26e549f8fe96ce12f5d2df11bc1dd2276e7d7656a
                                                • Instruction Fuzzy Hash: 18F0A074909248DFC702DFB4E8009ADBFB5AF46310F14829AD8405B252CA328A55CBA5
                                                Function 07FF5439 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 982dd9ed4aea2a3c069cf2fcd02081d4b0c6ec7d3dd6e2b51b2dd528df262f3f
                                                • Instruction ID: 312e472aa576cf33eba71793d2a9e12c6016a5c9dd95a9540240a7ee5a18536a
                                                • Opcode Fuzzy Hash: 982dd9ed4aea2a3c069cf2fcd02081d4b0c6ec7d3dd6e2b51b2dd528df262f3f
                                                • Instruction Fuzzy Hash: 94F0E5B980C218AFC701DB94E851AE8BF749F06321F28839AE814972E1CB314E95DB91
                                                Function 080D32A2 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e37a1ae7d103a29f7926bed0151e31dd74f80838b4654967aeaf2649ac5c073
                                                • Instruction ID: 9fde047883769b66eaaecba6b20debe81ff74bbae2dff0b7694c0f9b1d92f3e5
                                                • Opcode Fuzzy Hash: 3e37a1ae7d103a29f7926bed0151e31dd74f80838b4654967aeaf2649ac5c073
                                                • Instruction Fuzzy Hash: 11013978D11328CFDBA6CF24D894799BBF9AB09305F9091EAD80DA2240DB345B84CF45
                                                Function 080DE458 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82787742a8f0bc943620019bef04da437e4ad77fb617e65800fc427d719a5a8e
                                                • Instruction ID: f8d1ce1eba71f9025290acf79411225b46d47ba8f96585ce4fff4251e095d3db
                                                • Opcode Fuzzy Hash: 82787742a8f0bc943620019bef04da437e4ad77fb617e65800fc427d719a5a8e
                                                • Instruction Fuzzy Hash: 71E09235289354ABDB212B74DC417E13FA65F02236F1908FBE9859E683C662E841C762
                                                Function 07FF33D0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eda0e4266c2834e8960f8d690ee28c4580088c1fda36696f559aefeaa05212dd
                                                • Instruction ID: 3ca58c3ae19313072a45f3e1c9cb667048a56219b800223a8bf55dc18955b955
                                                • Opcode Fuzzy Hash: eda0e4266c2834e8960f8d690ee28c4580088c1fda36696f559aefeaa05212dd
                                                • Instruction Fuzzy Hash: 25F0E57850E2499FC705CBB4E8424ECBF75DF42310F1880DED44457292CE314986DBE1
                                                Function 05A531F9 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 052356e0009471ecd22eb0953b6fee74dde4b7053097fe7031579a8973b285d0
                                                • Instruction ID: 1041249b5ff023fb49a3fe2cde91657f10d065f5f3ad165f2398dbeb3a461ff5
                                                • Opcode Fuzzy Hash: 052356e0009471ecd22eb0953b6fee74dde4b7053097fe7031579a8973b285d0
                                                • Instruction Fuzzy Hash: CDF08C7880420CABCB50CF94E444AACBFB5EB48210F10C1AAAC4452340D6358A52DF80
                                                Function 05A58EE8 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c97891ceb476df92218ae3fa16f0a8215a21dabb827e07aa2d6a7c035ba1cab
                                                • Instruction ID: 245204fbffee1419f968e9dc7162ecba173e57d198b0e0ed0f0fc2b4b4d7a569
                                                • Opcode Fuzzy Hash: 4c97891ceb476df92218ae3fa16f0a8215a21dabb827e07aa2d6a7c035ba1cab
                                                • Instruction Fuzzy Hash: 23F0A074C09248AFC704CBD4D400AACFFB5EB89310F14C2EEE84997782C6394A06CB51
                                                Function 0551E548 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b8b1d0527d5fda5c42b7935a295fc05fff6c482918d5c35e11744322a054200
                                                • Instruction ID: 1967481af340342e0ba2dc660a0adc19532b8cf87613d7f494b82ad02990786f
                                                • Opcode Fuzzy Hash: 8b8b1d0527d5fda5c42b7935a295fc05fff6c482918d5c35e11744322a054200
                                                • Instruction Fuzzy Hash: 25E022B8D0D2089BC710DFE4E8825ECBF78FB01210F1081AEDC0807242DA305A02CB91
                                                Function 0551C8B0 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f6bcb3aff34af002c3fdab094f044de49f0c7edbe42f47e0ab79ceca730cb07a
                                                • Instruction ID: 7f2108f9c54244448c089b9c0dec59376015bc9496deccfc277f6c5fdb918955
                                                • Opcode Fuzzy Hash: f6bcb3aff34af002c3fdab094f044de49f0c7edbe42f47e0ab79ceca730cb07a
                                                • Instruction Fuzzy Hash: D7F05874D09248AFCB50DFA8E4542ACBBF4AB49220F1081AA982897381CA355A42EF81
                                                Function 07FF8E38 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3999fc137124531fd602ea9863c6f32549a45ceabe3162becfb98917861b038f
                                                • Instruction ID: 386cc8253fa7284433bf71a7c73504cc5629efc9f4496be106b53a52653fec48
                                                • Opcode Fuzzy Hash: 3999fc137124531fd602ea9863c6f32549a45ceabe3162becfb98917861b038f
                                                • Instruction Fuzzy Hash: B6F01CB4E04208EFCB80DFE9D850AADBBF8EF49310F14C49AA958D7351D6399A11DF51
                                                Function 080D7308 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bd887966c9c44d0cf0061e38703808f2d952a809b33466e41815b5869a83add
                                                • Instruction ID: 91b21e3abe57e64f3892ba78301cfe4e3277fbdcdef41713f4102e656fb2155f
                                                • Opcode Fuzzy Hash: 4bd887966c9c44d0cf0061e38703808f2d952a809b33466e41815b5869a83add
                                                • Instruction Fuzzy Hash: 8001E4B4900218CFDB24DF69E8847DCB7B2FB5A301F1081A9D549A3254C7745984CF51
                                                Function 05A57D62 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20641b3779db9bfc39b6efb614e4d76a5178d3f34541eae23073f3faeeced71e
                                                • Instruction ID: 3b96c0600e02a8fb24123471d1a8d52d0034be0398ec208915be4365548659b5
                                                • Opcode Fuzzy Hash: 20641b3779db9bfc39b6efb614e4d76a5178d3f34541eae23073f3faeeced71e
                                                • Instruction Fuzzy Hash: 3AF030B5904108BBC740DFD4D941BADBBF9EB48310F14C0A9AC04A2340CA399A42DF50
                                                Function 05A58890 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea3de8b5e64197b6e87623748a26307cfcd11fe111f0260d84c658232dbdc487
                                                • Instruction ID: e9200d8c604be88bf48d6b061d406d51f48dabc8749b011e7e1232ca3fd5e0ea
                                                • Opcode Fuzzy Hash: ea3de8b5e64197b6e87623748a26307cfcd11fe111f0260d84c658232dbdc487
                                                • Instruction Fuzzy Hash: CFE012B8905108BBD714DA94EC41FADBB7DE785315F249198A80453740CA395942CBA5
                                                Function 05A5806A Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77fb333d073ce9c085b26e2c76e0b2bc0c722c6e8b309bc57820de94061f5f3b
                                                • Instruction ID: c584e89d17f5e605aa59fb6ab1bad90ac74be54b46da92ae7b89ce2e64785f4d
                                                • Opcode Fuzzy Hash: 77fb333d073ce9c085b26e2c76e0b2bc0c722c6e8b309bc57820de94061f5f3b
                                                • Instruction Fuzzy Hash: 96F039F8904208ABC710CFA5D845BACBBB8EB89320F14C1A9EC58A7741C6399A02DB50
                                                Function 05A53310 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76d5ddd85182ec7c9d9957464f01a003cf2f2be8cdfb2c0196e870687176b16d
                                                • Instruction ID: a2dfb67fe6f4f422e520891bd3ed287dda7b3c7c2bbe4eee7ff48c77252e4817
                                                • Opcode Fuzzy Hash: 76d5ddd85182ec7c9d9957464f01a003cf2f2be8cdfb2c0196e870687176b16d
                                                • Instruction Fuzzy Hash: E9E092B5905108EFD780DFA8E455B5CBBF4EB44215F20C5A99C08D3341EA719A02CB40
                                                Function 05A57E52 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f74244f222fc05d975b5aacc6a9c53d7e9a98c212f03c260b7b8a1ae1406b91
                                                • Instruction ID: 72c07ebfdf21cb757aa29f300ebef8421a6673b3a636acc83727010dfa7b5a9f
                                                • Opcode Fuzzy Hash: 7f74244f222fc05d975b5aacc6a9c53d7e9a98c212f03c260b7b8a1ae1406b91
                                                • Instruction Fuzzy Hash: 00F0F87990420CFBCB04DFD4D841E9DBBB9EB48310F10C0A9EC1866351C7369A62EF40
                                                Function 01B40F17 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ffbc305883cc68db2be6c17a1149a7e25da3b9f5f1a55a4d1d2b4f81c27c22b
                                                • Instruction ID: 7b0d3f5c4241f686d12c6f8a477fb490cb9e4eb59f125432c851a636d1447eb7
                                                • Opcode Fuzzy Hash: 1ffbc305883cc68db2be6c17a1149a7e25da3b9f5f1a55a4d1d2b4f81c27c22b
                                                • Instruction Fuzzy Hash: 5EF05870D05349EFCB40EFB4D9451DCBFF0EB09200F2082AAE809A7211E3304A059B41
                                                Function 01B41FA8 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b75b81debefad8d5f0c38e0937902bccbedc7cb6686527f1dcde3bcb15e8ad5
                                                • Instruction ID: 25944e5c2079acb7ea6f7dcd08c154085cfb2c26ed1dfa4df9e78e0b543578dc
                                                • Opcode Fuzzy Hash: 7b75b81debefad8d5f0c38e0937902bccbedc7cb6686527f1dcde3bcb15e8ad5
                                                • Instruction Fuzzy Hash: 0DE08C2AF0841597531C30DE740883AA69AE1F86A1200C3A7E90BC3388EB70788323E2
                                                Function 07FF3DA9 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffa4ce32d9ab918a81ef235090fe6c823727d42760bf131b5858dbe67c322b1a
                                                • Instruction ID: fa0480f9993bca6c6222d929cbcbd30fd2fbe5e6fd82732ffe63109f3cc3b0d0
                                                • Opcode Fuzzy Hash: ffa4ce32d9ab918a81ef235090fe6c823727d42760bf131b5858dbe67c322b1a
                                                • Instruction Fuzzy Hash: A3F039B4A09249DFCB02CFA8D5505ACBBB4EF4A310F2480EED888D7361DB354A56CF80
                                                Function 07FFCC67 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ab7e55c2bb12b55edf9eff0fdb7ebded3695e5aca48db86b3cedfb3179693a4
                                                • Instruction ID: 846deea0639aa7c2df332e3415424d5f53b4fb58a97122fda8c997c06382fae8
                                                • Opcode Fuzzy Hash: 7ab7e55c2bb12b55edf9eff0fdb7ebded3695e5aca48db86b3cedfb3179693a4
                                                • Instruction Fuzzy Hash: 7CF06DB4D19289DFC751DFB4D45829C7FB4EF06211F2450EAD844D3362EB340A54CB52
                                                Function 080DC840 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e471c7d8d2bad9ecd0901cd586505a5bddc004ec61b902e54839d7f2ec872c90
                                                • Instruction ID: 887919c2b4e1a3c213bd1eb7f6d8ea70e9256d594ff4ac2ec982228719679e4d
                                                • Opcode Fuzzy Hash: e471c7d8d2bad9ecd0901cd586505a5bddc004ec61b902e54839d7f2ec872c90
                                                • Instruction Fuzzy Hash: 87F03971A04718AFDB49CBA9D448ADDBFFAEF84611F14C0A9D00693290DB785A81CB88
                                                Function 080D6B00 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd207f26976e7a0998348a2aef916872eaa038ebc8181c2caf5e5a482a958fa9
                                                • Instruction ID: adfd0225a0f0326789de6ec0006e67c5d316305ff276640668b6a9daafdff1e9
                                                • Opcode Fuzzy Hash: fd207f26976e7a0998348a2aef916872eaa038ebc8181c2caf5e5a482a958fa9
                                                • Instruction Fuzzy Hash: F3E086B4D4A30CEBCB10AFA4E9555EC7FF99B06322F105199D81423291DF310986DFD6
                                                Function 080D7381 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7b515963af6caf6b13616826594a1ea5cf50ab28a08c436dc18c736eb758aa9
                                                • Instruction ID: 96d324f03f1fdbcae5c6a216ef0359ee024d9183e185071f84830b133354c880
                                                • Opcode Fuzzy Hash: b7b515963af6caf6b13616826594a1ea5cf50ab28a08c436dc18c736eb758aa9
                                                • Instruction Fuzzy Hash: B8F0C4B4901218CFEB20DF98E888B9DB7B2FB49305F000599E549E7254CB755984DF40
                                                Function 080D73F6 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 905b15eb02350659a8d9faf63327b7b491142e2e848ed7844a0912f45182e5ef
                                                • Instruction ID: 5f0458447586631101cc227a695169b3131f655a9c5a2dfaef075fe32d85e33b
                                                • Opcode Fuzzy Hash: 905b15eb02350659a8d9faf63327b7b491142e2e848ed7844a0912f45182e5ef
                                                • Instruction Fuzzy Hash: 99F0E7B8900248CFEB60DF94E888BACBBB2FB45315F5040A9E509E7244CB355DC9DF55
                                                Function 080D75CD Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9c1352d77045876b1626c05bcce1a6f9a4376c4c289de48a93f684559f42174
                                                • Instruction ID: 78b4b12c74bad734cf6eb5b0e9af8ce262c1407274f772278d64e08c7f1ae915
                                                • Opcode Fuzzy Hash: e9c1352d77045876b1626c05bcce1a6f9a4376c4c289de48a93f684559f42174
                                                • Instruction Fuzzy Hash: 10F0B2B8900258CFDB21DF54D88879CBBF2FB59316F004099E589A7244CB795DC8DF41
                                                Function 080D7648 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1ab4181be29af20b31bc933c836ad8065672138967b870e810e5dac2b0cf1a7
                                                • Instruction ID: fcf4b3e6579ced26d9eb204792356f28c9538b824d7342d5af9fa43ea90376c1
                                                • Opcode Fuzzy Hash: d1ab4181be29af20b31bc933c836ad8065672138967b870e810e5dac2b0cf1a7
                                                • Instruction Fuzzy Hash: 29F0E7B8901208CFDB60DF98E8987ADB7B2FB49301F100099E509E7385CB356E85CF41
                                                Function 080D7771 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0cbbeae79304f159ba7ea2c2d1f2ac3bbde25e4158bb56d6696f55003a75995
                                                • Instruction ID: d1da3d873568a753e84a0f6899fc1717ac9dad333e72cfd3ef676186321af912
                                                • Opcode Fuzzy Hash: f0cbbeae79304f159ba7ea2c2d1f2ac3bbde25e4158bb56d6696f55003a75995
                                                • Instruction Fuzzy Hash: E4F0C4B8901208CFEB20DF94E998BADBBF2FB45315F504099E50AE7684C73A5D84CF40
                                                Function 05A52838 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2472387595c2dab89903ef87d4fb9a3c49e9f11df3d338de58c010c6537344d
                                                • Instruction ID: 07298eaaf80b5c571cb6d5a2bb525458a1879511c9f3a04bc1c8e72ddc02e47d
                                                • Opcode Fuzzy Hash: b2472387595c2dab89903ef87d4fb9a3c49e9f11df3d338de58c010c6537344d
                                                • Instruction Fuzzy Hash: CDE0DFB894810CEBC700DBE5E845FADBBBDEB44320F1080ACEC0867341CA79AA43CB50
                                                Function 05A59410 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3759c42eb36a1f44d66852cc120b4a9a33e9dcb1d3f3cb6a07b9447248a4fdf6
                                                • Instruction ID: 489145c54812be3c14e8528003466f7807a5fda6ee3bae0eb324e4c25d9c29c4
                                                • Opcode Fuzzy Hash: 3759c42eb36a1f44d66852cc120b4a9a33e9dcb1d3f3cb6a07b9447248a4fdf6
                                                • Instruction Fuzzy Hash: FEE092B490D208EFC705DBA4E85099DBF78AB42310F5491D9D84867392C6355E43CB61
                                                Function 05A52F00 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e42650734756dd44ac6ab6430b6b081c228f3f07ab94dd276260b303e76876f0
                                                • Instruction ID: 281c6f64df63284dc00066e6c869c55e2c2587802e83f61874dac129d75555aa
                                                • Opcode Fuzzy Hash: e42650734756dd44ac6ab6430b6b081c228f3f07ab94dd276260b303e76876f0
                                                • Instruction Fuzzy Hash: 04E02B7454D208AFC301CBE4D810A58BFF4DF02210F0880DAF844C7243D6344E09CB11
                                                Function 05A58298 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57b02460c9579bb0c144bb60b8304aa212bdaaf6c76376cb19db1b95db1c3d39
                                                • Instruction ID: 3cb76b246fe865d097f907441feddf30d2fb36ae115953b27be1e5a56e6a38e8
                                                • Opcode Fuzzy Hash: 57b02460c9579bb0c144bb60b8304aa212bdaaf6c76376cb19db1b95db1c3d39
                                                • Instruction Fuzzy Hash: 62E092B4948208BBC700DB94D845FADBB78EB82320F14D19CD80453742CA399A02DB50
                                                Function 0551F441 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f23223f7d632a1dd53cc312ff6d962ed877155d8c2c7664fff39b645eb063cb0
                                                • Instruction ID: 0d56caf61ca62d4b1bd1e7e6c8aabc8eaddeefd0d4a2c2aae30a0db2b56452fa
                                                • Opcode Fuzzy Hash: f23223f7d632a1dd53cc312ff6d962ed877155d8c2c7664fff39b645eb063cb0
                                                • Instruction Fuzzy Hash: B5E048B8948108A7D704DBE4D8457ADBBBDFB45324F14D1999C0563341C6755D42CBA4
                                                Function 05519E30 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8d6d38f34e65085abdeeed424c6857c0833109cefb49ad88cc9408bb59c9dbd
                                                • Instruction ID: 45262e046ae6a7554f017886f80be81ebccb2b6172b36a60463d9027d104340c
                                                • Opcode Fuzzy Hash: e8d6d38f34e65085abdeeed424c6857c0833109cefb49ad88cc9408bb59c9dbd
                                                • Instruction Fuzzy Hash: 15E0ED392092409FC702CB60EC90985FF68AF89614748C0AFE8498B682DB32A816CB91
                                                Function 05511130 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae07be3859276bdca5b169a3515a43e072246bdb0dfb4eb1ca59df697a867535
                                                • Instruction ID: a07ba2814a4872615172028885707ecdcc0e18319273c3b87ba45abcb42a7f74
                                                • Opcode Fuzzy Hash: ae07be3859276bdca5b169a3515a43e072246bdb0dfb4eb1ca59df697a867535
                                                • Instruction Fuzzy Hash: 6EE01A313003055FC714AA6AED8484BFF9AEFD02647108A3AA11A8B229DA74ED4A8790
                                                Function 055122B0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 322d9a2093ce80741d593532314cf2b392d2b273fdc5b831cc8b51b4630ace05
                                                • Instruction ID: 2b6c0806dc2e2540462b59860ef5cf72b6274f2d8608e3bf5e11171c9b5235e1
                                                • Opcode Fuzzy Hash: 322d9a2093ce80741d593532314cf2b392d2b273fdc5b831cc8b51b4630ace05
                                                • Instruction Fuzzy Hash: 72E0923014A3025FC7168B34ED409EBBFA1EE80204B04CA3EE0458B979C730ED8987D1
                                                Function 07FF2BC0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 673f2b5e62e7c13d38398d79be59c40e60d8ce31cfd053ef15b80ed4637ff1eb
                                                • Instruction ID: 4511201713b1d1ea6669d38f6d3813f274bf07fbb3238245b7fac9ddbbd64afb
                                                • Opcode Fuzzy Hash: 673f2b5e62e7c13d38398d79be59c40e60d8ce31cfd053ef15b80ed4637ff1eb
                                                • Instruction Fuzzy Hash: 6FE092B440D245DFC315CF98D8105A8BB78EF06210B14808ADA048B261CF359D16DB91
                                                Function 080D6800 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83e115c12fb06450d24525ae4d829928660a80601ac22be3929f6b38a31f4aa9
                                                • Instruction ID: 7a72e6e973d1ae3349893d4048abaa769de67e0b7ece40a92762167d2d298239
                                                • Opcode Fuzzy Hash: 83e115c12fb06450d24525ae4d829928660a80601ac22be3929f6b38a31f4aa9
                                                • Instruction Fuzzy Hash: AEE0927094A348DFC741DFF8D55969C7FB0AB09311F0041EAD844D3242E6340A44CB91
                                                Function 080DA058 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bf5ce429882d8803a78ce78488d6cdd33719f532d2d175d9cfe45b7f3adc982
                                                • Instruction ID: 15f3feb542d321fe3abf7985af6ffbfea6b9cf850398e14e1ed612827351f60b
                                                • Opcode Fuzzy Hash: 2bf5ce429882d8803a78ce78488d6cdd33719f532d2d175d9cfe45b7f3adc982
                                                • Instruction Fuzzy Hash: 9CE09270A06348AFC711DFB4ED91AE97FB6EB4A310F1141EEE404EB652DA305E0897A1
                                                Function 080D9C07 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d85c0b28713f04c49d2ecd7c25e35a080f634e445fb7bd669682ebfedaf592d
                                                • Instruction ID: 9aab43e5dae46861bb2dbd001ce010aeb41e03dabb38bcf2830e4911a48366ba
                                                • Opcode Fuzzy Hash: 3d85c0b28713f04c49d2ecd7c25e35a080f634e445fb7bd669682ebfedaf592d
                                                • Instruction Fuzzy Hash: B7E09270706144AFC701EBA8D944AE87FF2EF89304B1141EAD448CB716CA310E058B51
                                                Function 05A520DA Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63e17c77cf13ca46e46d7472b4dca272df467daa80bba8d8ed9db9dd0c96003f
                                                • Instruction ID: a7c7e5b532e6edfd6dc955a26b1f42ec0b2ffbaf72651424b63a205e8b7b2b52
                                                • Opcode Fuzzy Hash: 63e17c77cf13ca46e46d7472b4dca272df467daa80bba8d8ed9db9dd0c96003f
                                                • Instruction Fuzzy Hash: 06E048B8944108EBC744DBD4E945FDDB7BDFB45314F149099980857340CA755A46CB51
                                                Function 05A57E58 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad1915baf29fd5d1cdd493ad1f1b8593a333b47e6211c0845bb03284cb920112
                                                • Instruction ID: 00f478c76103a8d70864281f4f1e8276c55bcea9fa77ae0ff3b221f2e69a2ae0
                                                • Opcode Fuzzy Hash: ad1915baf29fd5d1cdd493ad1f1b8593a333b47e6211c0845bb03284cb920112
                                                • Instruction Fuzzy Hash: FFF0F274904208EBCB04CF98D8409ADBBB5EB48310F10C0A9EC1862250C7329A22EF80
                                                Function 05512799 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88260cfec14f29569383bbe7afc18efaa2b851df0166937d758b25455a2a8ab4
                                                • Instruction ID: cb3cd962a2821036b33aaa11edb5a4112b3c5954183ad06a788af68cc65a2060
                                                • Opcode Fuzzy Hash: 88260cfec14f29569383bbe7afc18efaa2b851df0166937d758b25455a2a8ab4
                                                • Instruction Fuzzy Hash: BDE08C3530D2A20FDB13C239B9114DB7FE1AF8511431646BBE489CB246DA20DC4A83E1
                                                Function 01B4F940 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79249f4ab430c72c3e956b4be7e192fbd871e1d5bdfb018aff73ba6888fd0bd9
                                                • Instruction ID: 8543b4dd88f587352b5236ef53038a9426ed50459b1c8937ba809f28d748d358
                                                • Opcode Fuzzy Hash: 79249f4ab430c72c3e956b4be7e192fbd871e1d5bdfb018aff73ba6888fd0bd9
                                                • Instruction Fuzzy Hash: 51F0A578E05208EFCB84DFECD444AACBBB5EB48310F10C1AAA818A3351D7359A51EF40
                                                Function 05A52913 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d1020f52a1390744c0ad33c349214c1f3e91444cd0197583d9a6bf80ce1d3e1
                                                • Instruction ID: 4a9e5363d390d46f0b6fee3998853fa58aed89f1ddd6373baa2f93ccfc8c1a6d
                                                • Opcode Fuzzy Hash: 5d1020f52a1390744c0ad33c349214c1f3e91444cd0197583d9a6bf80ce1d3e1
                                                • Instruction Fuzzy Hash: C3F09878D10248DFDB08DFE9E494AADBBF2FF49310F218069E505A7255DB345849DF00
                                                Function 05A53C10 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b4bfb7ca532cf57abb94241672632b6851a7f9b885b7a1325bb7c83ab9bf73f
                                                • Instruction ID: d6b3450913e9d53a81ea69e12a03d0a88aa7b89ba3145a380b852395d0da0df0
                                                • Opcode Fuzzy Hash: 4b4bfb7ca532cf57abb94241672632b6851a7f9b885b7a1325bb7c83ab9bf73f
                                                • Instruction Fuzzy Hash: 5EE0D879549288DFC702FBF0E4105DE3FB49F46251F1450E6C48497162DA354A04DB91
                                                Function 05A57040 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abc913f19f72739af8bfbd6c33ab69fe703de37d7fd214e1d9f7b2c7eecb3f45
                                                • Instruction ID: 36442adf3fe3da9e44d8fd73e9be63832a75a4059450fc42e023b5c1244ec85a
                                                • Opcode Fuzzy Hash: abc913f19f72739af8bfbd6c33ab69fe703de37d7fd214e1d9f7b2c7eecb3f45
                                                • Instruction Fuzzy Hash: 1FF0C97490420CEFCB55DFD4D840DACBFB5EB49350F14C09AEC5466351D6369A52EF40
                                                Function 05A53290 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4473a86061257fbece51826fa27b0e62c31e607018b4ae5a700e9522e7988ab
                                                • Instruction ID: 67573ba44f92a9764b909a6f50e3f214b6e7e09e331e18cd71b9a3c290e51cf6
                                                • Opcode Fuzzy Hash: d4473a86061257fbece51826fa27b0e62c31e607018b4ae5a700e9522e7988ab
                                                • Instruction Fuzzy Hash: 38E07DF4505004ABC700CAC0E810F5C73ECD741318F10454CDC0883341C5B58E01C740
                                                Function 05A542E0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8aa8ec03bddf598f1347410f5504d1bba0d4f8a25ff4e00093d4d961725a206d
                                                • Instruction ID: 0dc6ee2041cdf3d8a723e47c60579344156abbf0bd59fe17ff56564d16ec5db7
                                                • Opcode Fuzzy Hash: 8aa8ec03bddf598f1347410f5504d1bba0d4f8a25ff4e00093d4d961725a206d
                                                • Instruction Fuzzy Hash: A0E0C27990810CEBCF05DF94E941DADBB76EB49310F508099AC0526251CA329AA2EF91
                                                Function 07FFABA7 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3494988af907cf27ebdab117775a2437f691c7a30b9ba5279164953deca1407
                                                • Instruction ID: 2862a1691aa278d5ea718501aacddd3d8edfd8ddcbdb80074afa9634e01105c1
                                                • Opcode Fuzzy Hash: d3494988af907cf27ebdab117775a2437f691c7a30b9ba5279164953deca1407
                                                • Instruction Fuzzy Hash: FEE0DFB9942248EBC711EFF4D104BDD7BA4EF09301F1084AAD90883291EA364A51DBA1
                                                Function 07FFCB12 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f69fcdca41570c862d96e9bc2550ec4c40fb616ee03e1d0d6e4435392faf921e
                                                • Instruction ID: 9baba63605cf87a23d495e167f20a1e3ec40af649fa89b46ed4154e2c8693253
                                                • Opcode Fuzzy Hash: f69fcdca41570c862d96e9bc2550ec4c40fb616ee03e1d0d6e4435392faf921e
                                                • Instruction Fuzzy Hash: E0F0D4B4D1422CCFEB14CF65E444B9DBBB1FF46304F049495D50963260CB358985DF11
                                                Function 084452CE Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3ac412f50ce5b465c79e7cb6c0af7a8cf73fb7a8d7680ee27ea4afc1f7eebfb
                                                • Instruction ID: 2cddd20724354d09411bd0828a2f4b1137e5807d1337eda9612c838af1843146
                                                • Opcode Fuzzy Hash: c3ac412f50ce5b465c79e7cb6c0af7a8cf73fb7a8d7680ee27ea4afc1f7eebfb
                                                • Instruction Fuzzy Hash: 39F06D70900219CFEB60DF94C84C7A9B7B0FB05301F0041EAC04D97641D7755ED68F12
                                                Function 08455760 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 928bcc4d9b22a647ad8a362af80f778057274c0bf469e2e148b86b35c691845e
                                                • Instruction ID: 19956217c3bba0ad3d51d479d09af8cab7e83e696dacce52e3e9f4ff1edcf7b0
                                                • Opcode Fuzzy Hash: 928bcc4d9b22a647ad8a362af80f778057274c0bf469e2e148b86b35c691845e
                                                • Instruction Fuzzy Hash: 26E0C974E04208EFCB84DFE8D5446ADBBF4EB48311F10C1AA9C1893341D6359A52DF80
                                                Function 08459F10 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 928bcc4d9b22a647ad8a362af80f778057274c0bf469e2e148b86b35c691845e
                                                • Instruction ID: ae4aef54257bdc45342733486c5737fa953c0bc2416bd0b5361de13b3182c726
                                                • Opcode Fuzzy Hash: 928bcc4d9b22a647ad8a362af80f778057274c0bf469e2e148b86b35c691845e
                                                • Instruction Fuzzy Hash: E0E0C974E04208EFCB84DFA8D44469DBFF4EB48310F10C0AADC1893341D6359A52DF40
                                                Function 0551DE01 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 287790539b350ff492d58198d9561cc5163de4d9d0ad9cfa6e879ed324c7d589
                                                • Instruction ID: e53f1e08b46c5ab7fa92b024beb43c45e81634ea9ee3238fc9aab4961c66e02c
                                                • Opcode Fuzzy Hash: 287790539b350ff492d58198d9561cc5163de4d9d0ad9cfa6e879ed324c7d589
                                                • Instruction Fuzzy Hash: E0E07D7080C1489BC300C7E1E404AA8BF7CEB02304F0080EEEC0947282DA369D01CB44
                                                Function 0551C8C0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd180eb4682c99124f4a20cc2019a2385b11b286f55d5a3d1d670bd143a2f6fa
                                                • Instruction ID: f8cfca1af6d4430985d5eddac2398b3b4b16e2b49a445c3a8b7d0490b1ba9c63
                                                • Opcode Fuzzy Hash: dd180eb4682c99124f4a20cc2019a2385b11b286f55d5a3d1d670bd143a2f6fa
                                                • Instruction Fuzzy Hash: 54E0E574E44208EFCB84DFE8D4846ACBBF4FB48300F10C0A99818A3340DA369E42DF80
                                                Function 07FF5293 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 277c264bcd0509d2680a32883acaa99b67ba82aa394aa5a76ad64d848867b033
                                                • Instruction ID: 5cc234e891b61bf8c3f42f8087a19ea1458f3abcc5f8d457a3b9ac20e5c62bb8
                                                • Opcode Fuzzy Hash: 277c264bcd0509d2680a32883acaa99b67ba82aa394aa5a76ad64d848867b033
                                                • Instruction Fuzzy Hash: D7E065B490A204ABC705CBA0EA415ECBB70AB86200F28819AD80497AB1CA355B26DB81
                                                Function 080D6A78 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e01426d77b0043fdc99da4cf405af696f66c23bd559c2992301e8bcab9f5fc0
                                                • Instruction ID: 27633c163c815d39a12a62c4f6cc947c7e38ef600663968eaee6ba20914d8922
                                                • Opcode Fuzzy Hash: 3e01426d77b0043fdc99da4cf405af696f66c23bd559c2992301e8bcab9f5fc0
                                                • Instruction Fuzzy Hash: 3FE0E5B4D05308EFCB94DFE8D44469DBBF5EB58301F50C0AAD858A2340D635AA51DF91
                                                Function 080D83C0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d620b29f0995499d2c552d125a4d8d50667a99809fdd9f983f3ed588661adc89
                                                • Instruction ID: e83625a620e4c40e11b5b1ed9235b49c3bf4460eb5dabe743c44a75ed4f4cbd1
                                                • Opcode Fuzzy Hash: d620b29f0995499d2c552d125a4d8d50667a99809fdd9f983f3ed588661adc89
                                                • Instruction Fuzzy Hash: CDE0E574E04208EFCB84DFE8D4856ACBBF9EB48300F10C5A9A818A3340D6359A02CF40
                                                Function 080D9410 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d620b29f0995499d2c552d125a4d8d50667a99809fdd9f983f3ed588661adc89
                                                • Instruction ID: b5f393e82d5bf8933bff80fdc5074495591960b78682ff4a00933c59dc85918e
                                                • Opcode Fuzzy Hash: d620b29f0995499d2c552d125a4d8d50667a99809fdd9f983f3ed588661adc89
                                                • Instruction Fuzzy Hash: C3E0E574E04208EFCB84DFE8D444AACBBF5EB88300F10C0ADD81893342D6359A02CF40
                                                Function 080D8575 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df3b105ec2fbcfb773dbbf1f39717c696a6002308c5a90fc21ed56231b48a68b
                                                • Instruction ID: 0f3e5e11431838e5a0c13d62fcaf71adfa41e2f57cdec4236bbc01d6749668bc
                                                • Opcode Fuzzy Hash: df3b105ec2fbcfb773dbbf1f39717c696a6002308c5a90fc21ed56231b48a68b
                                                • Instruction Fuzzy Hash: 15F07F78A01309CFEB54DF58D984B9DB7F2FB4A301F2488A9D509A7685D7346D86CF00
                                                Function 05A57D70 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfbc64094327c117d79bef0ad901e08ff23424f3d3ac38d34050a48ed35e1a72
                                                • Instruction ID: d05e3accad5e9a8d648491f893cb9ac0a6d73206a9056b2461e135c6e0b39301
                                                • Opcode Fuzzy Hash: bfbc64094327c117d79bef0ad901e08ff23424f3d3ac38d34050a48ed35e1a72
                                                • Instruction Fuzzy Hash: 4AE01A75D08208EFCB44DFD8D440AACFBB5EB88310F10C1AAEC5463381D6359A52DF90
                                                Function 05A58078 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfbc64094327c117d79bef0ad901e08ff23424f3d3ac38d34050a48ed35e1a72
                                                • Instruction ID: bc8754e3fefb26f3007f055051a348de3d4f33672311be525f69d17a7a0d0a60
                                                • Opcode Fuzzy Hash: bfbc64094327c117d79bef0ad901e08ff23424f3d3ac38d34050a48ed35e1a72
