Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Swift copy.exe

Overview

General Information

Sample name:Swift copy.exe
Analysis ID:1558203
MD5:775577663bf7db8dbef949c73b4efa96
SHA1:dc6830e116e795ee0429ca26db69d825d4511c8e
SHA256:e70f87d5f05ff21f16c25173755ebb71a2cf2b46c047aa9ad9bbf1e13e2dd3c4
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Swift copy.exe (PID: 7748 cmdline: "C:\Users\user\Desktop\Swift copy.exe" MD5: 775577663BF7DB8DBEF949C73B4EFA96)
    • Swift copy.exe (PID: 5844 cmdline: "C:\Users\user\Desktop\Swift copy.exe" MD5: 775577663BF7DB8DBEF949C73B4EFA96)
    • Swift copy.exe (PID: 4092 cmdline: "C:\Users\user\Desktop\Swift copy.exe" MD5: 775577663BF7DB8DBEF949C73B4EFA96)
    • Swift copy.exe (PID: 6116 cmdline: "C:\Users\user\Desktop\Swift copy.exe" MD5: 775577663BF7DB8DBEF949C73B4EFA96)
      • XxPvAQnhLSF.exe (PID: 7024 cmdline: "C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • tzutil.exe (PID: 2968 cmdline: "C:\Windows\SysWOW64\tzutil.exe" MD5: 31DE852CCF7CED517CC79596C76126B4)
          • XxPvAQnhLSF.exe (PID: 5760 cmdline: "C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.2.Swift copy.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              11.2.Swift copy.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Swift copy.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: Swift copy.exeReversingLabs: Detection: 62%
                Source: Swift copy.exeVirustotal: Detection: 38%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2198917038.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3131478428.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Swift copy.exeJoe Sandbox ML: detected
                Source: Swift copy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Swift copy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: tzutil.pdbGCTL source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000002.3130281932.00000000014AE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XxPvAQnhLSF.exe, 0000000E.00000000.2117617605.000000000027E000.00000002.00000001.01000000.0000000C.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3129326354.000000000027E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Swift copy.exe, 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2192608572.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2200521943.0000000002C69000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Swift copy.exe, Swift copy.exe, 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, tzutil.exe, 0000000F.00000003.2192608572.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2200521943.0000000002C69000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: tzutil.pdb source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000002.3130281932.00000000014AE000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 4x nop then jmp 0748DCC8h5_2_0748E19D
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 4x nop then xor eax, eax15_2_002C9F80

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.070001325.xyz
                Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
                Source: Joe Sandbox ViewIP Address: 18.139.62.226 18.139.62.226
                Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
                Source: global trafficTCP traffic: 192.168.2.10:49726 -> 161.97.142.144:80
                Source: global trafficTCP traffic: 192.168.2.10:49727 -> 107.155.56.30:80
                Source: global trafficTCP traffic: 192.168.2.10:49731 -> 18.139.62.226:80
                Source: global trafficTCP traffic: 192.168.2.10:49733 -> 188.114.96.3:80
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: www.070001325.xyz
                Source: global trafficDNS traffic detected: DNS query: www.expancz.top
                Source: global trafficDNS traffic detected: DNS query: www.taxiquynhonnew.click
                Source: global trafficDNS traffic detected: DNS query: www.epitomize.shop
                Source: Swift copy.exeString found in binary or memory: https://www.google.com/#q=