                                                • Instruction Fuzzy Hash: 06E0E5B8908208ABCB54DFA9D4449ACFBB5EB48310F24C0AAAC5857341D6359A52DF80
                                                Function 01B40F28 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 100b2ee5a8aac712e97498f38f9619865d7bf92e03fdeedcd2b9a9eeaa4be620
                                                • Instruction ID: 41e556437948d4198a3f5055250b127b492ceb277c8422594e42f44ff9865a15
                                                • Opcode Fuzzy Hash: 100b2ee5a8aac712e97498f38f9619865d7bf92e03fdeedcd2b9a9eeaa4be620
                                                • Instruction Fuzzy Hash: DEE09A74D04209EF8B44EFF8E58559CBFF5EB48200F6086E9E909A7354E7305F49AB51
                                                Function 01B4FE28 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53e0c0f209589cfd6cd1874f43f156afcf308d6adf9359827654e4cecff82a64
                                                • Instruction ID: bfd24e726a72b26ce7a4ed38cb57d4558f09d44d0efa4fd93eda06719e1c4c28
                                                • Opcode Fuzzy Hash: 53e0c0f209589cfd6cd1874f43f156afcf308d6adf9359827654e4cecff82a64
                                                • Instruction Fuzzy Hash: 77E086B4908218EBC754DFD8D4459BDBFB8EB45311F10C1DDE94457342CB319A42EB90
                                                Function 07FF93EE Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d9a363c95f07e4d94a660e463386da78b0b147d3cf3a3225ce0fdcfe49940b0
                                                • Instruction ID: 5c315b8e7a6cc18f113f73d7bb4b461f0ed4686dac0575873536bdab0ee052e6
                                                • Opcode Fuzzy Hash: 5d9a363c95f07e4d94a660e463386da78b0b147d3cf3a3225ce0fdcfe49940b0
                                                • Instruction Fuzzy Hash: 7AE01AB4D08208ABC754DBE8E4456ACBBB4EB49200F14C0AAD81893351CA75AA46DF91
                                                Function 07FFB778 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aa20f5267ff887678343b021669b32b6dd54e43bbafbeebb18c27366745983a9
                                                • Instruction ID: 62fcd7a8647c872e14bb96122b606b3b158fa9ea5b952ed24d101dad1a0353b0
                                                • Opcode Fuzzy Hash: aa20f5267ff887678343b021669b32b6dd54e43bbafbeebb18c27366745983a9
                                                • Instruction Fuzzy Hash: A2E0E5B9D04209ABCB54DFA8D4449ACBBB4EB49310F14C0AAA84857351DA359A52DF80
                                                Function 080D1498 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc1d9fd6ef8146700776003f93dbfc1cdd1163651ab1447f7e442ca8fa6c5ed2
                                                • Instruction ID: 320e9c806c2f160cffed53c22bc755e4e2777e82667cd92230b1fdf9d10ea0ab
                                                • Opcode Fuzzy Hash: bc1d9fd6ef8146700776003f93dbfc1cdd1163651ab1447f7e442ca8fa6c5ed2
                                                • Instruction Fuzzy Hash: F3F0A474941328CFDB608F14D988799B7B1FB06305F1056E9D45DA2251C7785EC4CF41
                                                Function 080D6790 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93002540e3ed4a2483a63a52654aac05e91a5c6e82eecc2555acd5864b8625b0
                                                • Instruction ID: 3b811bd7ea68ac534238756d0900386267dcb8e83b03d658bc436d4f1bf6c717
                                                • Opcode Fuzzy Hash: 93002540e3ed4a2483a63a52654aac05e91a5c6e82eecc2555acd5864b8625b0
                                                • Instruction Fuzzy Hash: C4E07EB8E0530CEBCB94EFE9E4446ACBBB5AB49201F1081A99868A6350D6395A41DF81
                                                Function 05A56DF0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3be98f1aaae44318e88a4be0c0a1c296e3bee4ba82f7e0d16bc451687db51ed
                                                • Instruction ID: 668d2cdac69d700785a183a578aa9f8504b964586f42f2a461a3b309af394b52
                                                • Opcode Fuzzy Hash: e3be98f1aaae44318e88a4be0c0a1c296e3bee4ba82f7e0d16bc451687db51ed
                                                • Instruction Fuzzy Hash: 6DE01AB89042189FD7A1CF18C854BDE77B9FB4A310F1081DAD45EA3249CB384E84CF90
                                                Function 05A53320 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e29fe10a9d1fdfedc00687f5c085afbbb89e3078e8228f3e037410e0d31196d1
                                                • Instruction ID: 5a923dca71accbb19af906825a3a01456525aa54bacc7d59ffd61a07a8861748
                                                • Opcode Fuzzy Hash: e29fe10a9d1fdfedc00687f5c085afbbb89e3078e8228f3e037410e0d31196d1
                                                • Instruction Fuzzy Hash: DEE0BF74905108DFCB84DFECD545A9CBBF5EB48224F6094E99D0993351DA319A42CB51
                                                Function 05A58EF8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55c7e3f24d9fb5736f99a30b142b693d172a407991155170278058e0a7b9bcc5
                                                • Instruction ID: 79105488950301ff12657d341c407d6ca6ca56323ebdd2785cefd6878375bbc6
                                                • Opcode Fuzzy Hash: 55c7e3f24d9fb5736f99a30b142b693d172a407991155170278058e0a7b9bcc5
                                                • Instruction Fuzzy Hash: A2E01A74D08108ABCB44DFD8D4409ACBBB5EB48310F20C0A9AC1853341CA355A06DF40
                                                Function 0551CC18 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 87b6cb74f639ce9a95edc0ffb235e34d2d4902ea03e8ce87ba8f034f441feb9d
                                                • Instruction ID: 2183f6fd69da6c1369c43bae810cf2dcf7fb6fae480b4910e00c35f0013bf8ee
                                                • Opcode Fuzzy Hash: 87b6cb74f639ce9a95edc0ffb235e34d2d4902ea03e8ce87ba8f034f441feb9d
                                                • Instruction Fuzzy Hash: 7AE01A74D4820CABCB44DFD8E4405ACBBB5EB49204F10C0A99C5953341CA365E02DF84
                                                Function 05516F58 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63089303fa3a2e1a58fcc0c27e8d535216ad98cc44369a6108bc92f648796437
                                                • Instruction ID: 325fed7d9bba948aeb7709ed54ea8d75d7e778f110ad981b4c96d8c25424a22f
                                                • Opcode Fuzzy Hash: 63089303fa3a2e1a58fcc0c27e8d535216ad98cc44369a6108bc92f648796437
                                                • Instruction Fuzzy Hash: B5D017361992559FC3028F50EC80896BF7CEF0A66031241A3F404CB2B2D321EA18CAA1
                                                Function 07FF93F0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d31932c0fcb30fb0a5b563bf0375df0c21eb8d2ff3009c7ce1272ba24004a904
                                                • Instruction ID: 0194d5321b4b9d6e98ac0147513194d8f59017e7dc6a0e9d754316ea76e83cea
                                                • Opcode Fuzzy Hash: d31932c0fcb30fb0a5b563bf0375df0c21eb8d2ff3009c7ce1272ba24004a904
                                                • Instruction Fuzzy Hash: C1E01AB4D08208ABC744DBE8D4446ACBBB4EB49200F14C0A9D81893351CA75AA06DF40
                                                Function 07FF6670 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3217f9d883e6f558980dfb754284218843a9fc326c3dfe5efb0dc0a94252c93
                                                • Instruction ID: 03ec9b006c73f2fd03dc9403c205a79564f38588ec6be0be0f01fddb0b2db8b9
                                                • Opcode Fuzzy Hash: d3217f9d883e6f558980dfb754284218843a9fc326c3dfe5efb0dc0a94252c93
                                                • Instruction Fuzzy Hash: 8CE08CB8909208EBCB04DFE4E8409ACBBB4EF45310F14C1A9EC0467350CE329E52DF98
                                                Function 07FF3DB8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 277ba5a395decca5057b7f18907c7f01d340c0e1218ed985f81610fd78faf8ff
                                                • Instruction ID: 2f96d01118f087e58525d07bf7f3e3e6f726beacd814544397a6076b57dab29b
                                                • Opcode Fuzzy Hash: 277ba5a395decca5057b7f18907c7f01d340c0e1218ed985f81610fd78faf8ff
                                                • Instruction Fuzzy Hash: C1E01AB4E0410CEBC744DFD8D4406ACBBB4EF48310F14C0AA980853350DA319A02CF40
                                                Function 07FF5448 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3217f9d883e6f558980dfb754284218843a9fc326c3dfe5efb0dc0a94252c93
                                                • Instruction ID: b16e345db5f7a4f7ea0e1ff65a819e19c881161bba5613b8621ea585589fb93d
                                                • Opcode Fuzzy Hash: d3217f9d883e6f558980dfb754284218843a9fc326c3dfe5efb0dc0a94252c93
                                                • Instruction Fuzzy Hash: 66E086B4908108EBC704DFD4D4549ACFB74EF45311F24C09DDC0427350CA319E52DB80
                                                Function 084582E8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69cb5a2ab6efcc2d715b7c81919966bb67e266bb3c624407c2f8ddaaabd6136e
                                                • Instruction ID: 56939a344f1eb27fcb6861e92441cdb10fe09a07ff8d012cf454b8a9021a1234
                                                • Opcode Fuzzy Hash: 69cb5a2ab6efcc2d715b7c81919966bb67e266bb3c624407c2f8ddaaabd6136e
                                                • Instruction Fuzzy Hash: 03E01A74D08108EBC744DFD8D4415ADFBB4EB48201F10C0AEDC0853341CA365A02DF40
                                                Function 080D9260 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52cfe95ac676cb5676d01ee72093d6667a97520df0dc2af9c0f4f3496dcf8dd8
                                                • Instruction ID: d7a6104a194ede970d4bda61ac27a35745d5133b13d3dab952d8a575efb8e182
                                                • Opcode Fuzzy Hash: 52cfe95ac676cb5676d01ee72093d6667a97520df0dc2af9c0f4f3496dcf8dd8
                                                • Instruction Fuzzy Hash: C6E04F74904208EBCB04DFD4D4409ACFFB5EB45311F10C199D80523340C6315A52DB80
                                                Function 080D7D30 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc15aa2bc3bc460757a4b1c7dfae22b12849d82f5f20f0da9b118ae8c45552c4
                                                • Instruction ID: 32b7f3f2c3a7b60683fcf28e78e5ba73edc621a90b2488ae15b608085b0c47a8
                                                • Opcode Fuzzy Hash: cc15aa2bc3bc460757a4b1c7dfae22b12849d82f5f20f0da9b118ae8c45552c4
                                                • Instruction Fuzzy Hash: 6CE0B674A05208EFC784EFE8D9856ACBBF5EB48215F2490ADD80897351EA319A42CB41
                                                Function 05A588A0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction ID: 5092e697822ba2682fbf0a055fba18a64519a5359f0f15caae4b4006d2c7f525
                                                • Opcode Fuzzy Hash: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction Fuzzy Hash: F9E0EC74A09108EBC704DBD4E5459ACBBB5EB85315F2091999C0917341CA355E42DB85
                                                Function 05A520E8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction ID: 9f9073b177859cb9752127a4aca318f8c52b64edca854b4afe2af000ca70434b
                                                • Opcode Fuzzy Hash: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction Fuzzy Hash: 5FE0EC78949108EBC704DFD4E945AADBBB9FB45314F10919DDC0917341CA316E42DB81
                                                Function 05A53C20 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8e7b060e93ad9b61fcb64ebfe381df6b9061c6c059ded87f70816a278972a4c
                                                • Instruction ID: 08c6494c22177e6d9abd4afd89f4ae4d51629ec10262a0bb67613919b0e8aa75
                                                • Opcode Fuzzy Hash: e8e7b060e93ad9b61fcb64ebfe381df6b9061c6c059ded87f70816a278972a4c
                                                • Instruction Fuzzy Hash: ACE02BB944110CEFC700FFF4D500A9E77F8DF45210F1045E9D40493250EF364A049B91
                                                Function 05A59420 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction ID: a6c43f9abaf16be161bfc3636222def715f9885f31600d923d3952bf8e874655
                                                • Opcode Fuzzy Hash: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction Fuzzy Hash: F2E0EC74909108DBC704DBE4E5459ADBBB9EB46314F5091999C0917341CA315E42DB81
                                                Function 05A52848 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction ID: c3dd885cd2f5c028c20d6ec612f028852813807850b7fa969441b020a190f203
                                                • Opcode Fuzzy Hash: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction Fuzzy Hash: 7EE0EC78909108DBC704DFD5E545AACBBB9EB55314F10919DDC0927345CA316E46DB81
                                                Function 05A582A8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction ID: 3ead3a303e93abfb52919bbda287140eb6092aa0918d525c4fae4ec6aa52d457
                                                • Opcode Fuzzy Hash: feb3e1a4f9e0ebecd478488337b8457f77659b4e257efee1d1569b646215946d
                                                • Instruction Fuzzy Hash: 42E08C74A08108EBC704DFD4E5449ACBBB8FB45310F2080AC9C0813341CA319E02CF80
                                                Function 0551E558 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84db7e708073417eafa5c6a17817b6f0f8869240267c8c57ffff5cd1e68653e8
                                                • Instruction ID: b34ef565091c602371e6be3589620518829b40445c862d3d325f764c216a2ad1
                                                • Opcode Fuzzy Hash: 84db7e708073417eafa5c6a17817b6f0f8869240267c8c57ffff5cd1e68653e8
                                                • Instruction Fuzzy Hash: 45E08CB8D08108EBC704EFD4E4815ACBFB8FB45304F10809C9C0913340DA319E12CB84
                                                Function 0551F450 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84db7e708073417eafa5c6a17817b6f0f8869240267c8c57ffff5cd1e68653e8
                                                • Instruction ID: 108c45aa3b70226b610514d767ebb67b2e7d3dfae6ecab2837151abc800100aa
                                                • Opcode Fuzzy Hash: 84db7e708073417eafa5c6a17817b6f0f8869240267c8c57ffff5cd1e68653e8
                                                • Instruction Fuzzy Hash: 5BE08C74908108DBC704DBD4E4405ACBBB4FB45310F1080989C0813341CA715E42CB94
                                                Function 01B412C8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a486b66226707f24bd1a0b5d64558b7da3093cb329fa0a6df3ef4f60cdcd5913
                                                • Instruction ID: 64239c2cbab4bfd9965c8753590ba010e0b50955c28a12200450d1dd15f78275
                                                • Opcode Fuzzy Hash: a486b66226707f24bd1a0b5d64558b7da3093cb329fa0a6df3ef4f60cdcd5913
                                                • Instruction Fuzzy Hash: 67E012B8644104DF834CDBACD544D3533E5B74861131086D8E54AC7325DB24FCC9B750
                                                Function 01B4F8F0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e27d4e9819ff67665aa6c64fbcf9d38287bc926e8d676e2bd07ca353f38cead3
                                                • Instruction ID: b26a80bc25ce16a40a34039e1d3615a4704c2f97f9b7dae3b3f1fc9f7363b20d
                                                • Opcode Fuzzy Hash: e27d4e9819ff67665aa6c64fbcf9d38287bc926e8d676e2bd07ca353f38cead3
                                                • Instruction Fuzzy Hash: AFE0C2B444120CEFC704EFF8D50869E7BF8EB09301F0040E9D60493150EF764A00DB92
                                                Function 01B4FF20 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7040bdfd52dd9b4dbaf5f907464181e5d5b9946ee70e1c3b24d405ceb2c7e2d9
                                                • Instruction ID: 2e46192d8070d852df8f6147dd6e39d75f131ea3d2da26ca318e4888175c3582
                                                • Opcode Fuzzy Hash: 7040bdfd52dd9b4dbaf5f907464181e5d5b9946ee70e1c3b24d405ceb2c7e2d9
                                                • Instruction Fuzzy Hash: B9E0EC7890A108DBC708EBD8E5455ACBBB4EB46314F10D1DD980857345CB315E43DB81
                                                Function 07FF33E0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6cd2059581d05e52a582ff2ae5d11967292435a92aa2eea12dcc971d38988b90
                                                • Instruction ID: d6959ba0c6ec0cc2ca97e07862cdd1676b5e5ffa36c85b3418428d4dc8747cf0
                                                • Opcode Fuzzy Hash: 6cd2059581d05e52a582ff2ae5d11967292435a92aa2eea12dcc971d38988b90
                                                • Instruction Fuzzy Hash: 42E0C2B4908108DBC708DFE8E4455ACBBB4EF45300F14C09CD80813350CE319E42DF80
                                                Function 07FFABB8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cbb1c8051f2f3e13c362e6d64be09a65b2553bb128af1f59628eb3e2abad1f2
                                                • Instruction ID: 2e870e83cb9b73a3f4dfe27bee81e28e26d592068af2ad9d90a6d207a942ded3
                                                • Opcode Fuzzy Hash: 4cbb1c8051f2f3e13c362e6d64be09a65b2553bb128af1f59628eb3e2abad1f2
                                                • Instruction Fuzzy Hash: 74E012F994110CEBCB40EBF4D504A9E77B9DF45201F1054A5D50893290EE365A109B91
                                                Function 07FF2F50 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fbca4ef8e389e763d3ce92566555eb4554f956d9ca4decf554501ec351876802
                                                • Instruction ID: 89125c2ace388f90558f94e968d1ee62998dd2597c63ee977db3df411f66895b
                                                • Opcode Fuzzy Hash: fbca4ef8e389e763d3ce92566555eb4554f956d9ca4decf554501ec351876802
                                                • Instruction Fuzzy Hash: 9DE02EF994120CEFC700FFF4D600A9E7BF8EF09200F0040A9D408932A0EE324A009B92
                                                Function 07FFC724 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06443354495ca82d9e72dd8e8999c6bb533b084e2871fe8e3e0ba6ab0dd233f6
                                                • Instruction ID: 9e3b235218c611d34321d5a942b103acd04d1bb2a06860311b7342e805feba05
                                                • Opcode Fuzzy Hash: 06443354495ca82d9e72dd8e8999c6bb533b084e2871fe8e3e0ba6ab0dd233f6
                                                • Instruction Fuzzy Hash: C5E09A76D1412CCBDB14CB74E4446DCB7B5EF45315F044496D209A3251CB359955DF11
                                                Function 07FF52A0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6cd2059581d05e52a582ff2ae5d11967292435a92aa2eea12dcc971d38988b90
                                                • Instruction ID: ac071eda689c37962bf42d0e5a816a31dee417869d582431fc2f056bc2e521a0
                                                • Opcode Fuzzy Hash: 6cd2059581d05e52a582ff2ae5d11967292435a92aa2eea12dcc971d38988b90
                                                • Instruction Fuzzy Hash: FFE0ECB4909108EBC704DBD4E9455ACBBB5EB46314F149199980857361DB319E52DB81
                                                Function 0845DA60 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abfe67e97e3bef7f0abe421ed9352ab02bb89f3a1f38eae6b40e0fca0bb60a95
                                                • Instruction ID: ea4abd03566b229822df92f6d687adf7d9e67b0ca9522023b9bdd5935599b033
                                                • Opcode Fuzzy Hash: abfe67e97e3bef7f0abe421ed9352ab02bb89f3a1f38eae6b40e0fca0bb60a95
                                                • Instruction Fuzzy Hash: 23E017B998520CEBD711EBF4D514A9E7BB9DF49201F1044AAE808A3290EE365A149B92
                                                Function 0845AE70 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8fe82c363ca216f3359d925b150d2fa5559e0d4fedd87c3acebcefccf56a4fe
                                                • Instruction ID: 3a6c0921696937a0570c8fc9c0ae294e57765ce603ab1b2928200225363e7ed7
                                                • Opcode Fuzzy Hash: d8fe82c363ca216f3359d925b150d2fa5559e0d4fedd87c3acebcefccf56a4fe
                                                • Instruction Fuzzy Hash: 3FE012B994110CEBC700EBF4D50469E77A9DF45201F1045AAD404A7250EE365A15DB92
                                                Function 0845DFD0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01359df6c2e98494b2ed3defd2d866b9636c7ae26e55da3fe1cfd8d64e9a42f8
                                                • Instruction ID: b7ccef2518c43dff06f861cb55bbb84a511a05bffbbf65a29f8ef5d493fecd43
                                                • Opcode Fuzzy Hash: 01359df6c2e98494b2ed3defd2d866b9636c7ae26e55da3fe1cfd8d64e9a42f8
                                                • Instruction Fuzzy Hash: 63E01274D09108DBC744DFD4E955AADBBB4EF45315F10D1ADDC0817345CA315E42DB91
                                                Function 080D6810 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96f392637db33f1edd4c411568918af60e74fab7f5dc1216dab87ad990c6a57e
                                                • Instruction ID: 4fb23e0c93d4ebc5d49280f5f83245a6912d11ef1db8baa0691ae35cd630f1fe
                                                • Opcode Fuzzy Hash: 96f392637db33f1edd4c411568918af60e74fab7f5dc1216dab87ad990c6a57e
                                                • Instruction Fuzzy Hash: AEE0EC74D55308DFC794DFF8D5596ACBFF8AB08311F1091A9D80893240EA315A50CB95
                                                Function 05A52F10 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8aae5c37291fbb8a5f9e241c431a2e4ae5dd56d230087d0006a43f858d0fea2
                                                • Instruction ID: f9e427627a811eabd30dd9932cfcf210ccebed38948abb555bd3e4a14c01a160
                                                • Opcode Fuzzy Hash: e8aae5c37291fbb8a5f9e241c431a2e4ae5dd56d230087d0006a43f858d0fea2
                                                • Instruction Fuzzy Hash: A8E08C789081089BC740DBE8E850AACBBB4EB06210F108099EC0853381DA319A16CB50
                                                Function 0551B0E2 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 605bb557409de122b35da417f072660d9dd20641948b21e1a18d9df0cb8bea87
                                                • Instruction ID: 34469d751bf71ad5ee998ddd4c9c7dc9ec46bb09377fa964e303d1b988e1f227
                                                • Opcode Fuzzy Hash: 605bb557409de122b35da417f072660d9dd20641948b21e1a18d9df0cb8bea87
                                                • Instruction Fuzzy Hash: 7DD0C93238813517EA34346979566A93F4DF7011B0F01052FF909C6680D956C95182DA
                                                Function 080DA068 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a6faa5a0653865e0b15a04ec864b93718e970d17b1d2a175922f2eb07925d33
                                                • Instruction ID: 9d77a8f5985ebcdcb4eccca14f65411e5519a416925f1af29e5fab9941a16f95
                                                • Opcode Fuzzy Hash: 1a6faa5a0653865e0b15a04ec864b93718e970d17b1d2a175922f2eb07925d33
                                                • Instruction Fuzzy Hash: C1E01270E0120CEFCB00DFB4E9456ADBBFAEB49300F1186ADE808DB644EA315E049790
                                                Function 080D7960 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f9bdb3006c7ca2c9af327041689397afa3bd9b0bfa2ee481527205da7ea9ef2
                                                • Instruction ID: aa7461eb2f0454b878a085652ed82b0ffc1d933e05fda56bea995c987056feb6
                                                • Opcode Fuzzy Hash: 4f9bdb3006c7ca2c9af327041689397afa3bd9b0bfa2ee481527205da7ea9ef2
                                                • Instruction Fuzzy Hash: FEE0E5B8901308CFEB10DF98E4887AC7BF2FB06315F500069E145E7284C7395888CB41
                                                Function 080D6B10 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: daa276e69547f197b09fdceaee14522e63ef6b29c7824564cd59b7d410848aa8
                                                • Instruction ID: 9c16c8dc15b07ca7bfe55c0b1b7d50cbcfdaaf35b0e0ad9636837fabd94dd2b5
                                                • Opcode Fuzzy Hash: daa276e69547f197b09fdceaee14522e63ef6b29c7824564cd59b7d410848aa8
                                                • Instruction Fuzzy Hash: 26D017B090A30CEBC714DFE8E5595ADBFB9AB4A316F1091A8D80823250DA311A85DB99
                                                Function 05A532A0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 357d39e2129a56be210e7892faa0b4bf04888a22d77d1919ec6ab3fa10d7ec7c
                                                • Instruction ID: 9939361d9bf6a9dd32d761827fd3b2b1c1220865ca847bacd33cb5cd6c5e3a19
                                                • Opcode Fuzzy Hash: 357d39e2129a56be210e7892faa0b4bf04888a22d77d1919ec6ab3fa10d7ec7c
                                                • Instruction Fuzzy Hash: 95D0A774509108EBCB44CFD4E450E6CB7BCEB86364F50949D9C0D57341CA729E02DB81
                                                Function 0551DE10 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 92a9c3baade3a2a4f2af23102f1701ceaba36a666f8375826bae0996650116f6
                                                • Instruction ID: 4b544dd08662d1ce9851c31b822bb42f0dae94e6efeeba25eb146c585bdc208b
                                                • Opcode Fuzzy Hash: 92a9c3baade3a2a4f2af23102f1701ceaba36a666f8375826bae0996650116f6
                                                • Instruction Fuzzy Hash: 08D0A774509108DBC744CBD4E540A6CBBBCFB46315F10959CAC0953341CB32AE02CB88
                                                Function 05515041 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d37fbd5d5e9a744ea7e695c7e7a291f208e665673f507dde039f2312f024fe9d
                                                • Instruction ID: 4395fc734a70a59b689b359fb808223a5ef9e1830355b4b4f86a4f7ee2fb358e
                                                • Opcode Fuzzy Hash: d37fbd5d5e9a744ea7e695c7e7a291f208e665673f507dde039f2312f024fe9d
                                                • Instruction Fuzzy Hash: FED017311082589FC302CF64E8C48D9BB74EF0A26032581E3E8488B122D322A918CB91
                                                Function 01B42F31 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ffc772360f3189a30fc372bf01e9759134274c2c2b5d8bdfc0dc2ac4e712a89
                                                • Instruction ID: cac6bb9c3d6320a8bf9f17f4566a44203a341a11721a54907c546eb4767915a1
                                                • Opcode Fuzzy Hash: 6ffc772360f3189a30fc372bf01e9759134274c2c2b5d8bdfc0dc2ac4e712a89
                                                • Instruction Fuzzy Hash: 0ED02E00B0D194ABCA0B32A4B40803DAAE2FB9A112B0881C7E002CA25ECB204809A391
                                                Function 07FF2BD0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4fe90c1ecd1d6f4c9da2dba6e1606af0f9d39947a9f9a3a1b9b12fa30e25c7e5
                                                • Instruction ID: b6fba2c21954250055d73cc238938015583106cb5c9955794dab2625a9fc2126
                                                • Opcode Fuzzy Hash: 4fe90c1ecd1d6f4c9da2dba6e1606af0f9d39947a9f9a3a1b9b12fa30e25c7e5
                                                • Instruction Fuzzy Hash: B7D05EB450D108DBC744CED9D850A6CB7ACEB4A214F14909C9E0857361CE329E02CB40
                                                Function 080D72B0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d216485ef4a6d9ff1a409904d3761c4b219d6d6f4d87da630a347847d1d19c7
                                                • Instruction ID: a3d90a171d8e7433c8868c3c3f7ab221d2ec0ae1a2d2a30b5d349d1bcfab88d7
                                                • Opcode Fuzzy Hash: 1d216485ef4a6d9ff1a409904d3761c4b219d6d6f4d87da630a347847d1d19c7
                                                • Instruction Fuzzy Hash: F9E0E574900218CFDB24DF24D8496EDB7B6FB5A309F008098D60AA7244CB341E85CF85
                                                Function 080D9C18 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 447f1947320adc576a0705056ff98ecff7c37591af908db97f8546311c76f3ab
                                                • Instruction ID: c516d0827f4fb40cfca239ba0217f42051ac18359c6de9a043ca6c811ed4c6a1
                                                • Opcode Fuzzy Hash: 447f1947320adc576a0705056ff98ecff7c37591af908db97f8546311c76f3ab
                                                • Instruction Fuzzy Hash: 12E012B0A01108EFCB00EFA8DA05A9DBBF9EB84300F1045A99408D7744DA315E009BD5
                                                Function 055122C0 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad5dc8cb64ad29352748073dc935c72735c6d5a3406a4b44914c72cf4b7abc48
                                                • Instruction ID: cd4e0a76f3bfcccecc16d8dacedcc2fbd7c16ac5dde24a484ba452d76f9ed851
                                                • Opcode Fuzzy Hash: ad5dc8cb64ad29352748073dc935c72735c6d5a3406a4b44914c72cf4b7abc48
                                                • Instruction Fuzzy Hash: 47D012311053029FC715D718D94099BFBD1EF84300B04CE3DA4564B638DB70ED898784
                                                Function 080D790A Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 795225e386bd5bfa7e9751605ba3b91d059a665b81d344a5f0eda27467e8a0d1
                                                • Instruction ID: e39457fae3a7924e3371500ee4d2cad29806ecf1953bd31f74d873678a734c95
                                                • Opcode Fuzzy Hash: 795225e386bd5bfa7e9751605ba3b91d059a665b81d344a5f0eda27467e8a0d1
                                                • Instruction Fuzzy Hash: 11E01AB494421ACBE724DF64E889BADB7B2FB49301F2080E9D00DA3644DA341D80DF10
                                                Function 080D7156 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12e9c79bfd641077a75107dc614892f4a5155420d35d0eb90e67516ead4964c0
                                                • Instruction ID: 325ace4fe05051cc8dae2806777b9f3844633d6e8d8522f2a46634d4083d466c
                                                • Opcode Fuzzy Hash: 12e9c79bfd641077a75107dc614892f4a5155420d35d0eb90e67516ead4964c0
                                                • Instruction Fuzzy Hash: DBE0E5B8A012188BD720DF54D9A87ADB7B2FB59301F004099D14AA3344CB755D80CF40
                                                Function 080D79A8 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b8b3aedf95bd64826030a2244e23e4ed23447a63e8ad6ac1e98fbd058833684
                                                • Instruction ID: 7263feaf4b5f9950ba722fb6f11431ecbbd1aace0ba39d232e1313e292623b37
                                                • Opcode Fuzzy Hash: 5b8b3aedf95bd64826030a2244e23e4ed23447a63e8ad6ac1e98fbd058833684
                                                • Instruction Fuzzy Hash: 64E01AB4900219CFE764DF24D8597EDBBB2FB49300F00809C910DA3284CE355E85DF80
                                                Function 080D77E6 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22f11277f8f95944cbf2d1a0f85a4d456873d6d2d547b22ae44c1830121cb820
                                                • Instruction ID: 0d9d38b1de8f58dbe6f1bc4625c9bebca3913937585ffb07a081d89202a22c99
                                                • Opcode Fuzzy Hash: 22f11277f8f95944cbf2d1a0f85a4d456873d6d2d547b22ae44c1830121cb820
                                                • Instruction Fuzzy Hash: 56E0E5B490021ACBDBA4EB14CC487EEB7B6FB49304F0141A8811DA3644DF351DC4DF40
                                                Function 01B420EF Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e043dc40d063254183da55f40eea94c8c7cbca50153dc39de7df2696461d468
                                                • Instruction ID: 42bf20197f89680e05e3c045cf76f974bcabd3f46b809c8474ee5efb6d16bf89
                                                • Opcode Fuzzy Hash: 7e043dc40d063254183da55f40eea94c8c7cbca50153dc39de7df2696461d468
                                                • Instruction Fuzzy Hash: FAD0231274D04545C71B5220B808AC13FE2F64D19A33CCDDFC10043551D7B34446D1D0
                                                Function 01B409E0 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9dc558d0bd86eb5062b0d9757523d2a06c20c555bbb6a6713ae936f63c5cb803
                                                • Instruction ID: 5a545215b3ec612f41b2b0e194e090548c03574565f92450204799d9f2cdc0eb
                                                • Opcode Fuzzy Hash: 9dc558d0bd86eb5062b0d9757523d2a06c20c555bbb6a6713ae936f63c5cb803
                                                • Instruction Fuzzy Hash: 08D0C7B0D153088BCBD46EF8D44615DBFF5E74631175082DDDC0696605E67544124F85
                                                Function 01B41042 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9fcd686924ecd0e5424ddf70ac5eff390ea76d0c7f7857413cecb7a3e0e185af
                                                • Instruction ID: 589dd72d6cffa1a959bbf4a9f0ea0550c6bf837961cd63ee77978cfdaf5994cd
                                                • Opcode Fuzzy Hash: 9fcd686924ecd0e5424ddf70ac5eff390ea76d0c7f7857413cecb7a3e0e185af
                                                • Instruction Fuzzy Hash: F4C01290F882C1CB974C82AD44A20F02BA1ED4E260708C7DA868BD3712F31830CA7A10
                                                Function 07FFC6C7 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0ecd14453a57d9332e77ec6e3f07ed78837375dcf23045ef347fb70de4be29b
                                                • Instruction ID: 021615e3a49f0e75cbde6f1f7be4550fe55e17e6158597f8e9e63e0e10d393f3
                                                • Opcode Fuzzy Hash: e0ecd14453a57d9332e77ec6e3f07ed78837375dcf23045ef347fb70de4be29b
                                                • Instruction Fuzzy Hash: 55E092B890412CCFEB14CF64E841B99B7B1FB06304F009096E909A3221CB359D84DF11
                                                Function 05512780 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8128eff99b0cc842a5fc797db06dea13eb3128d83139c69864d11dae2871095
                                                • Instruction ID: 22d7f179322912138b6232bb2483a30b443b87dfc828dfa957dc3d8cdfda1b8b
                                                • Opcode Fuzzy Hash: b8128eff99b0cc842a5fc797db06dea13eb3128d83139c69864d11dae2871095
                                                • Instruction Fuzzy Hash: 9AC09B7114E2E20FD34366341C500C97B10EC1306439906EBD251CF193C519460F43D3
                                                Function 080D4200 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a0420caf3a284871a5ec33fee4500bfd5a0434d4fa5d444b1aadf25208b6e78
                                                • Instruction ID: ea7e3417e32f0896e39e2703edb0cf5486c2f3d10536f7e9a1f94ad12af558b6
                                                • Opcode Fuzzy Hash: 7a0420caf3a284871a5ec33fee4500bfd5a0434d4fa5d444b1aadf25208b6e78
                                                • Instruction Fuzzy Hash: AED017789143188FCB15EF28DA881AE77EBBB45300F105654C00AAB300C7384E89CF44
                                                Function 080D36D2 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d503d1ddbbe0ae349a08ad2cdd4a77043575dfbfb1032cd07f89ef5971fecfb
                                                • Instruction ID: ea7e3417e32f0896e39e2703edb0cf5486c2f3d10536f7e9a1f94ad12af558b6
                                                • Opcode Fuzzy Hash: 0d503d1ddbbe0ae349a08ad2cdd4a77043575dfbfb1032cd07f89ef5971fecfb
                                                • Instruction Fuzzy Hash: AED017789143188FCB15EF28DA881AE77EBBB45300F105654C00AAB300C7384E89CF44
                                                Function 05519E52 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e90ef6dcedfac87e05039fd482f75b4d08087eac88bee529874e638033369ffb