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2198917038.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3131478428.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Swift copy.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0042C953 NtClose,11_2_0042C953
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262B60 NtClose,LdrInitializeThunk,11_2_01262B60
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_01262DF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_01262C70
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012635C0 NtCreateMutant,LdrInitializeThunk,11_2_012635C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01264340 NtSetContextThread,11_2_01264340
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01264650 NtSuspendThread,11_2_01264650
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262BA0 NtEnumerateValueKey,11_2_01262BA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262B80 NtQueryInformationFile,11_2_01262B80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262BE0 NtQueryValueKey,11_2_01262BE0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262BF0 NtAllocateVirtualMemory,11_2_01262BF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262AB0 NtWaitForSingleObject,11_2_01262AB0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262AF0 NtWriteFile,11_2_01262AF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262AD0 NtReadFile,11_2_01262AD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262D30 NtUnmapViewOfSection,11_2_01262D30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262D00 NtSetInformationFile,11_2_01262D00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262D10 NtMapViewOfSection,11_2_01262D10
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262DB0 NtEnumerateKey,11_2_01262DB0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262DD0 NtDelayExecution,11_2_01262DD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262C00 NtQueryInformationProcess,11_2_01262C00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262C60 NtCreateKey,11_2_01262C60
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262CA0 NtQueryInformationToken,11_2_01262CA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262CF0 NtOpenProcess,11_2_01262CF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262CC0 NtQueryVirtualMemory,11_2_01262CC0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262F30 NtCreateSection,11_2_01262F30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262F60 NtCreateProcessEx,11_2_01262F60
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262FA0 NtQuerySection,11_2_01262FA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262FB0 NtResumeThread,11_2_01262FB0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262F90 NtProtectVirtualMemory,11_2_01262F90
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262FE0 NtCreateFile,11_2_01262FE0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262E30 NtWriteVirtualMemory,11_2_01262E30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262EA0 NtAdjustPrivilegesToken,11_2_01262EA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262E80 NtReadVirtualMemory,11_2_01262E80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262EE0 NtQueueApcThread,11_2_01262EE0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01263010 NtOpenDirectoryObject,11_2_01263010
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01263090 NtSetValueKey,11_2_01263090
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012639B0 NtGetContextThread,11_2_012639B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01263D10 NtOpenProcessToken,11_2_01263D10
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01263D70 NtOpenThread,11_2_01263D70
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E84340 NtSetContextThread,LdrInitializeThunk,15_2_02E84340
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E84650 NtSuspendThread,LdrInitializeThunk,15_2_02E84650
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82AD0 NtReadFile,LdrInitializeThunk,15_2_02E82AD0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82BE0 NtQueryValueKey,LdrInitializeThunk,15_2_02E82BE0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82BF0 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_02E82BF0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82B60 NtClose,LdrInitializeThunk,15_2_02E82B60
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82EE0 NtQueueApcThread,LdrInitializeThunk,15_2_02E82EE0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82E80 NtReadVirtualMemory,LdrInitializeThunk,15_2_02E82E80
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82FE0 NtCreateFile,LdrInitializeThunk,15_2_02E82FE0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82FB0 NtResumeThread,LdrInitializeThunk,15_2_02E82FB0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82F30 NtCreateSection,LdrInitializeThunk,15_2_02E82F30
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82CA0 NtQueryInformationToken,LdrInitializeThunk,15_2_02E82CA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82C60 NtCreateKey,LdrInitializeThunk,15_2_02E82C60
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82C70 NtFreeVirtualMemory,LdrInitializeThunk,15_2_02E82C70
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82DF0 NtQuerySystemInformation,LdrInitializeThunk,15_2_02E82DF0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82DD0 NtDelayExecution,LdrInitializeThunk,15_2_02E82DD0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82D30 NtUnmapViewOfSection,LdrInitializeThunk,15_2_02E82D30
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82D10 NtMapViewOfSection,LdrInitializeThunk,15_2_02E82D10
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E835C0 NtCreateMutant,LdrInitializeThunk,15_2_02E835C0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E839B0 NtGetContextThread,LdrInitializeThunk,15_2_02E839B0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82AF0 NtWriteFile,15_2_02E82AF0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82AB0 NtWaitForSingleObject,15_2_02E82AB0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82BA0 NtEnumerateValueKey,15_2_02E82BA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82B80 NtQueryInformationFile,15_2_02E82B80
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82EA0 NtAdjustPrivilegesToken,15_2_02E82EA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82E30 NtWriteVirtualMemory,15_2_02E82E30
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82FA0 NtQuerySection,15_2_02E82FA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82F90 NtProtectVirtualMemory,15_2_02E82F90
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82F60 NtCreateProcessEx,15_2_02E82F60
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82CF0 NtOpenProcess,15_2_02E82CF0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82CC0 NtQueryVirtualMemory,15_2_02E82CC0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82C00 NtQueryInformationProcess,15_2_02E82C00
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82DB0 NtEnumerateKey,15_2_02E82DB0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E82D00 NtSetInformationFile,15_2_02E82D00
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E83090 NtSetValueKey,15_2_02E83090
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E83010 NtOpenDirectoryObject,15_2_02E83010
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E83D70 NtOpenThread,15_2_02E83D70
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E83D10 NtOpenProcessToken,15_2_02E83D10
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002E9480 NtCreateFile,15_2_002E9480
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002E95F0 NtReadFile,15_2_002E95F0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002E9780 NtClose,15_2_002E9780
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002E98E0 NtAllocateVirtualMemory,15_2_002E98E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_04DB82B05_2_04DB82B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_04DB05485_2_04DB0548
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_04DB82A15_2_04DB82A1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_04DB0EF85_2_04DB0EF8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_04DB0F085_2_04DB0F08
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748FAC85_2_0748FAC8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748A6485_2_0748A648
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748A6585_2_0748A658
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_074816E75_2_074816E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_074816F85_2_074816F8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748A2205_2_0748A220
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748C1C05_2_0748C1C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748C1D05_2_0748C1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_074830335_2_07483033
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_07489DE85_2_07489DE8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0748AA905_2_0748AA90
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_004189C311_2_004189C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0041021B11_2_0041021B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040122011_2_00401220
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0041022311_2_00410223
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_004022DE11_2_004022DE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_004022E011_2_004022E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00416BCE11_2_00416BCE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00416BD311_2_00416BD3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0041044311_2_00410443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040E46311_2_0040E463
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040E5B311_2_0040E5B3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040262C11_2_0040262C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040263011_2_00402630
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00402F5011_2_00402F50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0042EF2311_2_0042EF23
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122010011_2_01220100
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CA11811_2_012CA118
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B815811_2_012B8158
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F01AA11_2_012F01AA
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E41A211_2_012E41A2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E81CC11_2_012E81CC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C200011_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EA35211_2_012EA352
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F03E611_2_012F03E6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E3F011_2_0123E3F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D027411_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B02C011_2_012B02C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123053511_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F059111_2_012F0591
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D442011_2_012D4420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E244611_2_012E2446
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DE4F611_2_012DE4F6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123077011_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125475011_2_01254750
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122C7C011_2_0122C7C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124C6E011_2_0124C6E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124696211_2_01246962
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A011_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012FA9A611_2_012FA9A6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123A84011_2_0123A840
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123284011_2_01232840
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012168B811_2_012168B8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E8F011_2_0125E8F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EAB4011_2_012EAB40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E6BD711_2_012E6BD7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA8011_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123AD0011_2_0123AD00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CCD1F11_2_012CCD1F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01248DBF11_2_01248DBF
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122ADE011_2_0122ADE0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230C0011_2_01230C00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0CB511_2_012D0CB5
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220CF211_2_01220CF2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01272F2811_2_01272F28
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01250F3011_2_01250F30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D2F3011_2_012D2F30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A4F4011_2_012A4F40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AEFA011_2_012AEFA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123CFE011_2_0123CFE0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01222FC811_2_01222FC8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EEE2611_2_012EEE26
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230E5911_2_01230E59
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242E9011_2_01242E90
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012ECE9311_2_012ECE93
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EEEDB11_2_012EEEDB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012FB16B11_2_012FB16B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126516C11_2_0126516C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121F17211_2_0121F172
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123B1B011_2_0123B1B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E70E911_2_012E70E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EF0E011_2_012EF0E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DF0CC11_2_012DF0CC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012370C011_2_012370C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E132D11_2_012E132D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121D34C11_2_0121D34C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0127739A11_2_0127739A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012352A011_2_012352A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D12ED11_2_012D12ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124B2C011_2_0124B2C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E757111_2_012E7571
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CD5B011_2_012CD5B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F95C311_2_012F95C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EF43F11_2_012EF43F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122146011_2_01221460
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EF7B011_2_012EF7B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012217EC11_2_012217EC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0127563011_2_01275630
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E16CC11_2_012E16CC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C591011_2_012C5910
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123995011_2_01239950
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124B95011_2_0124B950
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129D80011_2_0129D800
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012338E011_2_012338E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EFB7611_2_012EFB76
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124FB8011_2_0124FB80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A5BF011_2_012A5BF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126DBF911_2_0126DBF9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A3A6C11_2_012A3A6C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EFA4911_2_012EFA49
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E7A4611_2_012E7A46
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CDAAC11_2_012CDAAC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01275AA011_2_01275AA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D1AA311_2_012D1AA3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DDAC611_2_012DDAC6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E7D7311_2_012E7D73
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01233D4011_2_01233D40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E1D5A11_2_012E1D5A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124FDC011_2_0124FDC0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A9C3211_2_012A9C32
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EFCF211_2_012EFCF2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EFF0911_2_012EFF09
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EFFB111_2_012EFFB1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01231F9211_2_01231F92
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F3FD511_2_011F3FD5
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F3FD211_2_011F3FD2
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02ED02C015_2_02ED02C0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF027415_2_02EF0274
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5E3F015_2_02E5E3F0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F103E615_2_02F103E6
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0A35215_2_02F0A352
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EE200015_2_02EE2000
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F081CC15_2_02F081CC
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F041A215_2_02F041A2
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F101AA15_2_02F101AA
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02ED815815_2_02ED8158
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E4010015_2_02E40100
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EEA11815_2_02EEA118
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6C6E015_2_02E6C6E0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E4C7C015_2_02E4C7C0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5077015_2_02E50770
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E7475015_2_02E74750
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EFE4F615_2_02EFE4F6
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0244615_2_02F02446
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF442015_2_02EF4420
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F1059115_2_02F10591
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5053515_2_02E50535
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E4EA8015_2_02E4EA80
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F06BD715_2_02F06BD7
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0AB4015_2_02F0AB40
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E7E8F015_2_02E7E8F0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E368B815_2_02E368B8
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5A84015_2_02E5A840
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5284015_2_02E52840
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E529A015_2_02E529A0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F1A9A615_2_02F1A9A6
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6696215_2_02E66962
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0EEDB15_2_02F0EEDB
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0CE9315_2_02F0CE93
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E62E9015_2_02E62E90
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E50E5915_2_02E50E59
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0EE2615_2_02F0EE26
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5CFE015_2_02E5CFE0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E42FC815_2_02E42FC8
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02ECEFA015_2_02ECEFA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EC4F4015_2_02EC4F40
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E92F2815_2_02E92F28
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E70F3015_2_02E70F30
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF2F3015_2_02EF2F30
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E40CF215_2_02E40CF2
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF0CB515_2_02EF0CB5
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E50C0015_2_02E50C00
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E4ADE015_2_02E4ADE0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E68DBF15_2_02E68DBF
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5AD0015_2_02E5AD00
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EECD1F15_2_02EECD1F
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF12ED15_2_02EF12ED
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6B2C015_2_02E6B2C0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E552A015_2_02E552A0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E9739A15_2_02E9739A
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E3D34C15_2_02E3D34C
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0132D15_2_02F0132D
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0F0E015_2_02F0F0E0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F070E915_2_02F070E9
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EFF0CC15_2_02EFF0CC
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E570C015_2_02E570C0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5B1B015_2_02E5B1B0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E8516C15_2_02E8516C
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E3F17215_2_02E3F172
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F1B16B15_2_02F1B16B
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F016CC15_2_02F016CC
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E9563015_2_02E95630
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E417EC15_2_02E417EC
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0F7B015_2_02F0F7B0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E4146015_2_02E41460
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0F43F15_2_02F0F43F
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F195C315_2_02F195C3
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EED5B015_2_02EED5B0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0757115_2_02F07571
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EFDAC615_2_02EFDAC6
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EEDAAC15_2_02EEDAAC
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E95AA015_2_02E95AA0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EF1AA315_2_02EF1AA3
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EC3A6C15_2_02EC3A6C
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F07A4615_2_02F07A46
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0FA4915_2_02F0FA49
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E8DBF915_2_02E8DBF9
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EC5BF015_2_02EC5BF0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6FB8015_2_02E6FB80
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0FB7615_2_02F0FB76
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E538E015_2_02E538E0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EBD80015_2_02EBD800
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E5995015_2_02E59950
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6B95015_2_02E6B950
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EE591015_2_02EE5910
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E59EB015_2_02E59EB0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E13FD215_2_02E13FD2
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E13FD515_2_02E13FD5
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0FFB115_2_02F0FFB1
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E51F9215_2_02E51F92
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0FF0915_2_02F0FF09
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F0FCF215_2_02F0FCF2
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02EC9C3215_2_02EC9C32
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E6FDC015_2_02E6FDC0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F07D7315_2_02F07D73
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E53D4015_2_02E53D40
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02F01D5A15_2_02F01D5A
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002D213015_2_002D2130
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002CD04815_2_002CD048
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002CD05015_2_002CD050
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002CD27015_2_002CD270
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002CB29015_2_002CB290
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002CB3E015_2_002CB3E0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002D57F015_2_002D57F0
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002D39FB15_2_002D39FB
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002D3A0015_2_002D3A00
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002EBD5015_2_002EBD50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: String function: 0129EA12 appears 83 times
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: String function: 0121B970 appears 283 times
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: String function: 012AF290 appears 104 times
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: String function: 01277E54 appears 109 times
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: String function: 01265130 appears 58 times
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: String function: 02E97E54 appears 109 times
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: String function: 02ECF290 appears 105 times
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: String function: 02E85130 appears 58 times
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: String function: 02E3B970 appears 283 times
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: String function: 02EBEA12 appears 86 times
                Source: Swift copy.exe, 00000005.00000002.1676269671.0000000005D10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Swift copy.exe
                Source: Swift copy.exe, 00000005.00000002.1677626974.0000000007D10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Swift copy.exe
                Source: Swift copy.exe, 00000005.00000002.1664358595.00000000027B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Swift copy.exe
                Source: Swift copy.exe, 00000005.00000002.1663887698.0000000000A3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Swift copy.exe
                Source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000D97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametzutil.exej% vs Swift copy.exe
                Source: Swift copy.exe, 0000000B.00000002.2194952985.000000000131D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Swift copy.exe
                Source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000DB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametzutil.exej% vs Swift copy.exe
                Source: Swift copy.exeBinary or memory string: OriginalFilenameeIev.exe8 vs Swift copy.exe
                Source: Swift copy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Swift copy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: _0020.SetAccessControl
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, n8fJdrqA9bqLAw5iQ7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, n8fJdrqA9bqLAw5iQ7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: _0020.SetAccessControl
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, x24tMrCDImX5sZtKq4.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: classification engineClassification label: mal100.troj.evad.winEXE@9/1@5/4
                Source: C:\Users\user\Desktop\Swift copy.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Swift copy.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMutant created: NULL
                Source: Swift copy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Swift copy.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\Swift copy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Swift copy.exeReversingLabs: Detection: 62%
                Source: Swift copy.exeVirustotal: Detection: 38%
                Source: unknownProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeProcess created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeProcess created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: msacm32.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: msdmo.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: winmmbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: winmmbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{41B89B6B-9399-11D2-9623-00C04F8EE628}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Swift copy.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: Swift copy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Swift copy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: tzutil.pdbGCTL source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000002.3130281932.00000000014AE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XxPvAQnhLSF.exe, 0000000E.00000000.2117617605.000000000027E000.00000002.00000001.01000000.0000000C.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3129326354.000000000027E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Swift copy.exe, 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2192608572.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2200521943.0000000002C69000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Swift copy.exe, Swift copy.exe, 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, tzutil.exe, 0000000F.00000003.2192608572.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000003.2200521943.0000000002C69000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: tzutil.pdb source: Swift copy.exe, 0000000B.00000002.2193368445.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000002.3130281932.00000000014AE000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, x24tMrCDImX5sZtKq4.cs.Net Code: hYH75yVBr2 System.Reflection.Assembly.Load(byte[])
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, x24tMrCDImX5sZtKq4.cs.Net Code: hYH75yVBr2 System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 5_2_0254A102 push esi; retf 5_2_0254A10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_004031D0 push eax; ret 11_2_004031D2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_004169E7 push 0F6CFD2Bh; ret 11_2_00416A18
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00423A0A push esp; ret 11_2_00423A0D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00419359 push ds; ret 11_2_0041935B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00418366 pushad ; iretd 11_2_00418367
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00408325 push dword ptr [ebx+5Dh]; ret 11_2_0040830B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00417388 push edi; ret 11_2_0041738D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00419477 push edx; ret 11_2_00419485
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00408403 push 00000074h; iretd 11_2_0040840B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00417411 push eax; ret 11_2_00417414
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00411D6F push ds; iretd 11_2_00411DBD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00411D7B push ds; iretd 11_2_00411DBD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0041758A push ebp; ret 11_2_004175A6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040D66A push ecx; iretd 11_2_0040D6D9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00414E05 push cs; retf 11_2_00414E14
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0040860D push cs; retf 11_2_0040860E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00413E93 pushfd ; ret 11_2_00413F00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00413EBC pushfd ; ret 11_2_00413F00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00420F3B push esi; iretd 11_2_00420F3E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F225F pushad ; ret 11_2_011F27F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F27FA pushad ; ret 11_2_011F27F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012209AD push ecx; mov dword ptr [esp], ecx11_2_012209B6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F283D push eax; iretd 11_2_011F2858
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_011F1368 push eax; iretd 11_2_011F1369
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E1225F pushad ; ret 15_2_02E127F9
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E127FA pushad ; ret 15_2_02E127F9
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E1283D push eax; iretd 15_2_02E12858
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E409AD push ecx; mov dword ptr [esp], ecx15_2_02E409B6
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_02E11368 push eax; iretd 15_2_02E11369
                Source: C:\Windows\SysWOW64\tzutil.exeCode function: 15_2_002D41B5 push edi; ret 15_2_002D41BA
                Source: Swift copy.exeStatic PE information: section name: .text entropy: 7.923378465327505
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, i0X6Tq2FcbAFTaPeHR.csHigh entropy of concatenated method names: 'VN854GNDf', 'oVmbG5snN', 'xSCZJO8BJ', 'nT5aAgfDf', 't61y4pYKa', 'QQMWBjtjh', 'bh1gJ0nH2FFOSPoIBN', 'RSoAcfN1PENG4m0W78', 'xKpQIuGN0', 'WE231Igwy'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, FM5B0OH70V1fTjBfZ02.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vhWYtrspDv', 'CREY3fpOgo', 'riFYgNh9rd', 'vCXYYgB4xe', 'NppYvO8oaf', 'g9JYlC7epB', 'IuLY06J8EN'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, LXplPtPk1Vs71bUdxU.csHigh entropy of concatenated method names: 'Dispose', 'raVHdmNftm', 'Wh02wGrx0n', 'N3PgRRdk3X', 'sPVHhh5LEU', 'P5nHz1Ub5n', 'ProcessDialogKey', 'GXj2OUBxnO', 'NnS2HpYNUH', 'HIJ22MmEdb'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, rFMy3mymQMxSJANDbH.csHigh entropy of concatenated method names: 'sy1ibFBMxR', 'Q18iZioXMZ', 'ORfiqT2GyO', 'OdFiytHTTT', 'SMXiRxb8F0', 'OWbi8iUw5X', 'BLdiAUABQU', 'sK5iQ4knNj', 'qlritxw3e0', 'yati3nKZRK'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, XZFcKZuP8h5n70cNmr.csHigh entropy of concatenated method names: 'rrtJqPRTyK', 'Rg9JyffGMR', 'knUJSQdQb6', 'Ld4JwrQAdw', 'AVvJ6ntxn6', 'VDAJ1uaFoP', 'AdnJX8M6Jk', 'mayJDuCei5', 'JwwJMEf9AA', 'xS6JLjW6iJ'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, NmEdbbh90SiNsjSrRC.csHigh entropy of concatenated method names: 'cJW3iIGJOt', 'Ewu3UoxbJG', 'OJJ3EI3Xf5', 'AtV3m1GoHj', 'hVP3tveVTT', 'tuc3CsaEDM', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, LELunbfH8taVmNftm3.csHigh entropy of concatenated method names: 'zmvtRubrcB', 'YADtAgQPVJ', 'ihCttGgoaW', 'gMytgFmQVv', 'ng2tvHPkcn', 'F9Dt0dwvMA', 'Dispose', 'VemQBwSA7N', 'OA4QPNiceq', 'GUdQiprrro'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, s7BeA3rhwIEYOAhX6T.csHigh entropy of concatenated method names: 'ToString', 'WCb8Lf43ub', 'Mpu8wsyOKa', 'BWl8TCshU0', 'w778635ylo', 'rWL81kKZSo', 'qdG8IVEQIN', 'Rpe8X4ANRg', 'b1j8DTKuF6', 'utJ8kpUESH'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, kUBxnOdMnSpYNUHwIJ.csHigh entropy of concatenated method names: 'z6ZtSnC5LQ', 'Kk1twTplQu', 'VIutTroifJ', 'CjQt6pwZgC', 'IDpt1fseRy', 'sLHtI6yogC', 'SKktXS8RaR', 'M7ltDXpniO', 'fvjtkqcfSS', 'WkAtMocAlL'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, R1dpwsHHXSCDldovfhl.csHigh entropy of concatenated method names: 'KQT3hQFdBv', 'uTb3zvEe4b', 'xARgOo5lYO', 'B9bgHhyRqQ', 'bwWg2tUp9t', 't5lgxwBLGC', 'Fh9g78qm9I', 'NEwgcBZI6B', 'djrgB4XQPK', 'Hg8gPrZ8se'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, n8fJdrqA9bqLAw5iQ7.csHigh entropy of concatenated method names: 'cX1PnETpJ3', 'xNZPN6oGWU', 'nvPPrT0Exy', 'Lv3PpH2aYU', 'TKuPKDlcGs', 'oigP46ilxW', 'sSNPf2DOjR', 'pR4PotlB9b', 'vUdPdvjYFB', 'syPPhvQNLQ'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, D7Fw6lzGlMvMwX2auE.csHigh entropy of concatenated method names: 'h5T3ZW8tYe', 'AJX3qi2QSn', 'lGM3ylW1b2', 'HPS3SL0yoI', 'rf53wmgjVs', 'nX636472nw', 'Qmh31wIqYi', 'WoK30Kl499', 'sa83GC8cSD', 'YDb3e9BpMf'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, yJTjxgn5wllPWew7ij.csHigh entropy of concatenated method names: 'rS9RMs67jo', 'homRFLPIlk', 'IHSRn056yd', 'hl7RNnfqK5', 'cUHRwHCc04', 'kOFRT6aimW', 'qXZR6pWAuY', 'S33R1lgrba', 'lNjRI5OcMr', 'iawRXP0Rp0'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, PFQIL6SpSLqaps1oCy.csHigh entropy of concatenated method names: 'ktfEceXV3B', 'BV0EPr20B6', 'PYJEUBV6t0', 'dTUEmeOgq4', 'GDoECVJPBZ', 'nbJUKGQURr', 'x6QU4ShQSn', 'mllUffQQ83', 'IY3UoFjGLu', 'eYDUd0nOne'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, mjX3oGiHjBcg5WfNQr.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'eed2dRgQMP', 'Bgm2hYO6iB', 'GeX2zWB9Yn', 'oxuxO9Od1a', 'IZixHvbc4j', 'fCNx274pgn', 'kJpxxstnlR', 'xHRx99PGdTvABlVwdO6'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, I1W1ATknR0cdKltJbc.csHigh entropy of concatenated method names: 'dxkmGpfd0P', 'HIQmex9sHJ', 'pG5m5l8euv', 'QW8mbupDLv', 'Ug5ms0s0xw', 'c7lmZw8GZO', 'EsCmau5Qbw', 'TVamqQThJC', 'JdumysEu3a', 'b2HmWSpFIF'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, x24tMrCDImX5sZtKq4.csHigh entropy of concatenated method names: 'Ui3xcNRwa5', 'RVvxBP5CAa', 'ju2xPMKZMx', 'uYPxi9DthN', 'aRrxUyjdar', 'xtExE7jSph', 'vH8xm4N5UO', 'W4gxCaHqCU', 'B9pxjt3wT1', 'YA2xVLUZ2e'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, AHaq637jbMt1SqpFVL.csHigh entropy of concatenated method names: 'wAJHm8fJdr', 'q9bHCqLAw5', 'jmQHVMxSJA', 'SDbH9H8dhD', 'd0nHRLgFFQ', 'KL6H8pSLqa', 'FRK7PmiPpDKG2p2Q9G', 'MVqGqnQZDEF1OivOth', 'auhHHLVRDT', 'AaCHxqnCUS'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, SBAqXRHORni4vrTU9nH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dAk3Lm9rPT', 'ueo3FS467a', 'aEJ3uY27Ld', 'm9b3nas7UW', 'iy23Nioq6Y', 'yjK3rxelDR', 'VM23peW4Us'
                Source: 5.2.Swift copy.exe.3a23280.1.raw.unpack, lj9FWG48PA1lDODs8t.csHigh entropy of concatenated method names: 'BykAopkCjH', 'PMWAhVJukb', 'm9hQONSnRF', 'MyxQH234gh', 'uEsALyNdcX', 'FqmAFY1aV8', 'TPQAueGFmE', 'oN0Anrn1o1', 'mUNAN0l1j6', 'bBLAraA95t'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, i0X6Tq2FcbAFTaPeHR.csHigh entropy of concatenated method names: 'VN854GNDf', 'oVmbG5snN', 'xSCZJO8BJ', 'nT5aAgfDf', 't61y4pYKa', 'QQMWBjtjh', 'bh1gJ0nH2FFOSPoIBN', 'RSoAcfN1PENG4m0W78', 'xKpQIuGN0', 'WE231Igwy'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, FM5B0OH70V1fTjBfZ02.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vhWYtrspDv', 'CREY3fpOgo', 'riFYgNh9rd', 'vCXYYgB4xe', 'NppYvO8oaf', 'g9JYlC7epB', 'IuLY06J8EN'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, LXplPtPk1Vs71bUdxU.csHigh entropy of concatenated method names: 'Dispose', 'raVHdmNftm', 'Wh02wGrx0n', 'N3PgRRdk3X', 'sPVHhh5LEU', 'P5nHz1Ub5n', 'ProcessDialogKey', 'GXj2OUBxnO', 'NnS2HpYNUH', 'HIJ22MmEdb'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, rFMy3mymQMxSJANDbH.csHigh entropy of concatenated method names: 'sy1ibFBMxR', 'Q18iZioXMZ', 'ORfiqT2GyO', 'OdFiytHTTT', 'SMXiRxb8F0', 'OWbi8iUw5X', 'BLdiAUABQU', 'sK5iQ4knNj', 'qlritxw3e0', 'yati3nKZRK'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, XZFcKZuP8h5n70cNmr.csHigh entropy of concatenated method names: 'rrtJqPRTyK', 'Rg9JyffGMR', 'knUJSQdQb6', 'Ld4JwrQAdw', 'AVvJ6ntxn6', 'VDAJ1uaFoP', 'AdnJX8M6Jk', 'mayJDuCei5', 'JwwJMEf9AA', 'xS6JLjW6iJ'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, NmEdbbh90SiNsjSrRC.csHigh entropy of concatenated method names: 'cJW3iIGJOt', 'Ewu3UoxbJG', 'OJJ3EI3Xf5', 'AtV3m1GoHj', 'hVP3tveVTT', 'tuc3CsaEDM', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, LELunbfH8taVmNftm3.csHigh entropy of concatenated method names: 'zmvtRubrcB', 'YADtAgQPVJ', 'ihCttGgoaW', 'gMytgFmQVv', 'ng2tvHPkcn', 'F9Dt0dwvMA', 'Dispose', 'VemQBwSA7N', 'OA4QPNiceq', 'GUdQiprrro'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, s7BeA3rhwIEYOAhX6T.csHigh entropy of concatenated method names: 'ToString', 'WCb8Lf43ub', 'Mpu8wsyOKa', 'BWl8TCshU0', 'w778635ylo', 'rWL81kKZSo', 'qdG8IVEQIN', 'Rpe8X4ANRg', 'b1j8DTKuF6', 'utJ8kpUESH'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, kUBxnOdMnSpYNUHwIJ.csHigh entropy of concatenated method names: 'z6ZtSnC5LQ', 'Kk1twTplQu', 'VIutTroifJ', 'CjQt6pwZgC', 'IDpt1fseRy', 'sLHtI6yogC', 'SKktXS8RaR', 'M7ltDXpniO', 'fvjtkqcfSS', 'WkAtMocAlL'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, R1dpwsHHXSCDldovfhl.csHigh entropy of concatenated method names: 'KQT3hQFdBv', 'uTb3zvEe4b', 'xARgOo5lYO', 'B9bgHhyRqQ', 'bwWg2tUp9t', 't5lgxwBLGC', 'Fh9g78qm9I', 'NEwgcBZI6B', 'djrgB4XQPK', 'Hg8gPrZ8se'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, n8fJdrqA9bqLAw5iQ7.csHigh entropy of concatenated method names: 'cX1PnETpJ3', 'xNZPN6oGWU', 'nvPPrT0Exy', 'Lv3PpH2aYU', 'TKuPKDlcGs', 'oigP46ilxW', 'sSNPf2DOjR', 'pR4PotlB9b', 'vUdPdvjYFB', 'syPPhvQNLQ'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, D7Fw6lzGlMvMwX2auE.csHigh entropy of concatenated method names: 'h5T3ZW8tYe', 'AJX3qi2QSn', 'lGM3ylW1b2', 'HPS3SL0yoI', 'rf53wmgjVs', 'nX636472nw', 'Qmh31wIqYi', 'WoK30Kl499', 'sa83GC8cSD', 'YDb3e9BpMf'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, yJTjxgn5wllPWew7ij.csHigh entropy of concatenated method names: 'rS9RMs67jo', 'homRFLPIlk', 'IHSRn056yd', 'hl7RNnfqK5', 'cUHRwHCc04', 'kOFRT6aimW', 'qXZR6pWAuY', 'S33R1lgrba', 'lNjRI5OcMr', 'iawRXP0Rp0'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, PFQIL6SpSLqaps1oCy.csHigh entropy of concatenated method names: 'ktfEceXV3B', 'BV0EPr20B6', 'PYJEUBV6t0', 'dTUEmeOgq4', 'GDoECVJPBZ', 'nbJUKGQURr', 'x6QU4ShQSn', 'mllUffQQ83', 'IY3UoFjGLu', 'eYDUd0nOne'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, mjX3oGiHjBcg5WfNQr.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'eed2dRgQMP', 'Bgm2hYO6iB', 'GeX2zWB9Yn', 'oxuxO9Od1a', 'IZixHvbc4j', 'fCNx274pgn', 'kJpxxstnlR', 'xHRx99PGdTvABlVwdO6'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, I1W1ATknR0cdKltJbc.csHigh entropy of concatenated method names: 'dxkmGpfd0P', 'HIQmex9sHJ', 'pG5m5l8euv', 'QW8mbupDLv', 'Ug5ms0s0xw', 'c7lmZw8GZO', 'EsCmau5Qbw', 'TVamqQThJC', 'JdumysEu3a', 'b2HmWSpFIF'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, x24tMrCDImX5sZtKq4.csHigh entropy of concatenated method names: 'Ui3xcNRwa5', 'RVvxBP5CAa', 'ju2xPMKZMx', 'uYPxi9DthN', 'aRrxUyjdar', 'xtExE7jSph', 'vH8xm4N5UO', 'W4gxCaHqCU', 'B9pxjt3wT1', 'YA2xVLUZ2e'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, AHaq637jbMt1SqpFVL.csHigh entropy of concatenated method names: 'wAJHm8fJdr', 'q9bHCqLAw5', 'jmQHVMxSJA', 'SDbH9H8dhD', 'd0nHRLgFFQ', 'KL6H8pSLqa', 'FRK7PmiPpDKG2p2Q9G', 'MVqGqnQZDEF1OivOth', 'auhHHLVRDT', 'AaCHxqnCUS'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, SBAqXRHORni4vrTU9nH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dAk3Lm9rPT', 'ueo3FS467a', 'aEJ3uY27Ld', 'm9b3nas7UW', 'iy23Nioq6Y', 'yjK3rxelDR', 'VM23peW4Us'
                Source: 5.2.Swift copy.exe.7d10000.4.raw.unpack, lj9FWG48PA1lDODs8t.csHigh entropy of concatenated method names: 'BykAopkCjH', 'PMWAhVJukb', 'm9hQONSnRF', 'MyxQH234gh', 'uEsALyNdcX', 'FqmAFY1aV8', 'TPQAueGFmE', 'oN0Anrn1o1', 'mUNAN0l1j6', 'bBLAraA95t'
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Swift copy.exe PID: 7748, type: MEMORYSTR
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 2570000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 7EA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 8EA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: 9080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: A080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126096E rdtsc 11_2_0126096E
                Source: C:\Users\user\Desktop\Swift copy.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\tzutil.exeAPI coverage: 2.0 %