                                                • Instruction ID: bb48262a0e676a249e59e6e75c48157839121c9d68b7e41dd347bff88a55c8e6
                                                • Opcode Fuzzy Hash: e90ef6dcedfac87e05039fd482f75b4d08087eac88bee529874e638033369ffb
                                                • Instruction Fuzzy Hash: 9FD09E3A1092905FC703DA1088A0896FB619B86214719C4EFD4558B293C6269D17D751
                                                Function 01B41056 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e463fbf22c6b4543e7d9765593bca53675f27b9eab0638676b3e5f8047fd8a1
                                                • Instruction ID: d87fa624ea2767fcc4157a5b74af628451650ccca7b0e538501feb5e698d43dd
                                                • Opcode Fuzzy Hash: 8e463fbf22c6b4543e7d9765593bca53675f27b9eab0638676b3e5f8047fd8a1
                                                • Instruction Fuzzy Hash: 87C01234F0C2E9CB4B2CABEC41800F829A1DA8C300B00C3E38007A1305E7A471C83623
                                                Function 0845E448 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 35138cf3cc50dec53e2f77cb434e92e2ded92bf97ae9ee44a328f5134c89edb9
                                                • Instruction ID: 928c0d8c9baaf4c02c06e94bf977551247150c9969ca1085154cef1f2f08f1c9
                                                • Opcode Fuzzy Hash: 35138cf3cc50dec53e2f77cb434e92e2ded92bf97ae9ee44a328f5134c89edb9
                                                • Instruction Fuzzy Hash: 8CC02B7004F20983C22013D4F01C37D72DCC307307F042C0BA90D004638E640100DF10
                                                Function 01B4F6E0 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85e63f8c410ab1514d74d6c4a18f5d234996871be91b4e6d151f7cff7cd09078
                                                • Instruction ID: 89b28abb3bb11a97736d241823f24d0674479f5ba9f60ae46ebee02151600251
                                                • Opcode Fuzzy Hash: 85e63f8c410ab1514d74d6c4a18f5d234996871be91b4e6d151f7cff7cd09078
                                                • Instruction Fuzzy Hash: 05C08C7400160987E32837ECF50E32C3B6CDB0035BF10C018F14D812624F780090DF6A
                                                Function 080DB4D0 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 751829339ea02308bf5bb03bc2f506fa337aa7e0b9910036fca298af769a629a
                                                • Instruction ID: 6480962863218aca671b381291ed77be098c2e9887e19d5b459b41a5e0786958
                                                • Opcode Fuzzy Hash: 751829339ea02308bf5bb03bc2f506fa337aa7e0b9910036fca298af769a629a
                                                • Instruction Fuzzy Hash: 8FC0127064E3C24FDB228AA06D06B803F34EB42310F2400DA9086CA893C0640088C76A
                                                Function 01B4140B Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31c2cd0c75adb9750d3a9335f932d01800ca91bfa1e7a3e101541e40241e81c3
                                                • Instruction ID: 732cd288cadd16e49c6552f9b0cfb5ff50d09d61400eb331be13cfdc1aed71db
                                                • Opcode Fuzzy Hash: 31c2cd0c75adb9750d3a9335f932d01800ca91bfa1e7a3e101541e40241e81c3
                                                • Instruction Fuzzy Hash: 36C08034804210CFD718C77DC85A4653BB0AE0525030885E4DC025F155DB303411E710
                                                Function 080DDFD0 Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19594a9ba9af9d9a7ade53aae52cfacad9b1772a8194cdf8c7547bacf577ac2a
                                                • Instruction ID: 65580306b33615e282eceffd792ecb44ec9d22c7ca8e90b25faa6cc1aa670177
                                                • Opcode Fuzzy Hash: 19594a9ba9af9d9a7ade53aae52cfacad9b1772a8194cdf8c7547bacf577ac2a
                                                • Instruction Fuzzy Hash: 7CC0EA6120E3C09FC7035724DA6EA45BF629B56221B0A44DAE185DE163C26A8854DB6B
                                                Function 07FFD240 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d673ab0b089c1f83cb9748f622bc1f650fc7d3d5209e9e8584ef24181e5ee4f5
                                                • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                                • Opcode Fuzzy Hash: d673ab0b089c1f83cb9748f622bc1f650fc7d3d5209e9e8584ef24181e5ee4f5
                                                • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                                Function 05515050 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                Function 01B409B9 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29d063f8071c91ea217c5d3735352fe6d0dfab933d9fc59246c5db0a12ba3c76
                                                • Instruction ID: 603879b1597bde748c32757d9edb36d251a4b8dec65c47ff6cdf838134c29cea
                                                • Opcode Fuzzy Hash: 29d063f8071c91ea217c5d3735352fe6d0dfab933d9fc59246c5db0a12ba3c76
                                                • Instruction Fuzzy Hash: D8C08C31C08B008FC720ABE0B80E288BB28AF04222F0501EFE0094A817C6A01482CBC6
                                                Function 05519148 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f62c11d2ab304ea765e166cfb6846e32c6cb1c6ec32c4c696c3de58826f4d750
                                                • Instruction ID: 69ec7396a2cf7d4c2f7ee370592b76679dca808c9a32f41f6a43055aeeb5558b
                                                • Opcode Fuzzy Hash: f62c11d2ab304ea765e166cfb6846e32c6cb1c6ec32c4c696c3de58826f4d750
                                                • Instruction Fuzzy Hash: C9B09232000208AB8601AA95E804855BB69AB69640740C029F609061128B33A822DBD4
                                                Function 01B409C8 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ee275aa8f75b6b7a6d87aeb508a3d7441e297145027e2c240c98c5ff2d905d2
                                                • Instruction ID: f0489c7351931d86a08654aca9cd677212c8dc87576c74e951457574eb82de69
                                                • Opcode Fuzzy Hash: 9ee275aa8f75b6b7a6d87aeb508a3d7441e297145027e2c240c98c5ff2d905d2
                                                • Instruction Fuzzy Hash: B2A02238C00B0CCFC2203BF0F80F0883B2CEA0023338000AAF20E800088F2038038BC8

                                                Non-executed Functions

                                                Function 080DDB48 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$,bq
                                                • API String ID: 0-1616511919
                                                • Opcode ID: d92ae2d5dd4c0931b46b7ebefb4edc25045d7fafbf7060b4c850291e7065c4ef
                                                • Instruction ID: a6f670e7ef5fc22edd818d6e445dd0f371143148b5a4060a37bc8956a4bdcd16
                                                • Opcode Fuzzy Hash: d92ae2d5dd4c0931b46b7ebefb4edc25045d7fafbf7060b4c850291e7065c4ef
                                                • Instruction Fuzzy Hash: C2D1F734A00705CFCB54DF69C584AA9BBF3BF89311F2585A9E805AB365CB31EC82CB50
                                                Function 07FFC3A2 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TE
                                                • API String ID: 0-3049888136
                                                • Opcode ID: 38a188320fcf85320fe04eeb8c038f0c1423f851a1afffce39a6c0e30dd34f65
                                                • Instruction ID: 16767339eb557dfb00773836e9c0f67c6ac7d92145d2415c5401409e4cb786c7
                                                • Opcode Fuzzy Hash: 38a188320fcf85320fe04eeb8c038f0c1423f851a1afffce39a6c0e30dd34f65
                                                • Instruction Fuzzy Hash: 1FE1A3B0E041298BDB14CFA9C980A9DFBF2FF88304F28D559D459EB21AD734A946CF54
                                                Function 080D9530 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 144780f630eede0cd2066bb3d21bf748e4bd6b8bd677717ce77a78f1b008555d
                                                • Instruction ID: c82b8665bda26e9bf1aff35df95b533b9fd2966914a26d48255085993f259240
                                                • Opcode Fuzzy Hash: 144780f630eede0cd2066bb3d21bf748e4bd6b8bd677717ce77a78f1b008555d
                                                • Instruction Fuzzy Hash: 86B1E074E04318CFDB64DFA9D884BADBBF2BF89311F1090A9D509AB295DB745986CF00
                                                Function 080D9520 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 0b60111c7f7dff3cc350f1b916671e07dd92c848aeb40ecebd74ddaf102a0c13
                                                • Instruction ID: 9342ebdae2e66e8b4fc95a924179dfe9af7e397fc2e30358e73c20ddd4a7a151
                                                • Opcode Fuzzy Hash: 0b60111c7f7dff3cc350f1b916671e07dd92c848aeb40ecebd74ddaf102a0c13
                                                • Instruction Fuzzy Hash: 1DB1DF74E05308CFDB64DFA9D884B9DBBF2BF89315F1080A9D509AB295DB745986CF00
                                                Function 05552358 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PH^q
                                                • API String ID: 0-2549759414
                                                • Opcode ID: 824af5e1c5f27235d9620455040e41188b2f863b50afc913d4093c1dfeb0b0a1
                                                • Instruction ID: 12dafbbf1ca68a3a03629098efabd01d191d7fb1671c79054ac2a357f0d2a899
                                                • Opcode Fuzzy Hash: 824af5e1c5f27235d9620455040e41188b2f863b50afc913d4093c1dfeb0b0a1
                                                • Instruction Fuzzy Hash: E7A10678E05208CFDB14CFA5D964BAEBBF2FB49310F2084AAD90AA7254D7745D89CF41
                                                Function 05552987 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4|cq
                                                • API String ID: 0-1781815312
                                                • Opcode ID: 13e2d2d6de9af4c29168f2a62b65641c5527db673d9dd6d6be88b9e70a3f3ae5
                                                • Instruction ID: 42aa01dc92c6fc9a51671f47136daf103a1b42c3a30653a5d8cb141423f681f5
                                                • Opcode Fuzzy Hash: 13e2d2d6de9af4c29168f2a62b65641c5527db673d9dd6d6be88b9e70a3f3ae5
                                                • Instruction Fuzzy Hash: 5681E2B8A05218CFEB64CF69D854BA9B7F2FB89310F0081EAD50DA7285DB745E84CF11
                                                Function 080D0040 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: m
                                                • API String ID: 0-3775001192
                                                • Opcode ID: e306dbafbe5a6f811f7829eaa72f11989c00c04a2a63646898b8ef4dc63ae214
                                                • Instruction ID: 689aa108be3747a2e5d71410227b05388d1fce4171c88805d3f93ecdca7cbfa0
                                                • Opcode Fuzzy Hash: e306dbafbe5a6f811f7829eaa72f11989c00c04a2a63646898b8ef4dc63ae214
                                                • Instruction Fuzzy Hash: 82411975E01B588BEB6CCF6B8D4469EFAF7AFC9201F14D1BA944CAA254EB3405468F01
                                                Function 07FF66B8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: _
                                                • API String ID: 0-701932520
                                                • Opcode ID: 211076790bd700a2592376d21077f1aa4f10a72e64566f96c4b64058dbaf7dba
                                                • Instruction ID: 74919854ec2d988ae9a54dae1c2976c0505a99e831ed81b340d57dfd791ab6f7
                                                • Opcode Fuzzy Hash: 211076790bd700a2592376d21077f1aa4f10a72e64566f96c4b64058dbaf7dba
                                                • Instruction Fuzzy Hash: C64175B5E016198BDB58CF6BC94869EFAF7AFC9300F14C1FAD40CA6264DA345A81CF01
                                                Function 05A5211A Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 974429705d6a6e50f5fca6e88459f12b91f80958ba5e07310e165ed2f1308cbb
                                                • Instruction ID: aec219d28359e06d75c3b496aea9f77e7ce5bdc15515bca04c2c8755ab25c91b
                                                • Opcode Fuzzy Hash: 974429705d6a6e50f5fca6e88459f12b91f80958ba5e07310e165ed2f1308cbb
                                                • Instruction Fuzzy Hash: 9DC10478E01218CFEB14CFA9D894BADBBF2FF49310F508069E909AB295DB745985CF41
                                                Function 05A52128 Relevance: .3, Instructions: 267COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf7378f4ba8d047f1e0e3b263ef6caaabf3a8946403a0ac6adcb503239d1da49
                                                • Instruction ID: 747ae4cee807483e9ca95d7c7f70a9c98641dca06f1e1816633769dc1d7c2f97
                                                • Opcode Fuzzy Hash: cf7378f4ba8d047f1e0e3b263ef6caaabf3a8946403a0ac6adcb503239d1da49
                                                • Instruction Fuzzy Hash: 54C10478E05218CFEB14CFA9D894BADBBF2FF49310F108069E909AB295DB745985CF41
                                                Function 0555D3F0 Relevance: .2, Instructions: 234COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a1b5021c1bcf9dd4a6192ad5f578d33812665ddf13e9c6cb96f4b164eb1a978
                                                • Instruction ID: c9fbe461d473e3341797565a6f183df6cdfcef03f8caf675aea117bd1642de1b
                                                • Opcode Fuzzy Hash: 4a1b5021c1bcf9dd4a6192ad5f578d33812665ddf13e9c6cb96f4b164eb1a978
                                                • Instruction Fuzzy Hash: EEA11775E00208CFDB54DFA9D894BEEBBF6FB49310F10806AD909A7295DB746989CF40
                                                Function 05A58FE9 Relevance: .2, Instructions: 230COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b619dafa0595f7bd76b093f17cf2c20e5719201981a461d65bc2b2b65f1bc539
                                                • Instruction ID: 5d8a6c1f376a283085e0da1cdcd664383c6bab4861757558368e619add8b06d8
                                                • Opcode Fuzzy Hash: b619dafa0595f7bd76b093f17cf2c20e5719201981a461d65bc2b2b65f1bc539
                                                • Instruction Fuzzy Hash: 14912C78A04208CFDB44DFA9E454BAEBBF6FB49310F108429E519AB395DB785C85CF44
                                                Function 0555D400 Relevance: .2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e739ffb9e5c76f973189727f476ed2912c89138535ba1317a9328fcc55e37f4
                                                • Instruction ID: 2d447653f8356d59e079c88b9d8403fb7c84e19a00a62a48bf085d77ae3be5f5
                                                • Opcode Fuzzy Hash: 7e739ffb9e5c76f973189727f476ed2912c89138535ba1317a9328fcc55e37f4
                                                • Instruction Fuzzy Hash: 59A12774E04208CFDB54DFA9D894BAEBBF6FB49310F10806AD909A7394DB746989CF40
                                                Function 07FF3E00 Relevance: .2, Instructions: 214COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82d3106a11273224212a3ade18e2afa61b7a29d12b5fc2d1e2d0c614de4ff8a8
                                                • Instruction ID: 10ba8c6ee092f07a4d477edb3da0255e679273b2d2cff2ea4573f8e7a4dced45
                                                • Opcode Fuzzy Hash: 82d3106a11273224212a3ade18e2afa61b7a29d12b5fc2d1e2d0c614de4ff8a8
                                                • Instruction Fuzzy Hash: E58112B6D05219CBDB44CFA9C5547EEBBF1FF89700F18802AC219B7260DB788A49CB55
                                                Function 07FF3DF0 Relevance: .2, Instructions: 211COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b32d53827e3b32de12fa77e6213fbc816570e81814ea53d8d9271d9538191a1a
                                                • Instruction ID: eccc3ad6ee882eeb13e7b043cbeec0e55a24d8762cb91943126bdbf035e897d1
                                                • Opcode Fuzzy Hash: b32d53827e3b32de12fa77e6213fbc816570e81814ea53d8d9271d9538191a1a
                                                • Instruction Fuzzy Hash: E6811FB6D05209CFDB44CFA9C5147EEBBF1EF49700F18802AC619B7260DB788A49CB56
                                                Function 0845E010 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb33cac9f56e51744e87178c1cf355e1419390dc77b9f5c6e33d079ec7487384
                                                • Instruction ID: 2e45552cc0cf8ebb722719a3d6eae3c64529e9725d1ba80c6774cf6d1f6c7d57
                                                • Opcode Fuzzy Hash: fb33cac9f56e51744e87178c1cf355e1419390dc77b9f5c6e33d079ec7487384
                                                • Instruction Fuzzy Hash: 3981EC70D0422CCFDB64DFA9C844B9EBBB6FF49301F1480AAD809A7256E7745A86CF51
                                                Function 05553FD0 Relevance: .2, Instructions: 160COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40d30b1919cee939812d78416123125b9be036933757d504bc1d0ee7238ce8ab
                                                • Instruction ID: 3f3ea57cb8edb773d8baa7b99abaf57dc75b563aec6c8152a51e562062cd66b2
                                                • Opcode Fuzzy Hash: 40d30b1919cee939812d78416123125b9be036933757d504bc1d0ee7238ce8ab
                                                • Instruction Fuzzy Hash: C761E9B4E01218CFEB18DFAAD954B9DB7F2BB89310F10C0AAD909AB354DB7459858F50
                                                Function 05553FE0 Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46784ee313031dbfa6b0d50a8e3f302bfeceb6b6147c77bc4cbea9b9abd21a03
                                                • Instruction ID: 03f9b6ef7160053670aebc3df4d1110170914f5dc97b01bc2018eb9c90e99246
                                                • Opcode Fuzzy Hash: 46784ee313031dbfa6b0d50a8e3f302bfeceb6b6147c77bc4cbea9b9abd21a03
                                                • Instruction Fuzzy Hash: CA61E774E01218CBEB58CFAAD954B9EB7F2BB89310F10C0AAD909AB354DB745D85CF50
                                                Function 0551DA80 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 352ce335ae722cc78f9ab1bf56dc655a9b322aa3b92ee9dcf4c8390026e17404
                                                • Instruction ID: ca17a694bf8e0e9781e8d6014f32b5a524bee56936b1f2f2eaf27db6f54a0d84
                                                • Opcode Fuzzy Hash: 352ce335ae722cc78f9ab1bf56dc655a9b322aa3b92ee9dcf4c8390026e17404
                                                • Instruction Fuzzy Hash: 4B5138B8A05218CFEB50DF98E9487EEBBF2FB49314F144529D50AA7294C7784D89CF48
                                                Function 05A58A5E Relevance: .1, Instructions: 146COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056235317.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5a50000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1188323458fffda3732191cb9eaa3165a11f9d3296ce16659387ad6e3100d7b1
                                                • Instruction ID: f678244064adc95a53b8feec457c6cb0b93efef05b1042d29095d969d4cec1c7
                                                • Opcode Fuzzy Hash: 1188323458fffda3732191cb9eaa3165a11f9d3296ce16659387ad6e3100d7b1
                                                • Instruction Fuzzy Hash: 89512C78A00218CFDB54DFA8D854BAAB7F6FB8A311F5180A9D50E9B354CB385C89CF54
                                                Function 0551DA90 Relevance: .1, Instructions: 146COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83c9bd00ad333f8278d66ecba5a7d04adf09aeaf0cef0138cc4798f9e7671df3
                                                • Instruction ID: e3ce98e340425b9d9bf27ea9dc1d84b7caae0e0b8e851b62d789506166f46889
                                                • Opcode Fuzzy Hash: 83c9bd00ad333f8278d66ecba5a7d04adf09aeaf0cef0138cc4798f9e7671df3
                                                • Instruction Fuzzy Hash: C75136B8A05208CFEB50DF94D9487EEBBF6FB49310F145429D90AA7294C7785D89CF48
                                                Function 081A0006 Relevance: .1, Instructions: 132COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1efe03b98e197834944b93c8d99051f63fa74dd48586ffb57838aa25931d7e18
                                                • Instruction ID: 85b502b670824504f7235c835faf977ff9d3fda59528b3d86e83601eeaf51404
                                                • Opcode Fuzzy Hash: 1efe03b98e197834944b93c8d99051f63fa74dd48586ffb57838aa25931d7e18
                                                • Instruction Fuzzy Hash: ED515CB1D056588BE729CF6B8D506CAFAF3AFC9300F04C1FAD44CAA265D7740A868F51
                                                Function 07FFBEB0 Relevance: .1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9bd9caa27ea60d4ae6c4c700d52db3e2f83b30a4834ff77865fb0e4e2417a07
                                                • Instruction ID: d3d7bcd6ade21329561c2d3e27c1209cf101c8a9c04bccb05fea18fa295d5f1c
                                                • Opcode Fuzzy Hash: e9bd9caa27ea60d4ae6c4c700d52db3e2f83b30a4834ff77865fb0e4e2417a07
                                                • Instruction Fuzzy Hash: 265166B5E016198BDB08CFABD94059EFBF3BFC8310F14C06AD958AB264EB3059468F55
                                                Function 081A0040 Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fab5747c02ff31a33fc25cfed5110f100b1dc2e82d910c8cac3a0ff81d39c4ef
                                                • Instruction ID: c01567e90caba030c7a3265d35d858ea538bc1581f89225433cf58c90a615e06
                                                • Opcode Fuzzy Hash: fab5747c02ff31a33fc25cfed5110f100b1dc2e82d910c8cac3a0ff81d39c4ef
                                                • Instruction Fuzzy Hash: 955138B5D056688BEB68CF678D446CAFAF3AFC9300F04C1FA954DA6254DB700AC58F11
                                                Function 081ADA90 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2089169401.00000000081A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_81a0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a41e2bf2eef08a581f164b1db9cdd888add00e5d984f8e54399bff38af9d6dd
                                                • Instruction ID: 54ae0de4f9673e030f0892c571c4638ce037e458bd8eea4bdb9bd0c58bacb2df
                                                • Opcode Fuzzy Hash: 5a41e2bf2eef08a581f164b1db9cdd888add00e5d984f8e54399bff38af9d6dd
                                                • Instruction Fuzzy Hash: 7841CEB8D00648DFDB14CFA9D884A9DFBF1AF4A300F209129E859BB650DB749885CF55
                                                Function 080D0006 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2088340697.00000000080D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_80d0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6837f48a67375a15c87d61f9585151d82e8e6be0d10d22812881d3c50cdc720e
                                                • Instruction ID: 093e640a92e259cff157dd154c06738dc69794a6d51651ed6095d51d670b90e0
                                                • Opcode Fuzzy Hash: 6837f48a67375a15c87d61f9585151d82e8e6be0d10d22812881d3c50cdc720e
                                                • Instruction Fuzzy Hash: DB417B75E05B949FEB19CF6B8D4068AFFF3AFC9201F18C0BA944CAA265DA314546CF41
                                                Function 07FFBEC0 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ed9b9fa6e415d2b142ecaeea0f54fd454a6959a87243a1073f1ee107d72e5db
                                                • Instruction ID: 54b4cf908bef825dc9e568839926aa8027c478908bddcfd1f9dce7b789461b9b
                                                • Opcode Fuzzy Hash: 1ed9b9fa6e415d2b142ecaeea0f54fd454a6959a87243a1073f1ee107d72e5db
                                                • Instruction Fuzzy Hash: 38412CB5E016198BDB1CCFABC94459EFAF3BFC8300F14C07A9958AB264EB7459418F54
                                                Function 05556A78 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bf54ab42ba4b7cfb59c15fcdfbd9ff851e7716287b01af9d7f67edb807aaf85
                                                • Instruction ID: 99b1fcad2f90d93de09c8295d498df2532aabf0196f63956014493bddc2acf94
                                                • Opcode Fuzzy Hash: 3bf54ab42ba4b7cfb59c15fcdfbd9ff851e7716287b01af9d7f67edb807aaf85
                                                • Instruction Fuzzy Hash: 9441BEB9D04248DFCB10DF99D984AEEBBF1FB49320F10905AE819A7210C735A941CF95
                                                Function 0555B780 Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60900459f44d71001db38b71a051e1b435604439ad92c6e545d632c693764a53
                                                • Instruction ID: d5d78b73ec0a12ba4cf13e87b75d8a3e4362469e6237854c86b8c2d6ea5632cf
                                                • Opcode Fuzzy Hash: 60900459f44d71001db38b71a051e1b435604439ad92c6e545d632c693764a53
                                                • Instruction Fuzzy Hash: 6041FFB5C04258DFCB10CFA9D484AEEFBF4BB09320F14942AE455B7250C738AA85CFA4
                                                Function 0555B788 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a9c923f4ed66a17828d25ff3998cef2fdacfb50c7c9370e425dd2ce00c9b605
                                                • Instruction ID: 7b19ae5e8dc52c1caa730124b94c87dd3a3cc93598b856eeae8a9e6a8fcbf972
                                                • Opcode Fuzzy Hash: 9a9c923f4ed66a17828d25ff3998cef2fdacfb50c7c9370e425dd2ce00c9b605
                                                • Instruction Fuzzy Hash: DE41DEB5D05258DFCB10CFA9D484AEEFBF4BB49320F14942AE455B7250C738AA85CFA4
                                                Function 08440006 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2093614110.0000000008440000.00000040.00000800.00020000.00000000.sdmp, Offset: 08440000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_8440000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7d2aadd9995b5d5c469ff4fe5a1fa738380d8f7286522556cb7cbb78536ac01
                                                • Instruction ID: bad9134708f6a9622d4e513f063775f3f95ed220958c9c886f9a7fe462666f94
                                                • Opcode Fuzzy Hash: c7d2aadd9995b5d5c469ff4fe5a1fa738380d8f7286522556cb7cbb78536ac01
                                                • Instruction Fuzzy Hash: 74313271D097948FD72ACF6A9C54289BFF2AF86200F09C0EBD4489B256D7780A96CF51
                                                Function 0555D647 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6611d6e0c9316f78043d20f5256fcfa5a9169c338292e9466e3c92c3cda7c7e6
                                                • Instruction ID: 02628bdf9186701341d7e2f8106c1ef21f8658315579d2d1ca1a8ce863a5a351
                                                • Opcode Fuzzy Hash: 6611d6e0c9316f78043d20f5256fcfa5a9169c338292e9466e3c92c3cda7c7e6
                                                • Instruction Fuzzy Hash: D1410774A00208CFDB54DFA8D8987AEB7F2FB49311F1080AAD909A7294DB345D8ACF40
                                                Function 07FF5480 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d124c601c153640f0dbe7941042a4f1e82ab411baf98b422b6428bc24afe02c0
                                                • Instruction ID: 907b21dbb944b1803b207dc6d9cb1dcdec870647f59f63287b0ffde9136d5818
                                                • Opcode Fuzzy Hash: d124c601c153640f0dbe7941042a4f1e82ab411baf98b422b6428bc24afe02c0
                                                • Instruction Fuzzy Hash: 5521FDB1D056588BDB18DFAB9C041DEBBF7AFC9300F14C1AAD909AB264DB314A45CF50
                                                Function 01B4BF80 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2038751343.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1b40000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e097f957102142de46adced5c57160ef5f233b7ddf550f67957e106e776b5995
                                                • Instruction ID: f3930647f1ed3e6846d9a72006afe173ec7c2968544f9fdf0b0611d39e68ddbe
                                                • Opcode Fuzzy Hash: e097f957102142de46adced5c57160ef5f233b7ddf550f67957e106e776b5995
                                                • Instruction Fuzzy Hash: D1317CB1D016188BEB58CF5BC94438EFAF7BFC9304F14C1AAC50CA6264DB750A858F11
                                                Function 07FF66A7 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38b5aaaaed4af47d536e9d32c7bddaad7a408bbd313fce9fdb486f75cd787e0f
                                                • Instruction ID: b07bf183ffd37d9fc28effba90510cd25c1539561f916fdaa39faf28f429e615
                                                • Opcode Fuzzy Hash: 38b5aaaaed4af47d536e9d32c7bddaad7a408bbd313fce9fdb486f75cd787e0f
                                                • Instruction Fuzzy Hash: 34316DB1D056198BEB5CCF6B884469EFAF7AFC9310F14C1BAD418A6264DF340A818E55
                                                Function 05556A80 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 508e8cb32fa55ee50f33fbb903da59b7b18b9abc4103085a37d358f0395b6cd9
                                                • Instruction ID: 4d16d2c3a72e0c03599d41cbfe2d7152183b10b9d556eb87fe7d477bdb2e1787
                                                • Opcode Fuzzy Hash: 508e8cb32fa55ee50f33fbb903da59b7b18b9abc4103085a37d358f0395b6cd9
                                                • Instruction Fuzzy Hash: 0D21EFB5D042189FCB10CFA9D980ADEFBF0FB49320F10902AD815B7210CB356945CFA4
                                                Function 055575F8 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc2ac2208fb0bcea13e0c180e10e1dd5ae43d57ffe4253efaa022291a9583c94
                                                • Instruction ID: faa74ac3d222e83d7cdd6f4422f4a1059cd6693141f6f23f5ad14dd0a6f23626
                                                • Opcode Fuzzy Hash: fc2ac2208fb0bcea13e0c180e10e1dd5ae43d57ffe4253efaa022291a9583c94
                                                • Instruction Fuzzy Hash: 2A1126B1D056088BEB19CFABC8006DEFAF6AF89310F14C07AD408AB255DA70058ACF80
                                                Function 07FF5490 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2087622490.0000000007FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ff0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7465831a3649a3edced1a8a041277b7b87d74e75e225283f42f3af6a4e3c9eb8
                                                • Instruction ID: c04a1b7c38db635bac2dbc269794b844643be84f9e264b951a7f37ef7b043231
                                                • Opcode Fuzzy Hash: 7465831a3649a3edced1a8a041277b7b87d74e75e225283f42f3af6a4e3c9eb8
                                                • Instruction Fuzzy Hash: EF119DB1D056588BDB18CFAB9D042DEBBF7AFC9301F18C0BAD50DAA224DB354A558E50
                                                Function 05556B50 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056152235.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5550000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ee55b52e040256ce74c98a2884d339b37b788879ff3df250aa40b7dba19f7b0
                                                • Instruction ID: fc15bd84926e63b2b42982862bf460d8892f9e2dea1907aeb2142bcfa627751f
                                                • Opcode Fuzzy Hash: 1ee55b52e040256ce74c98a2884d339b37b788879ff3df250aa40b7dba19f7b0
                                                • Instruction Fuzzy Hash: 06014276D04208DFCB00DF88E8847ECFBF0BB49324F60805AD80977260CB36A856CBA1
                                                Function 05518150 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2056070598.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5510000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (_^q$(_^q$(_^q$(_^q
                                                • API String ID: 0-2697572114
                                                • Opcode ID: 9f20990fee0b6137fbd63abdb2d41ace717aa0bf12f60011af7723de440809d8
                                                • Instruction ID: b29b4d9350739f556ae14a5e03918ba069f561e163cb344e6e9a8236566f4d92
                                                • Opcode Fuzzy Hash: 9f20990fee0b6137fbd63abdb2d41ace717aa0bf12f60011af7723de440809d8
                                                • Instruction Fuzzy Hash: B261DD35A042448FCB15DF68C45496ABFF2FF86304B2984AED8469F392DB36DC46CB81

                                                Execution Graph

                                                Execution Coverage:9.3%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:69
                                                Total number of Limit Nodes:9
                                                execution_graph 14135 15b4668 14136 15b4676 14135->14136 14141 15b6de1 14136->14141 14139 15b4704 14142 15b6e05 14141->14142 14150 15b6ef0 14142->14150 14154 15b6ee0 14142->14154 14143 15b46e9 14146 15b421c 14143->14146 14147 15b4227 14146->14147 14162 15b851c 14147->14162 14149 15b8806 14149->14139 14152 15b6f17 14150->14152 14151 15b6ff4 14151->14151 14152->14151 14158 15b63d4 14152->14158 14156 15b6f17 14154->14156 14155 15b6ff4 14155->14155 14156->14155 14157 15b63d4 CreateActCtxA 14156->14157 14157->14155 14159 15b7370 CreateActCtxA 14158->14159 14161 15b7433 14159->14161 14163 15b8527 14162->14163 14166 15b853c 14163->14166 14165 15b88dd 14165->14149 14167 15b8547 14166->14167 14170 15b856c 14167->14170 14169 15b89ba 14169->14165 14171 15b8577 14170->14171 14174 15b859c 14171->14174 14173 15b8aad 14173->14169 14176 15b85a7 14174->14176 14175 15b9ec9 14175->14173 14176->14175 14178 15bdf70 14176->14178 14179 15bdf91 14178->14179 14180 15bdfb5 14179->14180 14182 15be120 14179->14182 14180->14175 14183 15be12d 14182->14183 14184 15be166 14183->14184 14186 15bc784 14183->14186 14184->14180 14187 15bc78f 14186->14187 14189 15be1d8 14187->14189 14190 15bc7b8 14187->14190 14189->14189 14191 15bc7c3 14190->14191 14192 15b859c 2 API calls 14191->14192 14193 15be247 14192->14193 14196 15be2c0 14193->14196 14194 15be256 14194->14189 14197 15be2ee 14196->14197 14198 15bc850 GetFocus 14197->14198 14199 15be317 14197->14199 14201 15be3bf 14197->14201 14198->14199 14200 15be3ba KiUserCallbackDispatcher 14199->14200 14199->14201 14200->14201 14202 15b6788 DuplicateHandle 14203 15b681e 14202->14203 14204 15b6540 14205 15b6586 GetCurrentProcess 14204->14205 14207 15b65d8 GetCurrentThread 14205->14207 14208 15b65d1 14205->14208 14209 15b660e 14207->14209 14210 15b6615 GetCurrentProcess 14207->14210 14208->14207 14209->14210 14211 15b664b 14210->14211 14212 15b6673 GetCurrentThreadId 14211->14212 14213 15b66a4 14212->14213 14214 15bbf10 14217 15bbff7 14214->14217 14215 15bbf1f 14218 15bc03c 14217->14218 14219 15bc019 14217->14219 14218->14215 14219->14218 14220 15bc240 GetModuleHandleW 14219->14220 14221 15bc26d 14220->14221 14221->14215

                                                Executed Functions

                                                Function 015B6530 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 536 15b6530-15b6539 537 15b653b-15b65cf GetCurrentProcess 536->537 538 15b652e 536->538 542 15b65d8-15b660c GetCurrentThread 537->542 543 15b65d1-15b65d7 537->543 538->536 544 15b660e-15b6614 542->544 545 15b6615-15b6649 GetCurrentProcess 542->545 543->542 544->545 547 15b664b-15b6651 545->547 548 15b6652-15b666d call 15b6712 545->548 547->548 551 15b6673-15b66a2 GetCurrentThreadId 548->551 552 15b66ab-15b670d 551->552 553 15b66a4-15b66aa 551->553 553->552
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 015B65BE
                                                • GetCurrentThread.KERNEL32 ref: 015B65FB
                                                • GetCurrentProcess.KERNEL32 ref: 015B6638
                                                • GetCurrentThreadId.KERNEL32 ref: 015B6691
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: e5d4e4a94dec53d36fe92e31017777f3e6013cd0d886d93f77f33f77f1fd1543
                                                • Instruction ID: 28508a217496dbd2e157bfceca650e060e50cf229543e0bdb37635c5e5525321
                                                • Opcode Fuzzy Hash: e5d4e4a94dec53d36fe92e31017777f3e6013cd0d886d93f77f33f77f1fd1543
                                                • Instruction Fuzzy Hash: 4D5176B0900249CFDB58DFAAC588BDEBFF1BF48304F248459E048AB2A0DB349944CF65
                                                Function 015B6540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 560 15b6540-15b65cf GetCurrentProcess 564 15b65d8-15b660c GetCurrentThread 560->564 565 15b65d1-15b65d7 560->565 566 15b660e-15b6614 564->566 567 15b6615-15b6649 GetCurrentProcess 564->567 565->564 566->567 569 15b664b-15b6651 567->569 570 15b6652-15b666d call 15b6712 567->570 569->570 573 15b6673-15b66a2 GetCurrentThreadId 570->573 574 15b66ab-15b670d 573->574 575 15b66a4-15b66aa 573->575 575->574
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 015B65BE
                                                • GetCurrentThread.KERNEL32 ref: 015B65FB
                                                • GetCurrentProcess.KERNEL32 ref: 015B6638
                                                • GetCurrentThreadId.KERNEL32 ref: 015B6691
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: b53965a329b56e7918bedc9583441aaffe3ada48e960206e963f97e64b1edc5a
                                                • Instruction ID: 5d11061c0f1d321ff6bc4d976f1f04506a4679620a6fd5b8811780c27dd57c6a
                                                • Opcode Fuzzy Hash: b53965a329b56e7918bedc9583441aaffe3ada48e960206e963f97e64b1edc5a
                                                • Instruction Fuzzy Hash: 125136B09002098FDB58DFAAD588BDEBFF5BB48304F208459E419AB2A0DB749944CF65
                                                Function 015BBFF7 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 604 15bbff7-15bc017 605 15bc019-15bc026 call 15bb35c 604->605 606 15bc043-15bc047 604->606 611 15bc028 605->611 612 15bc03c 605->612 607 15bc05b-15bc09c 606->607 608 15bc049-15bc053 606->608 615 15bc0a9-15bc0b7 607->615 616 15bc09e-15bc0a6 607->616 608->607 659 15bc02e call 15bc290 611->659 660 15bc02e call 15bc2a0 611->660 612->606 618 15bc0db-15bc0dd 615->618 619 15bc0b9-15bc0be 615->619 616->615 617 15bc034-15bc036 617->612 620 15bc178-15bc238 617->620 621 15bc0e0-15bc0e7 618->621 622 15bc0c9 619->622 623 15bc0c0-15bc0c7 call 15bb368 619->623 654 15bc23a-15bc23d 620->654 655 15bc240-15bc26b GetModuleHandleW 620->655 626 15bc0e9-15bc0f1 621->626 627 15bc0f4-15bc0fb 621->627 625 15bc0cb-15bc0d9 622->625 623->625 625->621 626->627 629 15bc108-15bc111 call 15bb378 627->629 630 15bc0fd-15bc105 627->630 635 15bc11e-15bc123 629->635 636 15bc113-15bc11b 629->636 630->629 637 15bc141-15bc14e 635->637 638 15bc125-15bc12c 635->638 636->635 645 15bc171-15bc177 637->645 646 15bc150-15bc16e 637->646 638->637 640 15bc12e-15bc13e call 15bb388 call 15bb398 638->640 640->637 646->645 654->655 656 15bc26d-15bc273 655->656 657 15bc274-15bc288 655->657 656->657 659->617 660->617
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 015BC25E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: dfd17c17917f8345f9edc7ca50bcdc827168ddf68a76d951b6ab4d94d72c81de
                                                • Instruction ID: 2097e50dc2d325d5b277a89149c808159d6fe463f05619f961e580f0b4cc02d5
                                                • Opcode Fuzzy Hash: dfd17c17917f8345f9edc7ca50bcdc827168ddf68a76d951b6ab4d94d72c81de
                                                • Instruction Fuzzy Hash: 308136B0A00B058FD724DF69C49179ABBF1FF88344F008A2ED48ADBA50DB75E945CB94
                                                Function 015B63D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 661 15b63d4-15b7431 CreateActCtxA 664 15b743a-15b7494 661->664 665 15b7433-15b7439 661->665 672 15b74a3-15b74a7 664->672 673 15b7496-15b7499 664->673 665->664 674 15b74a9-15b74b5 672->674 675 15b74b8 672->675 673->672 674->675 677 15b74b9 675->677 677->677
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 015B7421
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 4c0c51f389afb5956105c82089595d72d29fc5758faaa10dc5db2909b99889e7
                                                • Instruction ID: f976ecbee68ce7c7da3bb3d2527f8745121ccc2b360b29c5a12709e8969f0a71
                                                • Opcode Fuzzy Hash: 4c0c51f389afb5956105c82089595d72d29fc5758faaa10dc5db2909b99889e7
                                                • Instruction Fuzzy Hash: 5D41B0B1C00619CADB24DFA9C884BDDBBF5BF89304F24806AD408AB255DB796945CF90
                                                Function 015B7365 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 678 15b7365-15b7431 CreateActCtxA 680 15b743a-15b7494 678->680 681 15b7433-15b7439 678->681 688 15b74a3-15b74a7 680->688 689 15b7496-15b7499 680->689 681->680 690 15b74a9-15b74b5 688->690 691 15b74b8 688->691 689->688 690->691 693 15b74b9 691->693 693->693
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 015B7421
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 982225297d3c4b92c8f042f8a0c7831b467bdb6843b73be99a22261a2a9f3ef3
                                                • Instruction ID: 28da5216aa8563a1e6ef32e49dd2b533d2203e09d98da2d5daf092222b240f45
                                                • Opcode Fuzzy Hash: 982225297d3c4b92c8f042f8a0c7831b467bdb6843b73be99a22261a2a9f3ef3
                                                • Instruction Fuzzy Hash: 3441E1B1C00619CFDB24CFA9C9847DDBBF5BF88304F24806AD408AB255DB796946CF90
                                                Function 015B6788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 699 15b6788-15b681c DuplicateHandle 700 15b681e-15b6824 699->700 701 15b6825-15b6842 699->701 700->701
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015B680F
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: c2e1a6911c639c59cbac8196f83cdbcdb9c74e75b2dbdad8fa8b4d49446de62d
                                                • Instruction ID: 9c270a23fb3e567488f32e745736dde11c36d7534b0cb370cd1d8152f4e8bed7
                                                • Opcode Fuzzy Hash: c2e1a6911c639c59cbac8196f83cdbcdb9c74e75b2dbdad8fa8b4d49446de62d
                                                • Instruction Fuzzy Hash: 3E21C4B59002589FDB10CF9AD984ADEFFF4FB48320F14841AE954A7350D374A954CFA5
                                                Function 015B6782 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 694 15b6782-15b681c DuplicateHandle 695 15b681e-15b6824 694->695 696 15b6825-15b6842 694->696 695->696
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015B680F
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 700276f546eead5d0df54c409f7a6158759c5767563520f1d22c9df6e9b2923e
                                                • Instruction ID: c83340f04c83c08fc3c72fe5583e229998c9f870bc737e32d0a4b206fd142598
                                                • Opcode Fuzzy Hash: 700276f546eead5d0df54c409f7a6158759c5767563520f1d22c9df6e9b2923e
                                                • Instruction Fuzzy Hash: 7721E4B59002599FDB10CFA9D584ADEFFF4FB48320F14846AE958A7310D374A940CFA1
                                                Function 015BC1F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 704 15bc1f8-15bc238 705 15bc23a-15bc23d 704->705 706 15bc240-15bc26b GetModuleHandleW 704->706 705->706 707 15bc26d-15bc273 706->707 708 15bc274-15bc288 706->708 707->708
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 015BC25E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2078595733.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15b0000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 00a2f0540bb19d3e0d1e5c0f4bda7c4b5befdd51a40d691936432df4a040ed40
                                                • Instruction ID: 09e5a0f642d075092219ce506c7ae9089e107420c86c33597431f8d885edb3c9
                                                • Opcode Fuzzy Hash: 00a2f0540bb19d3e0d1e5c0f4bda7c4b5befdd51a40d691936432df4a040ed40
                                                • Instruction Fuzzy Hash: C311E0B5C002498FDB14DF9AC484ADEFBF4EB88324F10846AD569A7210D375A545CFA5
                                                Function 0123D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2077593198.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_123d000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 216dfffbf7526093dae9621109388fc620d34c7da23b06b19bd607ff63fbcb69
                                                • Instruction ID: 31b3405fee75e47dac7146ee99faa3b008d9c183791c42f20b074ec67e3a4695
                                                • Opcode Fuzzy Hash: 216dfffbf7526093dae9621109388fc620d34c7da23b06b19bd607ff63fbcb69
                                                • Instruction Fuzzy Hash: 9B2130B0614208DFCB11DF68D980B26FBA5EB84B14F60C569E90A4B256C37AD406CA61
                                                Function 0123D006 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2077593198.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_123d000_GjNVpV53SR.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33756d8b4f719ad9cca1da437ab33c0a31313b4922a9b888174b99caff0ac726
                                                • Instruction ID: 6d70480b00180710440c10c0f5cc7c3956ab1b8f4552d11b42500aadf76e8351
                                                • Opcode Fuzzy Hash: 33756d8b4f719ad9cca1da437ab33c0a31313b4922a9b888174b99caff0ac726
                                                • Instruction Fuzzy Hash: 6B2183755083849FCB02CF64D994711BF71EB86714F28C5DAD9498F2A7C33A981ACB62

                                                Execution Graph

                                                Execution Coverage:11%
                                                Dynamic/Decrypted Code Coverage:95.6%
                                                Signature Coverage:0%
                                                Total number of Nodes:456
                                                Total number of Limit Nodes:13
                                                execution_graph 53321 7c3ee10 53322 7c3ee54 VirtualAlloc 53321->53322 53324 7c3eec1 53322->53324 52814 7ac7308 52815 7ac7312 52814->52815 52819 5702848 52815->52819 52823 5702838 52815->52823 52816 7ac6f87 52820 570285d 52819->52820 52821 5702873 52820->52821 52827 57028fa 52820->52827 52821->52816 52824 570285d 52823->52824 52825 5702873 52824->52825 52826 57028fa 10 API calls 52824->52826 52825->52816 52826->52825 52828 57028df 52827->52828 52829 5702902 52827->52829 52829->52828 52832 5704260 52829->52832 52844 5704250 52829->52844 52833 5704275 52832->52833 52856 57042b0 52833->52856 52859 570470f 52833->52859 52862 57043fe 52833->52862 52865 570460b 52833->52865 52868 570463b 52833->52868 52871 57045a2 52833->52871 52874 5704871 52833->52874 52877 5704331 52833->52877 52880 57042a0 52833->52880 52845 5704260 52844->52845 52847 57042b0 10 API calls 52845->52847 52848 57042a0 10 API calls 52845->52848 52849 5704331 10 API calls 52845->52849 52850 5704871 10 API calls 52845->52850 52851 57045a2 10 API calls 52845->52851 52852 570463b 10 API calls 52845->52852 52853 570460b 10 API calls 52845->52853 52854 57043fe 10 API calls 52845->52854 52855 570470f 10 API calls 52845->52855 52846 5704297 52846->52828 52847->52846 52848->52846 52849->52846 52850->52846 52851->52846 52852->52846 52853->52846 52854->52846 52855->52846 52857 57042dd 52856->52857 52883 5704c98 52857->52883 52860 570431b 52859->52860 52861 5704c98 10 API calls 52860->52861 52861->52860 52863 570431b 52862->52863 52864 5704c98 10 API calls 52863->52864 52864->52863 52866 570431b 52865->52866 52867 5704c98 10 API calls 52866->52867 52867->52866 52869 570431b 52868->52869 52870 5704c98 10 API calls 52869->52870 52870->52869 52872 570431b 52871->52872 52873 5704c98 10 API calls 52872->52873 52873->52872 52875 570431b 52874->52875 52876 5704c98 10 API calls 52875->52876 52876->52875 52878 570431b 52877->52878 52879 5704c98 10 API calls 52878->52879 52879->52878 52881 57042b0 52880->52881 52882 5704c98 10 API calls 52881->52882 52882->52881 52884 5704ca3 52883->52884 52885 5704c64 52883->52885 52886 5704cdf 52884->52886 52927 57058f0 52884->52927 52933 57051ce 52884->52933 52939 570500c 52884->52939 52945 570508a 52884->52945 52951 5705b48 52884->52951 52957 5705308 52884->52957 52966 57052c7 52884->52966 52972 5705ac5 52884->52972 52978 5705b43 52884->52978 52984 5705303 52884->52984 52990 5705103 52884->52990 52996 5705a00 52884->52996 53005 5705d5e 52884->53005 53011 570549e 52884->53011 53017 5705c1b 52884->53017 53023 5705d17 52884->53023 53029 57054d7 52884->53029 53038 57061d6 52884->53038 53045 5706153 52884->53045 53052 5705252 52884->53052 53061 5705150 52884->53061 53070 570556d 52884->53070 53076 57058ab 52884->53076 53082 5704f2a 52884->53082 53088 5704de9 52884->53088 53094 5705568 52884->53094 53100 5704ce8 52884->53100 53107 57053a5 52884->53107 53113 5704e65 52884->53113 53119 5704e24 52884->53119 53125 57059a2 52884->53125 53131 57059bf 52884->53131 53135 57056fe 52884->53135 53144 57055fd 52884->53144 53153 570613b 52884->53153 53160 570547a 52884->53160 53165 5705978 52884->53165 53171 5704cf8 52884->53171 53178 57057b5 52884->53178 53184 57056b3 52884->53184 52885->52857 52886->52857 52928 5704dd0 52927->52928 53190 5707cf0 52928->53190 53195 5707ce0 52928->53195 53200 5c69b71 52928->53200 53204 5c69b78 52928->53204 52934 5704dd0 52933->52934 52935 5707cf0 2 API calls 52934->52935 52936 5707ce0 2 API calls 52934->52936 52937 5c69b71 WriteProcessMemory 52934->52937 52938 5c69b78 WriteProcessMemory 52934->52938 52935->52934 52936->52934 52937->52934 52938->52934 52940 5704dd0 52939->52940 52941 5707cf0 2 API calls 52940->52941 52942 5707ce0 2 API calls 52940->52942 52943 5c69b71 WriteProcessMemory 52940->52943 52944 5c69b78 WriteProcessMemory 52940->52944 52941->52940 52942->52940 52943->52940 52944->52940 52946 5704dd0 52945->52946 52947 5c69b71 WriteProcessMemory 52946->52947 52948 5c69b78 WriteProcessMemory 52946->52948 52949 5707cf0 2 API calls 52946->52949 52950 5707ce0 2 API calls 52946->52950 52947->52946 52948->52946 52949->52946 52950->52946 52952 5704dd0 52951->52952 52953 5707cf0 2 API calls 52952->52953 52954 5707ce0 2 API calls 52952->52954 52955 5c69b71 WriteProcessMemory 52952->52955 52956 5c69b78 WriteProcessMemory 52952->52956 52953->52952 52954->52952 52955->52952 52956->52952 52958 5705315 52957->52958 53216 5707dd8 52958->53216 53221 5707dc9 52958->53221 52959 5704dd0 52960 5707cf0 2 API calls 52959->52960 52961 5707ce0 2 API calls 52959->52961 52962 5c69b71 WriteProcessMemory 52959->52962 52963 5c69b78 WriteProcessMemory 52959->52963 52960->52959 52961->52959 52962->52959 52963->52959 52967 5704dd0 52966->52967 52968 5c69b71 WriteProcessMemory 52967->52968 52969 5c69b78 WriteProcessMemory 52967->52969 52970 5707cf0 2 API calls 52967->52970 52971 5707ce0 2 API calls 52967->52971 52968->52967 52969->52967 52970->52967 52971->52967 52973 5704dd0 52972->52973 52974 5707cf0 2 API calls 52973->52974 52975 5707ce0 2 API calls 52973->52975 52976 5c69b71 WriteProcessMemory 52973->52976 52977 5c69b78 WriteProcessMemory 52973->52977 52974->52973 52975->52973 52976->52973 52977->52973 52979 5704dd0 52978->52979 52980 5707cf0 2 API calls 52979->52980 52981 5707ce0 2 API calls 52979->52981 52982 5c69b71 WriteProcessMemory 52979->52982 52983 5c69b78 WriteProcessMemory 52979->52983 52980->52979 52981->52979 52982->52979 52983->52979 52985 5704dd0 52984->52985 52986 5707cf0 2 API calls 52985->52986 52987 5707ce0 2 API calls 52985->52987 52988 5c69b71 WriteProcessMemory 52985->52988 52989 5c69b78 WriteProcessMemory 52985->52989 52986->52985 52987->52985 52988->52985 52989->52985 52991 5704dd0 52990->52991 52992 5707cf0 2 API calls 52991->52992 52993 5707ce0 2 API calls 52991->52993 52994 5c69b71 WriteProcessMemory 52991->52994 52995 5c69b78 WriteProcessMemory 52991->52995 52992->52991 52993->52991 52994->52991 52995->52991 52997 5705a22 52996->52997 53003 5c69b71 WriteProcessMemory 52997->53003 53004 5c69b78 WriteProcessMemory 52997->53004 52998 5704dd0 52999 5707cf0 2 API calls 52998->52999 53000 5707ce0 2 API calls 52998->53000 53001 5c69b71 WriteProcessMemory 52998->53001 53002 5c69b78 WriteProcessMemory 52998->53002 52999->52998 53000->52998 53001->52998 53002->52998 53003->52998 53004->52998 53006 5704dd0 53005->53006 53007 5707cf0 2 API calls 53006->53007 53008 5707ce0 2 API calls 53006->53008 53009 5c69b71 WriteProcessMemory 53006->53009 53010 5c69b78 WriteProcessMemory 53006->53010 53007->53006 53008->53006 53009->53006 53010->53006 53012 5704dd0 53011->53012 53013 5707cf0 2 API calls 53012->53013 53014 5707ce0 2 API calls 53012->53014 53015 5c69b71 WriteProcessMemory 53012->53015 53016 5c69b78 WriteProcessMemory 53012->53016 53013->53012 53014->53012 53015->53012 53016->53012 53018 5704dd0 53017->53018 53019 5707cf0 2 API calls 53018->53019 53020 5707ce0 2 API calls 53018->53020 53021 5c69b71 WriteProcessMemory 53018->53021 53022 5c69b78 WriteProcessMemory 53018->53022 53019->53018 53020->53018 53021->53018 53022->53018 53024 5704dd0 53023->53024 53025 5707cf0 2 API calls 53024->53025 53026 5707ce0 2 API calls 53024->53026 53027 5c69b71 WriteProcessMemory 53024->53027 53028 5c69b78 WriteProcessMemory 53024->53028 53025->53024 53026->53024 53027->53024 53028->53024 53030 57054f8 53029->53030 53034 5707dd8 2 API calls 53030->53034 53035 5707dc9 2 API calls 53030->53035 53031 5704dd0 53032 5c69b71 WriteProcessMemory 53031->53032 53033 5c69b78 WriteProcessMemory 53031->53033 53036 5707cf0 2 API calls 53031->53036 53037 5707ce0 2 API calls 53031->53037 53032->53031 53033->53031 53034->53031 53035->53031 53036->53031 53037->53031 53040 5704d61 53038->53040 53039 5706130 53039->52886 53040->53039 53041 5707cf0 2 API calls 53040->53041 53042 5707ce0 2 API calls 53040->53042 53043 5c69b71 WriteProcessMemory 53040->53043 53044 5c69b78 WriteProcessMemory 53040->53044 53041->53040 53042->53040 53043->53040 53044->53040 53047 5704d61 53045->53047 53046 5706130 53046->52886 53047->53046 53048 5707cf0 2 API calls 53047->53048 53049 5707ce0 2 API calls 53047->53049 53050 5c69b71 WriteProcessMemory 53047->53050 53051 5c69b78 WriteProcessMemory 53047->53051 53048->53047 53049->53047 53050->53047 53051->53047 53053 570525c 53052->53053 53055 5707dd8 2 API calls 53053->53055 53056 5707dc9 2 API calls 53053->53056 53054 5704dd0 53057 5707cf0 2 API calls 53054->53057 53058 5707ce0 2 API calls 53054->53058 53059 5c69b71 WriteProcessMemory 53054->53059 53060 5c69b78 WriteProcessMemory 53054->53060 53055->53054 53056->53054 53057->53054 53058->53054 53059->53054 53060->53054 53062 5705168 53061->53062 53234 57063d0 53062->53234 53239 57063c0 53062->53239 53063 5704dd0 53064 5707cf0 2 API calls 53063->53064 53065 5707ce0 2 API calls 53063->53065 53066 5c69b71 WriteProcessMemory 53063->53066 53067 5c69b78 WriteProcessMemory 53063->53067 53064->53063 53065->53063 53066->53063 53067->53063 53071 5704dd0 53070->53071 53072 5707cf0 2 API calls 53071->53072 53073 5707ce0 2 API calls 53071->53073 53074 5c69b71 WriteProcessMemory 53071->53074 53075 5c69b78 WriteProcessMemory 53071->53075 53072->53071 53073->53071 53074->53071 53075->53071 53077 5704dd0 53076->53077 53078 5707cf0 2 API calls 53077->53078 53079 5707ce0 2 API calls 53077->53079 53080 5c69b71 WriteProcessMemory 53077->53080 53081 5c69b78 WriteProcessMemory 53077->53081 53078->53077 53079->53077 53080->53077 53081->53077 53083 5704dd0 53082->53083 53084 5707cf0 2 API calls 53083->53084 53085 5707ce0 2 API calls 53083->53085 53086 5c69b71 WriteProcessMemory 53083->53086 53087 5c69b78 WriteProcessMemory 53083->53087 53084->53083 53085->53083 53086->53083 53087->53083 53090 5707cf0 2 API calls 53088->53090 53091 5707ce0 2 API calls 53088->53091 53089 5704dd0 53089->53088 53092 5c69b71 WriteProcessMemory 53089->53092 53093 5c69b78 WriteProcessMemory 53089->53093 53090->53089 53091->53089 53092->53089 53093->53089 53095 5704dd0 53094->53095 53096 5707cf0 2 API calls 53095->53096 53097 5707ce0 2 API calls 53095->53097 53098 5c69b71 WriteProcessMemory 53095->53098 53099 5c69b78 WriteProcessMemory 53095->53099 53096->53095 53097->53095 53098->53095 53099->53095 53102 5704cf8 53100->53102 53101 5706130 53101->52886 53102->53101 53103 5707cf0 2 API calls 53102->53103 53104 5707ce0 2 API calls 53102->53104 53105 5c69b71 WriteProcessMemory 53102->53105 53106 5c69b78 WriteProcessMemory 53102->53106 53103->53102 53104->53102 53105->53102 53106->53102 53108 5704dd0 53107->53108 53109 5707cf0 2 API calls 53108->53109 53110 5707ce0 2 API calls 53108->53110 53111 5c69b71 WriteProcessMemory 53108->53111 53112 5c69b78 WriteProcessMemory 53108->53112 53109->53108 53110->53108 53111->53108 53112->53108 53114 5704dd0 53113->53114 53115 5c69b71 WriteProcessMemory 53114->53115 53116 5c69b78 WriteProcessMemory 53114->53116 53117 5707cf0 2 API calls 53114->53117 53118 5707ce0 2 API calls 53114->53118 53115->53114 53116->53114 53117->53114 53118->53114 53120 5704dd0 53119->53120 53121 5707cf0 2 API calls 53120->53121 53122 5707ce0 2 API calls 53120->53122 53123 5c69b71 WriteProcessMemory 53120->53123 53124 5c69b78 WriteProcessMemory 53120->53124 53121->53120 53122->53120 53123->53120 53124->53120 53126 5704dd0 53125->53126 53127 5707cf0 2 API calls 53126->53127 53128 5707ce0 2 API calls 53126->53128 53129 5c69b71 WriteProcessMemory 53126->53129 53130 5c69b78 WriteProcessMemory 53126->53130 53127->53126 53128->53126 53129->53126 53130->53126 53262 5707ff8 53131->53262 53267 5707fe9 53131->53267 53132 57059d7 53136 5705708 53135->53136 53140 5707dd8 2 API calls 53136->53140 53141 5707dc9 2 API calls 53136->53141 53137 5704dd0 53138 5c69b71 WriteProcessMemory 53137->53138 53139 5c69b78 WriteProcessMemory 53137->53139 53142 5707cf0 2 API calls 53137->53142 53143 5707ce0 2 API calls 53137->53143 53138->53137 53139->53137 53140->53137 53141->53137 53142->53137 53143->53137 53145 57054d6 53144->53145 53146 5704dd0 53144->53146 53149 5707dd8 2 API calls 53145->53149 53150 5707dc9 2 API calls 53145->53150 53147 5c69b71 WriteProcessMemory 53146->53147 53148 5c69b78 WriteProcessMemory 53146->53148 53151 5707cf0 2 API calls 53146->53151 53152 5707ce0 2 API calls 53146->53152 53147->53146 53148->53146 53149->53146 53150->53146 53151->53146 53152->53146 53155 5704d61 53153->53155 53154 5706130 53154->52886 53155->53154 53156 5c69b71 WriteProcessMemory 53155->53156 53157 5c69b78 WriteProcessMemory 53155->53157 53158 5707cf0 2 API calls 53155->53158 53159 5707ce0 2 API calls 53155->53159 53156->53155 53157->53155 53158->53155 53159->53155 53161 5705487 53160->53161 53272 5c69d90 53161->53272 53276 5c69d88 53161->53276 53162 5705b23 53166 5704dd0 53165->53166 53167 5707cf0 2 API calls 53166->53167 53168 5707ce0 2 API calls 53166->53168 53169 5c69b71 WriteProcessMemory 53166->53169 53170 5c69b78 WriteProcessMemory 53166->53170 53167->53166 53168->53166 53169->53166 53170->53166 53173 5704d2b 53171->53173 53172 5706130 53172->52886 53173->53172 53174 5707cf0 2 API calls 53173->53174 53175 5707ce0 2 API calls 53173->53175 53176 5c69b71 WriteProcessMemory 53173->53176 53177 5c69b78 WriteProcessMemory 53173->53177 53174->53173 53175->53173 53176->53173 53177->53173 53179 5704dd0 53178->53179 53180 5707cf0 2 API calls 53179->53180 53181 5707ce0 2 API calls 53179->53181 53182 5c69b71 WriteProcessMemory 53179->53182 53183 5c69b78 WriteProcessMemory 53179->53183 53180->53179 53181->53179 53182->53179 53183->53179 53185 5704dd0 53184->53185 53186 5707cf0 2 API calls 53185->53186 53187 5707ce0 2 API calls 53185->53187 53188 5c69b71 WriteProcessMemory 53185->53188 53189 5c69b78 WriteProcessMemory 53185->53189 53186->53185 53187->53185 53188->53185 53189->53185 53191 5707d05 53190->53191 53208 5c694b0 53191->53208 53212 5c694b8 53191->53212 53192 5707d1e 53192->52928 53196 5707d05 53195->53196 53198 5c694b0 Wow64SetThreadContext 53196->53198 53199 5c694b8 Wow64SetThreadContext 53196->53199 53197 5707d1e 53197->52928 53198->53197 53199->53197 53201 5c69b78 WriteProcessMemory 53200->53201 53203 5c69c5d 53201->53203 53203->52928 53205 5c69bc4 WriteProcessMemory 53204->53205 53207 5c69c5d 53205->53207 53207->52928 53209 5c69501 Wow64SetThreadContext 53208->53209 53211 5c69579 53209->53211 53211->53192 53213 5c69501 Wow64SetThreadContext 53212->53213 53215 5c69579 53213->53215 53215->53192 53217 5707ded 53216->53217 53226 5c69a10 53217->53226 53230 5c69a18 53217->53230 53218 5707e0f 53218->52959 53222 5707dd8 53221->53222 53224 5c69a10 VirtualAllocEx 53222->53224 53225 5c69a18 VirtualAllocEx 53222->53225 53223 5707e0f 53223->52959 53224->53223 53225->53223 53227 5c69a5c VirtualAllocEx 53226->53227 53229 5c69ad4 53227->53229 53229->53218 53231 5c69a5c VirtualAllocEx 53230->53231 53233 5c69ad4 53231->53233 53233->53218 53235 57063e7 53234->53235 53236 5706409 53235->53236 53244 5706a47 53235->53244 53249 5706ac8 53235->53249 53236->53063 53240 57063e7 53239->53240 53241 5706409 53240->53241 53242 5706a47 2 API calls 53240->53242 53243 5706ac8 2 API calls 53240->53243 53241->53063 53242->53241 53243->53241 53245 5706a5b 53244->53245 53254 5c69100 53245->53254 53258 5c690f5 53245->53258 53250 5706af0 53249->53250 53252 5c690f5 CreateProcessA 53250->53252 53253 5c69100 CreateProcessA 53250->53253 53251 5706d0a 53252->53251 53253->53251 53255 5c69180 CreateProcessA 53254->53255 53257 5c6937c 53255->53257 53259 5c69180 CreateProcessA 53258->53259 53261 5c6937c 53259->53261 53263 570800d 53262->53263 53265 5c694b0 Wow64SetThreadContext 53263->53265 53266 5c694b8 Wow64SetThreadContext 53263->53266 53264 5708026 53264->53132 53265->53264 53266->53264 53268 5707ff8 53267->53268 53270 5c694b0 Wow64SetThreadContext 53268->53270 53271 5c694b8 Wow64SetThreadContext 53268->53271 53269 5708026 53269->53132 53270->53269 53271->53269 53273 5c69dd9 NtResumeThread 53272->53273 53275 5c69e30 53273->53275 53275->53162 53277 5c69dd9 NtResumeThread 53276->53277 53279 5c69e30 53277->53279 53279->53162 53325 145d01c 53326 145d034 53325->53326 53327 145d08f 53326->53327 53329 7c3e330 53326->53329 53330 7c3e389 53329->53330 53333 7c3e8c0 53330->53333 53331 7c3e3be 53334 7c3e8ed 53333->53334 53335 7c3d748 VirtualProtect 53334->53335 53337 7c3ea83 53334->53337 53336 7c3ea74 53335->53336 53336->53331 53337->53331 53338 7ac7156 53339 7ac7160 53338->53339 53343 5c2e548 53339->53343 53348 5c2e558 53339->53348 53340 7ac719e 53344 5c2e56d 53343->53344 53353 5c2e588 53344->53353 53358 5c2e598 53344->53358 53345 5c2e583 53345->53340 53349 5c2e56d 53348->53349 53351 5c2e588 2 API calls 53349->53351 53352 5c2e598 2 API calls 53349->53352 53350 5c2e583 53350->53340 53351->53350 53352->53350 53354 5c2e598 53353->53354 53355 5c2e606 53354->53355 53363 5c6c160 53354->53363 53368 5c6c170 53354->53368 53355->53345 53359 5c2e5c2 53358->53359 53360 5c2e606 53359->53360 53361 5c6c160 2 API calls 53359->53361 53362 5c6c170 2 API calls 53359->53362 53360->53345 53361->53359 53362->53359 53364 5c6c170 53363->53364 53373 5c64a10 53364->53373 53377 5c64a18 53364->53377 53365 5c6c1a0 53365->53354 53369 5c6c185 53368->53369 53371 5c64a10 SleepEx 53369->53371 53372 5c64a18 SleepEx 53369->53372 53370 5c6c1a0 53370->53354 53371->53370 53372->53370 53374 5c64a5c SleepEx 53373->53374 53376 5c64abc 53374->53376 53376->53365 53378 5c64a5c SleepEx 53377->53378 53380 5c64abc 53378->53380 53380->53365 53280 153b7e8 53281 153b805 53280->53281 53282 153b815 53281->53282 53288 7c3a062 53281->53288 53292 7c355ee 53281->53292 53295 7c38b88 53281->53295 53299 7c38afb 53281->53299 53305 7c39835 53281->53305 53289 7c3a081 53288->53289 53309 7c3d748 53289->53309 53294 7c3d748 VirtualProtect 53292->53294 53293 7c301d2 53294->53293 53296 7c38b8b 53295->53296 53297 7c38b16 53295->53297 53297->53295 53298 7c3d748 VirtualProtect 53297->53298 53298->53297 53300 7c38b1a 53299->53300 53301 7c38b16 53300->53301 53303 7c3d748 VirtualProtect 53300->53303 53302 7c38b8b 53301->53302 53304 7c3d748 VirtualProtect 53301->53304 53303->53301 53304->53301 53308 7c3d748 VirtualProtect 53305->53308 53306 7c35fdb 53306->53305 53307 7c301d2 53306->53307 53308->53306 53311 7c3d76f 53309->53311 53313 7c3dc48 53311->53313 53314 7c3dc91 VirtualProtect 53313->53314 53316 7c301d2 53314->53316 53317 5c68508 53318 5c68557 NtProtectVirtualMemory 53317->53318 53320 5c685cf 53318->53320

                                                Executed Functions

                                                Function 07ACC940 Relevance: 16.2, Strings: 12, Instructions: 1179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                • API String ID: 0-312445597
                                                • Opcode ID: 81b8d9a9cbe2a1bdccb043f32946d7040a24500b1b73b7374da48dac54f91f13
                                                • Instruction ID: fb95fd1c1924b48f9a11a8df4e366a6826c4f93a1aa6738d346febee66459537
                                                • Opcode Fuzzy Hash: 81b8d9a9cbe2a1bdccb043f32946d7040a24500b1b73b7374da48dac54f91f13
                                                • Instruction Fuzzy Hash: 93B219B4A00219DFDB14CFA5C984BADB7B6BF88700F1445A9E519AB3A4DB70DC85CF60
                                                Function 07ACCC67 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                • API String ID: 0-2546334966
                                                • Opcode ID: 13b660ee8dbf9e98e02ef98833bb666ed8115c1530cda2e38bca81b96d4a17c3
                                                • Instruction ID: ca6137d1044f43db14a2d2ec3ba5ec6c54523ad2742cfce8697822e2f344b1e5
                                                • Opcode Fuzzy Hash: 13b660ee8dbf9e98e02ef98833bb666ed8115c1530cda2e38bca81b96d4a17c3
                                                • Instruction Fuzzy Hash: 8522FAB4B00219DFDB24CF65C984BA9B7B6FF88304F1481A9D519AB2A5DB30DD85CF60
                                                Function 07AC85C7 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: ed7178b3907cae215e94af19c308a166dda38e26a26a0109d795f61c585e998c
                                                • Instruction ID: a55f6bb5d5018b3efefda11e5c47fe28d9fcca49656f5ca801b314dfc992ddf6
                                                • Opcode Fuzzy Hash: ed7178b3907cae215e94af19c308a166dda38e26a26a0109d795f61c585e998c
                                                • Instruction Fuzzy Hash: EFF133B4A01219DFDB64CF69D854BEEB7B6FB89300F1081AAD51AAB344DB385D80CF51
                                                Function 07E4ED60 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Deq
                                                • API String ID: 0-948982800
                                                • Opcode ID: c4895c6156e47b7f102bb10c6d399e2ae7882dd10e42632a136e6fc27368d8ee
                                                • Instruction ID: f7a0c7c0c2b6e95ef08bfb977308e59264afa8dd700dde1ec0570f80e0d46cb2
                                                • Opcode Fuzzy Hash: c4895c6156e47b7f102bb10c6d399e2ae7882dd10e42632a136e6fc27368d8ee
                                                • Instruction Fuzzy Hash: 65D1B0B4E01219CFDB54CFA9D984A9DBBB2FF89304F1080A9D409AB365DB34AD81CF51
                                                Function 07AC9530 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 75d8e92fbc158f67352ec6599cdfac59996f51870dc85b2be54c2b9f08258b39
                                                • Instruction ID: c192c19e9453d3f10e15fb7ce775e86ecc3058de22f832d57dce711377ffa8a7
                                                • Opcode Fuzzy Hash: 75d8e92fbc158f67352ec6599cdfac59996f51870dc85b2be54c2b9f08258b39
                                                • Instruction Fuzzy Hash: 67B127B4E05208DFEB14CFAAD880BDEBBF6FB89310F1080A9D519A7255DB746985CF04
                                                Function 07AC9520 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 5521b5ef34933a801b8f55dfe52de3d8c7ec8535fce472c78c8a039af845395d
                                                • Instruction ID: 3b090fbd4b515e80d9a23a6669af1df9b740ecc1ba38ab17e66e67f81f697b1a
                                                • Opcode Fuzzy Hash: 5521b5ef34933a801b8f55dfe52de3d8c7ec8535fce472c78c8a039af845395d
                                                • Instruction Fuzzy Hash: E7B116B4E01208DFEB14CFAAD884BDEBBF6FB89314F1080A9D519A7255DB746985CF04
                                                Function 07AC7E31 Relevance: .1, Instructions: 132COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45f74b697d6a152e63852f59456302ed401d8dfcd781a19c516f545e084caaff
                                                • Instruction ID: c70d6f1d9162436c3d9c91f1065a7cb344b3fcd72fcbb47dea12d4a847120e13
                                                • Opcode Fuzzy Hash: 45f74b697d6a152e63852f59456302ed401d8dfcd781a19c516f545e084caaff
                                                • Instruction Fuzzy Hash: 4F5103B4E04209DFDB05CFAAD8406EEBBF6FB89310F10C56AD425A7254D7345A81CF90
                                                Function 05C21308 Relevance: 7.9, Strings: 6, Instructions: 408COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 626 5c21308-5c21354 630 5c214d2-5c2153e 626->630 631 5c2135a-5c2136c 626->631 643 5c21544-5c2154d 630->643 644 5c2178d-5c21794 630->644 634 5c2136e-5c213ba 631->634 635 5c213bc-5c21405 631->635 663 5c21408-5c2141c 634->663 635->663 647 5c215c3-5c215dc 643->647 648 5c2154f-5c21553 643->648 661 5c215e2 647->661 662 5c21709-5c21719 647->662 650 5c21555-5c2156a 648->650 651 5c2156c-5c21578 648->651 654 5c21581-5c215be 650->654 651->654 654->644 664 5c21631-5c21674 661->664 665 5c216c1-5c21704 661->665 666 5c215e9-5c2162c 661->666 667 5c21679-5c216bc 661->667 671 5c21732-5c2173e 662->671 672 5c2171b-5c21730 662->672 670 5c21427-5c21448 663->670 664->644 665->644 666->644 667->644 681 5c21452-5c2145c 670->681 682 5c2144a-5c21450 670->682 676 5c21747-5c21788 671->676 672->676 676->644 683 5c2145f-5c214a2 681->683 682->683 690 5c214a4-5c214c0 683->690 691 5c214c8-5c214cf 683->691 690->691
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                • API String ID: 0-723292480
                                                • Opcode ID: 5596b308127f60f611e9e60743c5df94673583407c3f913cc6e8b6c3b343d16d
                                                • Instruction ID: debd6a04e7fdc3c2f417174f8b3b94b9876bddca6911e2f27b9aace817f2e2e4
                                                • Opcode Fuzzy Hash: 5596b308127f60f611e9e60743c5df94673583407c3f913cc6e8b6c3b343d16d
                                                • Instruction Fuzzy Hash: 72D16F36940215DFCB19CF64C944E99BBB3FF88310B0544A8E609AB276D732ED56DF90
                                                Function 05C20448 Relevance: 4.2, Strings: 3, Instructions: 440COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 864 5c20448-5c20470 866 5c20472-5c204b9 864->866 867 5c204be-5c204cc 864->867 909 5c20915-5c2091c 866->909 868 5c204db 867->868 869 5c204ce-5c204d9 867->869 870 5c204dd-5c204e4 868->870 869->870 873 5c204ea-5c204ee 870->873 874 5c205cd-5c205d1 870->874 875 5c204f4-5c204f8 873->875 876 5c2091d-5c20945 873->876 878 5c205d3-5c205e2 874->878 879 5c20627-5c20631 874->879 880 5c2050a-5c20568 875->880 881 5c204fa-5c20504 875->881 886 5c2094c-5c20976 876->886 888 5c205e6-5c205eb 878->888 882 5c20633-5c20642 879->882 883 5c2066a-5c20690 879->883 918 5c209db-5c209ef 880->918 919 5c2056e-5c205c8 880->919 881->880 881->886 897 5c20648-5c20665 882->897 898 5c2097e-5c20994 882->898 904 5c20692-5c2069b 883->904 905 5c2069d 883->905 886->898 892 5c205e4 888->892 893 5c205ed-5c20622 888->893 892->888 893->909 897->909 921 5c2099c-5c209d4 898->921 910 5c2069f-5c206c7 904->910 905->910 926 5c20798-5c2079c 910->926 927 5c206cd-5c206e6 910->927 919->909 921->918 928 5c20816-5c20820 926->928 929 5c2079e-5c207b7 926->929 927->926 943 5c206ec-5c206fb 927->943 931 5c20822-5c2082c 928->931 932 5c2087d-5c20886 928->932 929->928 949 5c207b9-5c207c8 929->949 944 5c20832-5c20844 931->944 945 5c2082e-5c20830 931->945 935 5c20888-5c208b6 932->935 936 5c208be-5c2090d call 5c20c7f 932->936 935->936 952 5c20913 936->952 959 5c20713-5c20728 943->959 960 5c206fd-5c20703 943->960 950 5c20846-5c20848 944->950 945->950 964 5c207e0-5c207eb 949->964 965 5c207ca-5c207d0 949->965 956 5c20876-5c2087b 950->956 957 5c2084a-5c2084e 950->957 952->909 956->931 956->932 961 5c20850-5c20869 957->961 962 5c2086c-5c2086f 957->962 970 5c2072a-5c20756 959->970 971 5c2075c-5c20765 959->971 966 5c20707-5c20709 960->966 967 5c20705 960->967 961->962 962->956 964->918 975 5c207f1-5c20814 964->975 973 5c207d2 965->973 974 5c207d4-5c207d6 965->974 966->959 967->959 970->921 970->971 971->918 972 5c2076b-5c20792 971->972 972->926 972->943 973->964 974->964 975->928 975->949