                Source: C:\Users\user\Desktop\Swift copy.exe TID: 7788Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exe TID: 7900Thread sleep time: -54000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\tzutil.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Swift copy.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: tzutil.exe, 0000000F.00000002.3129798751.000000000267D000.00000004.00000020.00020000.00000000.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3131259822.0000000000C8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\Swift copy.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126096E rdtsc 11_2_0126096E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_00417B63 LdrLoadDll,11_2_00417B63
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01250124 mov eax, dword ptr fs:[00000030h]11_2_01250124
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov ecx, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov ecx, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov ecx, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov eax, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE10E mov ecx, dword ptr fs:[00000030h]11_2_012CE10E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CA118 mov ecx, dword ptr fs:[00000030h]11_2_012CA118
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CA118 mov eax, dword ptr fs:[00000030h]11_2_012CA118
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CA118 mov eax, dword ptr fs:[00000030h]11_2_012CA118
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CA118 mov eax, dword ptr fs:[00000030h]11_2_012CA118
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E0115 mov eax, dword ptr fs:[00000030h]11_2_012E0115
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4164 mov eax, dword ptr fs:[00000030h]11_2_012F4164
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4164 mov eax, dword ptr fs:[00000030h]11_2_012F4164
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B4144 mov eax, dword ptr fs:[00000030h]11_2_012B4144
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B4144 mov eax, dword ptr fs:[00000030h]11_2_012B4144
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B4144 mov ecx, dword ptr fs:[00000030h]11_2_012B4144
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B4144 mov eax, dword ptr fs:[00000030h]11_2_012B4144
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B4144 mov eax, dword ptr fs:[00000030h]11_2_012B4144
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B8158 mov eax, dword ptr fs:[00000030h]11_2_012B8158
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226154 mov eax, dword ptr fs:[00000030h]11_2_01226154
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226154 mov eax, dword ptr fs:[00000030h]11_2_01226154
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121C156 mov eax, dword ptr fs:[00000030h]11_2_0121C156
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01260185 mov eax, dword ptr fs:[00000030h]11_2_01260185
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DC188 mov eax, dword ptr fs:[00000030h]11_2_012DC188
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DC188 mov eax, dword ptr fs:[00000030h]11_2_012DC188
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C4180 mov eax, dword ptr fs:[00000030h]11_2_012C4180
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C4180 mov eax, dword ptr fs:[00000030h]11_2_012C4180
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A019F mov eax, dword ptr fs:[00000030h]11_2_012A019F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A019F mov eax, dword ptr fs:[00000030h]11_2_012A019F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A019F mov eax, dword ptr fs:[00000030h]11_2_012A019F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A019F mov eax, dword ptr fs:[00000030h]11_2_012A019F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A197 mov eax, dword ptr fs:[00000030h]11_2_0121A197
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A197 mov eax, dword ptr fs:[00000030h]11_2_0121A197
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A197 mov eax, dword ptr fs:[00000030h]11_2_0121A197
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F61E5 mov eax, dword ptr fs:[00000030h]11_2_012F61E5
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012501F8 mov eax, dword ptr fs:[00000030h]11_2_012501F8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E61C3 mov eax, dword ptr fs:[00000030h]11_2_012E61C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E61C3 mov eax, dword ptr fs:[00000030h]11_2_012E61C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E1D0 mov eax, dword ptr fs:[00000030h]11_2_0129E1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E1D0 mov eax, dword ptr fs:[00000030h]11_2_0129E1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E1D0 mov ecx, dword ptr fs:[00000030h]11_2_0129E1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E1D0 mov eax, dword ptr fs:[00000030h]11_2_0129E1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E1D0 mov eax, dword ptr fs:[00000030h]11_2_0129E1D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A020 mov eax, dword ptr fs:[00000030h]11_2_0121A020
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121C020 mov eax, dword ptr fs:[00000030h]11_2_0121C020
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6030 mov eax, dword ptr fs:[00000030h]11_2_012B6030
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A4000 mov ecx, dword ptr fs:[00000030h]11_2_012A4000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C2000 mov eax, dword ptr fs:[00000030h]11_2_012C2000
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E016 mov eax, dword ptr fs:[00000030h]11_2_0123E016
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E016 mov eax, dword ptr fs:[00000030h]11_2_0123E016
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E016 mov eax, dword ptr fs:[00000030h]11_2_0123E016
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E016 mov eax, dword ptr fs:[00000030h]11_2_0123E016
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124C073 mov eax, dword ptr fs:[00000030h]11_2_0124C073
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01222050 mov eax, dword ptr fs:[00000030h]11_2_01222050
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6050 mov eax, dword ptr fs:[00000030h]11_2_012A6050
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012180A0 mov eax, dword ptr fs:[00000030h]11_2_012180A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B80A8 mov eax, dword ptr fs:[00000030h]11_2_012B80A8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E60B8 mov eax, dword ptr fs:[00000030h]11_2_012E60B8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E60B8 mov ecx, dword ptr fs:[00000030h]11_2_012E60B8
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122208A mov eax, dword ptr fs:[00000030h]11_2_0122208A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A0E3 mov ecx, dword ptr fs:[00000030h]11_2_0121A0E3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A60E0 mov eax, dword ptr fs:[00000030h]11_2_012A60E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012280E9 mov eax, dword ptr fs:[00000030h]11_2_012280E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121C0F0 mov eax, dword ptr fs:[00000030h]11_2_0121C0F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012620F0 mov ecx, dword ptr fs:[00000030h]11_2_012620F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A20DE mov eax, dword ptr fs:[00000030h]11_2_012A20DE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F8324 mov eax, dword ptr fs:[00000030h]11_2_012F8324
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F8324 mov ecx, dword ptr fs:[00000030h]11_2_012F8324
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F8324 mov eax, dword ptr fs:[00000030h]11_2_012F8324
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F8324 mov eax, dword ptr fs:[00000030h]11_2_012F8324
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A30B mov eax, dword ptr fs:[00000030h]11_2_0125A30B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A30B mov eax, dword ptr fs:[00000030h]11_2_0125A30B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A30B mov eax, dword ptr fs:[00000030h]11_2_0125A30B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121C310 mov ecx, dword ptr fs:[00000030h]11_2_0121C310
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01240310 mov ecx, dword ptr fs:[00000030h]11_2_01240310
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C437C mov eax, dword ptr fs:[00000030h]11_2_012C437C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F634F mov eax, dword ptr fs:[00000030h]11_2_012F634F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov eax, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov eax, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov eax, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov ecx, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov eax, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A035C mov eax, dword ptr fs:[00000030h]11_2_012A035C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EA352 mov eax, dword ptr fs:[00000030h]11_2_012EA352
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C8350 mov ecx, dword ptr fs:[00000030h]11_2_012C8350
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E388 mov eax, dword ptr fs:[00000030h]11_2_0121E388
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E388 mov eax, dword ptr fs:[00000030h]11_2_0121E388
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E388 mov eax, dword ptr fs:[00000030h]11_2_0121E388
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124438F mov eax, dword ptr fs:[00000030h]11_2_0124438F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124438F mov eax, dword ptr fs:[00000030h]11_2_0124438F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218397 mov eax, dword ptr fs:[00000030h]11_2_01218397
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218397 mov eax, dword ptr fs:[00000030h]11_2_01218397
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218397 mov eax, dword ptr fs:[00000030h]11_2_01218397
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012303E9 mov eax, dword ptr fs:[00000030h]11_2_012303E9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E3F0 mov eax, dword ptr fs:[00000030h]11_2_0123E3F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E3F0 mov eax, dword ptr fs:[00000030h]11_2_0123E3F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E3F0 mov eax, dword ptr fs:[00000030h]11_2_0123E3F0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012563FF mov eax, dword ptr fs:[00000030h]11_2_012563FF
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DC3CD mov eax, dword ptr fs:[00000030h]11_2_012DC3CD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A3C0 mov eax, dword ptr fs:[00000030h]11_2_0122A3C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012283C0 mov eax, dword ptr fs:[00000030h]11_2_012283C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012283C0 mov eax, dword ptr fs:[00000030h]11_2_012283C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012283C0 mov eax, dword ptr fs:[00000030h]11_2_012283C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012283C0 mov eax, dword ptr fs:[00000030h]11_2_012283C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE3DB mov eax, dword ptr fs:[00000030h]11_2_012CE3DB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE3DB mov eax, dword ptr fs:[00000030h]11_2_012CE3DB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE3DB mov ecx, dword ptr fs:[00000030h]11_2_012CE3DB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CE3DB mov eax, dword ptr fs:[00000030h]11_2_012CE3DB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C43D4 mov eax, dword ptr fs:[00000030h]11_2_012C43D4
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C43D4 mov eax, dword ptr fs:[00000030h]11_2_012C43D4
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121823B mov eax, dword ptr fs:[00000030h]11_2_0121823B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224260 mov eax, dword ptr fs:[00000030h]11_2_01224260
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224260 mov eax, dword ptr fs:[00000030h]11_2_01224260
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224260 mov eax, dword ptr fs:[00000030h]11_2_01224260
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121826B mov eax, dword ptr fs:[00000030h]11_2_0121826B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D0274 mov eax, dword ptr fs:[00000030h]11_2_012D0274
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A8243 mov eax, dword ptr fs:[00000030h]11_2_012A8243
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A8243 mov ecx, dword ptr fs:[00000030h]11_2_012A8243
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121A250 mov eax, dword ptr fs:[00000030h]11_2_0121A250
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F625D mov eax, dword ptr fs:[00000030h]11_2_012F625D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226259 mov eax, dword ptr fs:[00000030h]11_2_01226259
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DA250 mov eax, dword ptr fs:[00000030h]11_2_012DA250
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DA250 mov eax, dword ptr fs:[00000030h]11_2_012DA250
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012302A0 mov eax, dword ptr fs:[00000030h]11_2_012302A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012302A0 mov eax, dword ptr fs:[00000030h]11_2_012302A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov eax, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov ecx, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov eax, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov eax, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov eax, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B62A0 mov eax, dword ptr fs:[00000030h]11_2_012B62A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E284 mov eax, dword ptr fs:[00000030h]11_2_0125E284
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E284 mov eax, dword ptr fs:[00000030h]11_2_0125E284
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A0283 mov eax, dword ptr fs:[00000030h]11_2_012A0283
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A0283 mov eax, dword ptr fs:[00000030h]11_2_012A0283
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A0283 mov eax, dword ptr fs:[00000030h]11_2_012A0283
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012302E1 mov eax, dword ptr fs:[00000030h]11_2_012302E1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012302E1 mov eax, dword ptr fs:[00000030h]11_2_012302E1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012302E1 mov eax, dword ptr fs:[00000030h]11_2_012302E1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A2C3 mov eax, dword ptr fs:[00000030h]11_2_0122A2C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A2C3 mov eax, dword ptr fs:[00000030h]11_2_0122A2C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A2C3 mov eax, dword ptr fs:[00000030h]11_2_0122A2C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A2C3 mov eax, dword ptr fs:[00000030h]11_2_0122A2C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A2C3 mov eax, dword ptr fs:[00000030h]11_2_0122A2C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F62D6 mov eax, dword ptr fs:[00000030h]11_2_012F62D6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230535 mov eax, dword ptr fs:[00000030h]11_2_01230535
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E53E mov eax, dword ptr fs:[00000030h]11_2_0124E53E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E53E mov eax, dword ptr fs:[00000030h]11_2_0124E53E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E53E mov eax, dword ptr fs:[00000030h]11_2_0124E53E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E53E mov eax, dword ptr fs:[00000030h]11_2_0124E53E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E53E mov eax, dword ptr fs:[00000030h]11_2_0124E53E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6500 mov eax, dword ptr fs:[00000030h]11_2_012B6500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4500 mov eax, dword ptr fs:[00000030h]11_2_012F4500
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125656A mov eax, dword ptr fs:[00000030h]11_2_0125656A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125656A mov eax, dword ptr fs:[00000030h]11_2_0125656A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125656A mov eax, dword ptr fs:[00000030h]11_2_0125656A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228550 mov eax, dword ptr fs:[00000030h]11_2_01228550
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228550 mov eax, dword ptr fs:[00000030h]11_2_01228550
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A05A7 mov eax, dword ptr fs:[00000030h]11_2_012A05A7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A05A7 mov eax, dword ptr fs:[00000030h]11_2_012A05A7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A05A7 mov eax, dword ptr fs:[00000030h]11_2_012A05A7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012445B1 mov eax, dword ptr fs:[00000030h]11_2_012445B1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012445B1 mov eax, dword ptr fs:[00000030h]11_2_012445B1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01222582 mov eax, dword ptr fs:[00000030h]11_2_01222582
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01222582 mov ecx, dword ptr fs:[00000030h]11_2_01222582
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01254588 mov eax, dword ptr fs:[00000030h]11_2_01254588
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E59C mov eax, dword ptr fs:[00000030h]11_2_0125E59C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012225E0 mov eax, dword ptr fs:[00000030h]11_2_012225E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E5E7 mov eax, dword ptr fs:[00000030h]11_2_0124E5E7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C5ED mov eax, dword ptr fs:[00000030h]11_2_0125C5ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C5ED mov eax, dword ptr fs:[00000030h]11_2_0125C5ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E5CF mov eax, dword ptr fs:[00000030h]11_2_0125E5CF
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E5CF mov eax, dword ptr fs:[00000030h]11_2_0125E5CF
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012265D0 mov eax, dword ptr fs:[00000030h]11_2_012265D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A5D0 mov eax, dword ptr fs:[00000030h]11_2_0125A5D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A5D0 mov eax, dword ptr fs:[00000030h]11_2_0125A5D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E420 mov eax, dword ptr fs:[00000030h]11_2_0121E420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E420 mov eax, dword ptr fs:[00000030h]11_2_0121E420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121E420 mov eax, dword ptr fs:[00000030h]11_2_0121E420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121C427 mov eax, dword ptr fs:[00000030h]11_2_0121C427
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A6420 mov eax, dword ptr fs:[00000030h]11_2_012A6420
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A430 mov eax, dword ptr fs:[00000030h]11_2_0125A430
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01258402 mov eax, dword ptr fs:[00000030h]11_2_01258402
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01258402 mov eax, dword ptr fs:[00000030h]11_2_01258402
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01258402 mov eax, dword ptr fs:[00000030h]11_2_01258402
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AC460 mov ecx, dword ptr fs:[00000030h]11_2_012AC460
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124A470 mov eax, dword ptr fs:[00000030h]11_2_0124A470
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124A470 mov eax, dword ptr fs:[00000030h]11_2_0124A470
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124A470 mov eax, dword ptr fs:[00000030h]11_2_0124A470
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125E443 mov eax, dword ptr fs:[00000030h]11_2_0125E443
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DA456 mov eax, dword ptr fs:[00000030h]11_2_012DA456
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121645D mov eax, dword ptr fs:[00000030h]11_2_0121645D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124245A mov eax, dword ptr fs:[00000030h]11_2_0124245A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012264AB mov eax, dword ptr fs:[00000030h]11_2_012264AB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012544B0 mov ecx, dword ptr fs:[00000030h]11_2_012544B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AA4B0 mov eax, dword ptr fs:[00000030h]11_2_012AA4B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012DA49A mov eax, dword ptr fs:[00000030h]11_2_012DA49A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012204E5 mov ecx, dword ptr fs:[00000030h]11_2_012204E5
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C720 mov eax, dword ptr fs:[00000030h]11_2_0125C720
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C720 mov eax, dword ptr fs:[00000030h]11_2_0125C720
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129C730 mov eax, dword ptr fs:[00000030h]11_2_0129C730
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125273C mov eax, dword ptr fs:[00000030h]11_2_0125273C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125273C mov ecx, dword ptr fs:[00000030h]11_2_0125273C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125273C mov eax, dword ptr fs:[00000030h]11_2_0125273C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C700 mov eax, dword ptr fs:[00000030h]11_2_0125C700
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220710 mov eax, dword ptr fs:[00000030h]11_2_01220710
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01250710 mov eax, dword ptr fs:[00000030h]11_2_01250710
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228770 mov eax, dword ptr fs:[00000030h]11_2_01228770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230770 mov eax, dword ptr fs:[00000030h]11_2_01230770
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125674D mov esi, dword ptr fs:[00000030h]11_2_0125674D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125674D mov eax, dword ptr fs:[00000030h]11_2_0125674D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125674D mov eax, dword ptr fs:[00000030h]11_2_0125674D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220750 mov eax, dword ptr fs:[00000030h]11_2_01220750
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262750 mov eax, dword ptr fs:[00000030h]11_2_01262750
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262750 mov eax, dword ptr fs:[00000030h]11_2_01262750
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AE75D mov eax, dword ptr fs:[00000030h]11_2_012AE75D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A4755 mov eax, dword ptr fs:[00000030h]11_2_012A4755
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012207AF mov eax, dword ptr fs:[00000030h]11_2_012207AF
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D47A0 mov eax, dword ptr fs:[00000030h]11_2_012D47A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C678E mov eax, dword ptr fs:[00000030h]11_2_012C678E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012427ED mov eax, dword ptr fs:[00000030h]11_2_012427ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012427ED mov eax, dword ptr fs:[00000030h]11_2_012427ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012427ED mov eax, dword ptr fs:[00000030h]11_2_012427ED
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AE7E1 mov eax, dword ptr fs:[00000030h]11_2_012AE7E1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012247FB mov eax, dword ptr fs:[00000030h]11_2_012247FB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012247FB mov eax, dword ptr fs:[00000030h]11_2_012247FB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122C7C0 mov eax, dword ptr fs:[00000030h]11_2_0122C7C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A07C3 mov eax, dword ptr fs:[00000030h]11_2_012A07C3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123E627 mov eax, dword ptr fs:[00000030h]11_2_0123E627
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01256620 mov eax, dword ptr fs:[00000030h]11_2_01256620
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01258620 mov eax, dword ptr fs:[00000030h]11_2_01258620
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122262C mov eax, dword ptr fs:[00000030h]11_2_0122262C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E609 mov eax, dword ptr fs:[00000030h]11_2_0129E609
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123260B mov eax, dword ptr fs:[00000030h]11_2_0123260B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01262619 mov eax, dword ptr fs:[00000030h]11_2_01262619
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E866E mov eax, dword ptr fs:[00000030h]11_2_012E866E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E866E mov eax, dword ptr fs:[00000030h]11_2_012E866E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A660 mov eax, dword ptr fs:[00000030h]11_2_0125A660
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A660 mov eax, dword ptr fs:[00000030h]11_2_0125A660
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01252674 mov eax, dword ptr fs:[00000030h]11_2_01252674
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123C640 mov eax, dword ptr fs:[00000030h]11_2_0123C640
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C6A6 mov eax, dword ptr fs:[00000030h]11_2_0125C6A6
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012566B0 mov eax, dword ptr fs:[00000030h]11_2_012566B0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224690 mov eax, dword ptr fs:[00000030h]11_2_01224690
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224690 mov eax, dword ptr fs:[00000030h]11_2_01224690
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E6F2 mov eax, dword ptr fs:[00000030h]11_2_0129E6F2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E6F2 mov eax, dword ptr fs:[00000030h]11_2_0129E6F2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E6F2 mov eax, dword ptr fs:[00000030h]11_2_0129E6F2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E6F2 mov eax, dword ptr fs:[00000030h]11_2_0129E6F2
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A06F1 mov eax, dword ptr fs:[00000030h]11_2_012A06F1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A06F1 mov eax, dword ptr fs:[00000030h]11_2_012A06F1
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A6C7 mov ebx, dword ptr fs:[00000030h]11_2_0125A6C7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A6C7 mov eax, dword ptr fs:[00000030h]11_2_0125A6C7
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A892A mov eax, dword ptr fs:[00000030h]11_2_012A892A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B892B mov eax, dword ptr fs:[00000030h]11_2_012B892B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E908 mov eax, dword ptr fs:[00000030h]11_2_0129E908
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129E908 mov eax, dword ptr fs:[00000030h]11_2_0129E908
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AC912 mov eax, dword ptr fs:[00000030h]11_2_012AC912
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218918 mov eax, dword ptr fs:[00000030h]11_2_01218918
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218918 mov eax, dword ptr fs:[00000030h]11_2_01218918
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01246962 mov eax, dword ptr fs:[00000030h]11_2_01246962
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01246962 mov eax, dword ptr fs:[00000030h]11_2_01246962
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01246962 mov eax, dword ptr fs:[00000030h]11_2_01246962
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126096E mov eax, dword ptr fs:[00000030h]11_2_0126096E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126096E mov edx, dword ptr fs:[00000030h]11_2_0126096E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0126096E mov eax, dword ptr fs:[00000030h]11_2_0126096E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C4978 mov eax, dword ptr fs:[00000030h]11_2_012C4978
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C4978 mov eax, dword ptr fs:[00000030h]11_2_012C4978
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AC97C mov eax, dword ptr fs:[00000030h]11_2_012AC97C
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A0946 mov eax, dword ptr fs:[00000030h]11_2_012A0946
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4940 mov eax, dword ptr fs:[00000030h]11_2_012F4940
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012329A0 mov eax, dword ptr fs:[00000030h]11_2_012329A0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012209AD mov eax, dword ptr fs:[00000030h]11_2_012209AD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012209AD mov eax, dword ptr fs:[00000030h]11_2_012209AD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A89B3 mov esi, dword ptr fs:[00000030h]11_2_012A89B3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A89B3 mov eax, dword ptr fs:[00000030h]11_2_012A89B3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A89B3 mov eax, dword ptr fs:[00000030h]11_2_012A89B3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AE9E0 mov eax, dword ptr fs:[00000030h]11_2_012AE9E0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012529F9 mov eax, dword ptr fs:[00000030h]11_2_012529F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012529F9 mov eax, dword ptr fs:[00000030h]11_2_012529F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B69C0 mov eax, dword ptr fs:[00000030h]11_2_012B69C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122A9D0 mov eax, dword ptr fs:[00000030h]11_2_0122A9D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012549D0 mov eax, dword ptr fs:[00000030h]11_2_012549D0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EA9D3 mov eax, dword ptr fs:[00000030h]11_2_012EA9D3
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov eax, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov eax, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov eax, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov ecx, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov eax, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01242835 mov eax, dword ptr fs:[00000030h]11_2_01242835
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125A830 mov eax, dword ptr fs:[00000030h]11_2_0125A830
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C483A mov eax, dword ptr fs:[00000030h]11_2_012C483A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C483A mov eax, dword ptr fs:[00000030h]11_2_012C483A
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AC810 mov eax, dword ptr fs:[00000030h]11_2_012AC810
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AE872 mov eax, dword ptr fs:[00000030h]11_2_012AE872
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AE872 mov eax, dword ptr fs:[00000030h]11_2_012AE872
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6870 mov eax, dword ptr fs:[00000030h]11_2_012B6870
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6870 mov eax, dword ptr fs:[00000030h]11_2_012B6870
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01232840 mov ecx, dword ptr fs:[00000030h]11_2_01232840
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01250854 mov eax, dword ptr fs:[00000030h]11_2_01250854
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224859 mov eax, dword ptr fs:[00000030h]11_2_01224859
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01224859 mov eax, dword ptr fs:[00000030h]11_2_01224859
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220887 mov eax, dword ptr fs:[00000030h]11_2_01220887
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012AC89D mov eax, dword ptr fs:[00000030h]11_2_012AC89D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EA8E4 mov eax, dword ptr fs:[00000030h]11_2_012EA8E4
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C8F9 mov eax, dword ptr fs:[00000030h]11_2_0125C8F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125C8F9 mov eax, dword ptr fs:[00000030h]11_2_0125C8F9
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124E8C0 mov eax, dword ptr fs:[00000030h]11_2_0124E8C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F08C0 mov eax, dword ptr fs:[00000030h]11_2_012F08C0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124EB20 mov eax, dword ptr fs:[00000030h]11_2_0124EB20
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124EB20 mov eax, dword ptr fs:[00000030h]11_2_0124EB20
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E8B28 mov eax, dword ptr fs:[00000030h]11_2_012E8B28
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012E8B28 mov eax, dword ptr fs:[00000030h]11_2_012E8B28
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4B00 mov eax, dword ptr fs:[00000030h]11_2_012F4B00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129EB1D mov eax, dword ptr fs:[00000030h]11_2_0129EB1D
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0121CB7E mov eax, dword ptr fs:[00000030h]11_2_0121CB7E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D4B4B mov eax, dword ptr fs:[00000030h]11_2_012D4B4B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D4B4B mov eax, dword ptr fs:[00000030h]11_2_012D4B4B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6B40 mov eax, dword ptr fs:[00000030h]11_2_012B6B40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012B6B40 mov eax, dword ptr fs:[00000030h]11_2_012B6B40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012C8B42 mov eax, dword ptr fs:[00000030h]11_2_012C8B42
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012EAB40 mov eax, dword ptr fs:[00000030h]11_2_012EAB40
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01218B50 mov eax, dword ptr fs:[00000030h]11_2_01218B50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F2B57 mov eax, dword ptr fs:[00000030h]11_2_012F2B57
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F2B57 mov eax, dword ptr fs:[00000030h]11_2_012F2B57
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F2B57 mov eax, dword ptr fs:[00000030h]11_2_012F2B57
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F2B57 mov eax, dword ptr fs:[00000030h]11_2_012F2B57
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CEB50 mov eax, dword ptr fs:[00000030h]11_2_012CEB50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230BBE mov eax, dword ptr fs:[00000030h]11_2_01230BBE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230BBE mov eax, dword ptr fs:[00000030h]11_2_01230BBE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D4BB0 mov eax, dword ptr fs:[00000030h]11_2_012D4BB0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012D4BB0 mov eax, dword ptr fs:[00000030h]11_2_012D4BB0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228BF0 mov eax, dword ptr fs:[00000030h]11_2_01228BF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228BF0 mov eax, dword ptr fs:[00000030h]11_2_01228BF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228BF0 mov eax, dword ptr fs:[00000030h]11_2_01228BF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124EBFC mov eax, dword ptr fs:[00000030h]11_2_0124EBFC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012ACBF0 mov eax, dword ptr fs:[00000030h]11_2_012ACBF0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01240BCB mov eax, dword ptr fs:[00000030h]11_2_01240BCB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01240BCB mov eax, dword ptr fs:[00000030h]11_2_01240BCB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01240BCB mov eax, dword ptr fs:[00000030h]11_2_01240BCB
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220BCD mov eax, dword ptr fs:[00000030h]11_2_01220BCD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220BCD mov eax, dword ptr fs:[00000030h]11_2_01220BCD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220BCD mov eax, dword ptr fs:[00000030h]11_2_01220BCD
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CEBD0 mov eax, dword ptr fs:[00000030h]11_2_012CEBD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125CA24 mov eax, dword ptr fs:[00000030h]11_2_0125CA24
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0124EA2E mov eax, dword ptr fs:[00000030h]11_2_0124EA2E
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01244A35 mov eax, dword ptr fs:[00000030h]11_2_01244A35
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01244A35 mov eax, dword ptr fs:[00000030h]11_2_01244A35
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125CA38 mov eax, dword ptr fs:[00000030h]11_2_0125CA38
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012ACA11 mov eax, dword ptr fs:[00000030h]11_2_012ACA11
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125CA6F mov eax, dword ptr fs:[00000030h]11_2_0125CA6F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125CA6F mov eax, dword ptr fs:[00000030h]11_2_0125CA6F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125CA6F mov eax, dword ptr fs:[00000030h]11_2_0125CA6F
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012CEA60 mov eax, dword ptr fs:[00000030h]11_2_012CEA60
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129CA72 mov eax, dword ptr fs:[00000030h]11_2_0129CA72
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0129CA72 mov eax, dword ptr fs:[00000030h]11_2_0129CA72
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01226A50 mov eax, dword ptr fs:[00000030h]11_2_01226A50
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230A5B mov eax, dword ptr fs:[00000030h]11_2_01230A5B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01230A5B mov eax, dword ptr fs:[00000030h]11_2_01230A5B
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228AA0 mov eax, dword ptr fs:[00000030h]11_2_01228AA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01228AA0 mov eax, dword ptr fs:[00000030h]11_2_01228AA0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01276AA4 mov eax, dword ptr fs:[00000030h]11_2_01276AA4
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0122EA80 mov eax, dword ptr fs:[00000030h]11_2_0122EA80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4A80 mov eax, dword ptr fs:[00000030h]11_2_012F4A80
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01258A90 mov edx, dword ptr fs:[00000030h]11_2_01258A90
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125AAEE mov eax, dword ptr fs:[00000030h]11_2_0125AAEE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0125AAEE mov eax, dword ptr fs:[00000030h]11_2_0125AAEE
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01276ACC mov eax, dword ptr fs:[00000030h]11_2_01276ACC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01276ACC mov eax, dword ptr fs:[00000030h]11_2_01276ACC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01276ACC mov eax, dword ptr fs:[00000030h]11_2_01276ACC
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01220AD0 mov eax, dword ptr fs:[00000030h]11_2_01220AD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01254AD0 mov eax, dword ptr fs:[00000030h]11_2_01254AD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_01254AD0 mov eax, dword ptr fs:[00000030h]11_2_01254AD0
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012A8D20 mov eax, dword ptr fs:[00000030h]11_2_012A8D20
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_012F4D30 mov eax, dword ptr fs:[00000030h]11_2_012F4D30
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123AD00 mov eax, dword ptr fs:[00000030h]11_2_0123AD00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123AD00 mov eax, dword ptr fs:[00000030h]11_2_0123AD00
                Source: C:\Users\user\Desktop\Swift copy.exeCode function: 11_2_0123AD00 mov eax, dword ptr fs:[00000030h]11_2_0123AD00
                Source: C:\Users\user\Desktop\Swift copy.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Swift copy.exeMemory written: C:\Users\user\Desktop\Swift copy.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: NULL target: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeSection loaded: NULL target: C:\Windows\SysWOW64\tzutil.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeSection loaded: NULL target: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\tzutil.exeSection loaded: NULL target: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe protection: execute and read and writeJump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\tzutil.exeThread APC queued: target process: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeProcess created: C:\Users\user\Desktop\Swift copy.exe "C:\Users\user\Desktop\Swift copy.exe"Jump to behavior
                Source: C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exeProcess created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"Jump to behavior
                Source: XxPvAQnhLSF.exe, 0000000E.00000002.3130701502.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000000.2117937144.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3131499280.0000000001101000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: XxPvAQnhLSF.exe, 0000000E.00000002.3130701502.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000000.2117937144.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3131499280.0000000001101000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: XxPvAQnhLSF.exe, 0000000E.00000002.3130701502.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000000.2117937144.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3131499280.0000000001101000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: XxPvAQnhLSF.exe, 0000000E.00000002.3130701502.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 0000000E.00000000.2117937144.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, XxPvAQnhLSF.exe, 00000010.00000002.3131499280.0000000001101000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Users\user\Desktop\Swift copy.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Swift copy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2198917038.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3131478428.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.Swift copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2198917038.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3131478428.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		OS Credential Dumping21
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Application Layer Protocol                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS12
                System Information Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1558203 Sample: Swift copy.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 33 www.070001325.xyz 2->33 35 www.taxiquynhonnew.click 2->35 37 3 other IPs or domains 2->37 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 4 other signatures 2->53 10 Swift copy.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 31 C:\Users\user\AppData\...\Swift copy.exe.log, ASCII 10->31 dropped 61 Injects a PE file into a foreign processes 10->61 14 Swift copy.exe 10->14         started        17 Swift copy.exe 10->17         started        19 Swift copy.exe 10->19         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 21 XxPvAQnhLSF.exe 14->21 injected process9 signatures10 55 Found direct / indirect Syscall (likely to bypass EDR) 21->55 24 tzutil.exe 21->24         started        process11 signatures12 57 Maps a DLL or memory area into another process 24->57 59 Queues an APC in another process (thread injection) 24->59 27 XxPvAQnhLSF.exe 24->27 injected process13 dnsIp14 39 www.070001325.xyz 161.97.142.144, 80 CONTABODE United States 27->39 41 www.expancz.top 107.155.56.30, 80 UHGL-AS-APUCloudHKHoldingsGroupLimitedHK United States 27->41 43 2 other IPs or domains 27->43 63 Found direct / indirect Syscall (likely to bypass EDR) 27->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Swift copy.exe62%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                Swift copy.exe38%VirustotalBrowse
                Swift copy.exe100%AviraHEUR/AGEN.1305624
                Swift copy.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                www.epitomize.shop0%VirustotalBrowse
                www.taxiquynhonnew.click2%VirustotalBrowse

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.expancz.top
                		107.155.56.30
                		truefalse
                  		unknown
                  dns.ladipage.com
                  		18.139.62.226
                  		truefalse
                    		high
                    www.epitomize.shop
                    		188.114.96.3
                    		truefalseunknown
                    www.070001325.xyz
                    		161.97.142.144
                    		truetrue
                      		unknown
                      www.taxiquynhonnew.click
                      		unknown
                      		unknownfalseunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.google.com/#q=Swift copy.exefalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        161.97.142.144
                        		www.070001325.xyzUnited States
                        		51167CONTABODEtrue
                        18.139.62.226
                        		dns.ladipage.comUnited States
                        		16509AMAZON-02USfalse
                        188.114.96.3
                        		www.epitomize.shopEuropean Union
                        		13335CLOUDFLARENETUSfalse
                        107.155.56.30
                        		www.expancz.topUnited States
                        		135377UHGL-AS-APUCloudHKHoldingsGroupLimitedHKfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1558203
                        Start date and time:2024-11-19 07:22:27 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 53s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:16
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:2
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Swift copy.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@9/1@5/4
                        EGA Information:
                        • Successful, ratio: 75%
                        HCA Information:
                        • Successful, ratio: 90%
                        • Number of executed functions: 91
                        • Number of non-executed functions: 293
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        161.97.142.144Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                        • www.070002018.xyz/zffa/
                        DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                        • www.030003794.xyz/mpp6/
                        PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                        • www.030002350.xyz/wrcq/
                        Arrival Notice.exeGet hashmaliciousFormBookBrowse
                        • www.030003452.xyz/7nfi/
                        AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                        • www.030002059.xyz/er88/
                        ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                        • www.030003582.xyz/7zm7/
                        Shipping documents..exeGet hashmaliciousFormBookBrowse
                        • www.030002128.xyz/knx2/
                        56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                        • www.030002832.xyz/o2wj/
                        H1CYDJ8LQe.exeGet hashmaliciousFormBookBrowse
                        • www.030002832.xyz/l9k5/
                        p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                        • www.030002832.xyz/o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8
                        18.139.62.226COMMERCIAL-DOKUMEN-YANG-DIREVISI.exeGet hashmaliciousFormBookBrowse
                        • www.sonixinept.shop/zgr2/
                        Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                        • www.tmstore.click/ih4w/
                        PO098765678.exeGet hashmaliciousFormBookBrowse
                        • www.tmstore.click/ih4w/
                        SHIPPING DOC MBL+HBL.exeGet hashmaliciousFormBookBrowse
                        • www.masteriocp.online/p5rq/
                        3T-ENQ-O-2024-10856.exeGet hashmaliciousFormBookBrowse
                        • www.masteriocp.online/p5rq/
                        Scan 00093847.exeGet hashmaliciousFormBookBrowse
                        • www.masteriocp.online/wg84/
                        DN.exeGet hashmaliciousFormBookBrowse
                        • www.masteriocp.online/p5rq/
                        DHL_497104778908.exeGet hashmaliciousFormBookBrowse
                        • www.gaolibai.site/dk07/?hJ=D8pto4BPuzWD9&BZy=GDy9Ivf9UNaqrv9frjLto9uu2IkJerzBBeACnqJs3sHtDRLx3rmxpepnBsqEQrJHpKMtcSrveA==
                        Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                        • www.againbeautywhiteskin.asia/3h10/
                        SecuriteInfo.com.Win32.PWSX-gen.5935.26892.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                        • www.hisako.store/e368/

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        dns.ladipage.comwavjjT3sEq.exeGet hashmaliciousFormBookBrowse
                        • 54.179.173.60
                        COMMERCIAL-DOKUMEN-YANG-DIREVISI.exeGet hashmaliciousFormBookBrowse
                        • 18.139.62.226
                        Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                        • 54.179.173.60
                        7v8szLCQAn.exeGet hashmaliciousFormBookBrowse
                        • 54.179.173.60
                        Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                        • 18.139.62.226
                        AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                        • 54.179.173.60
                        2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                        • 54.179.173.60
                        ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                        • 54.179.173.60
                        PO098765678.exeGet hashmaliciousFormBookBrowse
                        • 18.139.62.226
                        New Purchase Order.exeGet hashmaliciousFormBookBrowse
                        • 13.228.81.39

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AMAZON-02USfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                        • 18.245.60.53
                        BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                        • 18.245.46.47
                        B0D2CC785Z.htmGet hashmaliciousUnknownBrowse
                        • 18.245.47.198
                        https://gamesnewhere.s3.us-west-2.amazonaws.com/rere.htmlGet hashmaliciousPhisherBrowse
                        • 52.92.152.90
                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                        • 18.244.18.27
                        https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                        • 13.35.58.71
                        https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                        • 13.35.58.91
                        https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                        • 13.35.58.91
                        bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                        • 34.249.145.219
                        owari.m68k.elfGet hashmaliciousUnknownBrowse
                        • 18.179.210.107
                        CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                        • 172.67.188.199
                        https://fixedzip.oss-ap-southeast-5.aliyuncs.com/replace.txtGet hashmaliciousUnknownBrowse
                        • 1.1.1.1
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.21.85.146
                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousLummaCBrowse
                        • 172.67.188.199
                        file.exeGet hashmaliciousLummaCBrowse
                        • 188.114.97.3
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.21.81.208
                        DOCS.exeGet hashmaliciousAgentTeslaBrowse
                        • 172.67.74.152
                        5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                        • 104.21.15.100
                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                        • 188.114.97.3
                        UHGL-AS-APUCloudHKHoldingsGroupLimitedHKSecuriteInfo.com.Trojan.GenericKD.72343208.3006.1077.exeGet hashmaliciousUnknownBrowse
                        • 152.32.197.201
                        SecuriteInfo.com.Trojan.GenericKD.72343208.3006.1077.exeGet hashmaliciousUnknownBrowse
                        • 152.32.197.201
                        https://rwy.xpbf130.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.ftft155.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.xfor965.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.pkgu192.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.jduv311.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.gvhu330.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://frt.asan192.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        http://cmn.havv229.vip/Get hashmaliciousUnknownBrowse
                        • 101.36.121.234
                        CONTABODEajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                        • 80.241.214.102
                        Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                        • 144.91.79.54
                        Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                        • 161.97.142.144
                        4c9ebxnhQk.exeGet hashmaliciousUnknownBrowse
                        • 80.241.214.102
                        BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                        • 144.91.79.54
                        BlgAsBdkiD.exeGet hashmaliciousFormBookBrowse
                        • 161.97.142.144
                        DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                        • 161.97.142.144
                        PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                        • 161.97.142.144
                        https://funpresc.pe.gov.br/976823/secure-redirect/index.html#Francois.barbeau+staples.ca%20%20https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.caGet hashmaliciousCaptcha PhishBrowse
                        • 207.180.225.113
                        Ref#2073306.vbeGet hashmaliciousMicroClipBrowse
                        • 144.91.79.54

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Swift copy.exe.log

                        Download File
                        Process:C:\Users\user\Desktop\Swift copy.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1304
                        Entropy (8bit):5.342479910699661
                        Encrypted:false
                        SSDEEP:24:MLUE4K5E4KH1qE4DRE4mKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHDRHmYHKh3oPtHo6hAHKzP
                        MD5:69F4C6D6E1A57244AD636131ED81FDCF
                        SHA1:3BC170B8ED30C1968102F43661A91C548A593634
                        SHA-256:243AF877C88EEE73B052788B4C8FD440B044D99FA7C9BAE286887A5D1888D6EA
                        SHA-512:07A5D721605890AAA7D27531E6597951C74ED2EBA51DF5BFC94C66980E88663AA19D32E662D493BF2BF5062526EB895947FF2EB8F952C81D43191AE2C698A108
                        Malicious:true
                        Reputation:moderate, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Speech, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):7.916042005891679
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:Swift copy.exe
                        File size:778'240 bytes
                        MD5:775577663bf7db8dbef949c73b4efa96
                        SHA1:dc6830e116e795ee0429ca26db69d825d4511c8e
                        SHA256:e70f87d5f05ff21f16c25173755ebb71a2cf2b46c047aa9ad9bbf1e13e2dd3c4
                        SHA512:e9dc8e28f309bee73f9be84500877bc85c82c614015ef638d012578af60219cd0c8c57ae6bb15ca89451e1bf7384ea99f3155ad9ad695b1f3685fb3edc916f50
                        SSDEEP:12288:A+6lWsaXRL/ZSL8iQncawOEK0kKl12eWdaIE8ngieubrlO5tp+Q0TMHd/OS0:SVaX5hSgiswOE1bIEWnep5tp70TMH70
                        TLSH:5FF412B497AE4233C2BF99B7633571988370ED5B69A6D2DD1AC480ED9B13B2111233C7
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....;g..............0.................. ........@.. ....................... ............@................................

                        File Icon

                        Icon Hash:0595150b64f0390f

                        Static PE Info

                        General

                        Entrypoint:0x4bde16
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x673BABC5 [Mon Nov 18 21:04:05 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0xbddc40x4f.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000x1ab8.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000xbbe1c0xbc00071969f1992afe8dca64241e95dabcc57False0.9252124542885638data7.923378465327505IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0xbe0000x1ab80x1c00ab7c4c27f97ff8ad8059b8a9ec0db2a5False0.8039899553571429data7.216840717825384IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0xc00000xc0x200a9b98561b0936e950f0d8a169ac315a3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0xbe1000x1439PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9592428047131544
                        RT_GROUP_ICON0xbf54c0x14data1.05
                        RT_VERSION0xbf5700x348data0.43333333333333335
                        RT_MANIFEST0xbf8c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Nov 19, 2024 07:25:04.448896885 CET4972680192.168.2.10161.97.142.144
                        Nov 19, 2024 07:25:05.452792883 CET4972680192.168.2.10161.97.142.144
                        Nov 19, 2024 07:25:07.452785969 CET4972680192.168.2.10161.97.142.144
                        Nov 19, 2024 07:25:11.468394995 CET4972680192.168.2.10161.97.142.144
                        Nov 19, 2024 07:25:19.468592882 CET4972680192.168.2.10161.97.142.144
                        Nov 19, 2024 07:25:31.649986982 CET4972780192.168.2.10107.155.56.30
                        Nov 19, 2024 07:25:32.658729076 CET4972780192.168.2.10107.155.56.30
                        Nov 19, 2024 07:25:34.656049013 CET4972780192.168.2.10107.155.56.30
                        Nov 19, 2024 07:25:38.656286955 CET4972780192.168.2.10107.155.56.30
                        Nov 19, 2024 07:25:46.657339096 CET4972780192.168.2.10107.155.56.30
                        Nov 19, 2024 07:25:58.189445019 CET4973180192.168.2.1018.139.62.226
                        Nov 19, 2024 07:25:59.202986002 CET4973180192.168.2.1018.139.62.226
                        Nov 19, 2024 07:26:01.218527079 CET4973180192.168.2.1018.139.62.226
                        Nov 19, 2024 07:26:05.218560934 CET4973180192.168.2.1018.139.62.226
                        Nov 19, 2024 07:26:13.218653917 CET4973180192.168.2.1018.139.62.226
                        Nov 19, 2024 07:26:24.313770056 CET4973380192.168.2.10188.114.96.3
                        Nov 19, 2024 07:26:25.327920914 CET4973380192.168.2.10188.114.96.3
                        Nov 19, 2024 07:26:27.327900887 CET4973380192.168.2.10188.114.96.3

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Nov 19, 2024 07:25:04.372881889 CET4989853192.168.2.101.1.1.1
                        Nov 19, 2024 07:25:04.442361116 CET53498981.1.1.1192.168.2.10
                        Nov 19, 2024 07:25:30.488035917 CET5290653192.168.2.101.1.1.1
                        Nov 19, 2024 07:25:31.514359951 CET5290653192.168.2.101.1.1.1
                        Nov 19, 2024 07:25:31.612587929 CET53529061.1.1.1192.168.2.10
                        Nov 19, 2024 07:25:31.615077972 CET53529061.1.1.1192.168.2.10
                        Nov 19, 2024 07:25:57.691487074 CET6337653192.168.2.101.1.1.1
                        Nov 19, 2024 07:25:58.184393883 CET53633761.1.1.1192.168.2.10
                        Nov 19, 2024 07:26:24.238751888 CET5148253192.168.2.101.1.1.1
                        Nov 19, 2024 07:26:24.310656071 CET53514821.1.1.1192.168.2.10

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Nov 19, 2024 07:25:04.372881889 CET192.168.2.101.1.1.10x1d1bStandard query (0)www.070001325.xyzA (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:30.488035917 CET192.168.2.101.1.1.10xf282Standard query (0)www.expancz.topA (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:31.514359951 CET192.168.2.101.1.1.10xf282Standard query (0)www.expancz.topA (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:57.691487074 CET192.168.2.101.1.1.10x977bStandard query (0)www.taxiquynhonnew.clickA (IP address)IN (0x0001)false
                        Nov 19, 2024 07:26:24.238751888 CET192.168.2.101.1.1.10x52adStandard query (0)www.epitomize.shopA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Nov 19, 2024 07:25:04.442361116 CET1.1.1.1192.168.2.100x1d1bNo error (0)www.070001325.xyz161.97.142.144A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:31.612587929 CET1.1.1.1192.168.2.100xf282No error (0)www.expancz.top107.155.56.30A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:31.615077972 CET1.1.1.1192.168.2.100xf282No error (0)www.expancz.top107.155.56.30A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:58.184393883 CET1.1.1.1192.168.2.100x977bNo error (0)www.taxiquynhonnew.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                        Nov 19, 2024 07:25:58.184393883 CET1.1.1.1192.168.2.100x977bNo error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:58.184393883 CET1.1.1.1192.168.2.100x977bNo error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:25:58.184393883 CET1.1.1.1192.168.2.100x977bNo error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:26:24.310656071 CET1.1.1.1192.168.2.100x52adNo error (0)www.epitomize.shop188.114.96.3A (IP address)IN (0x0001)false
                        Nov 19, 2024 07:26:24.310656071 CET1.1.1.1192.168.2.100x52adNo error (0)www.epitomize.shop188.114.97.3A (IP address)IN (0x0001)false