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hbq$Hbq$Hbq
                                                • API String ID: 0-2297679979
                                                • Opcode ID: e15077c8d874a21faf1d443c8ed1acc0befac6aa01b3a5c69d3dd35afe0f3405
                                                • Instruction ID: 215a8447925583ccf60fee1006c5d903c5a884634b1957265a4a0b03547ea328
                                                • Opcode Fuzzy Hash: e15077c8d874a21faf1d443c8ed1acc0befac6aa01b3a5c69d3dd35afe0f3405
                                                • Instruction Fuzzy Hash: 70025C70A00619CFDB24DFA5C598A6EB7F2FF88300F24892ED506AB751DB35E946CB50
                                                Function 05C21D00 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 988 5c21d00-5c21d2b 1106 5c21d2d call 5c22220 988->1106 1107 5c21d2d call 5c22209 988->1107 989 5c21d33-5c21d3d 990 5c21d5f-5c21d75 call 5c21b08 989->990 991 5c21d3f-5c21d42 989->991 997 5c220eb-5c220ff 990->997 998 5c21d7b-5c21d87 990->998 1101 5c21d44 call 5c22670 991->1101 1102 5c21d44 call 5c22608 991->1102 1103 5c21d44 call 5c22618 991->1103 994 5c21d4a-5c21d4c 994->990 995 5c21d4e-5c21d56 994->995 995->990 1008 5c2213f-5c22148 997->1008 999 5c21eb8-5c21ebf 998->999 1000 5c21d8d-5c21d90 998->1000 1003 5c21ec5-5c21ece 999->1003 1004 5c21fee-5c22028 call 5c21510 999->1004 1001 5c21d93-5c21d9c 1000->1001 1006 5c21da2-5c21db6 1001->1006 1007 5c221e0 1001->1007 1003->1004 1009 5c21ed4-5c21fe0 call 5c21510 call 5c21aa0 call 5c21510 1003->1009 1108 5c2202b call 5c248b0 1004->1108 1109 5c2202b call 5c248a1 1004->1109 1025 5c21ea8-5c21eb2 1006->1025 1026 5c21dbc-5c21e51 call 5c21b08 * 2 call 5c21510 call 5c21aa0 call 5c21b48 call 5c21bf0 call 5c21c58 1006->1026 1016 5c221e5-5c221e9 1007->1016 1010 5c2214a-5c22151 1008->1010 1011 5c2210d-5c22116 1008->1011 1099 5c21fe2 1009->1099 1100 5c21feb 1009->1100 1014 5c22153-5c22196 call 5c21510 1010->1014 1015 5c2219f-5c221a6 1010->1015 1011->1007 1018 5c2211c-5c2212e 1011->1018 1014->1015 1019 5c221cb-5c221de 1015->1019 1020 5c221a8-5c221b8 1015->1020 1023 5c221f4 1016->1023 1024 5c221eb 1016->1024 1035 5c22130-5c22135 1018->1035 1036 5c2213e 1018->1036 1019->1016 1020->1019 1037 5c221ba-5c221c2 1020->1037 1033 5c221f5 1023->1033 1024->1023 1025->999 1025->1001 1078 5c21e53-5c21e6b call 5c21bf0 call 5c21510 call 5c217c0 1026->1078 1079 5c21e70-5c21ea3 call 5c21c58 1026->1079 1033->1033 1104 5c22138 call 5c25050 1035->1104 1105 5c22138 call 5c25041 1035->1105 1036->1008 1037->1019 1048 5c22031-5c22052 1056 5c2205d-5c220e2 call 5c21510 1048->1056 1056->997 1078->1079 1079->1025 1099->1100 1100->1004 1101->994 1102->994 1103->994 1104->1036 1105->1036 1106->989 1107->989 1108->1048 1109->1048
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$4'^q$4'^q
                                                • API String ID: 0-1196845430
                                                • Opcode ID: e75e42204cda8e8f1534fd5625fbc939a3bf319525ede48e884bd7ad75af21c9
                                                • Instruction ID: f2ee53ab0e31b5ea0664d836cb85bf84c41af32e9d4d51dc7b7415de37ff275e
                                                • Opcode Fuzzy Hash: e75e42204cda8e8f1534fd5625fbc939a3bf319525ede48e884bd7ad75af21c9
                                                • Instruction Fuzzy Hash: E2F19A34A10218DFCB08DFA4D998E9DB7B2FF88300F158559E906AB3A5DB71ED42CB51
                                                Function 05C266E0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1110 5c266e0-5c266f0 1111 5c266f6-5c266fa 1110->1111 1112 5c26809-5c2682e 1110->1112 1113 5c26700-5c26709 1111->1113 1114 5c26835-5c2685a 1111->1114 1112->1114 1116 5c26861-5c26897 1113->1116 1117 5c2670f-5c26736 1113->1117 1114->1116 1134 5c2689e-5c268f4 1116->1134 1127 5c267fe-5c26808 1117->1127 1128 5c2673c-5c2673e 1117->1128 1130 5c26740-5c26743 1128->1130 1131 5c2675f-5c26761 1128->1131 1133 5c26749-5c26753 1130->1133 1130->1134 1132 5c26764-5c26768 1131->1132 1135 5c2676a-5c26779 1132->1135 1136 5c267c9-5c267d5 1132->1136 1133->1134 1138 5c26759-5c2675d 1133->1138 1148 5c268f6-5c2690a 1134->1148 1149 5c26918-5c2692f 1134->1149 1135->1134 1144 5c2677f-5c267c6 1135->1144 1136->1134 1139 5c267db-5c267f8 1136->1139 1138->1131 1138->1132 1139->1127 1139->1128 1144->1136 1224 5c2690d call 5c26c70 1148->1224 1225 5c2690d call 5c26df8 1148->1225 1226 5c2690d call 5c26f58 1148->1226 1227 5c2690d call 5c26c5f 1148->1227 1158 5c26a20-5c26a30 1149->1158 1159 5c26935-5c26a1b call 5c21b08 call 5c21510 * 2 call 5c21b48 call 5c25718 call 5c21510 call 5c248b0 call 5c223b0 1149->1159 1154 5c26913 1156 5c26b43-5c26b4e 1154->1156 1168 5c26b50-5c26b60 1156->1168 1169 5c26b7d-5c26b9e call 5c21c58 1156->1169 1166 5c26a36-5c26b10 call 5c21b08 * 2 call 5c222c0 call 5c21510 * 2 call 5c217c0 call 5c21c58 call 5c21510 1158->1166 1167 5c26b1e-5c26b3a call 5c21510 1158->1167 1159->1158 1221 5c26b12 1166->1221 1222 5c26b1b 1166->1222 1167->1156 1180 5c26b62-5c26b68 1168->1180 1181 5c26b70-5c26b78 call 5c223b0 1168->1181 1180->1181 1181->1169 1221->1222 1222->1167 1224->1154 1225->1154 1226->1154 1227->1154
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$(bq$Hbq
                                                • API String ID: 0-2835675688
                                                • Opcode ID: cc6ed21fc9f264c89be649c85c0b685d0cedae4f040d6b7e1e0d0d0a5dd0d6ae
                                                • Instruction ID: 623335f0d5f27dc318d9144d25b380da175f8dcd009de5e3f4535ca58669bb57
                                                • Opcode Fuzzy Hash: cc6ed21fc9f264c89be649c85c0b685d0cedae4f040d6b7e1e0d0d0a5dd0d6ae
                                                • Instruction Fuzzy Hash: BBE11234A00219DFCB04DF64D59499DBBB2FF89310F148969E406AB365DF30ED86CB91
                                                Function 02FA1DB8 Relevance: 3.1, Strings: 2, Instructions: 615COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2426846139.0000000002FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_2fa0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$4'^q
                                                • API String ID: 0-2697143702
                                                • Opcode ID: 0536a114958eaa25256d12e9aee549b0914cef54c0b55afdc61386f4929fa690
                                                • Instruction ID: 9dd776bd18bd8f305f0b82e45dac4559326c98830fcf5d1c6368c15e52f6125d
                                                • Opcode Fuzzy Hash: 0536a114958eaa25256d12e9aee549b0914cef54c0b55afdc61386f4929fa690
                                                • Instruction Fuzzy Hash: 5B5217B4F05219CFDB14DB94D5A8AAEBBB2FF49344F108019EA126B3A4CB34AD45CF51
                                                Function 02FA2970 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1641 2fa2970-2fa2998 1642 2fa299a 1641->1642 1643 2fa299f-2fa29c8 1641->1643 1642->1643 1644 2fa29ca-2fa29d3 1643->1644 1645 2fa29e9 1643->1645 1647 2fa29da-2fa29dd 1644->1647 1648 2fa29d5-2fa29d8 1644->1648 1646 2fa29ec-2fa29f0 1645->1646 1650 2fa2da7-2fa2dbe 1646->1650 1649 2fa29e7 1647->1649 1648->1649 1649->1646 1652 2fa2dc4-2fa2dc8 1650->1652 1653 2fa29f5-2fa29f9 1650->1653 1654 2fa2dca-2fa2dfa 1652->1654 1655 2fa2dfd-2fa2e01 1652->1655 1656 2fa29fb-2fa2a58 1653->1656 1657 2fa29fe-2fa2a02 1653->1657 1654->1655 1661 2fa2e22 1655->1661 1662 2fa2e03-2fa2e0c 1655->1662 1664 2fa2a5a-2fa2acb 1656->1664 1665 2fa2a5d-2fa2a61 1656->1665 1659 2fa2a2b-2fa2a2e 1657->1659 1660 2fa2a04-2fa2a11 1657->1660 1766 2fa2a30 call 5c2b0d8 1659->1766 1767 2fa2a30 call 5c2b0e8 1659->1767 1684 2fa2a1a-2fa2a28 1660->1684 1668 2fa2e25-2fa2e2b 1661->1668 1666 2fa2e0e-2fa2e11 1662->1666 1667 2fa2e13-2fa2e16 1662->1667 1676 2fa2acd-2fa2b2a 1664->1676 1677 2fa2ad0-2fa2ad4 1664->1677 1671 2fa2a8a-2fa2ab1 1665->1671 1672 2fa2a63-2fa2a87 1665->1672 1674 2fa2e20 1666->1674 1667->1674 1669 2fa2a36-2fa2a4f 1669->1650 1696 2fa2ab3-2fa2ab9 1671->1696 1697 2fa2ac1-2fa2ac2 1671->1697 1672->1671 1674->1668 1685 2fa2b2f-2fa2b33 1676->1685 1686 2fa2b2c-2fa2b88 1676->1686 1681 2fa2afd-2fa2b21 1677->1681 1682 2fa2ad6-2fa2afa 1677->1682 1681->1650 1682->1681 1684->1659 1691 2fa2b5c-2fa2b7f 1685->1691 1692 2fa2b35-2fa2b59 1685->1692 1698 2fa2b8a-2fa2bec 1686->1698 1699 2fa2b8d-2fa2b91 1686->1699 1691->1650 1692->1691 1696->1697 1697->1650 1708 2fa2bee-2fa2c50 1698->1708 1709 2fa2bf1-2fa2bf5 1698->1709 1703 2fa2bba-2fa2bd2 1699->1703 1704 2fa2b93-2fa2bb7 1699->1704 1718 2fa2be2-2fa2be3 1703->1718 1719 2fa2bd4-2fa2bda 1703->1719 1704->1703 1720 2fa2c52-2fa2cb4 1708->1720 1721 2fa2c55-2fa2c59 1708->1721 1713 2fa2c1e-2fa2c36 1709->1713 1714 2fa2bf7-2fa2c1b 1709->1714 1729 2fa2c38-2fa2c3e 1713->1729 1730 2fa2c46-2fa2c47 1713->1730 1714->1713 1718->1650 1719->1718 1731 2fa2cb9-2fa2cbd 1720->1731 1732 2fa2cb6-2fa2d18 1720->1732 1724 2fa2c5b-2fa2c7f 1721->1724 1725 2fa2c82-2fa2c9a 1721->1725 1724->1725 1740 2fa2caa-2fa2cab 1725->1740 1741 2fa2c9c-2fa2ca2 1725->1741 1729->1730 1730->1650 1735 2fa2cbf-2fa2ce3 1731->1735 1736 2fa2ce6-2fa2cfe 1731->1736 1742 2fa2d1a-2fa2d73 1732->1742 1743 2fa2d1d-2fa2d21 1732->1743 1735->1736 1751 2fa2d0e-2fa2d0f 1736->1751 1752 2fa2d00-2fa2d06 1736->1752 1740->1650 1741->1740 1753 2fa2d9c-2fa2d9f 1742->1753 1754 2fa2d75-2fa2d99 1742->1754 1746 2fa2d4a-2fa2d6d 1743->1746 1747 2fa2d23-2fa2d47 1743->1747 1746->1650 1747->1746 1751->1650 1752->1751 1753->1650 1754->1753 1766->1669 1767->1669
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2426846139.0000000002FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_2fa0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$4'^q
                                                • API String ID: 0-2697143702
                                                • Opcode ID: 13d76ccd1a363aad67ca7535a4d6f75b10d3793f6c13574986c43442f44cac13
                                                • Instruction ID: 57b0da68460a1c15dec57bdcd31e7bd29ed8d5d41be171c468feb9950ecaa7b1
                                                • Opcode Fuzzy Hash: 13d76ccd1a363aad67ca7535a4d6f75b10d3793f6c13574986c43442f44cac13
                                                • Instruction Fuzzy Hash: 24F1D874E01318DFDB28DFA5D498AACBBB2FF49355F20442AE916A73A0CB315985CF40
                                                Function 05C20C7F Relevance: 2.8, Strings: 2, Instructions: 282COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1768 5c20c7f-5c20c88 1769 5c20c8a-5c20ca3 1768->1769 1770 5c20cb8 1768->1770 1772 5c20cac-5c20cb7 1769->1772 1771 5c20cb9-5c20cbb 1770->1771 1773 5c20cd7-5c20cdb 1771->1773 1774 5c20cbd-5c20cc7 1771->1774 1772->1770 1775 5c20d05-5c20d1f 1772->1775 1778 5c20cff-5c20d03 1773->1778 1779 5c20cdd-5c20ce3 1773->1779 1776 5c20fe7-5c20ffc 1774->1776 1777 5c20ccd-5c20cd1 1774->1777 1790 5c20d21-5c20d27 1775->1790 1791 5c20d29-5c20d38 1775->1791 1785 5c20ffe 1776->1785 1777->1773 1780 5c20e55-5c20e58 1777->1780 1778->1771 1778->1775 1779->1776 1781 5c20ce9-5c20cf6 1779->1781 1780->1776 1782 5c20e5e-5c20ed6 1780->1782 1781->1778 1787 5c20cf8 1781->1787 1796 5c20edd-5c20f25 1782->1796 1785->1785 1787->1778 1793 5c20d3e-5c20d77 1790->1793 1791->1793 1791->1796 1807 5c20d87-5c20d9c 1793->1807 1808 5c20d79-5c20d80 1793->1808 1819 5c20f2c-5c20f62 1796->1819 1818 5c20da2-5c20dc3 1807->1818 1807->1819 1808->1807 1810 5c20d82-5c20d84 1808->1810 1810->1807 1824 5c20df4-5c20e04 1818->1824 1825 5c20dc5-5c20dd2 1818->1825 1837 5c20f69-5c20f8d 1819->1837 1831 5c20e06-5c20e26 1824->1831 1832 5c20e28 1824->1832 1829 5c20de2 1825->1829 1830 5c20dd4-5c20de0 1825->1830 1834 5c20de7-5c20dea 1829->1834 1830->1834 1835 5c20e2a-5c20e3f 1831->1835 1832->1835 1836 5c20df0 1834->1836 1834->1837 1839 5c20e41-5c20e45 1835->1839 1840 5c20e4b-5c20e52 1835->1840 1836->1824 1841 5c20f94-5c20fe0 1837->1841 1839->1840 1839->1841 1841->1776
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hbq$Hbq
                                                • API String ID: 0-4258043069
                                                • Opcode ID: 3bdeb429e6f554c2cce3de811ade8f74b32bf67d43e8170310a346869420001a
                                                • Instruction ID: b87f893194723ae49b83635f7d5967535074b9ec4e6806fa4699d1f0d6ba0082
                                                • Opcode Fuzzy Hash: 3bdeb429e6f554c2cce3de811ade8f74b32bf67d43e8170310a346869420001a
                                                • Instruction Fuzzy Hash: 5DB1AE347042559FCB04DF29C484AAD7BF2FF88314F15856AE81A9B3A5CB34ED46CB91
                                                Function 07ACE268 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2000 7ace268-7ace27a 2001 7ace36e-7ace393 2000->2001 2002 7ace280-7ace282 2000->2002 2004 7ace39a-7ace3be 2001->2004 2003 7ace288-7ace294 2002->2003 2002->2004 2008 7ace2a8-7ace2b8 2003->2008 2009 7ace296-7ace2a2 2003->2009 2016 7ace3c5-7ace3e9 2004->2016 2008->2016 2017 7ace2be-7ace2cc 2008->2017 2009->2008 2009->2016 2020 7ace3f0-7ace464 2016->2020 2017->2020 2021 7ace2d2-7ace2d9 call 7ace46b 2017->2021 2023 7ace2df-7ace328 2021->2023 2038 7ace32a-7ace343 2023->2038 2039 7ace34b-7ace36b call 7acc770 2023->2039 2038->2039
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: 87b9aa02ae50f143af7d8ce47b6fe749defb1bd1149bb14d5d7c313092bca02d
                                                • Instruction ID: 3f4578d20c21533663d1a582f0899bd0173b9954a8d402143a2f6fe1439d33b4
                                                • Opcode Fuzzy Hash: 87b9aa02ae50f143af7d8ce47b6fe749defb1bd1149bb14d5d7c313092bca02d
                                                • Instruction Fuzzy Hash: 185174347006019FCB19AF39C45492EBBA2EFC9250724866ED9168B3A1CF35ED06CBA1
                                                Function 07ACADA8 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2047 7acada8-7acadb7 2048 7acadbd-7acadc9 2047->2048 2049 7acaed0-7acaef5 2047->2049 2052 7acaefc-7acaf32 2048->2052 2053 7acadcf-7acadd7 2048->2053 2049->2052 2069 7acaf38-7acaf4d 2052->2069 2059 7acade2-7acade6 2053->2059 2060 7acade8-7acadf7 2059->2060 2061 7acadf9-7acae10 2059->2061 2060->2061 2067 7acae1a-7acae1c 2061->2067 2068 7acae12 2061->2068 2072 7acae23-7acae30 2067->2072 2070 7acae1e 2068->2070 2071 7acae14-7acae18 2068->2071 2069->2069 2070->2072 2071->2067 2071->2070 2073 7acae38-7acae3b 2072->2073 2074 7acae32-7acae36 2072->2074 2075 7acae3e-7acae46 2073->2075 2074->2075 2076 7acae48-7acae50 2075->2076 2077 7acae52 2075->2077 2078 7acae56-7acaeb5 2076->2078 2077->2078 2081 7acaec9-7acaecd 2078->2081 2082 7acaeb7-7acaec1 2078->2082 2082->2081
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: 19c1d07d18447a2b36bfa85c8f2cb072615d9e9943ef976da85af15dc377759a
                                                • Instruction ID: 987bf7cfae2f6506a7a0dfcddd832d46018170d6af295df9c879be8053a88fcf
                                                • Opcode Fuzzy Hash: 19c1d07d18447a2b36bfa85c8f2cb072615d9e9943ef976da85af15dc377759a
                                                • Instruction Fuzzy Hash: 6F41CF71200B559FD724DF3AC44036ABBE2EF84310F24CA2ED1668B7A5DB74D8458BA1
                                                Function 05C212E0 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2084 5c212e0-5c21354 2088 5c214d2-5c2153e 2084->2088 2089 5c2135a-5c2136c 2084->2089 2101 5c21544-5c2154d 2088->2101 2102 5c2178d-5c21794 2088->2102 2092 5c2136e-5c213ba 2089->2092 2093 5c213bc-5c21405 2089->2093 2121 5c21408-5c2141c 2092->2121 2093->2121 2105 5c215c3-5c215dc 2101->2105 2106 5c2154f-5c21553 2101->2106 2119 5c215e2 2105->2119 2120 5c21709-5c21719 2105->2120 2108 5c21555-5c2156a 2106->2108 2109 5c2156c-5c21578 2106->2109 2112 5c21581-5c215be 2108->2112 2109->2112 2112->2102 2122 5c21631-5c21674 2119->2122 2123 5c216c1-5c21704 2119->2123 2124 5c215e9-5c2162c 2119->2124 2125 5c21679-5c216bc 2119->2125 2129 5c21732-5c2173e 2120->2129 2130 5c2171b-5c21730 2120->2130 2128 5c21427-5c21448 2121->2128 2122->2102 2123->2102 2124->2102 2125->2102 2139 5c21452-5c2145c 2128->2139 2140 5c2144a-5c21450 2128->2140 2134 5c21747-5c21788 2129->2134 2130->2134 2134->2102 2141 5c2145f-5c214a2 2139->2141 2140->2141 2148 5c214a4-5c214c0 2141->2148 2149 5c214c8-5c214cf 2141->2149 2148->2149
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q$pbq
                                                • API String ID: 0-3872760177
                                                • Opcode ID: e30c0ef83d7267916db572dde5a6b242c230fbb0178d116a3cf9e6d84975b4e2
                                                • Instruction ID: 81b66a98fd0161ab08cc5c760f4199024dc35c8692c97dcbbe968f1318001c7f
                                                • Opcode Fuzzy Hash: e30c0ef83d7267916db572dde5a6b242c230fbb0178d116a3cf9e6d84975b4e2
                                                • Instruction Fuzzy Hash: C441C131A003459FC715DF78C9906AFBBF2FF89300F148969C4499B369DB35A94ACBA1
                                                Function 05704CF8 Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2152 5704cf8-5704d29 2153 5704d30-5704d5f 2152->2153 2154 5704d2b 2152->2154 2156 5704d61-5704d73 2153->2156 2154->2153 2158 5704d75 2156->2158 2159 5704d7c-5704d7d 2156->2159 2158->2159 2160 5704d96-5704dca 2158->2160 2161 5704d7f-5704d86 2158->2161 2159->2160 2166 5704dd0-5704dd9 2160->2166 2162 5706130-5706137 2161->2162 2163 5704d8c-5704d94 2161->2163 2163->2156 2167 5704de2-5705cef 2166->2167 2168 5704ddb-5704df5 2166->2168 2179 5705cf2 call 5c69b71 2167->2179 2180 5705cf2 call 5c69b78 2167->2180 2177 5704dfb call 5707cf0 2168->2177 2178 5704dfb call 5707ce0 2168->2178 2172 5704e01-5704e22 2172->2166 2173 5705cf4-5705d01 2174 5705d07-5705d12 2173->2174 2175 5705e6f-5705ea5 2173->2175 2174->2166 2175->2166 2176 5705eab-5705eb6 2175->2176 2176->2166 2177->2172 2178->2172 2179->2173 2180->2173
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -$=
                                                • API String ID: 0-1716822294
                                                • Opcode ID: 3a3c208fc30cc41b99f8d36388db6759a9003b731a6367f3ca46cbd10b4ad12f
                                                • Instruction ID: e3a91cf202b4ad8b6fc1de54687f05e97bb385c71533cb2e7d616d223be79be7
                                                • Opcode Fuzzy Hash: 3a3c208fc30cc41b99f8d36388db6759a9003b731a6367f3ca46cbd10b4ad12f
                                                • Instruction Fuzzy Hash: E2410570D05228DFDB64CF5AD844BEDBBFAAB89300F10D1AAD50DA7290CB314A86DF00
                                                Function 05C2792F Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq$Hbq
                                                • API String ID: 0-4081012451
                                                • Opcode ID: 2b8adcf1c5bf71de9df457c2502401205ba2a8644656731c6b8c09ca2f5c77f0
                                                • Instruction ID: fdc0759e5b709fd809a92cd13f9b7066b3a97af62ef8384676c0c0b99d4bcf00
                                                • Opcode Fuzzy Hash: 2b8adcf1c5bf71de9df457c2502401205ba2a8644656731c6b8c09ca2f5c77f0
                                                • Instruction Fuzzy Hash: 863105317092945FC706DB79D8919AE7FE2EFCA20071845AAE405CF3A2DE319D06C7A2
                                                Function 05705252 Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,$8
                                                • API String ID: 0-402407342
                                                • Opcode ID: 224cd167f86717261bb49ba2a0a6eff1cbecb7b1b712191cd82b58e676daef47
                                                • Instruction ID: 1faea84ac63098d120b030682a1c7f3a1db7408ff05d6370f13acdf3aed35a61
                                                • Opcode Fuzzy Hash: 224cd167f86717261bb49ba2a0a6eff1cbecb7b1b712191cd82b58e676daef47
                                                • Instruction Fuzzy Hash: 85119D74901268DFEB65CF59D894BECBBF6FB08304F109495E609A6280CB755E81EF00
                                                Function 05C22BE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,bq
                                                • API String ID: 0-2474004448
                                                • Opcode ID: eed3953768ad809499a1a5d61802e2ec3b5ca1a14bd1d970163e6e6f0f49c7bd
                                                • Instruction ID: 207b71010dc02104188108603e66378b2e64ea58595cee125d374f9d9ed19c9f
                                                • Opcode Fuzzy Hash: eed3953768ad809499a1a5d61802e2ec3b5ca1a14bd1d970163e6e6f0f49c7bd
                                                • Instruction Fuzzy Hash: 03521A75A002289FDB68CF69C941BEDBBF2BF88700F1545D9E609A7351DA309E81CF61
                                                Function 07C3DC48 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07C3DCEC
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479845479.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7c30000_shellhost.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 90298ba63f488157414abae2d56f9cdd035f03f740d09552fee1559e3b18c0b9
                                                • Instruction ID: 7bd943bc4c81f2fa49d7024c782187d8103db9cbefe75860fab5e6d436486808
                                                • Opcode Fuzzy Hash: 90298ba63f488157414abae2d56f9cdd035f03f740d09552fee1559e3b18c0b9
                                                • Instruction Fuzzy Hash: E331A9B4D012589FCF10CFA9D980ADEFBB0FB49310F20942AE815B7214D735A945CF68
                                                Function 05C26C70 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: 67161b801d96e085992cea0654516efea72dabf5bedd66c06ab1f4cbd49f077a
                                                • Instruction ID: f224b2325db943143c214cf12893387c4a48e8e270f0adb13d9a0ec5457165dd
                                                • Opcode Fuzzy Hash: 67161b801d96e085992cea0654516efea72dabf5bedd66c06ab1f4cbd49f077a
                                                • Instruction Fuzzy Hash: 28A1A2317042549FCB1A9B64D854E6A7BB3FF89300B1984A9E5068F3B2CF36EC42DB51
                                                Function 05C21CF0 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 9764d1abb6bf55b9f47170c76c046bf759f3f2f0a330304c5e4889dc95616a8e
                                                • Instruction ID: b6a3f5c741442e593e1cb9447470cd756bea4bbb18848a9ac4bff5484ae04a58
                                                • Opcode Fuzzy Hash: 9764d1abb6bf55b9f47170c76c046bf759f3f2f0a330304c5e4889dc95616a8e
                                                • Instruction Fuzzy Hash: 23A1B934B10218DFCB04DFA4D998E9DBBB2FF89300F158569E806AB365DB70AD46CB41
                                                Function 05C28BF8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: 8e94f405ef894e5dd11706a1abf41a168b05205c574598118637d3b493c1fe92
                                                • Instruction ID: 9d87c536f41f790833ca73a7c721f04ceec8636a8d14c69b57666d5a56d5eb65
                                                • Opcode Fuzzy Hash: 8e94f405ef894e5dd11706a1abf41a168b05205c574598118637d3b493c1fe92
                                                • Instruction Fuzzy Hash: E1717D34B10624DFCB04EF64D494AAEB7B2FF88700F508969D5069B3A4DF74AD46CB80
                                                Function 05C2A410 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: 73815a86cf7e45342caf1a4a76f60d93ed3dc158a4793faac2396c01e2dfb7bb
                                                • Instruction ID: e543bb76cc1a6c96f55479c5741809a9bed559abd334a08e479af4537219fb34
                                                • Opcode Fuzzy Hash: 73815a86cf7e45342caf1a4a76f60d93ed3dc158a4793faac2396c01e2dfb7bb
                                                • Instruction Fuzzy Hash: 1451CE30B047159FCB14DF69D8546AEBBF2FF89310F14896AE616D7390DB70A902CB91
                                                Function 07ACA398 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: pbq
                                                • API String ID: 0-3896149868
                                                • Opcode ID: 0b34b200d70024c1431f8d956f5fecf531c61577c3f01aa5ee6a33f654fac419
                                                • Instruction ID: 5120d1958af5ffa94a7e5bcf9068a441df2aca43bf4f76660b6079b83113b6be
                                                • Opcode Fuzzy Hash: 0b34b200d70024c1431f8d956f5fecf531c61577c3f01aa5ee6a33f654fac419
                                                • Instruction Fuzzy Hash: B6515C76640104EFCB499FA8C914D697BF7FF8C31471A8098E2099B376DA32DC62EB51
                                                Function 05C25D97 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 46bf6695754d730325d4e74388c30dc3b4c417408161459caac427bca8e498e0
                                                • Instruction ID: 5df0dc36975ff2c0929b8e50c4f43763dc0971562f5da564772ac3aff455afc8
                                                • Opcode Fuzzy Hash: 46bf6695754d730325d4e74388c30dc3b4c417408161459caac427bca8e498e0
                                                • Instruction Fuzzy Hash: 73515F34B106248FCB04AB68C498A6EB7B7AFC8710F14486ED506AB3A4DF749D46DB91
                                                Function 07ACB3B3 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (bq
                                                • API String ID: 0-149360118
                                                • Opcode ID: 8bd32dadd316f4012d50477a4318b082aded41df9fc90f4c93f53d58ab20eba6
                                                • Instruction ID: 6a7dcd468d554da2a166803d0d58210d269796cecc6ffcdcf1af50253b2f36d2
                                                • Opcode Fuzzy Hash: 8bd32dadd316f4012d50477a4318b082aded41df9fc90f4c93f53d58ab20eba6
                                                • Instruction Fuzzy Hash: 1D41A9B0A00616DFCB10DF58C585A6AFBB5FF89320F158699D629AB381D731E851CBE0
                                                Function 05C257A0 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: a5d86edba22415b297a26383d0a5e6831ade15f92b41ba6612bff3f5d9ab24f2
                                                • Instruction ID: e9dfa83617193c0a4ae31b27afdd8d295ded0aebf2c6e3170b874e3fe5731dea
                                                • Opcode Fuzzy Hash: a5d86edba22415b297a26383d0a5e6831ade15f92b41ba6612bff3f5d9ab24f2
                                                • Instruction Fuzzy Hash: B7415F317806149FD308DB29C598B6B7BE6AF89710F1049A8E506CF3A5DE75EC42C790
                                                Function 05C257B0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: e010f54a37eb43ad424d5a625d5b215d6ec746b757e7cf856580fe50cfa4a87d
                                                • Instruction ID: 660215afebca695533cb1649da427f882f724253397cd16168c3d804550aedc2
                                                • Opcode Fuzzy Hash: e010f54a37eb43ad424d5a625d5b215d6ec746b757e7cf856580fe50cfa4a87d
                                                • Instruction Fuzzy Hash: B2313F357806149FD308DB29C598B2B77EAAB88754F204968E60A8F3A5DE75EC42C790
                                                Function 05C22101 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 502ef01bbbf540f842c009804d5b78613795ed45fdf10cf4eb88e12b7149e589
                                                • Instruction ID: 3d0aa4b25271a7b0c0294f74fdac0ef84967a8035de13d6562d7b4a9f40f92e2
                                                • Opcode Fuzzy Hash: 502ef01bbbf540f842c009804d5b78613795ed45fdf10cf4eb88e12b7149e589
                                                • Instruction Fuzzy Hash: A541B378A40218CFD718DF64D998E9EB7B2FF48304F2045A8E9069B3A5CB75ED42CB40
                                                Function 07C3EE10 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 07C3EEAF
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479845479.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7c30000_shellhost.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: fa80df3c543cd1e9e009e096036adf474a212f427329cef9c27b9f9956e2b6b7
                                                • Instruction ID: 6b0fa49482a62594f3d1dd752a2747586ea30a3240b17ab6636b55fd72568e3a
                                                • Opcode Fuzzy Hash: fa80df3c543cd1e9e009e096036adf474a212f427329cef9c27b9f9956e2b6b7
                                                • Instruction Fuzzy Hash: 1F3196B9D052589FCF10CFA9D980ADEFBB1AB49320F24942AE815B7210D735A945CF98
                                                Function 05C21171 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'^q
                                                • API String ID: 0-1614139903
                                                • Opcode ID: 7ea10d1c46c1256b8d6d454578dc04c74a80e7b86bb74d8caba1147c600e21d8
                                                • Instruction ID: b5664a1ff0cd2cf318c42c89fa1e57a1b19bb4a7ad6a088b32d96b4dbd6f53c8
                                                • Opcode Fuzzy Hash: 7ea10d1c46c1256b8d6d454578dc04c74a80e7b86bb74d8caba1147c600e21d8
                                                • Instruction Fuzzy Hash: 2B317331B40214DFCF198F64D994D9ABBB2FF8C350B1544A9EA059B365CB32DC52CB50
                                                Function 07ACEF80 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<^q
                                                • API String ID: 0-1680888324
                                                • Opcode ID: 7de49fb240dd6f4cb38cfa1e2a66d3704c993d0503c75f43d43399484064f186
                                                • Instruction ID: 6ad91ba5113ed6e53a60af393b4c5932007f6798d91a60b343027f240d313347
                                                • Opcode Fuzzy Hash: 7de49fb240dd6f4cb38cfa1e2a66d3704c993d0503c75f43d43399484064f186
                                                • Instruction Fuzzy Hash: CA2180B1304155AFCB06CF2AC844AAA7BEAEF89200F054099FC14CB3A1DA35DC51CB70
                                                Function 07E3218F Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: T
                                                • API String ID: 0-3187964512
                                                • Opcode ID: 5274ec7bf2c2f72773c9994fc197605ca9de52cc5eee52ce9c9702deeef59e2e
                                                • Instruction ID: c10c7c295a13ce1e6856e6075ad2a095e6443010af55804cc0123cff1c66401d
                                                • Opcode Fuzzy Hash: 5274ec7bf2c2f72773c9994fc197605ca9de52cc5eee52ce9c9702deeef59e2e
                                                • Instruction Fuzzy Hash: 71317E78A052288FDB64DF28C894AD9B7F6FB49304F1481D9E849A7355DB349E81CF50
                                                Function 05705A00 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 1
                                                • API String ID: 0-2212294583
                                                • Opcode ID: 6cc2745f8eb897b74721dda023242456ab4394a3a1f235bf34cbc44c351e094d
                                                • Instruction ID: 74b5f1fdd28bc24909eb1bd1d598e9749264d6487b795ff940e72b36331864f1
                                                • Opcode Fuzzy Hash: 6cc2745f8eb897b74721dda023242456ab4394a3a1f235bf34cbc44c351e094d
                                                • Instruction Fuzzy Hash: 4731BB74904228DFEB61CF68D844BD9BBF6BB48304F5084D9D609A7280CB755EC6DF00
                                                Function 07E32144 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: T
                                                • API String ID: 0-3187964512
                                                • Opcode ID: 2106fafd53c21bf8c4836eb3062792541223da80e20b394f6448187fdf837144
                                                • Instruction ID: 30440f78aa6daa460f66542f59fe655a9118eda6b13b1fa4e0684b9136e1127c
                                                • Opcode Fuzzy Hash: 2106fafd53c21bf8c4836eb3062792541223da80e20b394f6448187fdf837144
                                                • Instruction Fuzzy Hash: F521D278A09268CFCB65CB24C8949D9BBF2FB09304F1480D9D948A7359CB349F85CFA0
                                                Function 057056FE Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 10cbc5e6bd9f76b5025da758f7184c3b400b24d7395a066677c89d3ae805bc53
                                                • Instruction ID: 7989f44873f0bc6de469deacd99c6fbc387e0b8ae1c6750fb5307a251de80bfc
                                                • Opcode Fuzzy Hash: 10cbc5e6bd9f76b5025da758f7184c3b400b24d7395a066677c89d3ae805bc53
                                                • Instruction Fuzzy Hash: C7116D74911268DFDB64DF65D994B9CBBF6EB48304F2085D9E609A7240CB315E81DF04
                                                Function 057055FD Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ;
                                                • API String ID: 0-1661535913
                                                • Opcode ID: b75935eac36085e9c61b5265965afffcd2b623ebd9c35ded6f601ef68a30541d
                                                • Instruction ID: e845f025514b102de52ecf7d3444003649d776aaff7d2dddf8514400e2742741
                                                • Opcode Fuzzy Hash: b75935eac36085e9c61b5265965afffcd2b623ebd9c35ded6f601ef68a30541d
                                                • Instruction Fuzzy Hash: 2211DD74941228CFEB65CF25D884BD9BBF6FB09304F1094D6E609A2280C7769EC1DF00
                                                Function 05705308 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 9c32b219ea5be0120cae4ebf17058f3d996b0abb58860239453bac848a5a4b4c
                                                • Instruction ID: 7fae23946b55ec64123d23312b2d5063cd1e4de15cd46a94f2b8664dce78b453
                                                • Opcode Fuzzy Hash: 9c32b219ea5be0120cae4ebf17058f3d996b0abb58860239453bac848a5a4b4c
                                                • Instruction Fuzzy Hash: FF119D74901268DFEB64CF55D994BECBBF6FB08304F1094D5E609A6280C7755E81EF00
                                                Function 07AC7044 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Te^q
                                                • API String ID: 0-671973202
                                                • Opcode ID: 1c9a707d28a6b9c03fea6e0d921140ead91414ca962bc8f7010ecae147ba9442
                                                • Instruction ID: f1990de413cfa42b86ad799e11450081925bd24eb4951eec5232fc148c7b2c63
                                                • Opcode Fuzzy Hash: 1c9a707d28a6b9c03fea6e0d921140ead91414ca962bc8f7010ecae147ba9442
                                                • Instruction Fuzzy Hash: 8F01D2B4A00219DFDB50DFA9D884B9DBBB5FB49314F1041AAE509A7344CB345D84CF91
                                                Function 0570547A Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: >
                                                • API String ID: 0-325317158
                                                • Opcode ID: 8553188d574ea4701f6096fe49e95ea28a9fec139d8d972834fcde6f09ca4150
                                                • Instruction ID: 95040608c9364193f136e80c3955813c5725758d659c92188addfa9e7bebc176
                                                • Opcode Fuzzy Hash: 8553188d574ea4701f6096fe49e95ea28a9fec139d8d972834fcde6f09ca4150