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:5
                        Start time:01:23:18
                        Start date:19/11/2024
                        Path:C:\Users\user\Desktop\Swift copy.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\Swift copy.exe"
                        Imagebase:0x340000
                        File size:778'240 bytes
                        MD5 hash:775577663BF7DB8DBEF949C73B4EFA96
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:9
                        Start time:01:23:57
                        Start date:19/11/2024
                        Path:C:\Users\user\Desktop\Swift copy.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\Swift copy.exe"
                        Imagebase:0x2d0000
                        File size:778'240 bytes
                        MD5 hash:775577663BF7DB8DBEF949C73B4EFA96
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:10
                        Start time:01:23:57
                        Start date:19/11/2024
                        Path:C:\Users\user\Desktop\Swift copy.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\Swift copy.exe"
                        Imagebase:0x1c0000
                        File size:778'240 bytes
                        MD5 hash:775577663BF7DB8DBEF949C73B4EFA96
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:11
                        Start time:01:23:57
                        Start date:19/11/2024
                        Path:C:\Users\user\Desktop\Swift copy.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\Swift copy.exe"
                        Imagebase:0x6d0000
                        File size:778'240 bytes
                        MD5 hash:775577663BF7DB8DBEF949C73B4EFA96
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2194282511.0000000001190000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2198917038.0000000001690000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:14
                        Start time:01:24:43
                        Start date:19/11/2024
                        Path:C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe"
                        Imagebase:0x270000
                        File size:140'800 bytes
                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3131478428.0000000003070000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:15
                        Start time:01:24:45
                        Start date:19/11/2024
                        Path:C:\Windows\SysWOW64\tzutil.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\SysWOW64\tzutil.exe"
                        Imagebase:0x3c0000
                        File size:48'640 bytes
                        MD5 hash:31DE852CCF7CED517CC79596C76126B4
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3130224209.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3130113254.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:moderate
                        Has exited:false

                        General

                        Target ID:16
                        Start time:01:24:58
                        Start date:19/11/2024
                        Path:C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\xrGPUOlMJQPzrKfBsdUoLTIVGzzAwPSXqrmZMyrlAJBtZKATnVMWY\XxPvAQnhLSF.exe"
                        Imagebase:0x270000
                        File size:140'800 bytes
                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:12.4%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:7.3%
                          Total number of Nodes:371
                          Total number of Limit Nodes:24
                          execution_graph 37055 748cea9 37056 748cea6 37055->37056 37057 748ce96 37055->37057 37057->37056 37061 748d800 37057->37061 37080 748d876 37057->37080 37100 748d810 37057->37100 37062 748d804 37061->37062 37063 748d832 37062->37063 37119 748dda8 37062->37119 37124 748e3d6 37062->37124 37133 748e133 37062->37133 37138 748dcb2 37062->37138 37143 748e432 37062->37143 37152 748dcd0 37062->37152 37157 748e2df 37062->37157 37162 748e19d 37062->37162 37170 748df7a 37062->37170 37175 748dd39 37062->37175 37180 748e0e6 37062->37180 37188 748e045 37062->37188 37197 748dc24 37062->37197 37202 748dd43 37062->37202 37210 748de22 37062->37210 37214 748dfa0 37062->37214 37063->37056 37081 748d804 37080->37081 37082 748d879 37080->37082 37083 748dda8 2 API calls 37081->37083 37084 748d832 37081->37084 37085 748dfa0 4 API calls 37081->37085 37086 748de22 2 API calls 37081->37086 37087 748dd43 4 API calls 37081->37087 37088 748dc24 2 API calls 37081->37088 37089 748e045 2 API calls 37081->37089 37090 748e0e6 4 API calls 37081->37090 37091 748dd39 2 API calls 37081->37091 37092 748df7a 2 API calls 37081->37092 37093 748e19d 4 API calls 37081->37093 37094 748e2df 2 API calls 37081->37094 37095 748dcd0 2 API calls 37081->37095 37096 748e432 4 API calls 37081->37096 37097 748dcb2 2 API calls 37081->37097 37098 748e133 2 API calls 37081->37098 37099 748e3d6 4 API calls 37081->37099 37082->37056 37083->37084 37084->37056 37085->37084 37086->37084 37087->37084 37088->37084 37089->37084 37090->37084 37091->37084 37092->37084 37093->37084 37094->37084 37095->37084 37096->37084 37097->37084 37098->37084 37099->37084 37101 748d82a 37100->37101 37102 748d832 37101->37102 37103 748dda8 2 API calls 37101->37103 37104 748dfa0 4 API calls 37101->37104 37105 748de22 2 API calls 37101->37105 37106 748dd43 4 API calls 37101->37106 37107 748dc24 2 API calls 37101->37107 37108 748e045 2 API calls 37101->37108 37109 748e0e6 4 API calls 37101->37109 37110 748dd39 2 API calls 37101->37110 37111 748df7a 2 API calls 37101->37111 37112 748e19d 4 API calls 37101->37112 37113 748e2df 2 API calls 37101->37113 37114 748dcd0 2 API calls 37101->37114 37115 748e432 4 API calls 37101->37115 37116 748dcb2 2 API calls 37101->37116 37117 748e133 2 API calls 37101->37117 37118 748e3d6 4 API calls 37101->37118 37102->37056 37103->37102 37104->37102 37105->37102 37106->37102 37107->37102 37108->37102 37109->37102 37110->37102 37111->37102 37112->37102 37113->37102 37114->37102 37115->37102 37116->37102 37117->37102 37118->37102 37121 748dd2f 37119->37121 37120 748dd41 37121->37120 37226 748c798 37121->37226 37230 748c7a0 37121->37230 37125 748e1b4 37124->37125 37126 748e6e2 37125->37126 37234 748c118 37125->37234 37238 748c120 37125->37238 37126->37063 37127 748dd2f 37128 748dd41 37127->37128 37131 748c798 WriteProcessMemory 37127->37131 37132 748c7a0 WriteProcessMemory 37127->37132 37128->37063 37131->37127 37132->37127 37134 748e156 37133->37134 37136 748c798 WriteProcessMemory 37134->37136 37137 748c7a0 WriteProcessMemory 37134->37137 37135 748e4e9 37136->37135 37137->37135 37139 748dc28 37138->37139 37242 748ca28 37139->37242 37246 748ca1e 37139->37246 37145 748dd5e 37143->37145 37144 748e446 37145->37144 37250 748c888 37145->37250 37254 748c890 37145->37254 37146 748dd2f 37147 748dd41 37146->37147 37150 748c798 WriteProcessMemory 37146->37150 37151 748c7a0 WriteProcessMemory 37146->37151 37150->37146 37151->37146 37153 748dcd6 37152->37153 37154 748dd04 37153->37154 37155 748ca28 CreateProcessA 37153->37155 37156 748ca1e CreateProcessA 37153->37156 37154->37063 37155->37154 37156->37154 37158 748e61b 37157->37158 37258 748c608 37158->37258 37262 748c602 37158->37262 37159 748e636 37163 748e1a3 37162->37163 37166 748c118 ResumeThread 37163->37166 37167 748c120 ResumeThread 37163->37167 37164 748dd2f 37165 748dd41 37164->37165 37168 748c798 WriteProcessMemory 37164->37168 37169 748c7a0 WriteProcessMemory 37164->37169 37165->37063 37166->37164 37167->37164 37168->37164 37169->37164 37171 748dd2f 37170->37171 37171->37170 37172 748dd41 37171->37172 37173 748c798 WriteProcessMemory 37171->37173 37174 748c7a0 WriteProcessMemory 37171->37174 37173->37171 37174->37171 37176 748dd2f 37175->37176 37177 748dd41 37176->37177 37178 748c798 WriteProcessMemory 37176->37178 37179 748c7a0 WriteProcessMemory 37176->37179 37178->37176 37179->37176 37181 748e0ef 37180->37181 37184 748c888 ReadProcessMemory 37181->37184 37185 748c890 ReadProcessMemory 37181->37185 37182 748dd41 37183 748dd2f 37183->37182 37186 748c798 WriteProcessMemory 37183->37186 37187 748c7a0 WriteProcessMemory 37183->37187 37184->37183 37185->37183 37186->37183 37187->37183 37190 748ddf2 37188->37190 37189 748e39c 37189->37063 37190->37189 37191 748dd2f 37190->37191 37195 748c798 WriteProcessMemory 37190->37195 37196 748c7a0 WriteProcessMemory 37190->37196 37192 748dd41 37191->37192 37193 748c798 WriteProcessMemory 37191->37193 37194 748c7a0 WriteProcessMemory 37191->37194 37192->37063 37193->37191 37194->37191 37195->37190 37196->37190 37198 748dc2a 37197->37198 37200 748ca28 CreateProcessA 37198->37200 37201 748ca1e CreateProcessA 37198->37201 37199 748dd04 37199->37063 37200->37199 37201->37199 37203 748dd4d 37202->37203 37208 748c888 ReadProcessMemory 37203->37208 37209 748c890 ReadProcessMemory 37203->37209 37204 748dd41 37205 748dd2f 37205->37204 37206 748c798 WriteProcessMemory 37205->37206 37207 748c7a0 WriteProcessMemory 37205->37207 37206->37205 37207->37205 37208->37205 37209->37205 37212 748c608 Wow64SetThreadContext 37210->37212 37213 748c602 Wow64SetThreadContext 37210->37213 37211 748de45 37212->37211 37213->37211 37215 748dfc1 37214->37215 37266 748c6e0 37215->37266 37270 748c6d8 37215->37270 37216 748dd2f 37219 748dd41 37216->37219 37224 748c798 WriteProcessMemory 37216->37224 37225 748c7a0 WriteProcessMemory 37216->37225 37217 748ddf2 37217->37216 37218 748e39c 37217->37218 37220 748c798 WriteProcessMemory 37217->37220 37221 748c7a0 WriteProcessMemory 37217->37221 37218->37063 37219->37063 37220->37217 37221->37217 37224->37216 37225->37216 37227 748c7a0 WriteProcessMemory 37226->37227 37229 748c83f 37227->37229 37229->37121 37231 748c7e8 WriteProcessMemory 37230->37231 37233 748c83f 37231->37233 37233->37121 37235 748c120 ResumeThread 37234->37235 37237 748c191 37235->37237 37237->37127 37239 748c160 ResumeThread 37238->37239 37241 748c191 37239->37241 37241->37127 37243 748cab1 CreateProcessA 37242->37243 37245 748cc73 37243->37245 37247 748ca28 CreateProcessA 37246->37247 37249 748cc73 37247->37249 37251 748c890 ReadProcessMemory 37250->37251 37253 748c91f 37251->37253 37253->37146 37255 748c8db ReadProcessMemory 37254->37255 37257 748c91f 37255->37257 37257->37146 37259 748c64d Wow64SetThreadContext 37258->37259 37261 748c695 37259->37261 37261->37159 37263 748c64d Wow64SetThreadContext 37262->37263 37265 748c695 37263->37265 37265->37159 37267 748c720 VirtualAllocEx 37266->37267 37269 748c75d 37267->37269 37269->37217 37271 748c6e0 VirtualAllocEx 37270->37271 37273 748c75d 37271->37273 37273->37217 37051 254c300 37052 254c342 37051->37052 37053 254c348 GetModuleHandleW 37051->37053 37052->37053 37054 254c375 37053->37054 37274 748ebe0 37275 748ec06 37274->37275 37277 748ed6b 37274->37277 37275->37277 37278 7489370 37275->37278 37279 748ee60 PostMessageW 37278->37279 37280 748eecc 37279->37280 37280->37275 37281 4db82b0 37282 4db82db 37281->37282 37303 4db7e08 37282->37303 37284 4db8314 37310 4db7e18 37284->37310 37287 4db7e18 CreateWindowExW 37288 4db8350 37287->37288 37314 4db7e28 37288->37314 37291 4db7e08 CreateWindowExW 37292 4db838c 37291->37292 37293 4db7e28 CreateWindowExW 37292->37293 37294 4db83aa 37293->37294 37295 4db7e18 CreateWindowExW 37294->37295 37296 4db83c8 37295->37296 37297 4db7e18 CreateWindowExW 37296->37297 37298 4db83e6 37297->37298 37299 4db7e18 CreateWindowExW 37298->37299 37300 4db8404 37299->37300 37301 4db7e18 CreateWindowExW 37300->37301 37302 4db8422 37301->37302 37304 4db7e13 37303->37304 37318 2548317 37304->37318 37322 2547dac 37304->37322 37326 2547dcc 37304->37326 37330 2547d62 37304->37330 37305 4db9bc5 37305->37284 37311 4db7e23 37310->37311 37312 4db8332 37311->37312 37387 4db8030 37311->37387 37312->37287 37315 4db7e33 37314->37315 37401 4db81d0 37315->37401 37317 4db836e 37317->37291 37319 2548328 37318->37319 37334 2547ddc 37319->37334 37321 25483cd 37321->37305 37323 2547db1 37322->37323 37324 2547ddc CreateWindowExW 37323->37324 37325 25483cd 37324->37325 37325->37305 37327 2547dd7 37326->37327 37328 2547ddc CreateWindowExW 37327->37328 37329 25483cd 37328->37329 37329->37305 37331 2547d2d 37330->37331 37331->37330 37332 2547ddc CreateWindowExW 37331->37332 37333 25483cd 37332->37333 37333->37305 37335 2547de7 37334->37335 37336 2549969 37335->37336 37338 254e0d0 37335->37338 37336->37321 37339 254e0f1 37338->37339 37340 254e115 37339->37340 37342 254e280 37339->37342 37340->37336 37343 254e28d 37342->37343 37344 254e2c7 37343->37344 37346 254dba8 37343->37346 37344->37340 37348 254dbb3 37346->37348 37347 254ebd8 37348->37347 37350 254dcd4 37348->37350 37351 254dcdf 37350->37351 37352 2547ddc CreateWindowExW 37351->37352 37358 254ec47 37352->37358 37353 2547dcc CreateWindowExW 37354 254ec64 37353->37354 37359 4db0a18 37354->37359 37365 4db0a30 37354->37365 37355 254ec81 37355->37347 37358->37353 37361 4db0b61 37359->37361 37362 4db0a61 37359->37362 37360 4db0a6d 37360->37355 37361->37355 37362->37360 37371 4db1c8f 37362->37371 37376 4db1c90 37362->37376 37367 4db0a61 37365->37367 37368 4db0b61 37365->37368 37366 4db0a6d 37366->37355 37367->37366 37369 4db1c8f CreateWindowExW 37367->37369 37370 4db1c90 CreateWindowExW 37367->37370 37368->37355 37369->37368 37370->37368 37372 4db1cbb 37371->37372 37373 4db1d6a 37372->37373 37381 4db2b5c 37372->37381 37384 4db2b60 37372->37384 37377 4db1cbb 37376->37377 37378 4db1d6a 37377->37378 37379 4db2b5c CreateWindowExW 37377->37379 37380 4db2b60 CreateWindowExW 37377->37380 37379->37378 37380->37378 37382 4db1970 CreateWindowExW 37381->37382 37383 4db2b95 37382->37383 37383->37373 37385 4db2b95 37384->37385 37386 4db1970 CreateWindowExW 37384->37386 37385->37373 37386->37385 37388 4db803b 37387->37388 37392 2547ddc CreateWindowExW 37388->37392 37393 2549660 37388->37393 37397 2549617 37388->37397 37389 4db9e54 37389->37312 37392->37389 37395 2549678 37393->37395 37394 2549969 37394->37389 37395->37394 37396 254e0d0 CreateWindowExW 37395->37396 37396->37394 37399 254961e 37397->37399 37398 2549969 37398->37389 37399->37398 37400 254e0d0 CreateWindowExW 37399->37400 37400->37398 37402 4db81db 37401->37402 37403 4dba102 37402->37403 37404 2549617 CreateWindowExW 37402->37404 37405 2549660 CreateWindowExW 37402->37405 37406 2547ddc CreateWindowExW 37402->37406 37403->37317 37404->37403 37405->37403 37406->37403 37041 254e398 37042 254e3de 37041->37042 37045 254e578 37042->37045 37048 254dc70 37045->37048 37049 254e5e0 DuplicateHandle 37048->37049 37050 254e4cb 37049->37050 37407 2544668 37408 2544672 37407->37408 37412 2544759 37407->37412 37417 2544210 37408->37417 37410 254468d 37413 254477d 37412->37413 37421 2544867 37413->37421 37425 2544868 37413->37425 37418 254421b 37417->37418 37433 2545db0 37418->37433 37420 2546fd1 37420->37410 37423 254488f 37421->37423 37422 254496c 37422->37422 37423->37422 37429 25444d4 37423->37429 37427 254488f 37425->37427 37426 254496c 37426->37426 37427->37426 37428 25444d4 CreateActCtxA 37427->37428 37428->37426 37430 25458f8 CreateActCtxA 37429->37430 37432 25459bb 37430->37432 37434 2545dbb 37433->37434 37437 2547d7c 37434->37437 37436 25481f5 37436->37420 37438 2547d87 37437->37438 37439 2547dac CreateWindowExW 37438->37439 37440 25482da 37439->37440 37441 2547dcc CreateWindowExW 37440->37441 37442 25482f6 37441->37442 37442->37436 37443 a1d01c 37444 a1d034 37443->37444 37447 a1d08e 37444->37447 37450 4db2d68 37444->37450 37454 4db3ad7 37444->37454 37463 4db2d67 37444->37463 37467 4db199c 37444->37467 37451 4db2d8e 37450->37451 37452 4db199c CallWindowProcW 37451->37452 37453 4db2daf 37452->37453 37453->37447 37457 4db3b05 37454->37457 37455 4db3b39 37492 4db1ac4 37455->37492 37457->37455 37459 4db3b29 37457->37459 37458 4db3b37 37476 4db3c5a 37459->37476 37481 4db3c60 37459->37481 37486 4db3d2c 37459->37486 37464 4db2d8e 37463->37464 37465 4db199c CallWindowProcW 37464->37465 37466 4db2daf 37465->37466 37466->37447 37470 4db19a7 37467->37470 37468 4db3b39 37469 4db1ac4 CallWindowProcW 37468->37469 37472 4db3b37 37469->37472 37470->37468 37471 4db3b29 37470->37471 37473 4db3c5a CallWindowProcW 37471->37473 37474 4db3d2c CallWindowProcW 37471->37474 37475 4db3c60 CallWindowProcW 37471->37475 37473->37472 37474->37472 37475->37472 37478 4db3c74 37476->37478 37477 4db3d00 37477->37458 37496 4db3d0a 37478->37496 37499 4db3d18 37478->37499 37483 4db3c74 37481->37483 37482 4db3d00 37482->37458 37484 4db3d0a CallWindowProcW 37483->37484 37485 4db3d18 CallWindowProcW 37483->37485 37484->37482 37485->37482 37487 4db3d3a 37486->37487 37488 4db3cea 37486->37488 37490 4db3d0a CallWindowProcW 37488->37490 37491 4db3d18 CallWindowProcW 37488->37491 37489 4db3d00 37489->37458 37490->37489 37491->37489 37493 4db1acf 37492->37493 37494 4db521a CallWindowProcW 37493->37494 37495 4db51c9 37493->37495 37494->37495 37495->37458 37497 4db3d29 37496->37497 37502 4db515e 37496->37502 37497->37477 37500 4db3d29 37499->37500 37501 4db515e CallWindowProcW 37499->37501 37500->37477 37501->37500 37503 4db1ac4 CallWindowProcW 37502->37503 37504 4db516a 37503->37504 37504->37497

                          Executed Functions

                          Function 04DB82B0 Relevance: 24.0, Strings: 18, Instructions: 1523COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 4db82b0-4db9662 call 4db7e08 call 4db7e18 * 2 call 4db7e28 call 4db7e08 call 4db7e28 call 4db7e18 * 4 call 4db7e38 call 4db7e48 * 3 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7eb0 call 4db7ec0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7ef0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7f00 call 4db7f10 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7f20 call 4db7e48 * 6 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7eb0 call 4db7f00 call 4db7f30 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7f20 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7f40 call 4db7f50 280 4db9668-4db969e 0->280 281 4db978f-4db9816 0->281 282 4db9b9e-4db9bb0 280->282 283 4db96a4-4db96c1 280->283 281->282 302 4db981c-4db982a 281->302 283->282 285 4db96c7-4db96dc 283->285 285->282 287 4db96e2-4db970b call 4db7f60 285->287 287->282 291 4db9711-4db973b 287->291 291->282 294 4db9741-4db9757 291->294 294->282 296 4db975d-4db9770 294->296 296->282 297 4db9776-4db9789 296->297 297->280 297->281 302->282 304 4db9830-4db98b2 302->304 312 4db98b8-4db9b9d call 4db7f70 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7f80 call 4db7f90 call 4db7fa0 call 4db7fb0 call 4db7fc0 call 4db7e48 * 2 call 4db7fd0 call 4db7fe0 call 4db7e68 call 4db663c call 4db7ff0 * 3 304->312
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: 2$=$=$=$S$S$S$_$_$_$_$_$`_k_$k$k$k${$$2q
                          • API String ID: 0-3092820748
                          • Opcode ID: e9ee323d1f7ff8b76efe5ed5d4c40a4d8d2f01babdccd0c0f313b1f2633d6e24
                          • Instruction ID: 3a1fe7cb45bed12aac5ced5608539d6b1f88e68f766f9de400d0a9cd102f3dec
                          • Opcode Fuzzy Hash: e9ee323d1f7ff8b76efe5ed5d4c40a4d8d2f01babdccd0c0f313b1f2633d6e24
                          • Instruction Fuzzy Hash: A8F2E630A10719CFD715EF34C854A9AB7B2FF89304F6186A9D44AAB360DB75AD85CF80
                          Function 04DB82A1 Relevance: 24.0, Strings: 18, Instructions: 1519COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 365 4db82a1-4db8301 369 4db830b-4db830f call 4db7e08 365->369 371 4db8314-4db831f 369->371 373 4db8329-4db832d call 4db7e18 371->373 375 4db8332-4db8493 call 4db7e18 call 4db7e28 call 4db7e08 call 4db7e28 call 4db7e18 * 4 call 4db7e38 call 4db7e48 373->375 419 4db8498-4db84a2 375->419 420 4db84a8-4db84e2 call 4db7e48 * 2 419->420 426 4db84e8-4db852a call 4db7e58 420->426 429 4db852f-4db860f call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7eb0 426->429 441 4db8614-4db861d 429->441 442 4db8626-4db8652 441->442 445 4db865c-4db8686 call 4db7ec0 442->445 448 4db868c-4db888f call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7ef0 445->448 470 4db8894-4db88f0 call 4db7e58 448->470 473 4db88f5-4db8a24 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 470->473 488 4db8a29-4db8a48 call 4db7f00 call 4db7f10 473->488 492 4db8a4d-4db8afa call 4db7e58 488->492 496 4db8b01-4db8b0e 492->496 497 4db8b17-4db95c4 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7f20 call 4db7e48 * 6 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7eb0 call 4db7f00 call 4db7f30 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7f20 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7ea0 call 4db7ed0 call 4db7ee0 496->497 634 4db95c9 497->634 635 4db95d3-4db9662 call 4db7f40 call 4db7f50 634->635 645 4db9668-4db969e 635->645 646 4db978f-4db97db 635->646 647 4db9b9e-4db9bb0 645->647 648 4db96a4-4db96c1 645->648 663 4db97e2-4db97ee 646->663 648->647 650 4db96c7-4db96dc 648->650 650->647 652 4db96e2-4db970b call 4db7f60 650->652 652->647 656 4db9711-4db973b 652->656 656->647 659 4db9741-4db9757 656->659 659->647 661 4db975d-4db9770 659->661 661->647 662 4db9776-4db9789 661->662 662->645 662->646 664 4db97f6-4db97fe 663->664 665 4db9808-4db980c 664->665 666 4db9812-4db9816 665->666 666->647 667 4db981c-4db982a 666->667 667->647 669 4db9830-4db9894 667->669 676 4db989e-4db98b2 669->676 677 4db98b8-4db9b9d call 4db7f70 call 4db7e58 call 4db7e68 call 4db7e78 call 4db7f80 call 4db7f90 call 4db7fa0 call 4db7fb0 call 4db7fc0 call 4db7e48 * 2 call 4db7fd0 call 4db7fe0 call 4db7e68 call 4db663c call 4db7ff0 * 3 676->677
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: 2$=$=$=$S$S$S$_$_$_$_$_$`_k_$k$k$k${$$2q
                          • API String ID: 0-3092820748
                          • Opcode ID: 3f8d1c2175bb38b2e2b035f1517c6e025d1a7952ec6652c3534b1c1479fbcfd7
                          • Instruction ID: b34c21dd51b030b4b26ff936d6ad120207f3047b501f31016387dabba3ccb4bf
                          • Opcode Fuzzy Hash: 3f8d1c2175bb38b2e2b035f1517c6e025d1a7952ec6652c3534b1c1479fbcfd7
                          • Instruction Fuzzy Hash: 81F2E630A10719CFD715EF34C854ADAB7B2FF89304F6186A9D44AAB360DB75A985CF80
                          Function 0748FAC8 Relevance: .5, Instructions: 475COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59e98572f89c0884af351db7dc41d0f6f377beb23cce98a857904955bc226a90
                          • Instruction ID: 57ef56323e08b01a43079bc3511eedf118e109a527c559763ef1b9c41e025102
                          • Opcode Fuzzy Hash: 59e98572f89c0884af351db7dc41d0f6f377beb23cce98a857904955bc226a90
                          • Instruction Fuzzy Hash: 01C1ABB1B006098BDB65EB76C460BAEB7E7AFC9304F10446ED1469B790CF35E90ACB51
                          Function 07483033 Relevance: .3, Instructions: 293COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 000f72d08dd102504f05551da00fcf9497fbceb377eeddee870350aef69946ed
                          • Instruction ID: 128c348eb810da73809699c92fb99d346d00b8524b7c06e048fe598845b727cd
                          • Opcode Fuzzy Hash: 000f72d08dd102504f05551da00fcf9497fbceb377eeddee870350aef69946ed
                          • Instruction Fuzzy Hash: 59C191B4E042198FDB54DFA9C980A9EBBF2BF89300F14856AD819E7355EB319942CF50
                          Function 0748E19D Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65fe7dc283edf9e4ceec99c9fd2a6e9876bb3707fe1d8ee0fe8ace5c25a291dd
                          • Instruction ID: 20a621f8dd0c2e39da5e838b2b0dfd0feff198ed32452bdebad12fb897217bf6
                          • Opcode Fuzzy Hash: 65fe7dc283edf9e4ceec99c9fd2a6e9876bb3707fe1d8ee0fe8ace5c25a291dd
                          • Instruction Fuzzy Hash: A02104B4D2926CCFDB60EF25D8447EDBBF4BB0A315F0055DAD40AA6291CB719A86CF00
                          Function 0748CA1E Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 730 748ca1e-748cabd 733 748cabf-748cac9 730->733 734 748caf6-748cb16 730->734 733->734 735 748cacb-748cacd 733->735 739 748cb18-748cb22 734->739 740 748cb4f-748cb7e 734->740 737 748cacf-748cad9 735->737 738 748caf0-748caf3 735->738 741 748cadb 737->741 742 748cadd-748caec 737->742 738->734 739->740 743 748cb24-748cb26 739->743 750 748cb80-748cb8a 740->750 751 748cbb7-748cc71 CreateProcessA 740->751 741->742 742->742 744 748caee 742->744 745 748cb28-748cb32 743->745 746 748cb49-748cb4c 743->746 744->738 748 748cb34 745->748 749 748cb36-748cb45 745->749 746->740 748->749 749->749 752 748cb47 749->752 750->751 753 748cb8c-748cb8e 750->753 762 748cc7a-748cd00 751->762 763 748cc73-748cc79 751->763 752->746 755 748cb90-748cb9a 753->755 756 748cbb1-748cbb4 753->756 757 748cb9c 755->757 758 748cb9e-748cbad 755->758 756->751 757->758 758->758 759 748cbaf 758->759 759->756 773 748cd10-748cd14 762->773 774 748cd02-748cd06 762->774 763->762 776 748cd24-748cd28 773->776 777 748cd16-748cd1a 773->777 774->773 775 748cd08 774->775 775->773 779 748cd38-748cd3c 776->779 780 748cd2a-748cd2e 776->780 777->776 778 748cd1c 777->778 778->776 782 748cd4e-748cd55 779->782 783 748cd3e-748cd44 779->783 780->779 781 748cd30 780->781 781->779 784 748cd6c 782->784 785 748cd57-748cd66 782->785 783->782 787 748cd6d 784->787 785->784 787->787
                          APIs
                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0748CC5E
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 3369cc6feb83c93dbb41dbb8085aec2d4e55d7710572f7653d8825fdb11c9815
                          • Instruction ID: 3eb512b0ff109de6ec86d0c22a4e044b8e9106de012605b41c44067c8659beca
                          • Opcode Fuzzy Hash: 3369cc6feb83c93dbb41dbb8085aec2d4e55d7710572f7653d8825fdb11c9815
                          • Instruction Fuzzy Hash: 8AA15FB1D0061D9FDB24DF68C881BEEBBB2FF44310F1485AAD819A7240DB749985CFA1
                          Function 0748CA28 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 788 748ca28-748cabd 790 748cabf-748cac9 788->790 791 748caf6-748cb16 788->791 790->791 792 748cacb-748cacd 790->792 796 748cb18-748cb22 791->796 797 748cb4f-748cb7e 791->797 794 748cacf-748cad9 792->794 795 748caf0-748caf3 792->795 798 748cadb 794->798 799 748cadd-748caec 794->799 795->791 796->797 800 748cb24-748cb26 796->800 807 748cb80-748cb8a 797->807 808 748cbb7-748cc71 CreateProcessA 797->808 798->799 799->799 801 748caee 799->801 802 748cb28-748cb32 800->802 803 748cb49-748cb4c 800->803 801->795 805 748cb34 802->805 806 748cb36-748cb45 802->806 803->797 805->806 806->806 809 748cb47 806->809 807->808 810 748cb8c-748cb8e 807->810 819 748cc7a-748cd00 808->819 820 748cc73-748cc79 808->820 809->803 812 748cb90-748cb9a 810->812 813 748cbb1-748cbb4 810->813 814 748cb9c 812->814 815 748cb9e-748cbad 812->815 813->808 814->815 815->815 816 748cbaf 815->816 816->813 830 748cd10-748cd14 819->830 831 748cd02-748cd06 819->831 820->819 833 748cd24-748cd28 830->833 834 748cd16-748cd1a 830->834 831->830 832 748cd08 831->832 832->830 836 748cd38-748cd3c 833->836 837 748cd2a-748cd2e 833->837 834->833 835 748cd1c 834->835 835->833 839 748cd4e-748cd55 836->839 840 748cd3e-748cd44 836->840 837->836 838 748cd30 837->838 838->836 841 748cd6c 839->841 842 748cd57-748cd66 839->842 840->839 844 748cd6d 841->844 842->841 844->844
                          APIs
                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0748CC5E
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: aa4613e5a34c6197c360e282f6f85f2a26b4bc599107eb7fb91da1e7db91e200
                          • Instruction ID: 64fdd1aadf78783dd3bf7ebdabc5d1ed1f5c010d820a36e329a774da7495e4e7
                          • Opcode Fuzzy Hash: aa4613e5a34c6197c360e282f6f85f2a26b4bc599107eb7fb91da1e7db91e200
                          • Instruction Fuzzy Hash: 8F915FB1D0061D9FDB54DF68C881BEEBBF2BF44310F1485AAD819A7240D7749985CFA1
                          Function 04DB1970 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 845 4db1970-4db2c16 847 4db2c18-4db2c1e 845->847 848 4db2c21-4db2c28 845->848 847->848 849 4db2c2a-4db2c30 848->849 850 4db2c33-4db2cd2 CreateWindowExW 848->850 849->850 852 4db2cdb-4db2d13 850->852 853 4db2cd4-4db2cda 850->853 857 4db2d20 852->857 858 4db2d15-4db2d18 852->858 853->852 859 4db2d21 857->859 858->857 859->859
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DB2CC2
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 7b054cd88ed6bf5d4f290f24de9ae9d51fe87231574c5a329629dd100d2f526c
                          • Instruction ID: 9c4750a38f26823de760739732d7e816b2f98341296b31215769a71339606639
                          • Opcode Fuzzy Hash: 7b054cd88ed6bf5d4f290f24de9ae9d51fe87231574c5a329629dd100d2f526c
                          • Instruction Fuzzy Hash: 0851DEB5D00348DFDB15CF9AC884ADEBBB5FF48310F64812AE819AB250D770A885CF90
                          Function 04DB2BAF Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 860 4db2baf-4db2c16 861 4db2c18-4db2c1e 860->861 862 4db2c21-4db2c28 860->862 861->862 863 4db2c2a-4db2c30 862->863 864 4db2c33-4db2c6b 862->864 863->864 865 4db2c73-4db2cd2 CreateWindowExW 864->865 866 4db2cdb-4db2d13 865->866 867 4db2cd4-4db2cda 865->867 871 4db2d20 866->871 872 4db2d15-4db2d18 866->872 867->866 873 4db2d21 871->873 872->871 873->873
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DB2CC2
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 77d87b8455c89353082b65575c81dc58cbefaf8cf1ff9e6b4f2716d48aa3aedb
                          • Instruction ID: 7ac841a6a7414e090beffb2ecadb97f95574aa0761f7f261967d067f6a6d1701
                          • Opcode Fuzzy Hash: 77d87b8455c89353082b65575c81dc58cbefaf8cf1ff9e6b4f2716d48aa3aedb
                          • Instruction Fuzzy Hash: BC41CEB5D00349DFDB15CF9AC884ADEBFB5BF48310F64812AE819AB250D770A885CF90
                          Function 04DB1AC4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 874 4db1ac4-4db51bc 877 4db526c-4db528c call 4db199c 874->877 878 4db51c2-4db51c7 874->878 885 4db528f-4db529c 877->885 879 4db521a-4db5252 CallWindowProcW 878->879 880 4db51c9-4db5200 878->880 883 4db525b-4db526a 879->883 884 4db5254-4db525a 879->884 887 4db5209-4db5218 880->887 888 4db5202-4db5208 880->888 883->885 884->883 887->885 888->887
                          APIs
                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 04DB5241
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID: CallProcWindow
                          • String ID:
                          • API String ID: 2714655100-0
                          • Opcode ID: fd13f496c5e4426ec323aa8b3f8d5c042375087ce3d7faaa4046647bb1b71fa6
                          • Instruction ID: b6f800ffb0012883b7c4ae46e02003e482243e600754e23863847a50478dc44e
                          • Opcode Fuzzy Hash: fd13f496c5e4426ec323aa8b3f8d5c042375087ce3d7faaa4046647bb1b71fa6
                          • Instruction Fuzzy Hash: D94109B9A00205DFDB14CF99D458BAABBF5FF88314F248459D55AA7321D374A841CFA0
                          Function 025444D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 891 25444d4-25459b9 CreateActCtxA 894 25459c2-2545a1c 891->894 895 25459bb-25459c1 891->895 902 2545a1e-2545a21 894->902 903 2545a2b-2545a2f 894->903 895->894 902->903 904 2545a40 903->904 905 2545a31-2545a3d 903->905 907 2545a41 904->907 905->904 907->907
                          APIs
                          • CreateActCtxA.KERNEL32(?), ref: 025459A9
                          Memory Dump Source
                          • Source File: 00000005.00000002.1664212316.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2540000_Swift copy.jbxd
                          Similarity
                          • API ID: Create
                          • String ID:
                          • API String ID: 2289755597-0
                          • Opcode ID: a9413376baa5e261aee9e0468b83d1fd77ae7cdb3597ba5c6c5a139be1bdb5da
                          • Instruction ID: 2d9719d553b03f33d9a661a3273d421ef54e6bbc36caa7a67bf738dcacb3c3bd
                          • Opcode Fuzzy Hash: a9413376baa5e261aee9e0468b83d1fd77ae7cdb3597ba5c6c5a139be1bdb5da
                          • Instruction Fuzzy Hash: 1F41B370D00719CBEB24DF99C844B9DFBB5BF49304F60806AD409AB251DBB56949CF90
                          Function 025458F7 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 908 25458f7-25459b9 CreateActCtxA 910 25459c2-2545a1c 908->910 911 25459bb-25459c1 908->911 918 2545a1e-2545a21 910->918 919 2545a2b-2545a2f 910->919 911->910 918->919 920 2545a40 919->920 921 2545a31-2545a3d 919->921 923 2545a41 920->923 921->920 923->923
                          APIs
                          • CreateActCtxA.KERNEL32(?), ref: 025459A9
                          Memory Dump Source
                          • Source File: 00000005.00000002.1664212316.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2540000_Swift copy.jbxd
                          Similarity
                          • API ID: Create
                          • String ID:
                          • API String ID: 2289755597-0
                          • Opcode ID: a53ca1ed398b211bb8ddead45bf760a9ea2c2e6f5568fead261573e637254700
                          • Instruction ID: a5149f2bc02ec26d7fbe024a19969e105a0dd1f473b62404f91db4cfca6975e9
                          • Opcode Fuzzy Hash: a53ca1ed398b211bb8ddead45bf760a9ea2c2e6f5568fead261573e637254700
                          • Instruction Fuzzy Hash: 4241C370D00719CBEB24DFA9C884BDDFBB1BF49304F60806AD409AB251DBB56949CF50
                          Function 0748C798 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 924 748c798-748c7ee 927 748c7fe-748c83d WriteProcessMemory 924->927 928 748c7f0-748c7fc 924->928 930 748c83f-748c845 927->930 931 748c846-748c876 927->931 928->927 930->931
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0748C830
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: 98bb5cd842d9f4260fa956e68ab96ab3264613d69f93d52a6afa624087f2138d
                          • Instruction ID: 917b1db6474d19cc6f698863fc536c21b2ab3ebf06229f06181db263ed5b4d10
                          • Opcode Fuzzy Hash: 98bb5cd842d9f4260fa956e68ab96ab3264613d69f93d52a6afa624087f2138d
                          • Instruction Fuzzy Hash: 102139B59003499FDB10DFA9C881BEEBBF5FF48310F10842AE959A7250C7789541CBA4
                          Function 0748C7A0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 935 748c7a0-748c7ee 937 748c7fe-748c83d WriteProcessMemory 935->937 938 748c7f0-748c7fc 935->938 940 748c83f-748c845 937->940 941 748c846-748c876 937->941 938->937 940->941
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0748C830
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: 118feaddf435b4eaa229537b09bc9b3dad0f48c45ac1f6e7fe50f8db34fab4a2
                          • Instruction ID: 36ca03250d757c57d4d0b80fb6af6fb6391b9e166f471c01b10fd244ae8cd1ef
                          • Opcode Fuzzy Hash: 118feaddf435b4eaa229537b09bc9b3dad0f48c45ac1f6e7fe50f8db34fab4a2
                          • Instruction Fuzzy Hash: 552155B5D003499FDB10DFAAC880BEEBBF5FF48310F10842AE919A7250C7789940CBA0
                          Function 0748C888 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 945 748c888-748c91d ReadProcessMemory 949 748c91f-748c925 945->949 950 748c926-748c956 945->950 949->950
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0748C910
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: b94252f834ac600e03b54c05a83e8f9839eb228ac13d9c29c20b673f5b4795c8
                          • Instruction ID: e13905444bf0bd797082accf918f0d5b54a35e77e60f3bc01f40a78668c84d24
                          • Opcode Fuzzy Hash: b94252f834ac600e03b54c05a83e8f9839eb228ac13d9c29c20b673f5b4795c8
                          • Instruction Fuzzy Hash: 272139B1C003599FDB10DFAAC880BEEBBF5FF48310F10842AE559A7250D7789945CBA0
                          Function 0254DC70 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 954 254dc70-254e674 DuplicateHandle 956 254e676-254e67c 954->956 957 254e67d-254e69a 954->957 956->957
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0254E5A6,?,?,?,?,?), ref: 0254E667
                          Memory Dump Source
                          • Source File: 00000005.00000002.1664212316.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2540000_Swift copy.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 243413993824abc573b1a3b326a72f3ccb789b41be7a6ab3746c3ab4bb813bcd
                          • Instruction ID: 6544feb726940536b703a268b3a3520034b56a87ae082278e5c8c957052ac611
                          • Opcode Fuzzy Hash: 243413993824abc573b1a3b326a72f3ccb789b41be7a6ab3746c3ab4bb813bcd
                          • Instruction Fuzzy Hash: B621E3B59003499FDB10CFAAD585AEEFBF5FB48314F14842AE919A7310D378A940CFA4
                          Function 0748C602 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 960 748c602-748c653 962 748c663-748c693 Wow64SetThreadContext 960->962 963 748c655-748c661 960->963 965 748c69c-748c6cc 962->965 966 748c695-748c69b 962->966 963->962 966->965
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0748C686
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 3a2b3f101c4c1cce76f6bd5928758ac2e55538e755eb5b9c68de1c4554f5c01f
                          • Instruction ID: 1bd1eabcc047cdfa6be80e4c7e55843132d88cfab076f8fbc770ff8deffde128
                          • Opcode Fuzzy Hash: 3a2b3f101c4c1cce76f6bd5928758ac2e55538e755eb5b9c68de1c4554f5c01f
                          • Instruction Fuzzy Hash: 212149B1D007498FDB24DFAAC484BEEBBF5EF49320F14842AD459A7281C7789945CFA0
                          Function 0748C608 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 970 748c608-748c653 972 748c663-748c693 Wow64SetThreadContext 970->972 973 748c655-748c661 970->973 975 748c69c-748c6cc 972->975 976 748c695-748c69b 972->976 973->972 976->975
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0748C686
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 0bb1a319c7fbf9e8d0ec27b0b11384bc6aec2b91c1a7d9dd7889558264f3fa95
                          • Instruction ID: 611fbb530ac35b2ed836915e7100bc6ff0930b2a64cac9479593f21914ea83d1
                          • Opcode Fuzzy Hash: 0bb1a319c7fbf9e8d0ec27b0b11384bc6aec2b91c1a7d9dd7889558264f3fa95
                          • Instruction Fuzzy Hash: 0C2129B1D003099FDB14DFAAC485BEEBBF5EF48320F14842AD459A7241D778A945CFA4
                          Function 0748C890 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0748C910
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 6f91b595465b5e962b868ab165634b5fc57e1d6ad72048c5dd9eab447e857840
                          • Instruction ID: 25bb0df8a141916c0d7d1829697694327fc401e614fe95ad19044b7612ac121c
                          • Opcode Fuzzy Hash: 6f91b595465b5e962b868ab165634b5fc57e1d6ad72048c5dd9eab447e857840
                          • Instruction Fuzzy Hash: 5D2128B1C003599FDB10DFAAC880BEEBBF5FF48310F10842AE959A7250D7789941CBA4
                          Function 0748C6D8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0748C74E
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 3e9cb28231a6ca03bb4c890bb46009e190d0e96e47b570e2121d8df7c5a2c12f
                          • Instruction ID: 329452b38aa6f69944bec3802c7d7b5bfc195705b9ecff88653e37f8d51cb2bf
                          • Opcode Fuzzy Hash: 3e9cb28231a6ca03bb4c890bb46009e190d0e96e47b570e2121d8df7c5a2c12f
                          • Instruction Fuzzy Hash: A51147769003499FDB24DFAAD844BEEBBF5EB48320F14841AE555A7250CB759540CFA0
                          Function 0748C6E0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0748C74E
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 9f76386abe229fe05c185dbd775daf19a0529a97318d3e3801bf7dd33a7a6b30
                          • Instruction ID: 5b7584ed34d21a71cd146ac054af57d2e3a55094835b4cc587b2c848d2e1771e
                          • Opcode Fuzzy Hash: 9f76386abe229fe05c185dbd775daf19a0529a97318d3e3801bf7dd33a7a6b30
                          • Instruction Fuzzy Hash: 5D1137769003499FDB24DFAAD844BDFBBF5EF48320F24841AE519A7250C775A940CFA0
                          Function 0748C118 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 418459877fd4e18aff0721f2c6456b21b204e193a4b50bf6e35cf29db8c37856
                          • Instruction ID: 54be9a7b1037552e85d5808592c87b54dfd6f3598b0fa607a185df2e234af690
                          • Opcode Fuzzy Hash: 418459877fd4e18aff0721f2c6456b21b204e193a4b50bf6e35cf29db8c37856
                          • Instruction Fuzzy Hash: EA115BB1D003498FDB24DFAAD4857DEFBF5EB48220F24841AD419A7240CB756945CFA5
                          Function 0748EE58 Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0748EEBD
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: 77857355cb61ce0ae14dbfe54bb3c591bd1d922c4eda296ca96b0e17d224d9a8
                          • Instruction ID: 130cc1136089b31483709f8ac0161e58847890bb7d10c81880c05e57284efcd2
                          • Opcode Fuzzy Hash: 77857355cb61ce0ae14dbfe54bb3c591bd1d922c4eda296ca96b0e17d224d9a8
                          • Instruction Fuzzy Hash: D81136B680034D9FDB20DF9AD845BEEFBF8EB48320F10841AD554A3610C375A544CFA1
                          Function 0748C120 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 3a5cfad465a9fa2fed2a774216c7b23f4f926278605f1533d469135a3f6261f1
                          • Instruction ID: 884f26dddd55979deaf9c7884a86403d1a2839e44aa3fcb2d2f04500d086a009
                          • Opcode Fuzzy Hash: 3a5cfad465a9fa2fed2a774216c7b23f4f926278605f1533d469135a3f6261f1
                          • Instruction Fuzzy Hash: 701128B1D003498FDB24DFAAC4847DEFBF5EB88224F24841AD419A7250CB756945CFA4
                          Function 07489370 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0748EEBD
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: ed08da0ae3fa831437b1cd337029c57df1a4429a941d063e34e2250f8319cd7d
                          • Instruction ID: 1f902757fa6cbb4c82be8d8d6268c20b25b0443e053115dba114fdc2f8be4dbe
                          • Opcode Fuzzy Hash: ed08da0ae3fa831437b1cd337029c57df1a4429a941d063e34e2250f8319cd7d
                          • Instruction Fuzzy Hash: 7D11F5B590035D9FDB20DF9AD444BEEBBF8EB49310F10841AE555A7210C375A944CFA5
                          Function 0254C300 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0254C366
                          Memory Dump Source
                          • Source File: 00000005.00000002.1664212316.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2540000_Swift copy.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: f19c19016a06d6be2f34415b1523896773e92e6f7e5862d3049e83bf26acf0ad
                          • Instruction ID: a30f99fd90513958427240bb8055d637ab83b17893ac3b9423ee69a72e85294b
                          • Opcode Fuzzy Hash: f19c19016a06d6be2f34415b1523896773e92e6f7e5862d3049e83bf26acf0ad
                          • Instruction Fuzzy Hash: 9E1102B6D007498FCB20CF9AD444BDEFBF4AB89218F10842AD419A7210C375A545CFA9
                          Function 0748EEF2 Relevance: 1.5, APIs: 1, Instructions: 40windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0748EEBD
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: 1722ac890fd7420f9932ed858c265440cb7a79b7f012af2b23326e7df73d5353
                          • Instruction ID: bee7bb8d959ce14f0f8d1101edf630c90b1938083a466249be7ca54c3b2a1357
                          • Opcode Fuzzy Hash: 1722ac890fd7420f9932ed858c265440cb7a79b7f012af2b23326e7df73d5353
                          • Instruction Fuzzy Hash: DB01D1B29087998EDB61EB98E8457FEBFF0EB55314F14484BC544A6242C3785049CBA1
                          Function 0A730040 Relevance: .3, Instructions: 253COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1678747954.000000000A730000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A730000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a730000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c3f066d3f2f5882c637f7a80c819d33ea719617182efa9ad5d6f6a5acf82d485
                          • Instruction ID: bd78f08b01ccfc23f38465b8e7335465958abac00723e13ea063ec733c79899a
                          • Opcode Fuzzy Hash: c3f066d3f2f5882c637f7a80c819d33ea719617182efa9ad5d6f6a5acf82d485
                          • Instruction Fuzzy Hash: 44A18D71B112089FDB14DB68D550B9EBBF6BF89304F258069E505AB3A2CB31ED06CB51
                          Function 00A0D3D8 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663798537.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a0d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 779b4b22b841d30cbd16cd6e67c756770f2c09186b995fb3b76349673dca6f35
                          • Instruction ID: 62f0666892631e1edacd3f4a524bf9ef0cfcfcf3caf5fc00c2bd287079e79bb4
                          • Opcode Fuzzy Hash: 779b4b22b841d30cbd16cd6e67c756770f2c09186b995fb3b76349673dca6f35
                          • Instruction Fuzzy Hash: 872128B6504208DFDB05DF54E9C0B26BB65FB94324F24C569E90A0F296C337E856CAA2
                          Function 00A1D1EC Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663825449.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a1d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 289bb1b62664dbb4d312c05da3d0f3718c3d807e0ab3164c22772d5306a3352d
                          • Instruction ID: aa9b63b198215f0ef8769b86df1d69b43f14ae797a9776c2176594eb0c438ed1
                          • Opcode Fuzzy Hash: 289bb1b62664dbb4d312c05da3d0f3718c3d807e0ab3164c22772d5306a3352d
                          • Instruction Fuzzy Hash: 0B2146B5604300EFDB04DF10C5C0BA6BBA1FB98314F24C56DD80A0F286C37AD886CAA1
                          Function 00A1D01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663825449.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a1d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 84ac7a9980a7889b0e707956b0228d76524970ca9dbc0375e15bd42c10e5bb4b
                          • Instruction ID: 599b09bb4a1809a1b1007562646f70693f4b68c418bfc8ce64f971d2786b2791
                          • Opcode Fuzzy Hash: 84ac7a9980a7889b0e707956b0228d76524970ca9dbc0375e15bd42c10e5bb4b
                          • Instruction Fuzzy Hash: 6521F275604344EFDB14DF14D980B66BBA5FB88314F24C56DD80B4B286C33BD887CA62
                          Function 00A1D006 Relevance: .1, Instructions: 60COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663825449.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a1d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b60932b375169f3dc78c340846f6553a551b56e90baa862148a25066a2c165b6
                          • Instruction ID: 3473126ebd01304371e3a76ddae56425c334be45a681a9c37f2109cdaabae7d0
                          • Opcode Fuzzy Hash: b60932b375169f3dc78c340846f6553a551b56e90baa862148a25066a2c165b6
                          • Instruction Fuzzy Hash: D3219F755093808FCB12CF24D990B15BF71EB49314F28C5EAD8498B6A7C33A984ACB62
                          Function 00A0D3D3 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663798537.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a0d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                          • Instruction ID: d7c99876fb2c4513aca3e5ffa46cefad2852711638d55edbb8b9d508f1dde949
                          • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                          • Instruction Fuzzy Hash: 6A110376404244CFCB12CF40D5C0B16BF71FB94324F24C2A9D8090B656C33AE856CBA1
                          Function 00A1D1E7 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663825449.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a1d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                          • Instruction ID: 8d67f7a44e32acc5d26535c7d584b81d332034183a2303a50089a99a722d6802
                          • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                          • Instruction Fuzzy Hash: CE11DD75504280CFCB06CF10D5C0B95BBB2FB84314F28C6AAD8494B656C33AD84ACFA1
                          Function 00A0D759 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663798537.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a0d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 736884041f7942ce6f2a46d6d3907f478e98b7cafe6b22d9673bf1527c0b06b8
                          • Instruction ID: c6d6f63d9ade253779d1cb6310bfff91d19fd711b6a7d32a4d199913c150ff2c
                          • Opcode Fuzzy Hash: 736884041f7942ce6f2a46d6d3907f478e98b7cafe6b22d9673bf1527c0b06b8
                          • Instruction Fuzzy Hash: 4501A7724043489FE7208B55EC84766FBA8EF42334F28C41AED094A2C6C2799840CA72
                          Function 00A0D758 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1663798537.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a0d000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 45ae186de0408c4b0e90b970f11bc405ee0d4d98c2d5ac053fb8e6bf2950fff1
                          • Instruction ID: 2b1a984c687dcc069b5141e06fd2bab0c1811ccccd9ca981db9fe5f01044bd10
                          • Opcode Fuzzy Hash: 45ae186de0408c4b0e90b970f11bc405ee0d4d98c2d5ac053fb8e6bf2950fff1
                          • Instruction Fuzzy Hash: 87F062724043449EE7248F16DD84B62FFA8EF51734F18C45AED484F2D6C2799844CAB1
                          Function 0A730EE7 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1678747954.000000000A730000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A730000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a730000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 926b426b246c843e344c81560384fe75246405db0879d8ace75050d39c915b0e
                          • Instruction ID: 7ff28552ac0dfee0ed1b022cc9586b9ee0ba8129b34d4a97bb85f09cf23a4030
                          • Opcode Fuzzy Hash: 926b426b246c843e344c81560384fe75246405db0879d8ace75050d39c915b0e
                          • Instruction Fuzzy Hash: 9DE07D1730957007C716735A74494FEBB1FADC1461307405BD0454B653CD694C0B43DB
                          Function 0A730EF8 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1678747954.000000000A730000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A730000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_a730000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ed9e8f7b74e7cf4b364261e5dd89d6592511dca962d633c444a5e47acbf73da
                          • Instruction ID: 15f2ba8c17e5ba5a716c5bf150798d9f66b3d17f50dec17568f80c260d58d2c7
                          • Opcode Fuzzy Hash: 6ed9e8f7b74e7cf4b364261e5dd89d6592511dca962d633c444a5e47acbf73da
                          • Instruction Fuzzy Hash: 98D0222730053413492A702F740483FA28F6AC0921107802FE00A8B346CE7E4C0B42E9