                                                • Instruction Fuzzy Hash: 2CF0E774900229CFCBA4CF10C880BEDB7F6BB48314F1094DA8509A7280DB315EC6CF05
                                                Function 05704DE9 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: b4f4d7e827356a410459f01f05df5bdb1a07046c87ad7b9521f9b18c77923a99
                                                • Instruction ID: 7c9c092c61b22b8c7b6ce82f4e56972f85d979000a4dce5b4071a8dcf06a2539
                                                • Opcode Fuzzy Hash: b4f4d7e827356a410459f01f05df5bdb1a07046c87ad7b9521f9b18c77923a99
                                                • Instruction Fuzzy Hash: 42E0E538915168CFDF20CF62D844BDDBBF5EB06305F1094D6D109A2280C7358A86DF01
                                                Function 05705269 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: /
                                                • API String ID: 0-2043925204
                                                • Opcode ID: d028f3386b4e58222666a0f4e839cd5c441c738bbe0cb44e53ae02f855fe10b2
                                                • Instruction ID: 1f474e2cb46f3a32bdcf2e2999613e395545453cf1abef4a171792bbfe92199b
                                                • Opcode Fuzzy Hash: d028f3386b4e58222666a0f4e839cd5c441c738bbe0cb44e53ae02f855fe10b2
                                                • Instruction Fuzzy Hash: 5AE0EC74D15129CEEF24DF24C948BADB7F6BB45308F0065D9851D63280C7700A86CF40
                                                Function 057059BF Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: e0771c396a3b0896702380bc18a11c652bfbf2d612165593f4953bbcb9122359
                                                • Instruction ID: dc84193a77b84f9ad9ce252f43bdcd78024b8b7a95c325598617e981dd4c2ec0
                                                • Opcode Fuzzy Hash: e0771c396a3b0896702380bc18a11c652bfbf2d612165593f4953bbcb9122359
                                                • Instruction Fuzzy Hash: 6DE0BD78904228CFCF25DF61D908BD8BBF6BB08344F0085D6860962290C3B84B85DF04
                                                Function 05C25FE8 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f75120e69a5f3383b5e2a5c0876d63d48474e2c25191feaf6864b987790cdbe
                                                • Instruction ID: 1461d5d2bc3a0097bdf61a30997c85a361e931b15acbca13d06fc4e161ac2ed4
                                                • Opcode Fuzzy Hash: 8f75120e69a5f3383b5e2a5c0876d63d48474e2c25191feaf6864b987790cdbe
                                                • Instruction Fuzzy Hash: FF12EA34B002298FCB14EF64C994A9DB7B2BF89300F5589A8D54AAB365DF70ED85CF50
                                                Function 07ACBAC8 Relevance: .2, Instructions: 247COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d9dd9dc4d99328d1a6af2266e71be5bf1de37571db587902d84364ada45cda5
                                                • Instruction ID: 23fce02bf94ae7b4427ca64ca9b6246172bbc26b9ba7b9148dc79e2286a94f14
                                                • Opcode Fuzzy Hash: 5d9dd9dc4d99328d1a6af2266e71be5bf1de37571db587902d84364ada45cda5
                                                • Instruction Fuzzy Hash: E6916EB5B02209AFCB05CFA5D595AADBBB2FF88311F24806AE511D7394CB36DD41CB60
                                                Function 05C25FD9 Relevance: .2, Instructions: 235COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17bc413514481a521ea0264d2a827fef604bad8389cfa7ed1cf4baa6f9e2069d
                                                • Instruction ID: fcfdd644c8431d5c6c4b6c8598b53a264d9b8bf80d332920cd74226b458f8884
                                                • Opcode Fuzzy Hash: 17bc413514481a521ea0264d2a827fef604bad8389cfa7ed1cf4baa6f9e2069d
                                                • Instruction Fuzzy Hash: B1A10C34B002288FCB14DF24C994B99BBB2BF89300F5489A8D54AAB365DF70ED85CF50
                                                Function 05C26F90 Relevance: .2, Instructions: 223COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60a21802af5396de07c3281706654965d7499bb3b1205993c5503d01649833ba
                                                • Instruction ID: 8d9b828fa1427dfd556ccca0167f2fb013060d57595233a66c98c9ab8c9a73f3
                                                • Opcode Fuzzy Hash: 60a21802af5396de07c3281706654965d7499bb3b1205993c5503d01649833ba
                                                • Instruction Fuzzy Hash: CE912934B10224DFCB08DF69D898AADB7F6FF89710F1444A9E5069B3A5CB31AD01CB90
                                                Function 057028FA Relevance: .2, Instructions: 182COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a468eece114724c327e4ad1d7c5ac7e79c0cfda8e3ee1df8df993045435ec82b
                                                • Instruction ID: 5010a5720e5867e4cbe74dfebb730d6806a4466698ce6030513909b9223fdd8c
                                                • Opcode Fuzzy Hash: a468eece114724c327e4ad1d7c5ac7e79c0cfda8e3ee1df8df993045435ec82b
                                                • Instruction Fuzzy Hash: 64910578A11218DFDB64DF68D894B9EBBB6FB48300F1085AAD909A7391CB345DC1DF40
                                                Function 05C2E588 Relevance: .2, Instructions: 181COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 750c0a0415f4ddbc6e1abfd587c1f787bfc192db5babbc57b93de415f38fb7fb
                                                • Instruction ID: f3866a1237fe6a3a923dad3692b1ec4f90d6a844a6baab217fea3baa6b23b667
                                                • Opcode Fuzzy Hash: 750c0a0415f4ddbc6e1abfd587c1f787bfc192db5babbc57b93de415f38fb7fb
                                                • Instruction Fuzzy Hash: B77133B4D04228CFDB14DFAAD884BEDBBBAFB49300F10942AD409B7285DB745986CF40
                                                Function 057042B0 Relevance: .2, Instructions: 181COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15583be95aa2dd83740e3cacb07a9e0af19b26e355004430fc0ed29914da6368
                                                • Instruction ID: 321e2cfb92485efd9339874a1d2e32e4273491068af2294e8e14a5900874878b
                                                • Opcode Fuzzy Hash: 15583be95aa2dd83740e3cacb07a9e0af19b26e355004430fc0ed29914da6368
                                                • Instruction Fuzzy Hash: F881FE74A04218CFDB14CFA9C848BEEBBF6FB49300F10A1A9D509A7390CB785A85DF55
                                                Function 05C2E598 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06fdbf53c04718e6390194a7043c33640aa6374f9b8b0acf53e46e0a81f021ed
                                                • Instruction ID: 38ba99bd7dcf5b9e668835bd11102299d186bd7137338a6e2c11b37d50d98f41
                                                • Opcode Fuzzy Hash: 06fdbf53c04718e6390194a7043c33640aa6374f9b8b0acf53e46e0a81f021ed
                                                • Instruction Fuzzy Hash: 877111B4E05228CFDB14DFAAD884BEDBBBAFB48310F10942AD419B7295DB745985CF40
                                                Function 05C26F80 Relevance: .2, Instructions: 167COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56f717bdcfbe560b2b03e8bf6ee08a5abb0b65450fb9a8b872dda89273162bb1
                                                • Instruction ID: fe18ec234bd39420102d16bc24071ba7362767281d0af74fa165b404fa5fa9e7
                                                • Opcode Fuzzy Hash: 56f717bdcfbe560b2b03e8bf6ee08a5abb0b65450fb9a8b872dda89273162bb1
                                                • Instruction Fuzzy Hash: C3610934B101249FCB04DF68C898A6DB7B6FF88710F1485A9E9069B3A5CB70ED41CB90
                                                Function 07ACBD80 Relevance: .2, Instructions: 164COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4058a89f25d00e5975982b245deecb93507f2a2805281af008cabbeea4ac6d19
                                                • Instruction ID: fc1c72ea6793654f3d7391280838fbe5d01c62c475eb52319102d8cd27d096c9
                                                • Opcode Fuzzy Hash: 4058a89f25d00e5975982b245deecb93507f2a2805281af008cabbeea4ac6d19
                                                • Instruction Fuzzy Hash: 8851AFB5B01205EFCB15DB69D885A5ABBB6FF88710F14802EE525DB354CB32E841CBA0
                                                Function 07AC7C50 Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 852a4feb57108d0e2b30699ff5184bb71308f654400cc0e52eb49ee408e35da9
                                                • Instruction ID: 5e02cb524b58aabc3f5a005462726c2f15ee372520d900176f6a196fbba9b969
                                                • Opcode Fuzzy Hash: 852a4feb57108d0e2b30699ff5184bb71308f654400cc0e52eb49ee408e35da9
                                                • Instruction Fuzzy Hash: 2E41C3F691A245AFCB12CB68F9401E8BFB4AF46232F1541DFD4519B153C6340A99CF92
                                                Function 05C2B0E8 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df222887670bb12ccba1f0fbe2c61b721ea4aa082c7918a73159fbf9385bf51c
                                                • Instruction ID: 470dcf78161293d62a573186347155e3a96ab3ee75ee4736529026bc56fa46b0
                                                • Opcode Fuzzy Hash: df222887670bb12ccba1f0fbe2c61b721ea4aa082c7918a73159fbf9385bf51c
                                                • Instruction Fuzzy Hash: AE41F2307043258FCB24DB69D49052EBBE6EF853147288E6ED14AC7B42DA71FC42CBA4
                                                Function 05C218D0 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4131c61a0d55e91f1d723951d3e5338950b74e76e02c51ce626f73547c1bad8d
                                                • Instruction ID: c84138c05f642fdc9ed89fc44e185b967b3f449666a8851544348b4bc404c4d3
                                                • Opcode Fuzzy Hash: 4131c61a0d55e91f1d723951d3e5338950b74e76e02c51ce626f73547c1bad8d
                                                • Instruction Fuzzy Hash: 63517D34B00619DFCB14EF64E498AAEB7B6FF88701F10851AE902973A4DF749946CF91
                                                Function 05C29E88 Relevance: .1, Instructions: 131COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0812d1582851405576eeef2dbc0716edf38b25d0159aec7287f49fa0703bb87
                                                • Instruction ID: 314754dda6d0fd20af507e7d903f1f6dceb9f4ca250dbff112223f29711a609d
                                                • Opcode Fuzzy Hash: d0812d1582851405576eeef2dbc0716edf38b25d0159aec7287f49fa0703bb87
                                                • Instruction Fuzzy Hash: 5541DE31B047248FCB64DB78D54469EBBF2FF88610F04896ED19AC7A90DB30E981CB81
                                                Function 05C2A2B8 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f792bdbbc87808cb6456260d08d82c913e21d2db66c3360269b537742fa86cdf
                                                • Instruction ID: 262e4276b0be64a03a8d6b439fa7eb542e6f768bdd7a2d09f18643929b9aab91
                                                • Opcode Fuzzy Hash: f792bdbbc87808cb6456260d08d82c913e21d2db66c3360269b537742fa86cdf
                                                • Instruction Fuzzy Hash: 11518935A00B54DFCB21CF6AC948A6EBBF2BF88300B18895ED58697A51DB70F944CF51
                                                Function 07AC67D0 Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ea27bdd99a6cb25f7bdf551c31b53061008383a5e495e48f52360d813026078
                                                • Instruction ID: f66b2ab274c9eb47426ad247097546101b6f362e65cf85f60a4b814d8ecbf023
                                                • Opcode Fuzzy Hash: 7ea27bdd99a6cb25f7bdf551c31b53061008383a5e495e48f52360d813026078
                                                • Instruction Fuzzy Hash: 7C41CC74D042489FCB06DFB8D8946EDBFB2BF89210F04846BE415EB2A1EB344A45CF91
                                                Function 05C248B0 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c0a0a2d17102c76f5936d96198a8f969d3c65cf8150f6a1989f5b845b05ab08
                                                • Instruction ID: c709604250af94c85c0573e21a0528fbfaf00521b5683040176146ade6fb1c50
                                                • Opcode Fuzzy Hash: 6c0a0a2d17102c76f5936d96198a8f969d3c65cf8150f6a1989f5b845b05ab08
                                                • Instruction Fuzzy Hash: 65310836A00114DFCB09DF59D888EA9BBB6FF49320F1644A8E5099B372C731ED55DB80
                                                Function 07ACBF78 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88673db2f008f3ecbb08c08b1754d97612b690fffa5ed8e1c1dc8ef4592402f9
                                                • Instruction ID: 51aa87821896c79001f6db423f3d409cfb0433f5308dc8fe5694f3c34140510d
                                                • Opcode Fuzzy Hash: 88673db2f008f3ecbb08c08b1754d97612b690fffa5ed8e1c1dc8ef4592402f9
                                                • Instruction Fuzzy Hash: 8F41CCB1A00216DFDB04CFA5C8407AEBBB1FF88750F00802AD929E7261D735D945CBA1
                                                Function 07ACAD97 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee130e0cd8e67fa60a309cc08cace361fefe94cceb52ce0f108f0c88e3b9b004
                                                • Instruction ID: 7b4027ded95df1f141b17cb530de0f9f02da5818bbb59ececa02bd70e5b05035
                                                • Opcode Fuzzy Hash: ee130e0cd8e67fa60a309cc08cace361fefe94cceb52ce0f108f0c88e3b9b004
                                                • Instruction Fuzzy Hash: 4431B1B1101B16DFD325CF2AC480766BBF2AF84310F04CA2DD1A6876A1D774D448CB90
                                                Function 07AC6B40 Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d5e5e121254430b90fdf6166be35cfd7f0d6b49000e27d2ef736e3b077a41a0
                                                • Instruction ID: a95046a7581ae63f5d0e09b5f6ab6ec72690f1da1c01dfe894746eb33a85ed78
                                                • Opcode Fuzzy Hash: 7d5e5e121254430b90fdf6166be35cfd7f0d6b49000e27d2ef736e3b077a41a0
                                                • Instruction Fuzzy Hash: DA4101B4E55209EFDB04CF99D944BEEBBF6FF89300F208029E419A7280C7745A85CB90
                                                Function 05C27299 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e2c25156e828b5293cea1341ded240457a5ca7f9bf4ef57e3ea6ad95da7ff622
                                                • Instruction ID: e9da362cba99cb2e5b9f1cf005e045f88553dc7c0713926bab4771d4774af79d
                                                • Opcode Fuzzy Hash: e2c25156e828b5293cea1341ded240457a5ca7f9bf4ef57e3ea6ad95da7ff622
                                                • Instruction Fuzzy Hash: 4D310B35A00118DFDB14DFA4D895AEEB7B1FF88310F148469E906B7364CA359D05CBA1
                                                Function 07AC746C Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1db16901a9c3fa31ff59f7a22dc6830c0bec3b6b6e6bd0dee0f09ad6dda74c06
                                                • Instruction ID: 3e75a1522afdcd4430df51ae17deffbc30e9f865dd1e431ba5df4a5c5cacd368
                                                • Opcode Fuzzy Hash: 1db16901a9c3fa31ff59f7a22dc6830c0bec3b6b6e6bd0dee0f09ad6dda74c06
                                                • Instruction Fuzzy Hash: 444105B4E04219DFEB24CF6AD844BAEBBB6FB8A310F20816DD529A7351D7745881CF40
                                                Function 07AC6848 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 818dd9f8cb708e0f3353adeb79d193a623ef72bd55e68ecb40e63e860a514d95
                                                • Instruction ID: 413aee327299d5ebf94a8ae5cfaf761ad5778d4e1b169876cf008251d74d8953
                                                • Opcode Fuzzy Hash: 818dd9f8cb708e0f3353adeb79d193a623ef72bd55e68ecb40e63e860a514d95
                                                • Instruction Fuzzy Hash: C141BB74E042489FCB05DFA8D8546EDBFB2FF89300F14802AE415AB361EB305A45CF91
                                                Function 07AC7E40 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c6ba745533ac26fb44bc1314725eaeb3c695533d2e462574a5ab688d4563f72
                                                • Instruction ID: 9339d6eb1aa9b58b594729684599eef7ae86e1a0b49340c66a7b905f16e7419c
                                                • Opcode Fuzzy Hash: 5c6ba745533ac26fb44bc1314725eaeb3c695533d2e462574a5ab688d4563f72
                                                • Instruction Fuzzy Hash: EB31F3B5E14209DBDB04DFAAD8446EEBBFAFB89300F10C469D925A7354DB3499818F90
                                                Function 05C22670 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47911ae30ffc289b456004f3ffa4b7c4af42d1fa062a63763571a652dff40e74
                                                • Instruction ID: 992ecc5d12d685b96d49b6297a65e80dfdb1dddc9bda3a157040cf17ec5b450b
                                                • Opcode Fuzzy Hash: 47911ae30ffc289b456004f3ffa4b7c4af42d1fa062a63763571a652dff40e74
                                                • Instruction Fuzzy Hash: 1221D6363092608FC724CB69F584A66BBE5FF81325719C8BAE14EC7152DB31EC42C751
                                                Function 05C28060 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 919c582b65fe22060092f50afbd6fe8614c11c47d39ab2739cabf7258075b712
                                                • Instruction ID: 9121943632a02fb7b57a8620b16f582769b29c1f7ad0a5b7e3281ec38bfeac4e
                                                • Opcode Fuzzy Hash: 919c582b65fe22060092f50afbd6fe8614c11c47d39ab2739cabf7258075b712
                                                • Instruction Fuzzy Hash: 19218374F10A19CFCB00EF68C5548AEB7B6FF89700B10456AD506A7364EF70AE46CB92
                                                Function 05C22618 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57e523fea011251c1f89a065f74122343d61bd715b81469a0cdc7c51e2b211b3
                                                • Instruction ID: b360fe19185a54680ccc555ddf2712f728e077703d2393b77101b1e8cbcc8467
                                                • Opcode Fuzzy Hash: 57e523fea011251c1f89a065f74122343d61bd715b81469a0cdc7c51e2b211b3
                                                • Instruction Fuzzy Hash: E521F3363083548FC724CB69E890A5A7BF9EF85250B1588BEE04ECB2A2DA31EC45C751
                                                Function 07ACBF67 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: feeadbaf5d9e1e8befd700410d5c677a4cdb50a613d00e8e1eae66ca057827d9
                                                • Instruction ID: ac0c4ed31c074ee2013d51e295e4ebd32c66c8e9380c2ed3729b51cb6df6e853
                                                • Opcode Fuzzy Hash: feeadbaf5d9e1e8befd700410d5c677a4cdb50a613d00e8e1eae66ca057827d9
                                                • Instruction Fuzzy Hash: CD218BB1A003169FDB14CFA5C8446AABBF1FF88254F00816AD91AE7321E7359905CBA1
                                                Function 05C248A1 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c4e0ff497c3a8d09cc95d113fd4655a573a7b13b4d906ee011a66b19ed1fa95
                                                • Instruction ID: 9ac5c2765cdd853da1ef6c84d5824874fe9a5dba006c5e407d50fdee85b17923
                                                • Opcode Fuzzy Hash: 2c4e0ff497c3a8d09cc95d113fd4655a573a7b13b4d906ee011a66b19ed1fa95
                                                • Instruction Fuzzy Hash: 79214C36A00154DFCB05CFA9E898EA9BFB6FF49320B0644A9E6059B372C731ED15DB50
                                                Function 07ACE000 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 00202b78d416413131adc1b9fd24d38aa4c5f8530e32a45ea608c491f946dbd1
                                                • Instruction ID: 3ea3d4e967a351fb715405ef4e97b700ae1fe1460d8fe804e69e790a91711214
                                                • Opcode Fuzzy Hash: 00202b78d416413131adc1b9fd24d38aa4c5f8530e32a45ea608c491f946dbd1
                                                • Instruction Fuzzy Hash: DC2160B1E5420AEFEB10DF74C5047AEBBF5AB45340F14806AD529D7290E735CA51CBD2
                                                Function 0145D01C Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2425813166.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_145d000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1cf2739503090ff2efd7e414ec32937836516d5e4da634aad0ee574f46562382
                                                • Instruction ID: 4fd337a4f85f8798432552a17e0a08bf68e321dd50be182ebae0d1036be2f0ca
                                                • Opcode Fuzzy Hash: 1cf2739503090ff2efd7e414ec32937836516d5e4da634aad0ee574f46562382
                                                • Instruction Fuzzy Hash: B62121B1904200DFCB51EF48D984B27BFA5EF84B28F20C56AED094B263C336C407C6A2
                                                Function 07ACDF40 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59d42b4ee59b6773189afcb82da0e67dc40a28dba427a2bf8cdddc9e6cf5a88f
                                                • Instruction ID: 4e7de87d079af55e557f7fffd1596bbb6c09d59445a7c0362a5ec5e9333d76e0
                                                • Opcode Fuzzy Hash: 59d42b4ee59b6773189afcb82da0e67dc40a28dba427a2bf8cdddc9e6cf5a88f
                                                • Instruction Fuzzy Hash: 0C112E1550E7C26FCB03073958391D5BFB4AE43119B1956DBD8C6CE4E3C1180A69D3A7
                                                Function 05C28050 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c8ceea77c73a1190f9ac17d32a7c2c2a3c574fc7c002d9d2f12cad8b28e828b
                                                • Instruction ID: aaaabe14ecd4e0f659c19aeaf02123baa5f7957ea31a911e6635af47339fc79b
                                                • Opcode Fuzzy Hash: 8c8ceea77c73a1190f9ac17d32a7c2c2a3c574fc7c002d9d2f12cad8b28e828b
                                                • Instruction Fuzzy Hash: BB216874F006198FCB11EF78C5549AEBBB1FF89300B10456AD505D7365EB745A06CBA1
                                                Function 05703010 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40fbbdfefb5c445269a4718975b0faf857aad727ca64d53e98657fe1b4c2e4a7
                                                • Instruction ID: 2123deb54b8b69dcf5d6ffc38a4efbac9557471bb48e4e6cdc70ca1b98822445
                                                • Opcode Fuzzy Hash: 40fbbdfefb5c445269a4718975b0faf857aad727ca64d53e98657fe1b4c2e4a7
                                                • Instruction Fuzzy Hash: 9C2155B4E05209CFCB04CFA8D854BEEBBF6FB89300F10986AD415A3291CB380A85DF51
                                                Function 07ACAB4D Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9ef2283e682f75dcc81426cd5071797c3f4645e5538a5d4927ec141a886475c
                                                • Instruction ID: 4e8b25f1b4751c56ace0231075f848fa687cd0ed6d33ec53076d77fd8ff71844
                                                • Opcode Fuzzy Hash: a9ef2283e682f75dcc81426cd5071797c3f4645e5538a5d4927ec141a886475c
                                                • Instruction Fuzzy Hash: 96214475A00209AFCB15CF99D4549DE7BB7EF8C320F14812AE511A7390DB759C81CFA0
                                                Function 07AC71AD Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 28236d0c39b31a5f178da176c081ad7755d969c335f22171083c336339808107
                                                • Instruction ID: a2ecba5b90f7feb8b3fae7a60aba018ad3f3e2f0e548fcb53e0b964c881991bf
                                                • Opcode Fuzzy Hash: 28236d0c39b31a5f178da176c081ad7755d969c335f22171083c336339808107
                                                • Instruction Fuzzy Hash: B23105B0A14219DFDB58DF69D890BADBBB6FB89310F1080AAE41AA7340CF345D84CF51
                                                Function 05703020 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ab3a4be8159c34ccc15f18e6470d547707861ac850641822d29d2c8a2ec2dd6
                                                • Instruction ID: 6aa4f185cde8d0e42a2446a70f4e56ea7e4191b021a40bfa40f5420301a80aea
                                                • Opcode Fuzzy Hash: 2ab3a4be8159c34ccc15f18e6470d547707861ac850641822d29d2c8a2ec2dd6
                                                • Instruction Fuzzy Hash: 0F214870E05209CFCB04DFA9D8547EEBBF6FB89300F109869D415A3285CB381A85DF90
                                                Function 07ACAB50 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4fd97f381734a4dfc162de9dac46aea5c69f939b9b943f03904e68e5a1f5a8c
                                                • Instruction ID: fffc6743af96985653a1117944511eee299961800a6e86e2edbd4c18c5e0b7f5
                                                • Opcode Fuzzy Hash: b4fd97f381734a4dfc162de9dac46aea5c69f939b9b943f03904e68e5a1f5a8c
                                                • Instruction Fuzzy Hash: BA214175A00209AFCB15CF99C4549EEBBB7EF8C320F14812AE911A7390DB759C81CFA0
                                                Function 0145D005 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2425813166.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_145d000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57ac32ddd0a5c98ff3a7df6ea7522af4b60151216d6d60dccf804c78f91b76cc
                                                • Instruction ID: 496f866b2dfcbffa08aa8d99874873b012d331d35c2622819289f585bbe2f30f
                                                • Opcode Fuzzy Hash: 57ac32ddd0a5c98ff3a7df6ea7522af4b60151216d6d60dccf804c78f91b76cc
                                                • Instruction Fuzzy Hash: 3221A1714083809FDB03DF14D984B16BF71EF86614F28C1EADC454B267C33A981ACB62
                                                Function 07ACC888 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 66b6823a074aea81e656a1f074d89c65dc67f6191e653ea49a09317cd1174a39
                                                • Instruction ID: 587f0af1841128349826f4c4ca81e4a5d90a65dc37957bb6821580603d158af9
                                                • Opcode Fuzzy Hash: 66b6823a074aea81e656a1f074d89c65dc67f6191e653ea49a09317cd1174a39
                                                • Instruction Fuzzy Hash: 49110BB6A04219AFCF05CB99D4445DEBFB6EF45630F0482AFD129E72D0DB315985CBA0
                                                Function 07ACA0D8 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9d15e5e3ad5eb4a96672370632460d9fb90bd7540a4a493d502e35638faf948
                                                • Instruction ID: 3d787e53dbded5111f3164e81766deb81002af64f082f8a36a5bd4b98fa27cc9
                                                • Opcode Fuzzy Hash: c9d15e5e3ad5eb4a96672370632460d9fb90bd7540a4a493d502e35638faf948
                                                • Instruction Fuzzy Hash: 562190706103059FCB54EB69E84576EBBF6EF88304F10853DD10AD7694DFB5990587A0
                                                Function 05C21000 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1d8206356f8f6f718eee3b4debd7cbb4b0880fdace0eae72a041cff6a4424c9
                                                • Instruction ID: 3000efaf7ce7b2584271117344d6ab0376f9a5e383c1983ab4e6e6377ef0a88a
                                                • Opcode Fuzzy Hash: f1d8206356f8f6f718eee3b4debd7cbb4b0880fdace0eae72a041cff6a4424c9
                                                • Instruction Fuzzy Hash: AB21FF709046A5EFCB01CF28C5848AAFBB1FF44300F06C9A9D4459B606C732F986CBC2
                                                Function 05C22308 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8827086a9a21d3485b3b27cd586225979534b02578919fb1134dc563a1bf4f0d
                                                • Instruction ID: 0dbf5a317db8f78364fd1449a2f06d5ed46c40bde22f4bcf81918dff14fffd56
                                                • Opcode Fuzzy Hash: 8827086a9a21d3485b3b27cd586225979534b02578919fb1134dc563a1bf4f0d
                                                • Instruction Fuzzy Hash: A9118B39B00215CFCB14DF69E584C6AB7FAFF8861071144A5E909DB322C731ED42CBA1
                                                Function 07ACB4F1 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 27a670f9695558bc75c4680655e345de33c87be70a8aaab3f64bdf41a50d26c6
                                                • Instruction ID: 1c812a0b1d39f662e10f285ea532e602b43de2042730ea6f4731bacfb6a92d14
                                                • Opcode Fuzzy Hash: 27a670f9695558bc75c4680655e345de33c87be70a8aaab3f64bdf41a50d26c6
                                                • Instruction Fuzzy Hash: 361194B57402159FDF10DF6994457EE7BF2AF88751F10412AEA16D7280E672CD028BB0
                                                Function 05C2A402 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5055f068d0196b7014fe421cb62185da45d6a189039faa98f76b48100ba5fb6b
                                                • Instruction ID: bcaf47578eefea787bb84b7d32a3a2915a5ed7b7133c73c743c34d9af9269e98
                                                • Opcode Fuzzy Hash: 5055f068d0196b7014fe421cb62185da45d6a189039faa98f76b48100ba5fb6b
                                                • Instruction Fuzzy Hash: A611E6349083159FC701DF78DC4458EBFF5EF59701F0044AAE245D7210D7749945CBA2
                                                Function 05706A47 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 81fcdaa312e560daba5b5becf5467684d8bc5b2a01e119d5c6391983e1ff2970
                                                • Instruction ID: 94eba57901727b82ada6d0e69d006ed22b9c298ea1ab8013a234caba659751eb
                                                • Opcode Fuzzy Hash: 81fcdaa312e560daba5b5becf5467684d8bc5b2a01e119d5c6391983e1ff2970
                                                • Instruction Fuzzy Hash: C521E2B4A44229CFDB25CF25CD41BE9B7F9BB48300F0491E9E509A7291DB70AA85DF20
                                                Function 05C222F8 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3302e8dd9a8b49af2974664ae1dc17eb1da26b89141b8683795244d812c8f4b6
                                                • Instruction ID: e16ace82ef9a7c864dade422ec012904ac000af5ef359da80abde50791d95bb7
                                                • Opcode Fuzzy Hash: 3302e8dd9a8b49af2974664ae1dc17eb1da26b89141b8683795244d812c8f4b6
                                                • Instruction Fuzzy Hash: B0118E79A05251CFCB11CF69C5849AABBB6FF8A21071A44E5E945CF362C631DD03CBA1
                                                Function 05C22220 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d357eb8acf066f47ec91b35089d5ab412da45ca8729f1733f6b1604c20173246
                                                • Instruction ID: 0df2da63071f690b915b796a2203fde9b16efbbd2eb1723186c80094219a82cd
                                                • Opcode Fuzzy Hash: d357eb8acf066f47ec91b35089d5ab412da45ca8729f1733f6b1604c20173246
                                                • Instruction Fuzzy Hash: 180184357041148B9B04AE69E4C4D2AF79BFFE46B1324843EE906CB325CE71DC01CB90
                                                Function 07ACB500 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf215b52fe12ac0215dbad6b3d9c5037d171daedefece8a7cb98affc718a4003
                                                • Instruction ID: 4130779178ca268320685ead4acd7d94b75b65ccc99990141c53f9cfab7d3b5c
                                                • Opcode Fuzzy Hash: cf215b52fe12ac0215dbad6b3d9c5037d171daedefece8a7cb98affc718a4003
                                                • Instruction Fuzzy Hash: 321154B5700309AFCF50DF6998557AE7BF6AF88701F10812AE616D7380EA72CD018BB0
                                                Function 07AC723C Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed755bc8e813aa783907c1d9e6dde572748b6904e69ea43159935c3776dd4733
                                                • Instruction ID: 17d27d52639633873c8b529d0334a870945b3296db15a7236d08f25eca4836c4
                                                • Opcode Fuzzy Hash: ed755bc8e813aa783907c1d9e6dde572748b6904e69ea43159935c3776dd4733
                                                • Instruction Fuzzy Hash: 9D210BB0914219DFDB24DF65D890BADB7F6FB86300F1084AAD019A7351DB345D85CF05
                                                Function 07ACB148 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0c8fac0d400889629715507ea3f3ff8a504b7f0b03ddd6362b6d24de92993e3
                                                • Instruction ID: 3879ba0a612185d29a1bc70163c37677761991396a467b480c3015ef10a58be7
                                                • Opcode Fuzzy Hash: f0c8fac0d400889629715507ea3f3ff8a504b7f0b03ddd6362b6d24de92993e3
                                                • Instruction Fuzzy Hash: 7A012576340315AFDB108E59EC85F9B77EAFF89721F104166FA15CB290C6B2D8118760
                                                Function 05C252E0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a8ef07758d39d9d7d934d9ed0d77a37eea63c032169a0dd1b3acfa6ca219cdb
                                                • Instruction ID: 2629135687de6ae0cb5b4f8a704a636fbe4dc1531d65bd28b0857c3878cf88b8
                                                • Opcode Fuzzy Hash: 4a8ef07758d39d9d7d934d9ed0d77a37eea63c032169a0dd1b3acfa6ca219cdb
                                                • Instruction Fuzzy Hash: 45110430700244DFC7069B34E0A996ABBB2EFCA75072484AAE8498B751CA35DC43CB91
                                                Function 05C25F4A Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1512b1ef8a28af697509ac213601269c9cd37e319018cd599c2dbd1f4738b3a8
                                                • Instruction ID: 3ee882a15a8fc25c62869c350f0e18d82ecca43dd6ec9334934ee5c8cb9e634f
                                                • Opcode Fuzzy Hash: 1512b1ef8a28af697509ac213601269c9cd37e319018cd599c2dbd1f4738b3a8
                                                • Instruction Fuzzy Hash: CD01DA3AA40115DFCB15DF94DA04C59BBB2FF4C3207168495EA059F235DB32DC55DB50
                                                Function 05C273D9 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bdf846108c782c11bc44337e6096c148076b1a1a5d8240c928d9174e5ce6a1d
                                                • Instruction ID: 9d14c0f3a82db4330eaafb4d68b3348624262b34b861cf065e3146155f6df637
                                                • Opcode Fuzzy Hash: 1bdf846108c782c11bc44337e6096c148076b1a1a5d8240c928d9174e5ce6a1d
                                                • Instruction Fuzzy Hash: 5D01A1303043509FCB269734C494A7A3BE2EF86320F0489A9D5468F7A1CB75DC43DB91
                                                Function 07AC3C98 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a044f32b4805a96434a4e1092469b3a2f4c7307da1a5532cf69e900385aa5f7
                                                • Instruction ID: 0da947d94af256a63e6217801cb5af2e043dffdc6212e17a3d245593970a5af1
                                                • Opcode Fuzzy Hash: 4a044f32b4805a96434a4e1092469b3a2f4c7307da1a5532cf69e900385aa5f7
                                                • Instruction Fuzzy Hash: F721C7B4A41229CFDB64DF24C984B9ABBB2FB8A301F5445EAE419A7350DB315ED4CF01
                                                Function 05C28BE8 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21109f117f68b8c7bd9cf66f8cee24261d28c7906a3c3dac9fe7ba7370174e8c
                                                • Instruction ID: 1510a862ff378e50e0fb8ec0aae71d66584ea81192a91e58ccb4c42975175476
                                                • Opcode Fuzzy Hash: 21109f117f68b8c7bd9cf66f8cee24261d28c7906a3c3dac9fe7ba7370174e8c
                                                • Instruction Fuzzy Hash: D401D472B013249FCB19CA24D895BADB7B2EBC8351F14496DE50297380DA715C17DB80
                                                Function 05706AC8 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f23c9d4fa118ac4ce925f9d349765fdd0635ab2b1b0424a80be5cb7c296d394
                                                • Instruction ID: e31d98bda8cc19552a10283dd802aef809427e651bcbd753d5e96291d82961d2