                          Non-executed Functions

                          Function 04DB0F08 Relevance: .3, Instructions: 315COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26c9f833ad46ed751547223738eb0e91dcc53ddc96c9af4bb11515612781ec86
                          • Instruction ID: 28b5e78c3e5e898bd94f0aa1f795eccf3f04d21f757cbf67b5cf0a80fa2a1ee4
                          • Opcode Fuzzy Hash: 26c9f833ad46ed751547223738eb0e91dcc53ddc96c9af4bb11515612781ec86
                          • Instruction Fuzzy Hash: 221286B0D81F45CAE338CF65E84C19D3A61F745328BD26E09D1625A2E1E7B411EECF48
                          Function 0748A658 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: efe0fdb4549a683d1a9ca71a9a4e55bfe53fd10c1339e6b05dd854897afd8288
                          • Instruction ID: c5c15ad4d8b1b016037b9f53d077c8223e79c7bad263d971934a9ca650c55b67
                          • Opcode Fuzzy Hash: efe0fdb4549a683d1a9ca71a9a4e55bfe53fd10c1339e6b05dd854897afd8288
                          • Instruction Fuzzy Hash: 87E10CB4E002598FDB14DFA9C580AAEFBB2FF89304F24C15AD414AB355D774A942CFA1
                          Function 0748A220 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5c09162dc6f54ebfd886e3859ac052a9f63665ef8eff9a78cba4f35d7779107
                          • Instruction ID: 6f39954af243794fd7aaefcecb641ab355828828e134dc22deb9909a39659ca0
                          • Opcode Fuzzy Hash: c5c09162dc6f54ebfd886e3859ac052a9f63665ef8eff9a78cba4f35d7779107
                          • Instruction Fuzzy Hash: C5E10BB4E102598FDB14DFA9C580AAEFBB2FF89304F24C15AD414A7355D774A942CFA0
                          Function 0748C1D0 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e690b7b15164f5a97e1b0de73c8ed2fa5540e0904e44246861bff3d2f561fcc9
                          • Instruction ID: d5a519f9c68f99c3a362dbd5750333afb88188237877edcc043710f094630152
                          • Opcode Fuzzy Hash: e690b7b15164f5a97e1b0de73c8ed2fa5540e0904e44246861bff3d2f561fcc9
                          • Instruction Fuzzy Hash: 59E1FBB4E10259CFDB14DF99C580AAEFBB2BF89304F24C1AAD414A7355D734A942CFA1
                          Function 07489DE8 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 44c3439df3baef406b567cce70ce2487e3d7330808b3ebfeb96ca6a12eea1c8a
                          • Instruction ID: 624b1547b6488f246e06ccd9d0d69b2498f5381f297cbe9f7d39293151787763
                          • Opcode Fuzzy Hash: 44c3439df3baef406b567cce70ce2487e3d7330808b3ebfeb96ca6a12eea1c8a
                          • Instruction Fuzzy Hash: 64E11AB4E00259CFDB14DFA8C580AAEFBB2BF89304F24C16AD414A7355D775A942CFA0
                          Function 0748AA90 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b5d5e45e5ee17b1eaa3c61dd4755c307191009440b05cbc5cd7f54a82248ee6
                          • Instruction ID: e74d5d4c84272c9c112b4763b2fe56353d546a4638cb2ce7220c26507afb104c
                          • Opcode Fuzzy Hash: 2b5d5e45e5ee17b1eaa3c61dd4755c307191009440b05cbc5cd7f54a82248ee6
                          • Instruction Fuzzy Hash: D6E10AB4E002598FDB54DFA9C580AAEFBF2BF89304F24C15AD414AB355D774A942CFA0
                          Function 074816E7 Relevance: .3, Instructions: 270COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c393b4b1827c9695f2dfa0c65ed4f78d721c5aced2c1de769bde45b418ad7c0c
                          • Instruction ID: af54190e709c5fe660ad5138fa4ee8ec577eada0ef28be3d36cb1996f7e608a2
                          • Opcode Fuzzy Hash: c393b4b1827c9695f2dfa0c65ed4f78d721c5aced2c1de769bde45b418ad7c0c
                          • Instruction Fuzzy Hash: FDD1F33592075A8ACB21EF64D990AADB771FF96300F50C79AE10937250EFB06AC5CF91
                          Function 074816F8 Relevance: .3, Instructions: 264COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 153a39df49d9d2892b9df92a7e086575ea630cf148b865b600e0a7b3d9ad61ca
                          • Instruction ID: 7f19d98d434d514a8125155e6b61d3cbae2246e27baf74279284d925b3895fe5
                          • Opcode Fuzzy Hash: 153a39df49d9d2892b9df92a7e086575ea630cf148b865b600e0a7b3d9ad61ca
                          • Instruction Fuzzy Hash: 7BD1E33592075A8ACB21EF64D990AADB771FF96300F50C79AE10937250EFB06AC5CF91
                          Function 04DB0548 Relevance: .3, Instructions: 260COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0af8973d4e813081bfb1ee4cda193303605247d15107746ce4c30e183fb6a704
                          • Instruction ID: e7f1c50d6402bf331f614d338568ef708661c2f8cfe46520514ea4c081dc6ec3
                          • Opcode Fuzzy Hash: 0af8973d4e813081bfb1ee4cda193303605247d15107746ce4c30e183fb6a704
                          • Instruction Fuzzy Hash: 93A16932E0021ADFCF16DFA4C8445DEB7B2FF85304B1585AAE806AB265DB71E955CF80
                          Function 04DB0EF8 Relevance: .2, Instructions: 224COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1675421971.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_4db0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: def65e39b723e5fd94d97fcccdd0907359a6f3b07228ff98c5b68497d758a337
                          • Instruction ID: 0ad6210b86fdaa181ba7d9f10e19e9dab195084f22c895a2fc25bc92befc4775
                          • Opcode Fuzzy Hash: def65e39b723e5fd94d97fcccdd0907359a6f3b07228ff98c5b68497d758a337
                          • Instruction Fuzzy Hash: 61C1E7B0D81B45CAD738DF24E84819D7B71FB85324B926E09D1622B2D1EBB414EECF48
                          Function 0748C1C0 Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 171b7ee699e38eb37d396f17543387c58c8cad8ac010006fbd3ec43b4b2e5d95
                          • Instruction ID: 5422e9e6d8dd366149f67c50cd8bd2c997df6502eed87eefa02683457a0699f5
                          • Opcode Fuzzy Hash: 171b7ee699e38eb37d396f17543387c58c8cad8ac010006fbd3ec43b4b2e5d95
                          • Instruction Fuzzy Hash: 3C51FAB0E102598FDB14DFA9C9805AEBBF2BF89304F2481AAD418A7355D7359942CFA1
                          Function 0748A648 Relevance: .1, Instructions: 135COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1677280689.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7480000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0a1f40f1eb510a988f2c4b65f895f089bcbdbd66b5a0e2f723304ddb663a10d1
                          • Instruction ID: 23da8b3e0332797428f1fdb693aeb31c8007f193bd15f88ea3654864628030e9
                          • Opcode Fuzzy Hash: 0a1f40f1eb510a988f2c4b65f895f089bcbdbd66b5a0e2f723304ddb663a10d1
                          • Instruction Fuzzy Hash: C15118B4E002198FDB18DFA9C9805AEFBF2BF89304F24C16AD418A7355D7759942CFA1

                          Execution Graph

                          Execution Coverage:1.2%
                          Dynamic/Decrypted Code Coverage:5%
                          Signature Coverage:8.6%
                          Total number of Nodes:139
                          Total number of Limit Nodes:12
                          execution_graph 96020 42fa63 96021 42fa73 96020->96021 96022 42fa79 96020->96022 96025 42eaa3 96022->96025 96024 42fa9f 96028 42cc63 96025->96028 96027 42eabb 96027->96024 96029 42cc7d 96028->96029 96030 42cc8b RtlAllocateHeap 96029->96030 96030->96027 96031 4250a3 96032 4250bc 96031->96032 96033 425104 96032->96033 96036 425144 96032->96036 96038 425149 96032->96038 96039 42e9c3 96033->96039 96037 42e9c3 RtlFreeHeap 96036->96037 96037->96038 96042 42cca3 96039->96042 96041 425114 96043 42ccbd 96042->96043 96044 42cccb RtlFreeHeap 96043->96044 96044->96041 96133 424d13 96134 424d2f 96133->96134 96135 424d57 96134->96135 96136 424d6b 96134->96136 96137 42c953 NtClose 96135->96137 96138 42c953 NtClose 96136->96138 96139 424d60 96137->96139 96140 424d74 96138->96140 96143 42eae3 RtlAllocateHeap 96140->96143 96142 424d7f 96143->96142 96144 42bfb3 96145 42bfcd 96144->96145 96148 1262df0 LdrInitializeThunk 96145->96148 96146 42bff2 96148->96146 96149 41b653 96150 41b697 96149->96150 96151 41b6b8 96150->96151 96152 42c953 NtClose 96150->96152 96152->96151 96153 41a8f3 96154 41a90b 96153->96154 96156 41a962 96153->96156 96154->96156 96157 41e833 96154->96157 96158 41e859 96157->96158 96162 41e94d 96158->96162 96163 42fb93 96158->96163 96160 41e8eb 96161 42c003 LdrInitializeThunk 96160->96161 96160->96162 96161->96162 96162->96156 96164 42fb03 96163->96164 96165 42eaa3 RtlAllocateHeap 96164->96165 96166 42fb60 96164->96166 96167 42fb3d 96165->96167 96166->96160 96168 42e9c3 RtlFreeHeap 96167->96168 96168->96166 96169 4143b3 96170 4143cd 96169->96170 96175 417b63 96170->96175 96172 4143e8 96173 41442d 96172->96173 96174 41441c PostThreadMessageW 96172->96174 96174->96173 96177 417b87 96175->96177 96176 417b8e 96176->96172 96177->96176 96178 417bda 96177->96178 96179 417bca LdrLoadDll 96177->96179 96178->96172 96179->96178 96045 1262b60 LdrInitializeThunk 96180 4190f8 96181 42c953 NtClose 96180->96181 96182 419102 96181->96182 96046 40192a 96048 40192e 96046->96048 96047 40198b 96048->96047 96051 42ff33 96048->96051 96049 401a50 96049->96049 96054 42e573 96051->96054 96055 42e599 96054->96055 96066 407403 96055->96066 96057 42e5af 96058 42e60b 96057->96058 96069 41b463 96057->96069 96058->96049 96060 42e5ce 96061 42e5e3 96060->96061 96084 42cce3 96060->96084 96080 428563 96061->96080 96064 42e5fd 96065 42cce3 ExitProcess 96064->96065 96065->96058 96087 416823 96066->96087 96068 407410 96068->96057 96070 41b48f 96069->96070 96105 41b353 96070->96105 96073 41b4d4 96076 41b4f0 96073->96076 96078 42c953 NtClose 96073->96078 96074 41b4bc 96075 41b4c7 96074->96075 96111 42c953 96074->96111 96075->96060 96076->96060 96079 41b4e6 96078->96079 96079->96060 96081 4285c5 96080->96081 96083 4285d2 96081->96083 96119 4189c3 96081->96119 96083->96064 96085 42cd00 96084->96085 96086 42cd11 ExitProcess 96085->96086 96086->96061 96088 416840 96087->96088 96090 416853 96088->96090 96091 42d393 96088->96091 96090->96068 96093 42d3ad 96091->96093 96092 42d3dc 96092->96090 96093->96092 96098 42c003 96093->96098 96096 42e9c3 RtlFreeHeap 96097 42d452 96096->96097 96097->96090 96099 42c01d 96098->96099 96102 1262c0a 96099->96102 96100 42c046 96100->96096 96103 1262c11 96102->96103 96104 1262c1f LdrInitializeThunk 96102->96104 96103->96100 96104->96100 96106 41b449 96105->96106 96107 41b36d 96105->96107 96106->96073 96106->96074 96114 42c093 96107->96114 96110 42c953 NtClose 96110->96106 96112 42c96d 96111->96112 96113 42c97b NtClose 96112->96113 96113->96075 96115 42c0b0 96114->96115 96118 12635c0 LdrInitializeThunk 96115->96118 96116 41b43d 96116->96110 96118->96116 96120 4189ed 96119->96120 96126 418edb 96120->96126 96127 414033 96120->96127 96122 418b0e 96123 42e9c3 RtlFreeHeap 96122->96123 96122->96126 96124 418b26 96123->96124 96125 42cce3 ExitProcess 96124->96125 96124->96126 96125->96126 96126->96083 96131 414050 96127->96131 96129 4140ac 96129->96122 96130 4140b6 96130->96122 96131->96130 96132 41b773 RtlFreeHeap LdrInitializeThunk 96131->96132 96132->96129 96183 413ebc 96184 413ed0 96183->96184 96185 413e64 96183->96185 96188 42cbd3 96185->96188 96189 42cbed 96188->96189 96192 1262c70 LdrInitializeThunk 96189->96192 96190 413e75 96192->96190

                          Executed Functions

                          Function 00417B63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 388 417b63-417b7f 389 417b87-417b8c 388->389 390 417b82 call 42f5a3 388->390 391 417b92-417ba0 call 42fba3 389->391 392 417b8e-417b91 389->392 390->389 395 417bb0-417bc1 call 42e043 391->395 396 417ba2-417bad call 42fe43 391->396 401 417bc3-417bd7 LdrLoadDll 395->401 402 417bda-417bdd 395->402 396->395 401->402
                          APIs
                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BD5
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Load
                          • String ID:
                          • API String ID: 2234796835-0
                          • Opcode ID: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                          • Instruction ID: 122384901a9c5e31b0cbf47cd83ed5cb9323d92cb62f98cf8b450b2778bc3db3
                          • Opcode Fuzzy Hash: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                          • Instruction Fuzzy Hash: D60171B1E0420DBBDF10DBE1DC42FDEB3789B14308F4081AAE90897241F639EB588B95
                          Function 0042C953 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 414 42c953-42c989 call 404643 call 42db53 NtClose
                          APIs
                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C984
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Close
                          • String ID:
                          • API String ID: 3535843008-0
                          • Opcode ID: 2f083958855e6b39986ef7b53346a4094405c7a33e0ff299f3daded4b7834c37
                          • Instruction ID: a1a1041c0e6c1b94269db6ff4cf73d3451205fe7691f058a31b8fa4964ffe1e3
                          • Opcode Fuzzy Hash: 2f083958855e6b39986ef7b53346a4094405c7a33e0ff299f3daded4b7834c37
                          • Instruction Fuzzy Hash: 2EE08676300614BBD510FA5ADC01F97775CEFC6714F404419FA4867341D675B91487F4
                          Function 01262B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 71c06d5fdc06693205dfee10632c478894c1c2ed8e122b0f3f005f5384118b3d
                          • Instruction ID: 914b4df0db6d2d2a6a3584f241687280005f1f3bb5a79ac3bae85ebe5017f70a
                          • Opcode Fuzzy Hash: 71c06d5fdc06693205dfee10632c478894c1c2ed8e122b0f3f005f5384118b3d
                          • Instruction Fuzzy Hash: DE90026121340003420571584418617400A97E0201B55C031E2014590DC53589916225
                          Function 01262DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: c6b3f6cb76886e96bd85362f62bb37b66d01a3a0e6e81c80049dd295470b208c
                          • Instruction ID: 513b81ef8549db7fa22c6324a1659d4f4f34b1f60f6c3e382ebfc34830929f09
                          • Opcode Fuzzy Hash: c6b3f6cb76886e96bd85362f62bb37b66d01a3a0e6e81c80049dd295470b208c
                          • Instruction Fuzzy Hash: 5390023121240413D21171584508707000997D0241F95C422A1424558DD6668A52A221
                          Function 01262C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 8686d7838da3a0abc5e07d55d628478bf6ffdfbd3deab996f984fdd26f318264
                          • Instruction ID: b03f212a8282067f67f5effc447fb6e51ccefee291f358b39ba9d54b8912653a
                          • Opcode Fuzzy Hash: 8686d7838da3a0abc5e07d55d628478bf6ffdfbd3deab996f984fdd26f318264
                          • Instruction Fuzzy Hash: 3890023121248802D2107158840874B000597D0301F59C421A5424658DC6A589917221
                          Function 012635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: efe8894f59c6c46ce78cf668b23ba3ab764ab6da1ccff572fe3031c9d6f0cb41
                          • Instruction ID: 7ec4c11d6313640972b1eebd8bae4a0779b9cd0e78d946eb8d8483aa20474d9a
                          • Opcode Fuzzy Hash: efe8894f59c6c46ce78cf668b23ba3ab764ab6da1ccff572fe3031c9d6f0cb41
                          • Instruction Fuzzy Hash: 2C90023161650402D20071584518707100597D0201F65C421A1424568DC7A58A5166A2
                          Function 00414320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 00414427
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: d8bb71b3de400eed59a08beff8e757dd903ada585e85bf85bc0fb80483de176b
                          • Instruction ID: c654e7dd82306ad07be20f2182398129074d27dccdf197e7b8b500296daea260
                          • Opcode Fuzzy Hash: d8bb71b3de400eed59a08beff8e757dd903ada585e85bf85bc0fb80483de176b
                          • Instruction Fuzzy Hash: 6A21F972E4421C7EEB01AE959C82DEF7B7CEF40798B40816AF904A7241D6389E1687E5
                          Function 004143A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 00414427
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: 8d6bffc5187429553e2ad7040074804356c752e35f2aec9c3f1fcfce86f7cced
                          • Instruction ID: 934fb77fa0409c7874f7a2f8fe5ac0ceccbab11669475182c5f65d5113228a07
                          • Opcode Fuzzy Hash: 8d6bffc5187429553e2ad7040074804356c752e35f2aec9c3f1fcfce86f7cced
                          • Instruction Fuzzy Hash: 1D1108B1D4021C7AEB10ABE19CC1DEF7B7CDF41798F408069FA04B7200D6785E068BA5
                          Function 004143B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 00414427
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: 3c4c82ffe9e2637f9c0b03e17c2ef05438faead3bb8494bc245809be69176afb
                          • Instruction ID: 7656ebaa64e068870cd233fd54207e833a46b1e9e0b7fb7ddf8ec8f242163898
                          • Opcode Fuzzy Hash: 3c4c82ffe9e2637f9c0b03e17c2ef05438faead3bb8494bc245809be69176afb
                          • Instruction Fuzzy Hash: CF01D2B2D4021C7AEB10ABE19CC2DEF7B7CDF40798F408069FA04B7240D6785E068BA5
                          Function 00417BDE Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 333 417bde-417bdf 334 417be1-417bf3 333->334 335 417c55-417c67 333->335 339 417c2e-417c38 334->339 337 417c68-417c70 335->337 337->339 340 417c72-417c74 337->340 339->335 341 417c3a-417c3b 339->341 340->337 342 417c76-417c7a 340->342 343 417bca-417bd7 LdrLoadDll 341->343 344 417c3d 341->344 345 417c8c-417c98 342->345 346 417c7c-417c82 342->346 347 417bda-417bdd 343->347 344->335 350 417c99-417cae 345->350 348 417cc0-417cc1 346->348 349 417c84 346->349 349->350 351 417c87 349->351 352 417cb0 350->352 353 417d17-417d2b call 42b9b3 350->353 351->345 354 417cb2-417cbe 352->354 355 417d2e-417d3f 352->355 353->355 354->348
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 192c4f8d791a74f5fc4a3e9ce53003c0e739193646856a7bd5574ecafb04c77f
                          • Instruction ID: c5951bf59670ed95c8a229a69371e0f0c9dc29fdd02334928d99ddc3ca0f2906
                          • Opcode Fuzzy Hash: 192c4f8d791a74f5fc4a3e9ce53003c0e739193646856a7bd5574ecafb04c77f
                          • Instruction Fuzzy Hash: 29219EB67442051FC315CE64EC81BF9B734EB92325F11029AF904CF381E6255D56C7E5
                          Function 00417BF8 Relevance: 1.6, APIs: 1, Instructions: 96libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 358 417bf8-417c23 360 417c70 358->360 361 417c25-417c28 358->361 364 417c72-417c74 360->364 365 417c2e-417c38 360->365 362 417be5-417bf3 361->362 363 417c2a 361->363 362->358 370 417bb8-417bc1 363->370 371 417c2c-417c38 363->371 368 417c76-417c7a 364->368 369 417c68-417c6e 364->369 366 417c55-417c67 365->366 367 417c3a-417c3b 365->367 366->369 374 417bca-417bd7 LdrLoadDll 367->374 375 417c3d 367->375 376 417c8c-417c98 368->376 377 417c7c-417c82 368->377 369->360 372 417bc3-417bc9 370->372 373 417bda-417bdd 370->373 371->366 371->367 372->374 374->373 375->366 380 417c99-417cae 376->380 378 417cc0-417cc1 377->378 379 417c84 377->379 379->380 381 417c87 379->381 382 417cb0 380->382 383 417d17-417d2b call 42b9b3 380->383 381->376 384 417cb2-417cbe 382->384 385 417d2e-417d3f 382->385 383->385 384->378
                          APIs
                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BD5
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Load
                          • String ID:
                          • API String ID: 2234796835-0
                          • Opcode ID: 05ce74115300aa1d0386c8a992e5465be043cc1f53121675ba303ccf5aa30423
                          • Instruction ID: 00ac5599f99533841f8bda13b0be2f1b62a40995406928251777d9fad877b1ce
                          • Opcode Fuzzy Hash: 05ce74115300aa1d0386c8a992e5465be043cc1f53121675ba303ccf5aa30423
                          • Instruction Fuzzy Hash: CD21AB3A70C10A9FCB118E24D844AEAFF74EF96719B2041DAD450CB342E226A98687D8
                          Function 0042CC63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 404 42cc63-42cca1 call 404643 call 42db53 RtlAllocateHeap
                          APIs
                          • RtlAllocateHeap.NTDLL(?,0041E8EB,?,?,00000000,?,0041E8EB,?,?,?), ref: 0042CC9C
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: a629522e6cb8f85e8bdb182f51a111a0892afd8ed588c6852a699a7bde638c1b
                          • Instruction ID: 7c74d4e41703ecf2ac74f9d9b4895f51b419b40aa0f09aed774a1cc672b14946
                          • Opcode Fuzzy Hash: a629522e6cb8f85e8bdb182f51a111a0892afd8ed588c6852a699a7bde638c1b
                          • Instruction Fuzzy Hash: 3DE09AB22042187BCA14EF5AEC41F9B37ACEFC9710F004419FA08A7341D675BA108BB8
                          Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 409 42cca3-42cce1 call 404643 call 42db53 RtlFreeHeap
                          APIs
                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,3777EA40,00000007,00000000,00000004,00000000,004173E4,000000F4), ref: 0042CCDC
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeHeap
                          • String ID:
                          • API String ID: 3298025750-0
                          • Opcode ID: cdd6b400f2d781c627cbe586a591c7bbeaa857b726842983189184a5aa92914a
                          • Instruction ID: 17ffdd14cf893de34d185b730fd02e884b2db9c7d9af60b921a6e04f82d44752
                          • Opcode Fuzzy Hash: cdd6b400f2d781c627cbe586a591c7bbeaa857b726842983189184a5aa92914a
                          • Instruction Fuzzy Hash: C8E06D712002047BC610EE49DC42F9B37ACEFC5714F004419F908A7341D674B9108AB8
                          Function 0042CCE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 419 42cce3-42cd1f call 404643 call 42db53 ExitProcess
                          APIs
                          • ExitProcess.KERNEL32(?,00000000,00000000,?,9A0A6B39,?,?,9A0A6B39), ref: 0042CD1A
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2192631142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_400000_Swift copy.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID:
                          • API String ID: 621844428-0
                          • Opcode ID: ff46c3749a6ab0d7dff1e82a35f795f13fa1c0c29bc4e148dcdef1bc45769d99
                          • Instruction ID: db584931667c167d052b57122e12c945e868705e8a3680be29b3f7ccc7343bef
                          • Opcode Fuzzy Hash: ff46c3749a6ab0d7dff1e82a35f795f13fa1c0c29bc4e148dcdef1bc45769d99
                          • Instruction Fuzzy Hash: 49E04F356442147BC610AA5ADC01F9B775CEBC5754F414419FA0CA7241D675791187E4
                          Function 01262C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 424 1262c0a-1262c0f 425 1262c11-1262c18 424->425 426 1262c1f-1262c26 LdrInitializeThunk 424->426
                          APIs
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: d1d4f069eaf281ec1f8cc1dbdefd98bdfa71bde7b77924748612ed09044954c7
                          • Instruction ID: 1e0e582e885c7bd7d032adecd7f14aacf6bf57844348643ad714d9e57226e1c7
                          • Opcode Fuzzy Hash: d1d4f069eaf281ec1f8cc1dbdefd98bdfa71bde7b77924748612ed09044954c7
                          • Instruction Fuzzy Hash: B7B09B719125D5C9DB11F764460C717790477D0701F16C071D3030645F4738C1D1E375