                                                • Opcode Fuzzy Hash: 5f23c9d4fa118ac4ce925f9d349765fdd0635ab2b1b0424a80be5cb7c296d394
                                                • Instruction Fuzzy Hash: 7D1133B094022DDFEB24DF65CD81FE9B7FAAB04300F1090E6A109A7280DA709A85DF60
                                                Function 07ACACD0 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f45dab675a54a8a9ab23b5712e3e47ce6bb69f2a1c35c1bc0bdb51c26343b071
                                                • Instruction ID: d7a22fc116741ef2c6df0a457f61adb1a9d9cafe7b0179fa4d9348e0be3e3af7
                                                • Opcode Fuzzy Hash: f45dab675a54a8a9ab23b5712e3e47ce6bb69f2a1c35c1bc0bdb51c26343b071
                                                • Instruction Fuzzy Hash: CCF03C36305205BB8B155E9AA884DABBF6BFFC9260714803EFB0987354CA318815D7A0
                                                Function 05C210AF Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fba400707dcb25fdf7bfbe9d5180d95c5e8563bb93a95506e3969184e0c700e
                                                • Instruction ID: 313e0d52a1e7e34475e5ab9e59dddf1aa51cdd775becc35e6feaddbd9c9dee97
                                                • Opcode Fuzzy Hash: 3fba400707dcb25fdf7bfbe9d5180d95c5e8563bb93a95506e3969184e0c700e
                                                • Instruction Fuzzy Hash: 1F01C23270D3D24FC3024B7D99A1596BFF0EF4712430A04FAD585CB213D664886AC751
                                                Function 05C273E8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 416963551e6d7442f3864549c4f40193f4d3b00d10572edf24619eaf30f65331
                                                • Instruction ID: 7346f29fa8ba20de7dd32ae88769c41ab5811ec0326162b371b964c00db76bc9
                                                • Opcode Fuzzy Hash: 416963551e6d7442f3864549c4f40193f4d3b00d10572edf24619eaf30f65331
                                                • Instruction Fuzzy Hash: D50171307003149FC7299A24D498A7B7BE7EFC5325F14896CD5564B7A4CBB5EC42DB80
                                                Function 05702D10 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d8e761072407e79e51c9148feb8ab94b57ff047f65229b172ff2064e70d54b3
                                                • Instruction ID: 8e39ce292a4ae858355a0c51c56f0361bc4575629009e6eebc1faa79e692a957
                                                • Opcode Fuzzy Hash: 0d8e761072407e79e51c9148feb8ab94b57ff047f65229b172ff2064e70d54b3
                                                • Instruction Fuzzy Hash: C9012979D08218CFEB14CF65D0587ADBAFAFB8A315F106025D41AA3292D7749C83DF05
                                                Function 05704C98 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a5c23610c25656f79f68332efbe279950837eccf28cbdfd3e9c866aa8d8cb99
                                                • Instruction ID: cfa55a03b1c777125c78282072de2340c1a082182cfe452db51ea6a0a7dc20d9
                                                • Opcode Fuzzy Hash: 5a5c23610c25656f79f68332efbe279950837eccf28cbdfd3e9c866aa8d8cb99
                                                • Instruction Fuzzy Hash: 3A01D475900208EBCB10DFE4D944ADD7BF6FB44310F1091A9E906573A0DB329A11EB41
                                                Function 07ACA570 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7dc318e9b01994ae5a024a582725a32460c5ef4a7b375ad59092cfe71ea7dbc
                                                • Instruction ID: d2a2884ca6b366ae3fb313463c3fc424ba9dfa4cb322df10a8c784b3feef9cfe
                                                • Opcode Fuzzy Hash: a7dc318e9b01994ae5a024a582725a32460c5ef4a7b375ad59092cfe71ea7dbc
                                                • Instruction Fuzzy Hash: B6F042B2B053591FD30687146C40BFBBB61DFC9720F14819FE1059B392C665AC42C7D0
                                                Function 07AC783B Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbcd8143b06912a41d1f769905af18356ac9b9a95e9bcbcb7e138b763bf9bbd2
                                                • Instruction ID: 63f07560cc2ebaea5121e2250e16be61b674d974eba4f404ce73db72f4675dab
                                                • Opcode Fuzzy Hash: dbcd8143b06912a41d1f769905af18356ac9b9a95e9bcbcb7e138b763bf9bbd2
                                                • Instruction Fuzzy Hash: FE110678A14219CFCB64DF64D89479EBBB1FB48300F1081AAD90AA3384DB345E85DF50
                                                Function 05C218C0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bca7e833c44c9681eca2c99c263c456d3b7bc33d8fb64325c1520b673843dc9
                                                • Instruction ID: 3428e9a50688ecb9ea56381bfed99b52759c8f5e54ba0a17e4f5dd430dd0fa47
                                                • Opcode Fuzzy Hash: 4bca7e833c44c9681eca2c99c263c456d3b7bc33d8fb64325c1520b673843dc9
                                                • Instruction Fuzzy Hash: 96F0F636B000159FCB289A29D4A59BDB7A6EF88324B0440BAED19C7321DA745D17CB81
                                                Function 05C252F0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b50bf814feae3cdd6eb429374236b4f57fabb4aa69cb8fb875a1a3d300c92038
                                                • Instruction ID: f8956b3c1664d2f12ada8f1e44c345ec7b7d6cc7145e00b5426f1873affc096c
                                                • Opcode Fuzzy Hash: b50bf814feae3cdd6eb429374236b4f57fabb4aa69cb8fb875a1a3d300c92038
                                                • Instruction Fuzzy Hash: 5E0169357406189FC309AB24E15891AB7A2EFCCB51B208529E90A8B7A4CF75EC52CBD1
                                                Function 07ACA5D8 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4bdcc59552a63bf88c817a4c8cb3e97480af5d03e04a827bf0fdb9a5e8939b0
                                                • Instruction ID: 63e6406209d4e9b1ad2cfcec59f2c87f5a334fb52f6762b402cb3b9f3a12d59d
                                                • Opcode Fuzzy Hash: b4bdcc59552a63bf88c817a4c8cb3e97480af5d03e04a827bf0fdb9a5e8939b0
                                                • Instruction Fuzzy Hash: 64F024F2B0D3896FE312873868203797BA1CFC6201F18C09ED2428F2E2DA56D803C351
                                                Function 07ACB134 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 058260c7b3ea67cf3fad896595455f4af9f5c0d28f8f7d5bdf34cca5d68d2af3
                                                • Instruction ID: 124556cac26136bab2608700580ed4e843fbce15e025dc54c9b5f740475298d8
                                                • Opcode Fuzzy Hash: 058260c7b3ea67cf3fad896595455f4af9f5c0d28f8f7d5bdf34cca5d68d2af3
                                                • Instruction Fuzzy Hash: BFF09076304341AFC305CF29E894C8ABBE9FF9A62130140AAF915CB321DA61DC05C7A1
                                                Function 05C25068 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 223bf010f6d4f4c26977fcc8bb092cf592e8c441f79435602ff1fd29d462ab61
                                                • Instruction ID: 1a44eccacd87c2ffe495af70bf965904be67eaf0f39866017949d800969b02a8
                                                • Opcode Fuzzy Hash: 223bf010f6d4f4c26977fcc8bb092cf592e8c441f79435602ff1fd29d462ab61
                                                • Instruction Fuzzy Hash: 2BF0A4353543408FC3059B29D894D3A7BB2EF89721B1545AAE955CB7F1CA31DC02D750
                                                Function 07ACA580 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 386c52128feaf1eb6cf6b9bdc147cceffe514a6d27c9c89504bef8a505f1e0fe
                                                • Instruction ID: f18a53bc2af8a64c00ebfc02ef357bc3b8eeb33db86495eb5a8b4a0914ca090b
                                                • Opcode Fuzzy Hash: 386c52128feaf1eb6cf6b9bdc147cceffe514a6d27c9c89504bef8a505f1e0fe
                                                • Instruction Fuzzy Hash: 07F0E9B2B4521D6FE7148719A850B7BF7AAEFC8710F14C42DE6059B390DA76EC4187D0
                                                Function 07E327EF Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d60fade5980fa2eeafa9e2f4bdca688abc3a3451708c10713402bfbc6dea16e
                                                • Instruction ID: 054c9e81c129e464a8bcdc0d3c6d699ed9128e6ce69109ead36bc5836b135eda
                                                • Opcode Fuzzy Hash: 2d60fade5980fa2eeafa9e2f4bdca688abc3a3451708c10713402bfbc6dea16e
                                                • Instruction Fuzzy Hash: 0411D078A05229CFCB64DF29D8989DAB7B2FF89304F1044D9A91EA3B49D7345E84CF41
                                                Function 057063C0 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b61f519260b48b88731fe99d8ca06c6f70fe71f15c8ad631dcddc0f47c50c41
                                                • Instruction ID: 8cb53b73b5ddde6f89edf1d5453f022462f2ee61681ad097508b5a6cac6f2fc6
                                                • Opcode Fuzzy Hash: 9b61f519260b48b88731fe99d8ca06c6f70fe71f15c8ad631dcddc0f47c50c41
                                                • Instruction Fuzzy Hash: 82018C3180020ADBCF00DF99D8549EDFBB5FF89324F10C519E91967250DB32A6A6DF90
                                                Function 05C21120 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfb6e30604d7621e3343f5697d1243515b9bae73b5d4100664471c1c78ce1606
                                                • Instruction ID: f20ea9fbff966ed9fc8df7281f27ad8dacd69a4208eb396a7e63335f7cc7ca3b
                                                • Opcode Fuzzy Hash: bfb6e30604d7621e3343f5697d1243515b9bae73b5d4100664471c1c78ce1606
                                                • Instruction Fuzzy Hash: C4F027316043854FCB129739ECC48DAFF66DED2250314C976E099CF22ACA709C0BCB60
                                                Function 07ACDF90 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cb553d7a6617791c919e11d40c8bdbbb7c23deb151f1cd1e4857e6e3b498757
                                                • Instruction ID: bff6aae9c692c0da26dfb4ddd0108d296d3947d9c723316ce3fbe223692871bb
                                                • Opcode Fuzzy Hash: 3cb553d7a6617791c919e11d40c8bdbbb7c23deb151f1cd1e4857e6e3b498757
                                                • Instruction Fuzzy Hash: 16F01C2211E7C09FC7134725583A4D5FFB5AF1311970945DBD9CACE8A3D1680A64C767
                                                Function 057088D8 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffeffe5f47e02f9329850a57931c600ad14aca4a8bb50350ce76cc336f68e6b0
                                                • Instruction ID: 97d19caa134bb0bd8afe43e3ff8ad9c49dea5b8ab7879a8360dced4450b327eb
                                                • Opcode Fuzzy Hash: ffeffe5f47e02f9329850a57931c600ad14aca4a8bb50350ce76cc336f68e6b0
                                                • Instruction Fuzzy Hash: F7018C74A10318CFEB54DF69D484B9DB7F6EB49304F1081AAD409A7294CB345E84DF42
                                                Function 05C25078 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6f57391115d71363eaf99bc29c5ee72afdae8a3999f139709e08a26d39989b6d
                                                • Instruction ID: db4b05c1b4c37486fbf4d297458ca02a299853e1a5ae5707359c352c95fcd49c
                                                • Opcode Fuzzy Hash: 6f57391115d71363eaf99bc29c5ee72afdae8a3999f139709e08a26d39989b6d
                                                • Instruction Fuzzy Hash: 8DF05E393502009FC304DB29D454D3AB7AAEFC8761B15846AF9468B7A0CA31EC02DB90
                                                Function 07E311D4 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d78004644000871b42056d0f2c43ca9c3dba2b1a9385411f3ab322a701465b47
                                                • Instruction ID: c65d14fb6735147274994ab4509a3e7fc4836bcd30395bc35c2fe22455000c09
                                                • Opcode Fuzzy Hash: d78004644000871b42056d0f2c43ca9c3dba2b1a9385411f3ab322a701465b47
                                                • Instruction Fuzzy Hash: CE017C74A02218CFDB94DF28CC98A9AB3B2FF89304F1041D9961DA7349CB305E81CF41
                                                Function 057063D0 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5e7d4bf19931e7a4ff12b24215d6182f74856c80040c153770c5a725d43501e
                                                • Instruction ID: dc1c8927bcd63430ca8a84ccec2344053b13c3c356577d7fa0635218f758a9ad
                                                • Opcode Fuzzy Hash: e5e7d4bf19931e7a4ff12b24215d6182f74856c80040c153770c5a725d43501e
                                                • Instruction Fuzzy Hash: 0EF03C3180020ADBCF00DF99D8508EDFBB5FF89324F00C519E95823250D731A561DBA0
                                                Function 07AC75C0 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53d4a2021e62b01afce3587403dc89914ac54666ff466e5e0a9e36a8040d81b8
                                                • Instruction ID: 7a3e6605dbb9f8d5fb73b8261332231a16775f243b289b2f297fe17adf97d638
                                                • Opcode Fuzzy Hash: 53d4a2021e62b01afce3587403dc89914ac54666ff466e5e0a9e36a8040d81b8
                                                • Instruction Fuzzy Hash: E301EEB8A10259CFCB64DF64D85079EBBB2FB48304F1081AAD50AA7380DB341E84DF50
                                                Function 07AC83B0 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffff16d4cd6fa6bf5d52c0671aad22389979515015dd6905fc7ccedd8d5db468
                                                • Instruction ID: 6ec078627292f7eb2b8afb06a2a1b3eb75eb3081d5f62f51e74afc5e45fb171b
                                                • Opcode Fuzzy Hash: ffff16d4cd6fa6bf5d52c0671aad22389979515015dd6905fc7ccedd8d5db468
                                                • Instruction Fuzzy Hash: 22F0E2B49042459FC751CB98D8405E8BFF0BB46320F2492DAD4249B393C6358B03DB51
                                                Function 07AC99B8 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd8d67ab6b9a0bf277bf38725772d7a4be7b5880392057fe232e2bbe93579b26
                                                • Instruction ID: 697d16bc74a389fc47c8c8d3eec5b20652cf90bb27cb1060281922747c1066d8
                                                • Opcode Fuzzy Hash: fd8d67ab6b9a0bf277bf38725772d7a4be7b5880392057fe232e2bbe93579b26
                                                • Instruction Fuzzy Hash: D9F01774908248AFCB01CFA5D8419ADBFB4EB4A310F14809EE86497262D6319A15DB41
                                                Function 05705150 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 031cabd45fecac90f8c6abd371b3889e37cddffdec754da28c4eac946c008fe7
                                                • Instruction ID: d7383d97a563f62962fa7bda7a3597b808df8a9aad55bbbd098b4f2a3bf7719e
                                                • Opcode Fuzzy Hash: 031cabd45fecac90f8c6abd371b3889e37cddffdec754da28c4eac946c008fe7
                                                • Instruction Fuzzy Hash: 6A01127080065ADBDF11DF59C854B9AB7B6FF94304F10C685E619A3260CB31AAD2CF40
                                                Function 057054D7 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e5be4d9555a758ef66ab103ff197f6a0397ad7232d3e20a13a84a4209746b59
                                                • Instruction ID: fc67199678afdf598dcb83c7eb30a9c71f63f21b33e112e4524ea47d0fec7f36
                                                • Opcode Fuzzy Hash: 6e5be4d9555a758ef66ab103ff197f6a0397ad7232d3e20a13a84a4209746b59
                                                • Instruction Fuzzy Hash: B6019C74A41268CFEB65CF59D895BD8BBF6FB09300F1084D6E609A7290C7769EC19F00
                                                Function 07AC9400 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 587a77a72af50045d52ffae4661ccb867a1efddf036f134e2af7fb95e8ddccd2
                                                • Instruction ID: e64dd40315f6c6bff0c4e77bf758570fcb10983a4f41f5dd2d757a12cec4c7d5
                                                • Opcode Fuzzy Hash: 587a77a72af50045d52ffae4661ccb867a1efddf036f134e2af7fb95e8ddccd2
                                                • Instruction Fuzzy Hash: 52F05EB4E18248AFC741CBA9D8401D8BFB0EB8A310F10C1DED41897252C6315A06CF51
                                                Function 07AC70CD Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 494986c231eac79760147f14c96e563cca396f6b3801c999247d353b91d71c03
                                                • Instruction ID: 40da21e28a79d4c81c38d627a2c6891dcdb96009a8dd24cab4bac25f80505754
                                                • Opcode Fuzzy Hash: 494986c231eac79760147f14c96e563cca396f6b3801c999247d353b91d71c03
                                                • Instruction Fuzzy Hash: 390112B8A10208CFEB50DFA8E894B9DBBB5FB49310F1002AAE419E7344CB345D84CF40
                                                Function 057073C8 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7a0372ced5ac268eced6ec1aea77f505c9e0d144f4e1cbb6517ce2ad33d6840
                                                • Instruction ID: 7766f09205e3d1c49d6ab6f869eb129872cd3ca3e74cbe392069235824017ea5
                                                • Opcode Fuzzy Hash: f7a0372ced5ac268eced6ec1aea77f505c9e0d144f4e1cbb6517ce2ad33d6840
                                                • Instruction Fuzzy Hash: 3A01E4B4A00218CFEB58CF59D994BD9BBF2FB44300F509499E50AA7280DB70ADC1DF90
                                                Function 05707DC9 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8ba9d6650056a381f325e3c03bf7a0ab7cf238e94f7d248972764b2e1678298
                                                • Instruction ID: 8652b36f1b686a2c485b5e6183b31bdb6a5681e7a56474e818ca09ecfbe569ca
                                                • Opcode Fuzzy Hash: a8ba9d6650056a381f325e3c03bf7a0ab7cf238e94f7d248972764b2e1678298
                                                • Instruction Fuzzy Hash: 23F0F87590521DFBCB04DF94D841BADBBF5FB49310F14C099A80552396CA32AA62EF41
                                                Function 05703708 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 834b015015c18b8b0c4b66a55f87e9755ccd9319146e58e4e87d95c23f85ea04
                                                • Instruction ID: e59f47e62626139fb607a35837f55465be4a00c0bccd85dd4c9143f540ac1513
                                                • Opcode Fuzzy Hash: 834b015015c18b8b0c4b66a55f87e9755ccd9319146e58e4e87d95c23f85ea04
                                                • Instruction Fuzzy Hash: E2018074905258DFDB50CF68D984B9DBBF6FB08304F1065AAE509A7351DB345E84CF41
                                                Function 05C2CC08 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9be4ec4ebfb924b8b20423c9ef948cb6100574b359c498f2fbf9901fbfabbc5
                                                • Instruction ID: ca76a96b6271952c4842bd9af89bb69c0db45336928330869527692aad387a55
                                                • Opcode Fuzzy Hash: c9be4ec4ebfb924b8b20423c9ef948cb6100574b359c498f2fbf9901fbfabbc5
                                                • Instruction Fuzzy Hash: 83F0A730D08284AFCB41CBB9D8901ECBF70EF47200F14C5EED88597242C9314A03CB51
                                                Function 05C29120 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10691dd286ed240bd3cb4f8165cb48fe59a3fc3d533abb8e346e23d02650ef68
                                                • Instruction ID: 9ae99941d4b2220d84977edee59d03609963bc5d95f5adb5c8a707b06e7b3273
                                                • Opcode Fuzzy Hash: 10691dd286ed240bd3cb4f8165cb48fe59a3fc3d533abb8e346e23d02650ef68
                                                • Instruction Fuzzy Hash: 0BF030B240EAD0AFC71397B9CC6A9817F70AF57140F0E84D6E484CB163D2265916D763
                                                Function 07AC7308 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85fcda0e88074559d085bda21f0ffbd7d13ef2d9557d701cd43a88a562ba02bc
                                                • Instruction ID: bd01afafb741e39371e57239fcfa3d921b410fe1febcf4f044fde29f6eaa23bc
                                                • Opcode Fuzzy Hash: 85fcda0e88074559d085bda21f0ffbd7d13ef2d9557d701cd43a88a562ba02bc
                                                • Instruction Fuzzy Hash: 6F01B2B4A10118DFDB24CF69E884BDDBBB5FB8A310F1481AAE509E3250DB745D84CF51
                                                Function 07AC6A68 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5665e8ea6e58c419949fb344a7411bfef0b70f02e7a7cfae6d71170e8abd2194
                                                • Instruction ID: 0c1caa9e97c1cfe1214e7f712036326c12f0eb9793f3e66fae90fe469b9269c8
                                                • Opcode Fuzzy Hash: 5665e8ea6e58c419949fb344a7411bfef0b70f02e7a7cfae6d71170e8abd2194
                                                • Instruction Fuzzy Hash: 72F027F480834AAFC711CFA4D4006DCBFB0EB42321F24C1DED86446292C6399A02DB11
                                                Function 07ACA058 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dcc3a7928c740431ae69ea8f5077970c1f32ddbfcbb5412ababa9cc217c187cf
                                                • Instruction ID: f675051cedd189d81e8682986a33a9da63f9472141f38f66460031d05d7aee61
                                                • Opcode Fuzzy Hash: dcc3a7928c740431ae69ea8f5077970c1f32ddbfcbb5412ababa9cc217c187cf
                                                • Instruction Fuzzy Hash: D1E09275905748AFCB01EBB0E8006E9BFB1EF4E200F11559AD905DB251D5300F0897A2
                                                Function 05706FB0 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85ab9a642d31443109ae20c6dc47e8a9e5e5e398bbe56888a0fb98844f1af0a2
                                                • Instruction ID: 3548c0163b3f723e8fdc679772776056d1ee035dc6a94635d4c84a4b1c0125da
                                                • Opcode Fuzzy Hash: 85ab9a642d31443109ae20c6dc47e8a9e5e5e398bbe56888a0fb98844f1af0a2
                                                • Instruction Fuzzy Hash: 4DF0F8B5904208EFCB15CF94D851AACBFB5EB48310F14C1AAED1556391DB32AA22EF40
                                                Function 05704250 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d05909fce6ca8f3a48a4c49913da17bf5c4a3943bd5391652887a04100eefe67
                                                • Instruction ID: 767702ffb15a841d8d51c572955315568568642d8b8213538bf3407102443252
                                                • Opcode Fuzzy Hash: d05909fce6ca8f3a48a4c49913da17bf5c4a3943bd5391652887a04100eefe67
                                                • Instruction Fuzzy Hash: EEF08C75508208EBCF01CF94D841A9DBBB6FB09300F20D058ED0563361CB329A25EF81
                                                Function 07AC7771 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3190801e971184433c42ded6a91a55b36d4cc7f0b19ad7d481df0ae5c53ef046
                                                • Instruction ID: ece6dccc0d518cc014a6c5559f2b6fcac02787754804e64c1a566872201d9d8a
                                                • Opcode Fuzzy Hash: 3190801e971184433c42ded6a91a55b36d4cc7f0b19ad7d481df0ae5c53ef046
                                                • Instruction Fuzzy Hash: D9F0E2B4A11208EFDB14CF94E994B9EBBB5FB4A350F1040AAE50AE7380CB395D84CF40
                                                Function 07AC7648 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea6cb08c4272451c0db783d4b31ccebe15a3147610badc5432c770ed184245b0
                                                • Instruction ID: ee8a93d0bc3877f253cef0482e9daaa03dd18b586141b383cf5db322254c94d2
                                                • Opcode Fuzzy Hash: ea6cb08c4272451c0db783d4b31ccebe15a3147610badc5432c770ed184245b0
                                                • Instruction Fuzzy Hash: E2F0E7B8904208DFDB54CF54E49579CBBB5FB4A301F10009AE509A7381CB346E84CF41
                                                Function 07AC75CD Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3dad3e521843f4d424dacfad4a39dd20120673a2149f76b08f78c2dde2fd1354
                                                • Instruction ID: a3ca37d67cade34201bd24b785704b47200e2636df6680905510557e5468cdd4
                                                • Opcode Fuzzy Hash: 3dad3e521843f4d424dacfad4a39dd20120673a2149f76b08f78c2dde2fd1354
                                                • Instruction Fuzzy Hash: DBF0CFB4A10118DFDB61CF64E888B9CBBB5FB89315F0044AAE54AE7380CB785DC89F41
                                                Function 07AC7381 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 099ce6e3527db5016fe5bec281d20e25d668740f2c3b367e55a39007747343fa
                                                • Instruction ID: 4ae8cac49b9a07dd9133f2432e8a2099a7e1b4b3d2c0caf48062b7d7efb7e788
                                                • Opcode Fuzzy Hash: 099ce6e3527db5016fe5bec281d20e25d668740f2c3b367e55a39007747343fa
                                                • Instruction Fuzzy Hash: F4F0E2B4910218DFEB14CFA9E884B9DBBB5FB4A305F1005AAE40AE7290CB755DC4CF41
                                                Function 07AC73F6 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c45e27616558bf0d5870c0b11c97d1c06b2eea3047becd17e6920436a3499cc2
                                                • Instruction ID: d20e0e1c58ce02a7bacdd8611cd18944606c9f5cde83dd0ba60e1d147b9842da
                                                • Opcode Fuzzy Hash: c45e27616558bf0d5870c0b11c97d1c06b2eea3047becd17e6920436a3499cc2
                                                • Instruction Fuzzy Hash: 0DF0E7B4A10208DFDBA0CF95E894B9C7BB5FB49315F50459AE409E7240CB345DC8DF44
                                                Function 07ACA09F Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b86ef18e4eebe71c90016e58418b87a77b11aca003ff2a94b9065c71a764b120
                                                • Instruction ID: 2a8f9067f8c59366993123f0d1cee0a78765631a8881e9e38584988f232ce125
                                                • Opcode Fuzzy Hash: b86ef18e4eebe71c90016e58418b87a77b11aca003ff2a94b9065c71a764b120
                                                • Instruction Fuzzy Hash: 31E0DF75604B08AFE702DBB0FC402E9BB61EF4A214F5047DBD9218B2E1C9340F088B62
                                                Function 07ACC840 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6246d88ad1754310849efa1237c0c9a56a8706f2479f73ce1d5689d65a64605b
                                                • Instruction ID: 2a0c935697bea341c7fb37d016396b6dd605ee909177fd6dac1ac43a8859eb27
                                                • Opcode Fuzzy Hash: 6246d88ad1754310849efa1237c0c9a56a8706f2479f73ce1d5689d65a64605b
                                                • Instruction Fuzzy Hash: 63F06571E04718AFCB09CB96D4487DEBFBBEF84621F04C09AD109D3290DB705A81CB94
                                                Function 057031F9 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c1de94382d98935df3c312c24e12099191823097aafd14204bfb0e9da8eca0a
                                                • Instruction ID: 1a0963a7c6a5d752d9e5d5a0e9f668fa8713a03d0f1c607e59458d590dc0ab7d
                                                • Opcode Fuzzy Hash: 7c1de94382d98935df3c312c24e12099191823097aafd14204bfb0e9da8eca0a
                                                • Instruction Fuzzy Hash: 78F015B8908208EFC741DB94D845AACFBB5EB49300F14C5A9E84452391EA369A61EF80
                                                Function 05708E68 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d85237a45585af409d6839ed5766be373ccbe34e8277801396048c6d06169ae
                                                • Instruction ID: 33e3d79ad3fa87509d63c68539f7bb9df3d7c54bfb608213402d5faa0000e183
                                                • Opcode Fuzzy Hash: 1d85237a45585af409d6839ed5766be373ccbe34e8277801396048c6d06169ae
                                                • Instruction Fuzzy Hash: BAF0A074908208EFCB55DFA4D4419ACBFF5EB49300F14D1EAD8449B392DB309A02DF42
                                                Function 07AC6800 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ce175a25c4adf8ad06bf21d5cffff9e72c1d28292a45f23f012a572a2194ec7
                                                • Instruction ID: d105759cba69c4cfc5496747077f689a15e2f24d708046ea2fbf1e36dca28464
                                                • Opcode Fuzzy Hash: 7ce175a25c4adf8ad06bf21d5cffff9e72c1d28292a45f23f012a572a2194ec7
                                                • Instruction Fuzzy Hash: BFE022B04493858FC352CBA8E5452E83FB0AB03231F1042CBE8549B293CA240E40C782
                                                Function 05C21130 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b446603fd078a40207e1d1ac08c419b51a366e08675dd89764d9d38ef4d72e6
                                                • Instruction ID: 84dbefd4cae69f8b117ace0f10596aab7b7563d8bab105b5e635b8e95623dbed
                                                • Opcode Fuzzy Hash: 3b446603fd078a40207e1d1ac08c419b51a366e08675dd89764d9d38ef4d72e6
                                                • Instruction Fuzzy Hash: 3BE012317402095FC714AA1AED8484BFB9AEFD02647108939A51A87229DE70ED4986A4
                                                Function 05707FE9 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9dd7eac355a71aa77849ef516e5b62f5b9186351b936cb7c9598432a41ff74c8
                                                • Instruction ID: 7f0d2c5da3d0c3af0ee76c59a00519f33ebe1dcf6cb0863d992ee9ee877e26fb
                                                • Opcode Fuzzy Hash: 9dd7eac355a71aa77849ef516e5b62f5b9186351b936cb7c9598432a41ff74c8
                                                • Instruction Fuzzy Hash: 60F01C74908248EFCB05CBA5D8545ADBFF4AB49310F18C1EAEC4597392DA359A01EB52
                                                Function 07AC7D20 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15850f3234f53d920219ffb7b45350f6cc5522a9ebe245a027f4e7d5d366414b
                                                • Instruction ID: fb8c8b56a2e4efff191805dafc6fa836491a7c0b70c17121551ebda5c60ac595
                                                • Opcode Fuzzy Hash: 15850f3234f53d920219ffb7b45350f6cc5522a9ebe245a027f4e7d5d366414b
                                                • Instruction Fuzzy Hash: E7F030749052099EC751DFBCD4842E8BFB0AB45214F1481ADE81987651DA358A05CB41
                                                Function 07AC6CF0 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99bfd44adcc40b1d64d14c8156897ed0934d16ccd49900296ae627c64a5298e3
                                                • Instruction ID: 1d20b3776d50955eb1360141de1912879f5f57f321e09899822fb94aefa91ca4
                                                • Opcode Fuzzy Hash: 99bfd44adcc40b1d64d14c8156897ed0934d16ccd49900296ae627c64a5298e3
                                                • Instruction Fuzzy Hash: 57F06D75569249EFCB52CF94C808AA87BB0FF0A321F148099EC584B262C6319E51DF00
                                                Function 07AC6B00 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4283b65b0fa12fa6c94b5a5594b0736854c01b02541155d2a991e0db74be2cef
                                                • Instruction ID: e52dc70cca8b0169fd664024b3d48de538ab15fe22b627097400662fc6588bd9
                                                • Opcode Fuzzy Hash: 4283b65b0fa12fa6c94b5a5594b0736854c01b02541155d2a991e0db74be2cef
                                                • Instruction Fuzzy Hash: 69E04FF495920CEBC704EFA4A5441DC7FB4AB43301F1051AAD41457251DE300A48DF92
                                                Function 05C2E548 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21e3d52e7617d2df896b14517f862fb78ff831d84c8eb5418dde56290f46b920
                                                • Instruction ID: b688e9e5926d4d47a3ec87d88ffff06d44d63eb964217c76ce63f9cae61a4db2
                                                • Opcode Fuzzy Hash: 21e3d52e7617d2df896b14517f862fb78ff831d84c8eb5418dde56290f46b920
                                                • Instruction Fuzzy Hash: 99E068B454C1809BC301CB95C8416A83F789B02210F18C4CCC84817253C9364E03C740
                                                Function 05C2C8B0 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 075a865e30683022d707716b4541deebab1b28f83ad94560d38dd7f2a5a5d5d4
                                                • Instruction ID: 7114fa594a59226abaf88be2341a53e714e91dc24191fc6955475a6a3cc6d814
                                                • Opcode Fuzzy Hash: 075a865e30683022d707716b4541deebab1b28f83ad94560d38dd7f2a5a5d5d4
                                                • Instruction Fuzzy Hash: 8EF0A770D452459FC750CFA8D85069CBBF0AB05320F24C2C998789B3D2C6355A02DB41
                                                Function 05707DD8 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c04132973a0c8c282ab916ba8f21c4d8ceaf23282d77b0543bdc937f76eb8e4
                                                • Instruction ID: 1d8d6a4f04a0fbead2e6b715fc89a5fbddbb0c487489e479a439a0192b0ac22d
                                                • Opcode Fuzzy Hash: 7c04132973a0c8c282ab916ba8f21c4d8ceaf23282d77b0543bdc937f76eb8e4
                                                • Instruction Fuzzy Hash: ADF01574904208EFCB04CF98D840AACBBB5FB48310F10C099EC0953395CB32AA62EF41
                                                Function 05707CE0 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 231c9b6c7b38877801457832a0680c2a706001d58175728586d5349f7967de47
                                                • Instruction ID: a49fbb20ca03c7932e65eae5f99bc5b3985e3853efa8d3f9b11b93dc31f2fd67
                                                • Opcode Fuzzy Hash: 231c9b6c7b38877801457832a0680c2a706001d58175728586d5349f7967de47
                                                • Instruction Fuzzy Hash: 0AF03974904208EFCB14CFA4E4446ACBFF1FB89310F20D2AAE85593391DB319A02EF84
                                                Function 05709390 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5704d6839c80d5a5b43d96d54ae96343fea8dcca12b49c5b1321be403b9bf4dc
                                                • Instruction ID: e8155e8f27a91f4304a72bc029855664ba562072e0f9d162b09092fe5ad29818
                                                • Opcode Fuzzy Hash: 5704d6839c80d5a5b43d96d54ae96343fea8dcca12b49c5b1321be403b9bf4dc
                                                • Instruction Fuzzy Hash: 7AE048B5904204EBC704DA94D84179DBBF9E755704F1490A9D905533C2DB319E02DB50
                                                Function 05703290 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be13c55ce235872749d74100f6bd1a0861a5f93ecf9369b1537418bb92e62ad6
                                                • Instruction ID: 480f7adcc753d3abea29cea7fcd5ed0dbc7c08e4e61e1c4eeee5697d4b44c660
                                                • Opcode Fuzzy Hash: be13c55ce235872749d74100f6bd1a0861a5f93ecf9369b1537418bb92e62ad6
                                                • Instruction Fuzzy Hash: CFE012B0905204EFC780DFE8D585799FBF8EB09310F2094A9DC09D3381EA319A45DB40
                                                Function 07AC99C8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 196379d88126cae16348a66345c7bf68ab1781c97803c3ce1f76196d08b19dcc
                                                • Instruction ID: d7397e4bfd53886a9d0108d225406f926e418e7e0385bee7133553ef97c2d2ce
                                                • Opcode Fuzzy Hash: 196379d88126cae16348a66345c7bf68ab1781c97803c3ce1f76196d08b19dcc
                                                • Instruction Fuzzy Hash: 57F0C9B4904208FFCB54DF99D841AADBBB9EB49310F10C09DFC2857361DA32AA51DF41
                                                Function 07ACA1C0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c65ec184e679700422b65ec9384c27f1172678beacba92025c9487f1a25d7b1b
                                                • Instruction ID: 0487016d88487a2d238f07f2865ea8068b419971d1440abc8718698b3fa499fb
                                                • Opcode Fuzzy Hash: c65ec184e679700422b65ec9384c27f1172678beacba92025c9487f1a25d7b1b
                                                • Instruction Fuzzy Hash: 58E0C2B721824C4FDF2241B4B8602F9A731EB86132F048373C036D11C2D5184504C362
                                                Function 05C2B0D8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e05cb67cbc620e991fe788faceb7abb91b3ec896ad2eb2350bafada8fd999e1c
                                                • Instruction ID: 54b0d3a5471a1b70078e352f020d4f25b339b982de52ecbae59c3cdd42872c1a
                                                • Opcode Fuzzy Hash: e05cb67cbc620e991fe788faceb7abb91b3ec896ad2eb2350bafada8fd999e1c
                                                • Instruction Fuzzy Hash: FFE02B3120E3255FC720565ABC11A913F9CDF031607040DABF509C7142CD11AC50D3E6
                                                Function 05C222B0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a4286410e931c2de7fae66b790cd751f0ed41057f7131ebf3d5f0198fd483a8
                                                • Instruction ID: 1cd27d39bf8abc11fd82763d70a5bbdfcc9b85d7b09d2f96cdcee3652ca7ae82
                                                • Opcode Fuzzy Hash: 5a4286410e931c2de7fae66b790cd751f0ed41057f7131ebf3d5f0198fd483a8
                                                • Instruction Fuzzy Hash: 5CE092300883425FCB128728DAD09D7BFA1DF82240B08CE69E4858E539D730E94A8791
                                                Function 07E45760 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfe06ac635778fdce8ae894ab84f73e9dbe1cd0823406a734d02dba2af2fc75d
                                                • Instruction ID: 8d3c33f422658abc57a90aa0beae3e51f74ad5ac8ee1befb2e3363744982c541
                                                • Opcode Fuzzy Hash: bfe06ac635778fdce8ae894ab84f73e9dbe1cd0823406a734d02dba2af2fc75d
                                                • Instruction Fuzzy Hash: 02E0C9B4E05208EFCB84DFA9E54469CBBF4EB48310F10C1A9A81893351DA319B51DF80
                                                Function 07E49F10 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfe06ac635778fdce8ae894ab84f73e9dbe1cd0823406a734d02dba2af2fc75d
                                                • Instruction ID: 66d19493a0479dd735ca175229df8afb5525dbca8f64bba97a323cac9f7a4299
                                                • Opcode Fuzzy Hash: bfe06ac635778fdce8ae894ab84f73e9dbe1cd0823406a734d02dba2af2fc75d
                                                • Instruction Fuzzy Hash: 78E0EDB4E05208EFCB94DFE9D4406ADFBF4EB48310F10C0A9A818A3351DA35AA51DF40
                                                Function 07E352CE Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 446902ba226ca94d624532b7bb64a5fd598635209dc612372c8a507305556798
                                                • Instruction ID: 0d24bda53ab0827e5056afac5da1e59d47660ef15b17c6a9222444bdab62e960
                                                • Opcode Fuzzy Hash: 446902ba226ca94d624532b7bb64a5fd598635209dc612372c8a507305556798
                                                • Instruction Fuzzy Hash: 3AF01774A1421ACFDB60DF68D84C7A9B7B5BB05304F1051E6D01DA3641E7B89ED5CF12
                                                Function 05702913 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfbbc8f91bb86a8b4d416eb3fe8637eab13ec7655f22094b1565687b1aa3dee0
                                                • Instruction ID: 3bccac4158fbf37ec7925125bb73971c3a113eada247999df678c1d30745515f
                                                • Opcode Fuzzy Hash: bfbbc8f91bb86a8b4d416eb3fe8637eab13ec7655f22094b1565687b1aa3dee0
                                                • Instruction Fuzzy Hash: 19F0AC79D10248DFDB08DFAAE49869DBBF6FB48314F20902AE405E7296DB345881DF04
                                                Function 05708811 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 138acdd9d826c9cdbcb686e8ae27a9638e0e933fc9d9fbaa5022dc5d5695b26e
                                                • Instruction ID: 3192c7170667772136ee7ed42f72152378dbf3ef4ea3efe9c87eff7e70b485be
                                                • Opcode Fuzzy Hash: 138acdd9d826c9cdbcb686e8ae27a9638e0e933fc9d9fbaa5022dc5d5695b26e
                                                • Instruction Fuzzy Hash: 34E02C70258000DBC308C6C8C901BA9BBB5EB46328F289288A808873C2CA3A8E03CA41
                                                Function 05706FC0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8cb22db381f073fe44d11a6021e705703df311c2c98df85817889f1462e2471
                                                • Instruction ID: ab28410da72c8a8bb738cf99f61a25e47d0a624916546ba0fe6d6f8b1a177e1e
                                                • Opcode Fuzzy Hash: b8cb22db381f073fe44d11a6021e705703df311c2c98df85817889f1462e2471
                                                • Instruction Fuzzy Hash: C1F0C974908208EFCB45DF95D8509ACBBF6EB48310F14C099ED5456391CA32AA62EF40
                                                Function 05703B90 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f556f65536ca0cec836fe41cf1bba24647b8a6726ffbb5852132313e5b1cc26d
                                                • Instruction ID: cf338339ec52188b6d7f45d6a12ad3b4b1184cc12ad581159d72b61b894bfba6
                                                • Opcode Fuzzy Hash: f556f65536ca0cec836fe41cf1bba24647b8a6726ffbb5852132313e5b1cc26d
                                                • Instruction Fuzzy Hash: C7E048B1541108DBD701EBA1D5067CEBBF9DB05240F606495D80597250ED718A45AB82
                                                Function 05704260 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d58599a1a14d91cc8034d9f1b9cda72685a1990f55d6abdbedf77818ec19cb07
                                                • Instruction ID: 005be8d6e1cfbc224baceee38f193e780e2774da502bca25812ebd850ff2d0e2
                                                • Opcode Fuzzy Hash: d58599a1a14d91cc8034d9f1b9cda72685a1990f55d6abdbedf77818ec19cb07
                                                • Instruction Fuzzy Hash: A1E0ED75504108EBCF05DF94D940DADBBB6FB49310F10D059FD0517291CB329A61EF51
                                                Function 07AC8575 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ccb05b79fcbee1c493ab14da8e050017258c8ce02c66b76e8b98a1baec9de168
                                                • Instruction ID: 2bdef330cf567a6caeaa9499d25a9fa59fdedcf2d2e39ac505256b7e0b43eed5
                                                • Opcode Fuzzy Hash: ccb05b79fcbee1c493ab14da8e050017258c8ce02c66b76e8b98a1baec9de168
                                                • Instruction Fuzzy Hash: 9DF0F2B4A02209CFEB14CF59D880B9CB7B2FF49304F2044A9D509A3244C7796D82CF00
                                                Function 07AC9410 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7ebb62678a0767ed7907fd14fa68e5854c35fc240ae922dc05bffc85ec115ef
                                                • Instruction ID: 4acb9e081f23186f9952618512c208f326cddf113a61c7438a23bdc3b42e8d12
                                                • Opcode Fuzzy Hash: d7ebb62678a0767ed7907fd14fa68e5854c35fc240ae922dc05bffc85ec115ef
                                                • Instruction Fuzzy Hash: 45E0E5B4E04208EFCB84DFA9D5406ADBBF8FB88300F10C0AD981897341DA31AA02CF40
                                                Function 07AC83C0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7ebb62678a0767ed7907fd14fa68e5854c35fc240ae922dc05bffc85ec115ef
                                                • Instruction ID: 3b3dd4d1efcd79469edc3f833d424f9647a267bc40a580ff8ca1b5c7b3e62230
                                                • Opcode Fuzzy Hash: d7ebb62678a0767ed7907fd14fa68e5854c35fc240ae922dc05bffc85ec115ef
                                                • Instruction Fuzzy Hash: 9BE0EDB4E05208EFC784DFA9D48069CBBF4FB48300F10C0ADA81893341DA359A01CF40
                                                Function 07AC6A78 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 902d970bbe6a1fae5171bb7e4c0e1afbcdce1b00a7dc80caddf54d01093d6af1
                                                • Instruction ID: 2b4130b53dccab1940f89760ea89a682bda69f534b1f5c5e7b1c69f871bdd496
                                                • Opcode Fuzzy Hash: 902d970bbe6a1fae5171bb7e4c0e1afbcdce1b00a7dc80caddf54d01093d6af1
                                                • Instruction Fuzzy Hash: A6E0E5B4D05209EFCB54DFA9D44069DBBB5EB88300F20C0AAE818A2350DA35AA51DF91
                                                Function 05C2F441 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ee79320d83c813768082f81c2ebb0768f571972e1707d3074e5ddc166741ecf
                                                • Instruction ID: 6557affe640daca17fbca92b6171d31beef494a6b49880c0f171bc3c6a82fb93
                                                • Opcode Fuzzy Hash: 7ee79320d83c813768082f81c2ebb0768f571972e1707d3074e5ddc166741ecf
                                                • Instruction Fuzzy Hash: AAE0DF30908208DBC700CF94E44126CFF70FB41300F20D0ADD80957381CBB15E02DB40
                                                Function 05C2C8C0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7bdc56a509f2ebc4abe9620a0033a97a5715be18ef68db746b86c168dfb4f32
                                                • Instruction ID: 2441cedf986ba5720db2ff3b60d8c1f56298b4b25155213017f75da872eb7939
                                                • Opcode Fuzzy Hash: d7bdc56a509f2ebc4abe9620a0033a97a5715be18ef68db746b86c168dfb4f32
                                                • Instruction Fuzzy Hash: 9AE0E574E04208EFCB84DFA9D4406ACBBF4FB48300F20C4A9A818A3341DA319E01DF41
                                                Function 05702838 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da3cd84fa97192b009228c9591e6f3136db4bb452e3c7d75c2b20353158b8075
                                                • Instruction ID: 9df984716543aabe0da2d911d8da893835beac1754f2283a9b377713f8d020d5
                                                • Opcode Fuzzy Hash: da3cd84fa97192b009228c9591e6f3136db4bb452e3c7d75c2b20353158b8075
                                                • Instruction Fuzzy Hash: B7E04F78909208DBC704DF95E4496ACBFB5FB45300F60D19DE80967396CB314E46DF44
                                                Function 05702F00 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 765aeb45c988f91e02f3b504f2cca8a15511cb08a3657162ab832e13d544bd7f
                                                • Instruction ID: 6fad9b735e65d45204effa9431077ad682ce91559f76ef8cab3c58d8e535fa3d
                                                • Opcode Fuzzy Hash: 765aeb45c988f91e02f3b504f2cca8a15511cb08a3657162ab832e13d544bd7f
                                                • Instruction Fuzzy Hash: A1E0DF74904204DFC744DBA4D05A3A8BFF4EB06210F149099E809933C2DF359A06DB80
                                                Function 05708219 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 540a9e48fbec6871a7d15dbfd4b52c55eaae888c779cdbe5785fbade85a59ea0
                                                • Instruction ID: 36008f699bdef980bda48de7bb4823750e2ef94d10840cb7cf3d6ee9547f907d
                                                • Opcode Fuzzy Hash: 540a9e48fbec6871a7d15dbfd4b52c55eaae888c779cdbe5785fbade85a59ea0
                                                • Instruction Fuzzy Hash: 32E0DF7010C245DBC355CB94D556AA87BB4EB42228F28E1CDE808876D3CA328D03CF42
                                                Function 07AC6D00 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 028d7eac1a37fd65e31f194472a84367a4ca0baeee2d3f7e76e114d560ec1ac4
                                                • Instruction ID: dd2c00d4014bbd6b0d2fbe2861cfc08c428fe1511a2323c648f06a88aacdfd7b
                                                • Opcode Fuzzy Hash: 028d7eac1a37fd65e31f194472a84367a4ca0baeee2d3f7e76e114d560ec1ac4
                                                • Instruction Fuzzy Hash: 76E01AB4905208EFCB41DF94D44499CBBB4AB49321F208098F80417365CB719A60DF40
                                                Function 07AC1498 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7cc12fac16cd95e522b2ac4ffb9dce901925d092353971a9ab2ebdf15135cfb9
                                                • Instruction ID: adcb00911137b4c644df9eac0bd5876606448880304a643e3516bd7e191ebdeb
                                                • Opcode Fuzzy Hash: 7cc12fac16cd95e522b2ac4ffb9dce901925d092353971a9ab2ebdf15135cfb9
                                                • Instruction Fuzzy Hash: 0FF0B7B4951329DFDB60CF14D88879ABBB0FB06301F1045EAD45AA2291DB745EC8CF41
                                                Function 07ACE46B Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f4c4baee7a9076dd292e25c91512c8d3d1fd6700ccc6f10ca1ced52431bd607
                                                • Instruction ID: 30ac4b7269233af9524ca75df0447b1764710d131b3cfd809202794d284d4dd1
                                                • Opcode Fuzzy Hash: 7f4c4baee7a9076dd292e25c91512c8d3d1fd6700ccc6f10ca1ced52431bd607
                                                • Instruction Fuzzy Hash: E7E0C2B0344300FBCB24EB705A0176122996F85266F24486DE229AF280D963DC818362
                                                Function 05707CF0 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3980bd825673859c589be27b8786e22e9a92c3a39ff700b04dd03c3dea487d42
                                                • Instruction ID: 4eb7c73b4e0f398e2e5e63a2ab00cc97c3d0b4ffb38ca2bcab285f23a6d19080
                                                • Opcode Fuzzy Hash: 3980bd825673859c589be27b8786e22e9a92c3a39ff700b04dd03c3dea487d42
                                                • Instruction Fuzzy Hash: 2DE0ED74904208EBC745DF95D4406ACBBF5EB88311F10D0AAA84453391DA319A52EF80
                                                Function 057020DB Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfd9f2092ec0211a75120fbffb1da8137d5c30dd29c2420f8e49f6d41608dea2
                                                • Instruction ID: bb955971eecac13a57b15450b2931dd1bd8ef082e7a9e508b4bde77e93154d28
                                                • Opcode Fuzzy Hash: bfd9f2092ec0211a75120fbffb1da8137d5c30dd29c2420f8e49f6d41608dea2
                                                • Instruction Fuzzy Hash: A1E04F74918104EBCB04DFA4E58A6ACBBB5FB45304F24919DD80957392CF718E06DB80
                                                Function 05707FF8 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3980bd825673859c589be27b8786e22e9a92c3a39ff700b04dd03c3dea487d42
                                                • Instruction ID: 0a3eacd77cb2b85d52db68d12251db510ea48d4f7acba431d2a0a1c204095e54
                                                • Opcode Fuzzy Hash: 3980bd825673859c589be27b8786e22e9a92c3a39ff700b04dd03c3dea487d42
                                                • Instruction Fuzzy Hash: 9DE01A74D08208EFCB54DF99D4445ADFBF9EB88310F10C0AAEC4457391DA319A51EF81
                                                Function 07AC7D30 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47141896611cc6b780e3e3428dc78fd3e4e0011e2d2a02f11ad7041f7a8f8ff0
                                                • Instruction ID: 78eaabfad73aaee97b40a8facf0e2a0a015d36b955c7733d9d4eb5d6c1636879
                                                • Opcode Fuzzy Hash: 47141896611cc6b780e3e3428dc78fd3e4e0011e2d2a02f11ad7041f7a8f8ff0
                                                • Instruction Fuzzy Hash: 64E046B0A05208EFC780EFA8D8816ACBBF8AB48200F2080ADD80897351EA319A41CF41
                                                Function 05C2CC18 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b506d7f78d28d95572af5ba2bab48c8c1e31d9eca900f03347694dbdee53abfe
                                                • Instruction ID: e27f3a88786dc00985cecc97c01e0a4881a97c69f98df524ea32bdc9b37e71b5
                                                • Opcode Fuzzy Hash: b506d7f78d28d95572af5ba2bab48c8c1e31d9eca900f03347694dbdee53abfe
                                                • Instruction Fuzzy Hash: 9EE01A74D08208ABCB44DF99E4405ACBBB8AB49200F20C0A9985953341CA319E02DF40
                                                Function 07E482E8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4ca6f26f41b1ef8b48fc8900b94305d4285482a62760d252b06a654796324eb
                                                • Instruction ID: ae29a3163c5efe9ed1bec3c704203119582bc7ebdf9557094b63dccadab2cfb2
                                                • Opcode Fuzzy Hash: a4ca6f26f41b1ef8b48fc8900b94305d4285482a62760d252b06a654796324eb
                                                • Instruction Fuzzy Hash: 38E04FB4D09208EFC744DFD9E4415ACFBB8EB4A304F10C0E9D80853345CA319A41DF40
                                                Function 05706D70 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a301f5197328fa87e0b004983e09b452ca0693b10c3d925256b19cd47bda42c
                                                • Instruction ID: 92263c0a26514c0fb40a9b07d738e0e7cf2d4d184991ab6c3bd27510f68ade10
                                                • Opcode Fuzzy Hash: 0a301f5197328fa87e0b004983e09b452ca0693b10c3d925256b19cd47bda42c
                                                • Instruction Fuzzy Hash: AAE01AB8904218DFD7A1CF18C8507DE7BB9FB49310F10829AA82EA3345CB344E84DF90
                                                Function 05708E78 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fdfcd0c47baaf166c9fbb81f519daed9e97bb6ed8fcafc034c8397e1f483b299
                                                • Instruction ID: 790ce69eada2f089d12228d49b53c7b536e1842447bfef1eb3d0b25d63975518
                                                • Opcode Fuzzy Hash: fdfcd0c47baaf166c9fbb81f519daed9e97bb6ed8fcafc034c8397e1f483b299
                                                • Instruction Fuzzy Hash: DCE01A74D08208EBCB54DF99D4405ACBBF9AB48300F10C0A9985857381CA719A01DF41
                                                Function 057032A0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 745e4213e006d2f2696a268271ea37c1b18a1a28ddd14d7dd9b627d5340a78ce
                                                • Instruction ID: 7064da00ac5cc151e4b349eee5c9dbdcbb907dfe491770a35dd6c38fcb9e349b
                                                • Opcode Fuzzy Hash: 745e4213e006d2f2696a268271ea37c1b18a1a28ddd14d7dd9b627d5340a78ce
                                                • Instruction Fuzzy Hash: 21E08670904208EFC780DFE8D54069CBBF8EB08300F2084ADD808D3381DA319E45DB40
                                                Function 07AC6810 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7b86f31f8410ea00e2f7641ec9a990189da00d23a6230ba4dd4c4ece6c243e4
                                                • Instruction ID: 9e73d742219678e5f0c02aa559edda7d805e7bc5ff5af9b8e3deeaaafbc0ca07
                                                • Opcode Fuzzy Hash: f7b86f31f8410ea00e2f7641ec9a990189da00d23a6230ba4dd4c4ece6c243e4
                                                • Instruction Fuzzy Hash: B5E012B0D56208EFC790DFF8D5456ACBFF8AB05311F1051A9E808E3350EE305A44DB81
                                                Function 05C2E558 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e64915004bd91adf6041619a3987bc7667a17d2fbff4066067615051a5fc0c2
                                                • Instruction ID: 22b8b3f9834d79bf0f4c9556162c2766aaf3813dd67f52446c28bdcb8ce650e8
                                                • Opcode Fuzzy Hash: 9e64915004bd91adf6041619a3987bc7667a17d2fbff4066067615051a5fc0c2
                                                • Instruction Fuzzy Hash: 93E0ECB4909208EBC704DF96E5415ACBBB9AB45314F2095AD980927351DA319E52DB81
                                                Function 05C2F450 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e64915004bd91adf6041619a3987bc7667a17d2fbff4066067615051a5fc0c2
                                                • Instruction ID: c993de3a3c3b46d4ba6b20094bd1f4e0d78d7833a0833d0446403437103c3b66
                                                • Opcode Fuzzy Hash: 9e64915004bd91adf6041619a3987bc7667a17d2fbff4066067615051a5fc0c2
                                                • Instruction Fuzzy Hash: 42E0C27490820CDBC704DFD5E4415ACBBB8EB45300F20C09DD80913341CA719E42CB80
                                                Function 05C22799 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51104fe9c524f08ba3a60783eb1f24bcaef023f94f4d53d0a9c3cd15889817db
                                                • Instruction ID: 033b82ac4fbd7fab381e084576b1ecb5d26e919475b146b7f250c42aa321db67
                                                • Opcode Fuzzy Hash: 51104fe9c524f08ba3a60783eb1f24bcaef023f94f4d53d0a9c3cd15889817db
                                                • Instruction Fuzzy Hash: D2E0C23430D7914FC70A8739A8505563FF2AF8A60030A86EAD484CF31BEA24DD0BC761
                                                Function 05C2DE01 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd5eac0c6e133af5e6a78aaf0902f90d466ecef9b01dd688bb29f80a58df0975
                                                • Instruction ID: a1988e176796c3ffa88a6361794fdd03bc9c6c8f8f8c9453a6b19a4f81009eb9
                                                • Opcode Fuzzy Hash: fd5eac0c6e133af5e6a78aaf0902f90d466ecef9b01dd688bb29f80a58df0975
                                                • Instruction Fuzzy Hash: CFE0CDB15091448BC305CBE1D659668BB78EB52314F2494CD981657292DF36CE02C700
                                                Function 07E4DFD0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc023929cadef0819719ccfbb4679bc809cea7275cb508ec2d31344204ff9cf3
                                                • Instruction ID: ac3b3adc0f757beaf87be61ec3724173d0b02a72c8302a6e218b19f43792a00f
                                                • Opcode Fuzzy Hash: fc023929cadef0819719ccfbb4679bc809cea7275cb508ec2d31344204ff9cf3
                                                • Instruction Fuzzy Hash: 4EE012B4A09209DBC714DFD5E9519ACBBB8EB45314F20D199E80817355CB319E52DB81
                                                Function 07E4AE70 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b231ad5d53222f35b9a27d2329302527643680b5b5306aab900c479b0130246f
                                                • Instruction ID: 7bc2ffc3dff76f867fc0b8979844849c577831d6f9962758719e352023e401e6
                                                • Opcode Fuzzy Hash: b231ad5d53222f35b9a27d2329302527643680b5b5306aab900c479b0130246f
                                                • Instruction Fuzzy Hash: F9E05BF198120CDBC700FFF5D50069E77F9DF45210F1054E5D40597150EE729A44EB96
                                                Function 05702848 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction ID: affa36f6849902ef75ad484d83475209bc0ccf8653e113ae51cf927d67435ffb
                                                • Opcode Fuzzy Hash: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction Fuzzy Hash: DAE0EC78909208DBC704DF95E5495ACBBF9AB45314F209199980927396CA319E42DB85
                                                Function 05708820 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction ID: 1047d5f1b592ab9fd95040da971eb751820509148b560ddfb648f7b3096a612f
                                                • Opcode Fuzzy Hash: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction Fuzzy Hash: DDE01274919208DBC704DFD4E5415ACBBF9EB45314F20D199DC49173D1CA319E42DB81
                                                Function 057020E8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction ID: 4e06524cb382f98430f0611cf0bb6032e09890f58a022b285eb01811c9a5dd58
                                                • Opcode Fuzzy Hash: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction Fuzzy Hash: CCE0EC78909208EBC704DF94E9855ACBBF9AB45314F209199D80957392CA719E42DB81
                                                Function 05703BA0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f12539e2ebe8e3d97dab4062740a1ed435cd75d863381256c3435d219114f1b
                                                • Instruction ID: fd2d9e4b5d1b1b60503341e8d83dfdac704d30656b1d6727828de82f96d49bbf
                                                • Opcode Fuzzy Hash: 9f12539e2ebe8e3d97dab4062740a1ed435cd75d863381256c3435d219114f1b
                                                • Instruction Fuzzy Hash: 21E0C2B158120CDBC700FBF5950068E7BFD9B04200F1054A5D40493150EE718A04AB92
                                                Function 057093A0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction ID: f86fcf84005a6db8989f252b70f10339d4b8aaa7f9c33b289f9a44dd0ab9714a
                                                • Opcode Fuzzy Hash: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction Fuzzy Hash: B6E0EC74909208DBC704DB94E5415ACFBF9AB45314F209199D909573D2CA319E42DF81
                                                Function 05708228 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction ID: 7eac6fdb028287dec9aee6f4a6aa88feaa8bea3e1ef38551687561618d6a5407
                                                • Opcode Fuzzy Hash: 62510b40b27a7247539bc23ed218fa3596e2b16dd9d050e9e38b4b2baf1c5585
                                                • Instruction Fuzzy Hash: F3E08C74908208DBC704DFD4E5419ACBBF8EB45300F24A098A80813381CA719E42DB91
                                                Function 07AC6B10 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4fc05d8fcc2b1ed65dfd1291f6e67837305fcb449421263efd3059f993484413
                                                • Instruction ID: ac5a5de6a310939b77624fba4e3c245f3ff271bf246a80a35f131ae80193736d
                                                • Opcode Fuzzy Hash: 4fc05d8fcc2b1ed65dfd1291f6e67837305fcb449421263efd3059f993484413
                                                • Instruction Fuzzy Hash: 3AD017B0A4920CEBC714DFA4E5455ADBFB8AB46301F1091A9E80823250DE301A44DB95
                                                Function 07AC7960 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5488f1eea522d10b5f72be9da9f61e993fca5901d814591d2ff68e5199f089da
                                                • Instruction ID: acd19107eb230b3058fdd37be409f18cdb61507110d100077987560b07b309bb
                                                • Opcode Fuzzy Hash: 5488f1eea522d10b5f72be9da9f61e993fca5901d814591d2ff68e5199f089da
                                                • Instruction Fuzzy Hash: 80E0E5B4914208EFEB00CFA4E49479C7BF9FB06315F20006AE002E7294CB385884CF41
                                                Function 07ACA068 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ccec390d8081b2d9667954862bcc30317653e284da298a37b407a2a4f682bf2
                                                • Instruction ID: 97692f7196297e0d000d89d4ea5cc7da23ba4023b6ce03b8b66ae6cf427a07bc
                                                • Opcode Fuzzy Hash: 9ccec390d8081b2d9667954862bcc30317653e284da298a37b407a2a4f682bf2
                                                • Instruction Fuzzy Hash: 07E01270A0130CEFCB44EFF5E941A6DB7B6EF49704F6095A9D505D7240EA315E009790
                                                Function 05C26F58 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b12729d85c04c7231421edd4c8fd2fbe206dde5cf0641a97dde65aa1e80c9c4f
                                                • Instruction ID: 7c702fd1fae4d7faae4923e9f1f9c4f9eaebcd7bc483d1734f8a16d610c94a58
                                                • Opcode Fuzzy Hash: b12729d85c04c7231421edd4c8fd2fbe206dde5cf0641a97dde65aa1e80c9c4f
                                                • Instruction Fuzzy Hash: C0D067760592D49FC7028B74D8A58A57F74EF5B21031A85D2E9C4CF233C221AC1BEB61
                                                Function 05702F10 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2476606802.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5700000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6bbf46ccf65af3c84dd3b1f72078a9723d6f291b17afc14a0bf4c3f009b56282
                                                • Instruction ID: 63d1049f05658fb95fbcdc52ea7aa38b6e0fc7f4130716eaa0f0316295bfced8
                                                • Opcode Fuzzy Hash: 6bbf46ccf65af3c84dd3b1f72078a9723d6f291b17afc14a0bf4c3f009b56282
                                                • Instruction Fuzzy Hash: 57E0C2B4908208DFC740DBE8D4542ACFFF8EB06200F1090D9E80853382DA31AE06DB40
                                                Function 07AC9C18 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8554fad540976940e3302c6d502edfcfef23b5dda7d4badb1493d83f8b36a62c
                                                • Instruction ID: b0e2d57cea7e1add0f542b2ef7529373b28c7cac7463df030bd66e4e7194c5fc
                                                • Opcode Fuzzy Hash: 8554fad540976940e3302c6d502edfcfef23b5dda7d4badb1493d83f8b36a62c
                                                • Instruction Fuzzy Hash: B9E01270A0120CEFCB40DFA9F940A5EB7F5EF45204F1041A9D509D3344EA315F009BA1
                                                Function 07AC72B0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83a26cb1877c21d176754e27e1598809b98dc94d22bc53257c0f0c48f767a190
                                                • Instruction ID: c970533c8b17ba50f5350dbb1cb785ea966fd9e0ff6747009f8e0f4744fe20fc
                                                • Opcode Fuzzy Hash: 83a26cb1877c21d176754e27e1598809b98dc94d22bc53257c0f0c48f767a190
                                                • Instruction Fuzzy Hash: 6AE0E574900218CBCB58CF24D8997DDBBB1FB8A304F108599D50AA3341CB345E89DF80
                                                Function 05C2DE10 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 130b953326a8ec9bfb31cb7dbbe665e8b3e9a3f54ac4debc9252b66c9b73d151
                                                • Instruction ID: 4b7f08b9ce117205628a72769b73841a986b19c02693e940b7883a3fad1d46f2
                                                • Opcode Fuzzy Hash: 130b953326a8ec9bfb31cb7dbbe665e8b3e9a3f54ac4debc9252b66c9b73d151
                                                • Instruction Fuzzy Hash: 2FD0A770509108DBC744CBD5E554A68B7BCEB56314F10949CA80B53351CF329E02CB40
                                                Function 07AC77E6 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79c3712367b3b415a9281ba1cbe0345dd8dc505dbe47a66a0c26e3a496b590a9
                                                • Instruction ID: 6a0a6b186e43e6024bfe6e1ac8fb5a1aa01512c726d847e7b6871061f34cce73
                                                • Opcode Fuzzy Hash: 79c3712367b3b415a9281ba1cbe0345dd8dc505dbe47a66a0c26e3a496b590a9
                                                • Instruction Fuzzy Hash: CDE0E578A1421ACBCBA8DB10CC547ED76B5FB4A304F1141A99529A3680DF311DC8EF40
                                                Function 07AC79A8 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c409a01674b39c68add2234888cd00294df26c3005d3d098d6b58e6ecae962a9
                                                • Instruction ID: bd13222f3af57952e82588889faa4563e845c10a3123092693b9f5e8696e0738
                                                • Opcode Fuzzy Hash: c409a01674b39c68add2234888cd00294df26c3005d3d098d6b58e6ecae962a9
                                                • Instruction Fuzzy Hash: 4AE0E574A10219DBC768DB24D8957DDBAB1FB5A300F10849E9619A3280CF341E85CF80
                                                Function 07AC790A Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85835e987585f162d08a5efab6bbaeabfcc8494aeb6fab657e6813ccc745ebd9
                                                • Instruction ID: 462167f4767cc79bf11ddeb6f1292313a5911dd1b07fb91a35875d07d7f192b8
                                                • Opcode Fuzzy Hash: 85835e987585f162d08a5efab6bbaeabfcc8494aeb6fab657e6813ccc745ebd9
                                                • Instruction Fuzzy Hash: 0CE01A7095421ADBD764DF65E899BADBBB2FB4A300F2081AAD419A3290DF301D84DF10
                                                Function 07AC7156 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2fd12ecbabbae6acb080baffb903a2e2d123ab0677fd3c453e682866270a262
                                                • Instruction ID: 114425eea602264865bff2c7e8d593e7b92eeaf947ed53fcd2332b604c0a72e2
                                                • Opcode Fuzzy Hash: c2fd12ecbabbae6acb080baffb903a2e2d123ab0677fd3c453e682866270a262
                                                • Instruction Fuzzy Hash: 21E01AB4A11218CFC724DF24D9A479DBBB1FB5A300F10409AD50AA3340CF345E84CF00
                                                Function 05C222C0 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 13e97bd6e2c6fa5d324c2287d8de3fccb56c6668178f8fb6222f85435e70f128
                                                • Instruction ID: 6f716a0c31a478360755580d89368bcadb9ff67438a473623b9f3eb267a09d8d
                                                • Opcode Fuzzy Hash: 13e97bd6e2c6fa5d324c2287d8de3fccb56c6668178f8fb6222f85435e70f128
                                                • Instruction Fuzzy Hash: 7CD012315443169FC715D718DA4099BF7D1EF84350B05CE3DA4564B638DB70ED898B84
                                                Function 05C25041 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ffdb98c2a68f9269e28900ec51c0272e76a9afa3fe6397b7c6c35fcd7babefe
                                                • Instruction ID: 35c32421485c2aead2dee3f7322d91e305228817df998b7e3c39392b57451e42
                                                • Opcode Fuzzy Hash: 6ffdb98c2a68f9269e28900ec51c0272e76a9afa3fe6397b7c6c35fcd7babefe
                                                • Instruction Fuzzy Hash: 24D09B750482949FC7128F34D5D59D57F70DF1635431B81D6D8889F133C6269C2ADB15
                                                Function 07AC36D2 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2479526537.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ac0000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3709a596f7723fb9a660f2ca5cb89c43409cecbdd4cc202b46b4480a55d1a534
                                                • Instruction ID: 8303c74fb197ff84bf5cc319cedae9b415f703424f2d6cd7772287efffb1925f
                                                • Opcode Fuzzy Hash: 3709a596f7723fb9a660f2ca5cb89c43409cecbdd4cc202b46b4480a55d1a534
                                                • Instruction Fuzzy Hash: 51D017B0924318CFCB15EB25D9842997BF9AB45300F005659C00BAB300DB385EC98F40
                                                Function 07E4E448 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2480008471.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7e30000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52c4e21a04b3ff3f1455c009754213bd4db7990276e216b05a1807c9ed8e279c
                                                • Instruction ID: 2eed00eff2fdcec57b3ee0e21650dba399a30034b1b6cb2771db56b1cb8eda43
                                                • Opcode Fuzzy Hash: 52c4e21a04b3ff3f1455c009754213bd4db7990276e216b05a1807c9ed8e279c
                                                • Instruction Fuzzy Hash: 14C02BF005B30683C22012F5B01C3B077DCA707305F043C00730D01461CE704040DB10
                                                Function 05C25050 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                Function 05C29148 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2477215903.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5c20000_shellhost.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 751623c77073c7b265443494fb92984da81ac625a81a7fd06729ec5521af9a25
                                                • Instruction ID: 3c0380b0a2327f7009f75b88e36e70925fe723fafc86f77e3d04fea8bf7ae88a
                                                • Opcode Fuzzy Hash: 751623c77073c7b265443494fb92984da81ac625a81a7fd06729ec5521af9a25
                                                • Instruction Fuzzy Hash: 06B09232000208EB86009A94E804895BB69AB59604740C029F609061228B33A822DB95