                          Non-executed Functions

                          Function 01258620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                          Download Yara Rule
                          Strings
                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0129540A, 01295496, 01295519
                          • corrupted critical section, xrefs: 012954C2
                          • Invalid debug info address of this critical section, xrefs: 012954B6
                          • double initialized or corrupted critical section, xrefs: 01295508
                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012954CE
                          • Critical section address, xrefs: 01295425, 012954BC, 01295534
                          • undeleted critical section in freed memory, xrefs: 0129542B
                          • Address of the debug info found in the active list., xrefs: 012954AE, 012954FA
                          • Thread identifier, xrefs: 0129553A
                          • 8, xrefs: 012952E3
                          • Thread is in a state in which it cannot own a critical section, xrefs: 01295543
                          • Critical section address., xrefs: 01295502
                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012954E2
                          • Critical section debug info address, xrefs: 0129541F, 0129552E
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                          • API String ID: 0-2368682639
                          • Opcode ID: b713a632fb181e8f55ed38a2c43e3cfacb06594297d1d3c2f6ff751bb8daba74
                          • Instruction ID: 7e157a067ecf868d6bcb8c64b5109dac31e6c36f60120676e1b7d618cfc4a712
                          • Opcode Fuzzy Hash: b713a632fb181e8f55ed38a2c43e3cfacb06594297d1d3c2f6ff751bb8daba74
                          • Instruction Fuzzy Hash: 20817CB0E60359AFDF21CF99C845BAEBBB5FB48714F10411AE608B7291D3B5A941CB60
                          Function 012529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                          Download Yara Rule
                          Strings
                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01292506
                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012925EB
                          • @, xrefs: 0129259B
                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01292498
                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01292412
                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012924C0
                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01292409
                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01292624
                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0129261F
                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01292602
                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012922E4
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                          • API String ID: 0-4009184096
                          • Opcode ID: 496f63eb4418ac6dbb5f52a22b663d3fb2582095baa7bcc8f65495d621b4335f
                          • Instruction ID: 55f4952f33b6a0507a586a2c2bc3bf220a660ad104b038ab4de6adebb7cf62bd
                          • Opcode Fuzzy Hash: 496f63eb4418ac6dbb5f52a22b663d3fb2582095baa7bcc8f65495d621b4335f
                          • Instruction Fuzzy Hash: 390291B1D20229DFDF61DB58CC81BE9B7B8AB54304F0141D9AB49A7282D770AE84CF59
                          Function 012C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                          • API String ID: 0-2515994595
                          • Opcode ID: e07bea032c4a44ac711578f889e1d29ab21aae5863253a0a75210ed040483560
                          • Instruction ID: 6167c8774da86d11207023425c518b1ec3bd12205b71a15ba7413cdbdcac0365
                          • Opcode Fuzzy Hash: e07bea032c4a44ac711578f889e1d29ab21aae5863253a0a75210ed040483560
                          • Instruction Fuzzy Hash: 5551C3711243129BC329DF188944BABBBECFF98B50F148A1DEB59C3280E770D644C792
                          Function 0123AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                          • API String ID: 0-3197712848
                          • Opcode ID: e8335ee431e4b22d84d5f6eb0be1e8470f82050312fe77673f37826060ffd328
                          • Instruction ID: 63ddf1ab67d95e31b286344e0bcad9cafb5f7933b62484ff2469ec8f58f0902f
                          • Opcode Fuzzy Hash: e8335ee431e4b22d84d5f6eb0be1e8470f82050312fe77673f37826060ffd328
                          • Instruction Fuzzy Hash: E212EFB1A293428BD325DF28C841BBAB7E5BFD4704F44092DFAC58B291E774D944CB92
                          Function 012D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                          • API String ID: 0-1700792311
                          • Opcode ID: 41f0607186dc39eef9600a5a31f718fec971d23cec904204547d3568a1f2c10f
                          • Instruction ID: 4f17571219808a6f8d822d9f988c3c82f51a2b32f15e0e4c0f1798d55c7423a0
                          • Opcode Fuzzy Hash: 41f0607186dc39eef9600a5a31f718fec971d23cec904204547d3568a1f2c10f
                          • Instruction Fuzzy Hash: 8BD10E35620686DFDB22DFA8C441AAEBBF2FF59710F088059FA459B662C734D841CF58
                          Function 012A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                          Download Yara Rule
                          Strings
                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 012A8A3D
                          • VerifierDlls, xrefs: 012A8CBD
                          • AVRF: -*- final list of providers -*- , xrefs: 012A8B8F
                          • HandleTraces, xrefs: 012A8C8F
                          • VerifierDebug, xrefs: 012A8CA5
                          • VerifierFlags, xrefs: 012A8C50
                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 012A8A67
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                          • API String ID: 0-3223716464
                          • Opcode ID: 8956cf58a7d87e879753240d2285fcf8269cc8dc57bd864f69063c09fb4b3be8
                          • Instruction ID: c37bdc8dc687dfc7e2e3dfeabc293dcac14e21a2d0e5a42e85f89c66281bd559
                          • Opcode Fuzzy Hash: 8956cf58a7d87e879753240d2285fcf8269cc8dc57bd864f69063c09fb4b3be8
                          • Instruction Fuzzy Hash: 81918972661702EFD726EF68C881B6B7BE8EB99715F800918FB41AB241D770DC01CB91
                          Function 0122EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                          • API String ID: 0-1109411897
                          • Opcode ID: 539ea149e0494d3c64f9810a0a3daca524813b1dee9ff05af64759dabd3dde73
                          • Instruction ID: 7b123f43ed95be591143143baf3ebbedb5767435e68d53ff0e9c7c852e1cb974
                          • Opcode Fuzzy Hash: 539ea149e0494d3c64f9810a0a3daca524813b1dee9ff05af64759dabd3dde73
                          • Instruction Fuzzy Hash: ECA25C70A2566A8FDB64EF18CD987ADBBB5EF45304F2442D9D90DA7291DB709E80CF00
                          Function 012563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-792281065
                          • Opcode ID: 901ebc5e662723e71f5bbf87069f7b6338cbce8adca76222f5b69ec9f83be74a
                          • Instruction ID: 8a46e85a32c3362c38ea62f21403451417976e39a3cfc7ed2475ad33e99edee3
                          • Opcode Fuzzy Hash: 901ebc5e662723e71f5bbf87069f7b6338cbce8adca76222f5b69ec9f83be74a
                          • Instruction Fuzzy Hash: 60913A70B30356DBEF39EF5CD985BBA7BA5FB41B28F400169EA0067285D7B09842C790
                          Function 0121645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01279A2A
                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012799ED
                          • LdrpInitShimEngine, xrefs: 012799F4, 01279A07, 01279A30
                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01279A01
                          • minkernel\ntdll\ldrinit.c, xrefs: 01279A11, 01279A3A
                          • apphelp.dll, xrefs: 01216496
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-204845295
                          • Opcode ID: 9aeade981ec0065d4b175788dc274a53206bc474671c4a6a3e3dbb50b75c8656
                          • Instruction ID: dd04b03b268c092fdb25574097373ca4a1ce0350f721244251efcd0061dcb8f9
                          • Opcode Fuzzy Hash: 9aeade981ec0065d4b175788dc274a53206bc474671c4a6a3e3dbb50b75c8656
                          • Instruction Fuzzy Hash: CF511271268301DFEB21EF24D841BAB77E8FB84758F00091EF685971A4DB70E984CB92
                          Function 01252674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                          Download Yara Rule
                          Strings
                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01292178
                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01292180
                          • SXS: %s() passed the empty activation context, xrefs: 01292165
                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012921BF
                          • RtlGetAssemblyStorageRoot, xrefs: 01292160, 0129219A, 012921BA
                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0129219F
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                          • API String ID: 0-861424205
                          • Opcode ID: 5a40417155551ed9f2b66c150014be588a000f4533f311fa396cd0c6da89b079
                          • Instruction ID: 5f2930282983d672d2eb3d2dacab41f59e756d4c449c5f688abcb0ea37c2c581
                          • Opcode Fuzzy Hash: 5a40417155551ed9f2b66c150014be588a000f4533f311fa396cd0c6da89b079
                          • Instruction Fuzzy Hash: BF31E776B70216F7EB22CA9D8C85F6A7A78DB65A50F054159BF0477182D370AA00C7A1
                          Function 0125C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                          Download Yara Rule
                          Strings
                          • Loading import redirection DLL: '%wZ', xrefs: 01298170
                          • LdrpInitializeProcess, xrefs: 0125C6C4
                          • minkernel\ntdll\ldrinit.c, xrefs: 0125C6C3
                          • LdrpInitializeImportRedirection, xrefs: 01298177, 012981EB
                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 012981E5
                          • minkernel\ntdll\ldrredirect.c, xrefs: 01298181, 012981F5
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                          • API String ID: 0-475462383
                          • Opcode ID: 5f5f867ee195af5795353b66af009f7b88f84dc21c83a9f0a4b3de586ad23333
                          • Instruction ID: bc557bc56518c23162eb9c390fdbbb9a7fff41131c7021cd0031ad1cf8a85675
                          • Opcode Fuzzy Hash: 5f5f867ee195af5795353b66af009f7b88f84dc21c83a9f0a4b3de586ad23333
                          • Instruction Fuzzy Hash: 253113716643469FD324EF29D886E2A7BD8FF95B10F040558F940AB2D1E660ED04C7A2
                          Function 0126096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01262DF0: LdrInitializeThunk.NTDLL ref: 01262DFA
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01260BA3
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01260BB6
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01260D60
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01260D74
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                          • String ID:
                          • API String ID: 1404860816-0
                          • Opcode ID: 1d4f5bdb39b3835c50a116aed196ed2ca4f9e293f73fea92380b383580553b4e
                          • Instruction ID: 839c8c364dac27eb31a51ade89cb7b2f8cf13195b3b19408dc610e4d177a6650
                          • Opcode Fuzzy Hash: 1d4f5bdb39b3835c50a116aed196ed2ca4f9e293f73fea92380b383580553b4e
                          • Instruction Fuzzy Hash: C3424C71910716DFDB21CF68C881BAAB7F9FF44314F1445AAE989DB281E770A984CF60
                          Function 012329A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                          • API String ID: 0-3126994380
                          • Opcode ID: ba9826366e2ba7151dc22017854ecdf6d0bf53c03dfa5f7411cc3c04c4548ab7
                          • Instruction ID: 0989a1636e0d69091c02daf25baf0602d525e894ec41dacf3169f94c76e33e58
                          • Opcode Fuzzy Hash: ba9826366e2ba7151dc22017854ecdf6d0bf53c03dfa5f7411cc3c04c4548ab7
                          • Instruction Fuzzy Hash: 4E92CDB1A2424ADFDB29CF68C4447AEBBF1FF88300F188459E949AB391D775A941CF50
                          Function 0122A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                          • API String ID: 0-379654539
                          • Opcode ID: ec038d80f8b6967f83c5651e99db88b9a6ff84c0e92c5225e34a32c8ada0e9a3
                          • Instruction ID: cd99e08ae960f02697961d6ec5343feb073f4d4afe15dce742c89e978238a933
                          • Opcode Fuzzy Hash: ec038d80f8b6967f83c5651e99db88b9a6ff84c0e92c5225e34a32c8ada0e9a3
                          • Instruction Fuzzy Hash: E5C1BB70528392EFD721DF58C144B6EB7E4FF84304F04896AFA868BA91E374C949CB52
                          Function 01258402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                          Download Yara Rule
                          Strings
                          • @, xrefs: 01258591
                          • LdrpInitializeProcess, xrefs: 01258422
                          • minkernel\ntdll\ldrinit.c, xrefs: 01258421
                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0125855E
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-1918872054
                          • Opcode ID: 2a0366931b7b1b7adb0ed88ca2be02558b55315c45672a7668197ff96aba2112
                          • Instruction ID: b393b5b22a228b537768c2f7d16e1d2dd0640e3dd2baefa550083cac1739d854
                          • Opcode Fuzzy Hash: 2a0366931b7b1b7adb0ed88ca2be02558b55315c45672a7668197ff96aba2112
                          • Instruction Fuzzy Hash: 6E919D71668346AFD722DF26C881F7BBAECFB84744F40092EFA8492151E374D9448B62
                          Function 0125273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                          Download Yara Rule
                          Strings
                          • SXS: %s() passed the empty activation context, xrefs: 012921DE
                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012922B6
                          • .Local, xrefs: 012528D8
                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012921D9, 012922B1
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                          • API String ID: 0-1239276146
                          • Opcode ID: 46b0d7be8dbe1f4d03fd39e9817eb038f061b3e4421607127226cd26086b1424
                          • Instruction ID: 7f30971919b1ba0f80bc47e2263ccdafc6fc7082a4290038d7b2bb5bbcc1b644
                          • Opcode Fuzzy Hash: 46b0d7be8dbe1f4d03fd39e9817eb038f061b3e4421607127226cd26086b1424
                          • Instruction Fuzzy Hash: 87A1A03592022ADBDB65CF58D884BA9B7B4BF58314F2441E9DE08AB391D7709E80CF90
                          Function 01254AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01293437
                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01293456
                          • RtlDeactivateActivationContext, xrefs: 01293425, 01293432, 01293451
                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0129342A
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                          • API String ID: 0-1245972979
                          • Opcode ID: d0602320fd0e2057a353aeae175b104e97b80804717741204f6ed1fc1023105c
                          • Instruction ID: b119f99a27750eca544da07ccc0c10225bfdec38e507ca07bd69d015a5ae458e
                          • Opcode Fuzzy Hash: d0602320fd0e2057a353aeae175b104e97b80804717741204f6ed1fc1023105c
                          • Instruction Fuzzy Hash: C56113366306529BDB22DE2CC882B2AF7E5FF80B50F158519EE559B241E770E841CB91
                          Function 012264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                          Download Yara Rule
                          Strings
                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0128106B
                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01281028
                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012810AE
                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01280FE5
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                          • API String ID: 0-1468400865
                          • Opcode ID: 63476aa45bfc2a89631160c16200d5d86602df3ab798ee09bcdcd8a8555e984b
                          • Instruction ID: 8b7a642c543337042e0e86eb0e1b0c62b26385376fd6330cea7dcd68f931dd69
                          • Opcode Fuzzy Hash: 63476aa45bfc2a89631160c16200d5d86602df3ab798ee09bcdcd8a8555e984b
                          • Instruction Fuzzy Hash: E27104B2524316AFCB21EF14C885BAB7FA8EFA4754F400468FD488B186D774D598CBD1
                          Function 0124245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                          Download Yara Rule
                          Strings
                          • LdrpDynamicShimModule, xrefs: 0128A998
                          • minkernel\ntdll\ldrinit.c, xrefs: 0128A9A2
                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0128A992
                          • apphelp.dll, xrefs: 01242462
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-176724104
                          • Opcode ID: 05c317b61f0f153942cc914a75a169d953692787ac4068b4806a89a053e0cafe
                          • Instruction ID: 0cb0a38cde5aaa4d2a7828712b3b203feebe797ac224646436d2feb20adc7ef8
                          • Opcode Fuzzy Hash: 05c317b61f0f153942cc914a75a169d953692787ac4068b4806a89a053e0cafe
                          • Instruction Fuzzy Hash: 9E316D75631202EBDB35EF9DD845E7ABBB8FB84714F16005AF90067285CBF09841C740
                          Function 01230770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-4253913091
                          • Opcode ID: f60d64203cb880fb9e920536bc61c5ddacc469d6cebe21b7a8fd7b2138dc325d
                          • Instruction ID: e00d65d6a228cad16003a4cf4d82b8d3f73fe0adb1eceb485c273f97393b146c
                          • Opcode Fuzzy Hash: f60d64203cb880fb9e920536bc61c5ddacc469d6cebe21b7a8fd7b2138dc325d
                          • Instruction Fuzzy Hash: 0DF1DEB0621606DFEB25DF68C884B7AB7F5FF84704F148168E6069B385D770E981CBA4
                          Function 01246962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: $@
                          • API String ID: 0-1077428164
                          • Opcode ID: e1989dbc6fb5481f115db16f1648ed2a15cb524efb8e0f4356b5f66c5b673e5c
                          • Instruction ID: 67dd1530a4954ff36ce929da2e252390696d7d56a596c5990a95325dd2188271
                          • Opcode Fuzzy Hash: e1989dbc6fb5481f115db16f1648ed2a15cb524efb8e0f4356b5f66c5b673e5c
                          • Instruction Fuzzy Hash: 73C292716293429FE729CF28C441BABBBE5AFC8714F04892DFA99C7241D774D844CB62
                          Function 0121A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: FilterFullPath$UseFilter$\??\
                          • API String ID: 0-2779062949
                          • Opcode ID: 7c2f8cb7eed3eab090169801071c53c5f35ca726c7db070c361bf82fa53e7fef
                          • Instruction ID: e8fbdab1960d652de489501871470e75922ace5335aa4cf5fd29b1e10f3d29fb
                          • Opcode Fuzzy Hash: 7c2f8cb7eed3eab090169801071c53c5f35ca726c7db070c361bf82fa53e7fef
                          • Instruction Fuzzy Hash: 31A1407192162A9BDB31DF64CC88BEAB7B8EF44710F1041EAEA09A7250D7359EC4CF50
                          Function 01240BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                          Download Yara Rule
                          Strings
                          • Failed to allocated memory for shimmed module list, xrefs: 0128A10F
                          • minkernel\ntdll\ldrinit.c, xrefs: 0128A121
                          • LdrpCheckModule, xrefs: 0128A117
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-161242083
                          • Opcode ID: a8b2e6137aa3a975671455701e6b7c0641b496840ff8dec9df901bd35d151ded
                          • Instruction ID: d401a99db7138856bc3e833c2f20c65c4f39493967a83e1f047ef333e75360c3
                          • Opcode Fuzzy Hash: a8b2e6137aa3a975671455701e6b7c0641b496840ff8dec9df901bd35d151ded
                          • Instruction Fuzzy Hash: 1C71B470A20206DFDB29EF68C941BBEB7F8FB44704F15406DEA02D7255E774A981CB58
                          Function 01230A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-1334570610
                          • Opcode ID: a6d3b6bf9b01173cdafbbec4723a957a99312253d87185e1e4eaa4afd7d7d9db
                          • Instruction ID: 87ed14608b0fb2119ce174efc1f06cc02794919f9344a2183752d7f800ac6b74
                          • Opcode Fuzzy Hash: a6d3b6bf9b01173cdafbbec4723a957a99312253d87185e1e4eaa4afd7d7d9db
                          • Instruction Fuzzy Hash: E061C0B0620302DFDB29DF28C441B6ABBF2FF85304F148559E5498F296D7B0E881CBA5
                          Function 0125C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                          Download Yara Rule
                          Strings
                          • Failed to reallocate the system dirs string !, xrefs: 012982D7
                          • minkernel\ntdll\ldrinit.c, xrefs: 012982E8
                          • LdrpInitializePerUserWindowsDirectory, xrefs: 012982DE
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-1783798831
                          • Opcode ID: 5ed69f415817f62e27082d3809f510db08ee170d6551f2b65a3471aec5005bf6
                          • Instruction ID: 7717c38fd2a34d11f6c4a494d4fd45e7aec2197c352a09e025da4b3e6bf6afae
                          • Opcode Fuzzy Hash: 5ed69f415817f62e27082d3809f510db08ee170d6551f2b65a3471aec5005bf6
                          • Instruction Fuzzy Hash: E54107B1574306ABC725EB68D885B6B77ECEF44760F04492AFA48D7294E7B0D810CB91
                          Function 012DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                          Download Yara Rule
                          Strings
                          • @, xrefs: 012DC1F1
                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012DC1C5
                          • PreferredUILanguages, xrefs: 012DC212
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                          • API String ID: 0-2968386058
                          • Opcode ID: cf45578982aa3999563da702d32cb6541a0dc8dc051cb40f6180032aaa6a0d77
                          • Instruction ID: d33e83c85cefd521dfb9e5bd93759d42b9768ca0795fe4af382246c981b53666
                          • Opcode Fuzzy Hash: cf45578982aa3999563da702d32cb6541a0dc8dc051cb40f6180032aaa6a0d77
                          • Instruction Fuzzy Hash: 69417371E2020AEBDF11DBE8C885FEEBBBDAB54710F14416EE609B7284D7749A44CB50
                          Function 012B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                          • API String ID: 0-1373925480
                          • Opcode ID: b28e63d7e5b562eae505cf82984474ae64a5f051bcbae831600fa53bfe5edf84
                          • Instruction ID: 4f4dfe81d1082f226e211cf0ac0a63e71067ebe2deed7c0765b6e7ab60cc7e44
                          • Opcode Fuzzy Hash: b28e63d7e5b562eae505cf82984474ae64a5f051bcbae831600fa53bfe5edf84
                          • Instruction Fuzzy Hash: 2F41F6719306998BEB25EB98C8C4BFDBBB8FF55380F140469DA02EB792D7749901CB50
                          Function 012A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                          Download Yara Rule
                          Strings
                          • LdrpCheckRedirection, xrefs: 012A488F
                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 012A4888
                          • minkernel\ntdll\ldrredirect.c, xrefs: 012A4899
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                          • API String ID: 0-3154609507
                          • Opcode ID: 1340750e698e33f3fa9dca32cfb3adcb6c5324513adc18bf3bcb3c2baf07fbd4
                          • Instruction ID: ea7f6dfe87aad010ebceb1c8280b7eb6fc693f916616e601581ac5b8aa3d3d40
                          • Opcode Fuzzy Hash: 1340750e698e33f3fa9dca32cfb3adcb6c5324513adc18bf3bcb3c2baf07fbd4
                          • Instruction Fuzzy Hash: DB41D332A243D29FCB26EE5CEC41A267BE5EF49B50F89016DEE4597251D3B0D800CB81
                          Function 01230BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-2558761708
                          • Opcode ID: 378f5192224de59d97b08856329506aa3ab8d24273b0f2f7d6df736e741e3d5f
                          • Instruction ID: 38c45d09ef578cea27f98809729ac44512cc2c3f3936c0bae2d940cf9a086511
                          • Opcode Fuzzy Hash: 378f5192224de59d97b08856329506aa3ab8d24273b0f2f7d6df736e741e3d5f
                          • Instruction Fuzzy Hash: 9F11D271336142DFDB1DEE1CC442B79B3A6EF90615F188119F506CB695EB70D841CB64
                          Function 012A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                          Download Yara Rule
                          Strings
                          • Process initialization failed with status 0x%08lx, xrefs: 012A20F3
                          • minkernel\ntdll\ldrinit.c, xrefs: 012A2104
                          • LdrpInitializationFailure, xrefs: 012A20FA
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-2986994758
                          • Opcode ID: e3f71e304e23fe92852349a3ac08bb5c975ae51aaaaee477f737f13ff11ce3b5
                          • Instruction ID: ed1f1e0d71877274cc2414f35689e407f7c957478e5c180506b9efecc35c9e6f
                          • Opcode Fuzzy Hash: e3f71e304e23fe92852349a3ac08bb5c975ae51aaaaee477f737f13ff11ce3b5
                          • Instruction Fuzzy Hash: A1F02235660309EBE725EA0CCC46FA9376CFB41B18F900059F700772C2D2B0AA40C690
                          Function 012303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: #%u
                          • API String ID: 48624451-232158463
                          • Opcode ID: 97034bf6ed5ea8c5b5b667b358991866f8542e6225ef88717a757c24c34d5e6a
                          • Instruction ID: 50edcd5ebcc56f361f201cd6b295bf9328708a87c8a9973cdfc6b0ed88f0ef04
                          • Opcode Fuzzy Hash: 97034bf6ed5ea8c5b5b667b358991866f8542e6225ef88717a757c24c34d5e6a
                          • Instruction Fuzzy Hash: A9715DB1A2014A9FDB01EF98C985FAEB7F8FF58304F144065EA05E7291E634EE41CB64
                          Function 0122A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                          Download Yara Rule
                          Strings
                          • LdrResSearchResource Enter, xrefs: 0122AA13
                          • LdrResSearchResource Exit, xrefs: 0122AA25
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                          • API String ID: 0-4066393604
                          • Opcode ID: e6160313b73a68d0ad15489b27d5ccfb0515d3a93e250ed3fd691f0228590dcf
                          • Instruction ID: 9f2678aa30eff5ded6b5e698968f036b166a46d66b01256e34e2d6b4bb67336a
                          • Opcode Fuzzy Hash: e6160313b73a68d0ad15489b27d5ccfb0515d3a93e250ed3fd691f0228590dcf
                          • Instruction Fuzzy Hash: 00E17571E2122AEFEB21DE98C980BADBBB9FF14710F144425EA01E7A91E774D941CB50
                          Function 012EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: `$`
                          • API String ID: 0-197956300
                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                          • Instruction ID: 48c1355241b12dc3a9f16c736cc080f059ba226203420688eb56846b7702f894
                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                          • Instruction Fuzzy Hash: 59C1CF312243429FEB24CF28C849B6BBBE5EFD4318F484A2DF6968B290D7B4D545CB51
                          Function 0129E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: Legacy$UEFI
                          • API String ID: 2994545307-634100481
                          • Opcode ID: 31ad98b6279bb6a47d1fd29104ab5e0fbdd96d879d8fe2a07f8f16a576e7c0b2
                          • Instruction ID: f973dd0cbef68a970fab3dd89daa3466f2167e060a5d07a8849a27815a2f4a27
                          • Opcode Fuzzy Hash: 31ad98b6279bb6a47d1fd29104ab5e0fbdd96d879d8fe2a07f8f16a576e7c0b2
                          • Instruction Fuzzy Hash: 2C6149B1E20619AFDB15DFA8C940BBEBBB9FF58700F15402DE649EB291D731A940CB50
                          Function 012C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$MUI
                          • API String ID: 0-17815947
                          • Opcode ID: cd9ae7e01a5f72daf9695387d10a97a902c597ac67a86a76d6006a4ac928fd57
                          • Instruction ID: 156f8e58c53aedf4cc330d5ea1a9a7966f8af6913e10e94dab388d4938d952d6
                          • Opcode Fuzzy Hash: cd9ae7e01a5f72daf9695387d10a97a902c597ac67a86a76d6006a4ac928fd57
                          • Instruction Fuzzy Hash: FE513BB1D1025EAFDB11DFA9CC90AEFBBBCEB54B54F100629E611B7290D6309E45CB60
                          Function 012204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                          Download Yara Rule
                          Strings
                          • kLsE, xrefs: 01220540
                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0122063D
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                          • API String ID: 0-2547482624
                          • Opcode ID: 61a7fff7f3790328ee816a24546d00f5c799d2102e3c4928db1407c952dd5cd6
                          • Instruction ID: 2fd1c147d5be67b47c0a4587d6feecdc997453aa769ab4dd3fd727d7df17b266
                          • Opcode Fuzzy Hash: 61a7fff7f3790328ee816a24546d00f5c799d2102e3c4928db1407c952dd5cd6
                          • Instruction Fuzzy Hash: 1651ACB1524753AFD734DF68C4446ABBBE4AF84304F10483EFAAA87241E770D545CB9A
                          Function 0122A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0122A2FB
                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0122A309
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                          • API String ID: 0-2876891731
                          • Opcode ID: 3acbc6bc5237dc98d7ed5820dcbe043d31bb6779ce124970a04e4ebabb8da192
                          • Instruction ID: 4f60e16715470a166127b5c31fdb559a860a0e1d34355ee36619b87a00ada853
                          • Opcode Fuzzy Hash: 3acbc6bc5237dc98d7ed5820dcbe043d31bb6779ce124970a04e4ebabb8da192
                          • Instruction Fuzzy Hash: 5D41C170A2566AEBDB25DF5DC440B6DBBB4FF84700F244069EA01DBA91E3B9D900CB50
                          Function 0125A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: Cleanup Group$Threadpool!
                          • API String ID: 2994545307-4008356553
                          • Opcode ID: 44a7f575af520143cb593a58f5de28a34d320ff281f5cb5d6ac44027000f2053
                          • Instruction ID: 0d3fc58b417523bca2d698a349e9c88274f9c4ac1905ce41e58375c5bcf47e17
                          • Opcode Fuzzy Hash: 44a7f575af520143cb593a58f5de28a34d320ff281f5cb5d6ac44027000f2053
                          • Instruction Fuzzy Hash: 4801FFB2260700AFD361DF24CD86F267BE8F794B25F018A3DAA48C7190E374E804CB56
                          Function 0122C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: MUI
                          • API String ID: 0-1339004836
                          • Opcode ID: 4f1f32cb9cb1d46bb8a3810954f3956d426243b90bdfb4f936fe43ac65f9f5b3
                          • Instruction ID: f775e298259fae1c5e90b74349b3fd6948e915a42eaea45310e26c43d4ce5175
                          • Opcode Fuzzy Hash: 4f1f32cb9cb1d46bb8a3810954f3956d426243b90bdfb4f936fe43ac65f9f5b3
                          • Instruction Fuzzy Hash: C8827F75E20229AFEB25CFA9C8407EDBBB1FF48310F148169DA19AB351DB749941CF50
                          Function 012CA118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: @
                          • API String ID: 0-2766056989
                          • Opcode ID: 90f33ff041caece9e988b7c159333ecba8645e19006aebab81df9046a0be09ec
                          • Instruction ID: c42c6e057c9c53a6a89f96fefe518a474b7005b9db31577b7e9b1cb2dc1ed25a
                          • Opcode Fuzzy Hash: 90f33ff041caece9e988b7c159333ecba8645e19006aebab81df9046a0be09ec
                          • Instruction Fuzzy Hash: 2B22CD7063466A8EEB25CF29C055376BBF1BF44B40F18865DDB868B286F3B5D442CB60
                          Function 012A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 24892ac0520827c3dadfd1e6085f6cdf4c499f1dce23cf915f3b6aa9d55ef212
                          • Instruction ID: 927fc3d82ef381f4d32f490297d5023d99d2557411d98872ebcad388874dd115
                          • Opcode Fuzzy Hash: 24892ac0520827c3dadfd1e6085f6cdf4c499f1dce23cf915f3b6aa9d55ef212
                          • Instruction Fuzzy Hash: 8991827196021AAFEB25DF95DD85FAEBBB8EF14B50F540015F700AB190D774AD00CBA0
                          Function 012CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 2eb4eea8289816b6cccfc2db6e7678a5d5613e56a47c9413e4229ee514a4a2c0
                          • Instruction ID: c063f61f42e626baba29d2a4812fa76f0cdd3a9ddc36c48a23b95afffa96182c
                          • Opcode Fuzzy Hash: 2eb4eea8289816b6cccfc2db6e7678a5d5613e56a47c9413e4229ee514a4a2c0
                          • Instruction Fuzzy Hash: 4191B172920646AFDB22ABA5DC44FBFBF7AEF95B40F110119F700A7250DB74A901CB51
                          Function 0125A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: GlobalTags
                          • API String ID: 0-1106856819
                          • Opcode ID: b5ede26128fa8298ec67a04ea9ac6a378d3a40572f15369f540af35238690ef9
                          • Instruction ID: d7fd3627d032a9a8a06e6ad1c06dc114b4bc1aec3b0cfdb267a029ca49cbcd67
                          • Opcode Fuzzy Hash: b5ede26128fa8298ec67a04ea9ac6a378d3a40572f15369f540af35238690ef9
                          • Instruction Fuzzy Hash: 8E716DB5E2020A9FDF29CF9CD591AEDBBF1FF48700F14812AEA05AB241E7748945CB50
                          Function 012C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: .mui
                          • API String ID: 0-1199573805
                          • Opcode ID: 0ab6a32e9446589cba4faac0835b722546f6a4055dafe2301c47cc6cf21c11e5
                          • Instruction ID: 316051aa217065a83fdea20a36e8a13ecb2f2600adbb29f28422da644e0f4012
                          • Opcode Fuzzy Hash: 0ab6a32e9446589cba4faac0835b722546f6a4055dafe2301c47cc6cf21c11e5
                          • Instruction Fuzzy Hash: 2F518272D2026ADBDB14EF99D960AAFBAB4AF14A10F05422DEB11B7240D3749901CBE4
                          Function 0123E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: EXT-
                          • API String ID: 0-1948896318
                          • Opcode ID: 66114ca1ecfc7c1a1d430a17e000f4e0b738a4792c223de99386982c81b8e0f5
                          • Instruction ID: e215fdedbb8c11b52e33365f531f03e5364b57d8a46dd16eb69d8eb0be97e4fd
                          • Opcode Fuzzy Hash: 66114ca1ecfc7c1a1d430a17e000f4e0b738a4792c223de99386982c81b8e0f5
                          • Instruction Fuzzy Hash: 9B41C0B2528302ABD725DA75C841B7BB7E8AFD8714F05092DFA84E7180E774D908C796
                          Function 0129C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: BinaryHash
                          • API String ID: 0-2202222882
                          • Opcode ID: 8151ffc070f2a3480fe926aac654e28ae0664aaf8deab8aebc9682c6b8428cfc
                          • Instruction ID: 6e46b9a4988113add844bed7e710de57fa4ce0628f2450da78c556243cb9ed67
                          • Opcode Fuzzy Hash: 8151ffc070f2a3480fe926aac654e28ae0664aaf8deab8aebc9682c6b8428cfc
                          • Instruction Fuzzy Hash: E74143B1D1012DABDF21DA54CC84FEEB77CAB44714F0045A5EB08AB180EB709E998FA4
                          Function 012B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: #
                          • API String ID: 0-1885708031
                          • Opcode ID: c44a31935fd8c94dc9a45864ffeb5b87887595b04202c579f12912119e5f1a63
                          • Instruction ID: 14a4c67300a7e3ba1f2fe9edb0694274fa2a9d02eadb4f389e2c3c86cf177423
                          • Opcode Fuzzy Hash: c44a31935fd8c94dc9a45864ffeb5b87887595b04202c579f12912119e5f1a63
                          • Instruction Fuzzy Hash: CD316B31A2035A9BEB22DF68C884BEEBBB8DF45744F144028EA40AB282D775DC05CB50
                          Function 0129CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: BinaryName
                          • API String ID: 0-215506332
                          • Opcode ID: e6f61a2ea069a934a5cf2cef9065630d4dde029cfa4331d6fc596b15534196cf
                          • Instruction ID: afbb5e954a1a76393b3ddb24bb125f9500515c16eba0376c21e40fe1d43fe2b7
                          • Opcode Fuzzy Hash: e6f61a2ea069a934a5cf2cef9065630d4dde029cfa4331d6fc596b15534196cf
                          • Instruction Fuzzy Hash: 1C310376920516AFEF16DA5CC861E7FBB74EB90760F014129EA05A7290E7309E10DBE0
                          Function 012A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                          Download Yara Rule
                          Strings
                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 012A895E
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                          • API String ID: 0-702105204
                          • Opcode ID: 24ffa820fd993ac093ed2054ca28bce9bc01556a3eef8c44b6b7a9742da76c68
                          • Instruction ID: a200508be550167c6b902cb2537b1adf7cebe62ab19453721e003038a1ed1a7a
                          • Opcode Fuzzy Hash: 24ffa820fd993ac093ed2054ca28bce9bc01556a3eef8c44b6b7a9742da76c68
                          • Instruction Fuzzy Hash: 6101F732230217ABE7256B5AC884BAA7F75EFCA755F84002CF74106655CB606882C792
                          Function 012C2000 Relevance: .8, Instructions: 757COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5d9ed60db75ab038b5ce284907a8c76c755edda8a934c8a230ead8a2b0b54a4e
                          • Instruction ID: 55a01a1d194a8badf66900bf4f2b2531df3e9aaac0e0ba5d3ffef5c5218a433b
                          • Opcode Fuzzy Hash: 5d9ed60db75ab038b5ce284907a8c76c755edda8a934c8a230ead8a2b0b54a4e
                          • Instruction Fuzzy Hash: 2342B475628342CBD725CF68C890A6BBBE5FF98B40F040A2DFB8697250DB70D945CB52
                          Function 012B8158 Relevance: .6, Instructions: 617COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 16755b8fcd6f918c52ea24157edd386a7912fd8353326d5eb90f25995ff7b723
                          • Instruction ID: f9ffae62497382592261635dc284fdd862b4fc9a9268783a0a199c06b5e72e43
                          • Opcode Fuzzy Hash: 16755b8fcd6f918c52ea24157edd386a7912fd8353326d5eb90f25995ff7b723
                          • Instruction Fuzzy Hash: 07424D75A202198FEB25CF69C881BEDBBF9BF48340F148099EA4DEB241D7349985CF50
                          Function 01232840 Relevance: .6, Instructions: 605COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4426b33397d2a94271ba8105576350f39d2a3258a5fb6a6b1cebfd6a29a354f1
                          • Instruction ID: 3f623d01b40b3ab4dfa4e8f1e8c338ccc8fcacff3c7d132fca4cc3ede08abad0
                          • Opcode Fuzzy Hash: 4426b33397d2a94271ba8105576350f39d2a3258a5fb6a6b1cebfd6a29a354f1
                          • Instruction Fuzzy Hash: 7132F0B0A217568FEB25EF69C8447BEBBF2FF84304F24411DD64A9B284D775A806CB50
                          Function 01226A50 Relevance: .5, Instructions: 548COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4465e90a187eb28ed8be0b4e0583d6a08fad203b1e58f4b2a75bdf2462bb15a0
                          • Instruction ID: cb56fcc4355f35b89491cded0060cef9139efc298f4986dd3d9e753d28625ca0
                          • Opcode Fuzzy Hash: 4465e90a187eb28ed8be0b4e0583d6a08fad203b1e58f4b2a75bdf2462bb15a0
                          • Instruction Fuzzy Hash: 8632F171A21216DFDB25DF68C480BAEBBF1FF48300F148569EA55AB391D770E852CB50
                          Function 01244A35 Relevance: .4, Instructions: 423COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                          • Instruction ID: d8aa18ba45e0f9916574ec069dd2e9d5ec786c50353268a097fa00eb3888bbe1
                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                          • Instruction Fuzzy Hash: 5CF19171E2125A9BDF19EF99C580BBEBBF5BF48714F088129EA41AB340E774D841CB50
                          Function 012B892B Relevance: .4, Instructions: 386COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be6bde7c5b22d96f352cd57eaf0d7a0edd34ba348b2ffd268a93416622dfeca5
                          • Instruction ID: 5ccb66ca612b5d41c82f053e1e0f9567798ded2ffe9da5b15d041f72ea7469c2
                          • Opcode Fuzzy Hash: be6bde7c5b22d96f352cd57eaf0d7a0edd34ba348b2ffd268a93416622dfeca5
                          • Instruction Fuzzy Hash: F6D1F571A2060A8BDF09CF69C881BFEB7F9BF84344F188169D959E7241E735E905CB50
                          Function 012265D0 Relevance: .4, Instructions: 383COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 54a8fdaa37eeb14502b3ead411ef6adadf9b2b0c931518104bf976db32a0514f
                          • Instruction ID: b472c2822463e786f862263e396237384e1a910d2814bb3b8f183af775cac9ae
                          • Opcode Fuzzy Hash: 54a8fdaa37eeb14502b3ead411ef6adadf9b2b0c931518104bf976db32a0514f
                          • Instruction Fuzzy Hash: A5E19E72619352DFC715CF28C090A6EBBE0FF89304F04896DEA9987391DB71E905CB92
                          Function 01218397 Relevance: .4, Instructions: 380COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d84f602928d50621436b3a435fa4d8b8aa00ce70266acf8bea94d8d46ffb1e5
                          • Instruction ID: 9f4160215077722db3985485915d470c32d52539f0b1fcf3a007f33f3a80611c
                          • Opcode Fuzzy Hash: 6d84f602928d50621436b3a435fa4d8b8aa00ce70266acf8bea94d8d46ffb1e5
                          • Instruction Fuzzy Hash: 8BD1D071A2020B9FDB18CF68C8C1ABBB7E5FF64314F054629EA16DB284EB70D951CB50
                          Function 012A8243 Relevance: .3, Instructions: 322COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                          • Instruction ID: 39af4105cd2611680b8000b08c5aa11797943be6f9777c1c5ae8ad542b222ed5
                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                          • Instruction Fuzzy Hash: C7B18474A106069FEB24DF99C940EBBBBB9FF84305F90445EAE4297790EA34E945CB10
                          Function 01230535 Relevance: .3, Instructions: 300COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                          • Instruction ID: a290460cfc8e68ed5b22e4bb61caa7a8b2cab0f32abf919fd6512a5b1a5c0c04
                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                          • Instruction Fuzzy Hash: A3B106716246479FDB16EB68C850BBEBBF6BF88300F140199E652D72C1D770E941CBA4
                          Function 012283C0 Relevance: .3, Instructions: 281COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8556c010d251b030864eae3b35ae19862f3c7595cdc96aec992c77b0285a67b0
                          • Instruction ID: a6e64ab3f3173cb4e8ec0fd8f4a00e6757e23cc5f21185c0abf8e8af72301735
                          • Opcode Fuzzy Hash: 8556c010d251b030864eae3b35ae19862f3c7595cdc96aec992c77b0285a67b0
                          • Instruction Fuzzy Hash: E2C178741283419FE764DF18C484BABB7E4FF88304F44496DEA8987291D774E919CF92
                          Function 0121C427 Relevance: .3, Instructions: 280COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4bc4a3cd5e5c51810ea492a9aadf66c665b5acef5ed4de470235f528a8ee4113
                          • Instruction ID: f1e7850d592047c8a28c2d602b3ff01da429595f478d827914f46e1de76ee0c2
                          • Opcode Fuzzy Hash: 4bc4a3cd5e5c51810ea492a9aadf66c665b5acef5ed4de470235f528a8ee4113
                          • Instruction Fuzzy Hash: E2B18174A602668BDB34DF68D880BBEB3F5EF54710F0485E9D50AE7285EB709D85CB20
                          Function 0124E5E7 Relevance: .3, Instructions: 278COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 127bfda6c1ed4f4670968c7f6f2dfde92968550672cdaab3220f525ebfc4b5cb
                          • Instruction ID: efdec3d3c202a5f7aa948bcd8312fc6e7930ac2f6831ebe4eaefebaa01bc25f4
                          • Opcode Fuzzy Hash: 127bfda6c1ed4f4670968c7f6f2dfde92968550672cdaab3220f525ebfc4b5cb
                          • Instruction Fuzzy Hash: 1CA13771E2125A9FEB25EB5CC948BADBBA4BF04724F060115EB00AB2C0D7B89D40CBD1
                          Function 01260185 Relevance: .3, Instructions: 276COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d7d77d82100664d7907df6f680fdc68cd42bf89374b5ec263ea8a0bc12dd50e8
                          • Instruction ID: 188a670aa96f656b4ea612493c570a453b1a4051877c5d105a8cb1b51d9add94
                          • Opcode Fuzzy Hash: d7d77d82100664d7907df6f680fdc68cd42bf89374b5ec263ea8a0bc12dd50e8
                          • Instruction Fuzzy Hash: BAA1E070A216069FEF25CF69C990BBAB7B8FF44314F004029EB0597281EB74A891DB94
                          Function 012F4500 Relevance: .3, Instructions: 275COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2887f0a44c70209febdd9f18fedbd1818df3d84a74e5a19c725f3f057a8ade33
                          • Instruction ID: 24f63c2b9be650d91204135c5951abb2afacb5efa843939f5b3da036ef42f21e
                          • Opcode Fuzzy Hash: 2887f0a44c70209febdd9f18fedbd1818df3d84a74e5a19c725f3f057a8ade33
                          • Instruction Fuzzy Hash: A1A1CEB2624292DFC715EF18C980B6ABBE9FF58714F05093CE6459B651D3B4ED00CB91
                          Function 012F2B57 Relevance: .3, Instructions: 266COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                          • Instruction ID: 44f1d1ab5d7af9c655206571b16a80788a58727aced491ebdb73ba02b8247f0d
                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                          • Instruction Fuzzy Hash: 2AB11771E1061ADFDB19CFA9C880AADFBB5FF49310F148169EA15A7354D730E941CB90
                          Function 012A60E0 Relevance: .3, Instructions: 264COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 086e6073f73b5e307d23e102eb98bbdd6818e592955a327c37764fda3148ab8f
                          • Instruction ID: c84bba550eb4f75aef0087e2a880eb1a2db5a611b73c55a23c197c9740ca5137
                          • Opcode Fuzzy Hash: 086e6073f73b5e307d23e102eb98bbdd6818e592955a327c37764fda3148ab8f
                          • Instruction Fuzzy Hash: 8C91B371D20216AFDB15CFA8D894BBEBFB5AF48710F594169EA10EB341D734E9018BA0
                          Function 0123E3F0 Relevance: .3, Instructions: 261COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c5ab4d456e23688cd12f737813e68899943c1c4f69f8a9e8b0df967a29b83a1
                          • Instruction ID: 91b038d77b17d6deaa303789cfe5a9bed638f1280e3bb10682729a9317cb6a2d
                          • Opcode Fuzzy Hash: 7c5ab4d456e23688cd12f737813e68899943c1c4f69f8a9e8b0df967a29b83a1
                          • Instruction Fuzzy Hash: BE9176B1A31213CBEB24EB58D440B7DBBA2EFD8714F064065EB059B3C0E674D945CB50
                          Function 01276ACC Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9a7250e6e184fd948b9360c6f286c043ec2e5898c0aab62f0d7e38c17cca0a8a
                          • Instruction ID: cb414bc6e1b45d1931d3dc93d64e07767f0de19e0138ace7f5b93abf1b4e53f5
                          • Opcode Fuzzy Hash: 9a7250e6e184fd948b9360c6f286c043ec2e5898c0aab62f0d7e38c17cca0a8a
                          • Instruction Fuzzy Hash: 2C8193B1A106169FEB18CF69C940ABFBBF9FB48700F04852EE555E7640E734D940CBA4
                          Function 012EAB40 Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                          • Instruction ID: 97eff7129d9c84e0688550b4256361c26813aaaa2f2f7084dd92801edc7dc92e
                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                          • Instruction Fuzzy Hash: 0381AF31A2020A9FDF18CF98C899AAEBBF6BF94310F58856DD9169B344D774E911CB40
                          Function 0125E284 Relevance: .2, Instructions: 212COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ed7e7d1be88a809811ca3f73d9f1b0e39f1b9ff449deadef7bd8a0ac1e805f19
                          • Instruction ID: 5cdb3241fe8b46562cb784d1ba6e5ab715f5f0287634876bfa9abd599b36f59a
                          • Opcode Fuzzy Hash: ed7e7d1be88a809811ca3f73d9f1b0e39f1b9ff449deadef7bd8a0ac1e805f19
                          • Instruction Fuzzy Hash: 7C81AF71A1060AEFDB21CFA9C880AEEFBBAFF48354F11442DE655A7250D730AD45CB60
                          Function 0123C640 Relevance: .2, Instructions: 206COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 13efb11bf992f33ca87cd0a293397cb0b887cdd5594b181f9da69b9263d252f2
                          • Instruction ID: 10d1ea0d6a1094850f6f2f33aeeb2e120d54ee2063101e5b66e9cd13ad033a41
                          • Opcode Fuzzy Hash: 13efb11bf992f33ca87cd0a293397cb0b887cdd5594b181f9da69b9263d252f2
                          • Instruction Fuzzy Hash: A471D2B5D25226DFCB2ADF68C4517BDBBB9FF98710F14411AE942AB390D3709810CB90
                          Function 012D47A0 Relevance: .2, Instructions: 202COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f184d03fbd8265fff1b5c516dbc3955e806a49b929f5676c388e02626c6134f1
                          • Instruction ID: 490fa1f376fe2e47bd4281cb822a745fa1168be82db7445b15141def029229e2
                          • Opcode Fuzzy Hash: f184d03fbd8265fff1b5c516dbc3955e806a49b929f5676c388e02626c6134f1
                          • Instruction Fuzzy Hash: 2971B2B0920286EFDB20EF99D952AAABBFCEF91300F11415EE700A7658C7B18940CF14
                          Function 0123260B Relevance: .2, Instructions: 201COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ba35963e95bdfeac4b7b06a9cd24d34dd7209ab720318c87892fbb9fb6af51bf
                          • Instruction ID: b7490dfa3d85a680632af58d3e1d9f4f3ebbf216c1500071c8d8b92aa28e42bf
                          • Opcode Fuzzy Hash: ba35963e95bdfeac4b7b06a9cd24d34dd7209ab720318c87892fbb9fb6af51bf
                          • Instruction Fuzzy Hash: 6D71DEB1624242CFD316DF28C480B2AB7E5FFC8710F0485AAE999CB356DB74D846CB91
                          Function 012A035C Relevance: .2, Instructions: 198COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                          • Instruction ID: 633524432c798941b7ce7479a292f0de9ed71756cb4916987c4f90bc658cc9c8
                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                          • Instruction Fuzzy Hash: A7717E71E2060AAFDB10DFA9C984EEEBBB9FF88300F504569E505E7250DB34EA05CB54
                          Function 012B62A0 Relevance: .2, Instructions: 198COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7e7f828b7400b488afe47e2534c52af307784871905c6680a9f41b72a54170d1
                          • Instruction ID: 808672dd9707b9041e4687ab8ba78fe2b9021338e1e65b16af751523cf89ddbc
                          • Opcode Fuzzy Hash: 7e7f828b7400b488afe47e2534c52af307784871905c6680a9f41b72a54170d1
                          • Instruction Fuzzy Hash: 8D71D372260B02AFE732DF18C885FA6BBB6EB407A0F144818E755872E0D779E944CB50
                          Function 01228AA0 Relevance: .2, Instructions: 197COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3268c8420848ac89adb1904ae2dfff5adb0520d21b20270c4c0b7a2e74824382
                          • Instruction ID: 910409580c47bd9b9e675208222c29987b5c2aac1428ab006308f498b086f235
                          • Opcode Fuzzy Hash: 3268c8420848ac89adb1904ae2dfff5adb0520d21b20270c4c0b7a2e74824382
                          • Instruction Fuzzy Hash: 3B819C72A25326DFDB24DF98D584BADB7F5BB48310F15412DDA00AB285E774DD40CB90
                          Function 012F8324 Relevance: .2, Instructions: 192COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2e5746ded26bdf7cc0486f4755e5e8246c5ec6a406db1cb726976ff7a713b4e4
                          • Instruction ID: 47e67cb64be1ab523cf7a1e23315f76adb978742fa97cb892ef9f52700141b0f
                          • Opcode Fuzzy Hash: 2e5746ded26bdf7cc0486f4755e5e8246c5ec6a406db1cb726976ff7a713b4e4
                          • Instruction Fuzzy Hash: 91711A71E6020AAFDF16DF94C841FEEFBB9FB04350F104129E615A7290E774AA45CB90
                          Function 012DA250 Relevance: .2, Instructions: 184COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: feabf2d7159d2ed363a8b979c53dbb84916e399b8d31d823cc862e7d06cef722
                          • Instruction ID: cc1aed88a1ab939b5a936d1700d1fd4cd141df112554774a89c6f9013d056003
                          • Opcode Fuzzy Hash: feabf2d7159d2ed363a8b979c53dbb84916e399b8d31d823cc862e7d06cef722
                          • Instruction Fuzzy Hash: DA51C172524752AFD712DE68C844E6BBBECEBC5750F014929BA80DB250D774ED04CBA2
                          Function 012C8350 Relevance: .2, Instructions: 161COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d25fa8c34471d1a8126c57745503400023f2303964b9bd57c1849e52ae4f86ec
                          • Instruction ID: 1df1b1e6b417958e07d22472f390833a08e75e6910971f926b18f0d65f5f798e
                          • Opcode Fuzzy Hash: d25fa8c34471d1a8126c57745503400023f2303964b9bd57c1849e52ae4f86ec
                          • Instruction Fuzzy Hash: 87517B70920B059BD731DF5AC884AAAFBF8FF54B10F10871ED396576A0D7B0A545CB90
                          Function 0125E443 Relevance: .2, Instructions: 158COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b6fed219c5188b917c53abe4bb9c92561eefb83143186d915b322a0d253a3f9
                          • Instruction ID: 16a7ade61d7dea91d7c0aa0c989ee58319d7cadb978bc1e49add49d28c3bbfc4
                          • Opcode Fuzzy Hash: 2b6fed219c5188b917c53abe4bb9c92561eefb83143186d915b322a0d253a3f9
                          • Instruction Fuzzy Hash: 43514CB1220A06DFCB22EF69C9C0EAAB7FDFF54754F410869EA5197260D734EA40CB50
                          Function 012C4180 Relevance: .2, Instructions: 156COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 91921ed87792e1afb843effa62f4cb08fc2b34ba3a7829fa711f4af9cd4cc4ed
                          • Instruction ID: a28f613647fb3e2c6c464f730b9462b41f71ac85286b4029dbeb4188f8b48ef2
                          • Opcode Fuzzy Hash: 91921ed87792e1afb843effa62f4cb08fc2b34ba3a7829fa711f4af9cd4cc4ed
                          • Instruction Fuzzy Hash: 7E51AD716283828FD750EF29C891A6BBBE5FFC8608F544A2DF689C7250D730D905CB52
                          Function 012445B1 Relevance: .2, Instructions: 156COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                          • Instruction ID: b4b22f9349af7984778d39d04c39b06d2c27e0bdd2035a5d224135b772a2eaad
                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                          • Instruction Fuzzy Hash: EF519F71E1025AAFDF19EF98C440BFEBBB9AF45754F044069EA01AB240D774EE45CBA0
                          Function 012AE9E0 Relevance: .2, Instructions: 154COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                          • Instruction ID: 3ba6e0a7cbbbd9b29eb1f06bbb711f5005441b52f1411367c78dc0bddb44d823
                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                          • Instruction Fuzzy Hash: B251DA31D2021BEFDF21DF94C899BAEBB78BF10314F524A55D61267190E7709D42CBA0
                          Function 012E8B28 Relevance: .2, Instructions: 152COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b9172c952e5bcad8e33dd6441db1fff0e1400914c494742bcdfc551e503e5fb9
                          • Instruction ID: 5ecd59976666df1a1285b13cd8ebb5cc792df0baf6fb47f3cad3f9c7eb794029
                          • Opcode Fuzzy Hash: b9172c952e5bcad8e33dd6441db1fff0e1400914c494742bcdfc551e503e5fb9
                          • Instruction Fuzzy Hash: 6A4129707216029BDB29DB2DC99CB7FBBDAEF81220F84461CEA95C7280E770D811C791
                          Function 012ACBF0 Relevance: .1, Instructions: 148COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38380eb24b8210abbb18180c8c9a16afc3706420eb11ef8c96d729ee5d824f23
                          • Instruction ID: ac48e70b6e6b40d1f815448bde7ae008be3268cb885ddbefcb2e20e0da98c79e
                          • Opcode Fuzzy Hash: 38380eb24b8210abbb18180c8c9a16afc3706420eb11ef8c96d729ee5d824f23
                          • Instruction Fuzzy Hash: 13519DB192061ADFCB20DFA9C8809AEBBF9FF48324B904519E605A7304D774AD11CBD0
                          Function 0125A430 Relevance: .1, Instructions: 139COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 495e9832d03f6675b1f6ae9434720780e6a4507b502fa61430059d2505b2544d
                          • Instruction ID: 9adab19fd5c425c5e1c257cc11be9f417082954281fbcb278241d6b76c76b09b
                          • Opcode Fuzzy Hash: 495e9832d03f6675b1f6ae9434720780e6a4507b502fa61430059d2505b2544d
                          • Instruction Fuzzy Hash: 1341FA71A603069FDF65EF6DA8D2FB93BA8EB58708F01012DEE029B245D7B59811C790
                          Function 012EA9D3 Relevance: .1, Instructions: 139COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                          • Instruction ID: ec8dfbec4038323a0c751e01392fa3e111916ec53323bb68b42e8368f49d3da3
                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                          • Instruction Fuzzy Hash: 5341E8716247179FDB25CF58C988A7AB7E9FF94210B45462EEA528B340EB30ED18C7D0
                          Function 012501F8 Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 81d9b9eacc77b57855af20bf202f09fa01786f2b1471521485eda1a7aef624ba
                          • Instruction ID: fddda7b42c5ae777e31439b43fe8dece80f78e9977c5b9c2c5c0f5dcd24e8597
                          • Opcode Fuzzy Hash: 81d9b9eacc77b57855af20bf202f09fa01786f2b1471521485eda1a7aef624ba
                          • Instruction Fuzzy Hash: A741893692021AABDB54DF98C880AFEBBB4BF48710F14816AFD15E7340D7759D41CBA8
                          Function 0124EBFC Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b458dd40585d1c050c03a239ee3c909a7d5083a3a833e7b1b59f964cf43698dd
                          • Instruction ID: 4f4c1df24786be9240cc568df4e2c156a794a85973564a79770c94fe8aad3638
                          • Opcode Fuzzy Hash: b458dd40585d1c050c03a239ee3c909a7d5083a3a833e7b1b59f964cf43698dd
                          • Instruction Fuzzy Hash: 7B41B6B1624302DFE729EF28C884A2BB7E9FF88324F014829E657C7751DB75E8448B55
                          Function 01262750 Relevance: .1, Instructions: 137COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                          • Instruction ID: fc6fb5bb67327ae2db972e3ac200fa4968eca59b8b5a8f6299caa9e91a1caea5
                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                          • Instruction Fuzzy Hash: 40515C75A10616CFCB15CF5DC580AADF7B2FF84710F2481A9D915AB351D770AE42CB90
                          Function 01226154 Relevance: .1, Instructions: 133COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 45d8a90ed8b0debe6f2fe6700e067c435f1b2a8dceadf9b79164f65e4ffdb731
                          • Instruction ID: d989d8639be7faaee0ac0f0b7548653a6bcb2a5fb972d8685c0398fd5bb0a92b
                          • Opcode Fuzzy Hash: 45d8a90ed8b0debe6f2fe6700e067c435f1b2a8dceadf9b79164f65e4ffdb731
                          • Instruction Fuzzy Hash: 7C513BB1921227EBDB25DB68CC01BBCBBB5FF11314F1442A5DA29972C5D774A981CF80
                          Function 01220BCD Relevance: .1, Instructions: 130COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c2a4df0eb768f3ba1933f2f6264dd42f8479b19923375afc5645d14c778afaaa
                          • Instruction ID: 85c7b88975e6128c62ea5bdace0cabab69575ff736329ec349bd5eae7ce24b6b
                          • Opcode Fuzzy Hash: c2a4df0eb768f3ba1933f2f6264dd42f8479b19923375afc5645d14c778afaaa
                          • Instruction Fuzzy Hash: 2E419171A20229EFDB21DF69C944BEE77B8EF55740F0100A5EA08AB241D774DE80CFA5
                          Function 012E866E Relevance: .1, Instructions: 129COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                          • Instruction ID: 117d9cdad3e7cca69c8d9c60335ccdcbcd2aa8891b08c535d913e1881e03dab3
                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                          • Instruction Fuzzy Hash: A941A675B20106AFDF15DF99CC98ABFBBFAAF84600F544069EA84A7341D670DD41CB60
                          Function 01220887 Relevance: .1, Instructions: 128COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e360aa7d2d7c97d41a0eb83c2feef0b351e5fb1379830a5427d5fc9f2ff84c2d
                          • Instruction ID: 0e6802b5f559cb314f826abe7e62a15c9b054992016d2a658d6a72cd69a1ec5b
                          • Opcode Fuzzy Hash: e360aa7d2d7c97d41a0eb83c2feef0b351e5fb1379830a5427d5fc9f2ff84c2d
                          • Instruction Fuzzy Hash: E541B3B1620712AFE325CF29C480A2AB7F9FF49714B104A6DE64787A50E770E845CB98
                          Function 0124A470 Relevance: .1, Instructions: 127COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b761243fa5939485830b47e5b3bd321f4b1bb8a95c0ad2d3e32d1cabdb202007
                          • Instruction ID: 700e5f120cab2f23acabe3d6395d9f13bac2296e8318e6613c83268edc3fb4f3
                          • Opcode Fuzzy Hash: b761243fa5939485830b47e5b3bd321f4b1bb8a95c0ad2d3e32d1cabdb202007
                          • Instruction Fuzzy Hash: B0411172AA5206CFDB29DF68E9847ED7BB4FB18310F090169D512AB3C0DB749904CBA0
                          Function 01228BF0 Relevance: .1, Instructions: 124COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65051a646fb63c87c6d462f995fd3fcaba8fa7cccc1290d84862e33dcc18f6d0
                          • Instruction ID: fa6d7b53af9644090c83e00825cd2a63ebd481c3bc9eba6c23adbb48e736b847
                          • Opcode Fuzzy Hash: 65051a646fb63c87c6d462f995fd3fcaba8fa7cccc1290d84862e33dcc18f6d0
                          • Instruction Fuzzy Hash: A1411571921212EBD728DF58C880A6EBBF9FB98714F14802ADA019B355D775D846CB90
                          Function 01218918 Relevance: .1, Instructions: 123COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 20cbeab7ece2a4f90334ed15ae5bd331aa2ec8611173e3e9adfcb02a22a95140
                          • Instruction ID: d5cfae38544acaffe083b48383cff400fcec08d5629c7fe89a1ca50154685dc1
                          • Opcode Fuzzy Hash: 20cbeab7ece2a4f90334ed15ae5bd331aa2ec8611173e3e9adfcb02a22a95140
                          • Instruction Fuzzy Hash: 92416E325287469FD312DF69C881A6BF7E9EF84B54F40092AFA84D7250E770DE048B93
                          Function 0121A020 Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                          • Instruction ID: dfd30a7b5baad2d652d67856ba5e2ae81800410d837aa867b2fd008fb9d1f7c3
                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                          • Instruction Fuzzy Hash: C0418E31A31257DBDB21DE2D84407BBBBF1EB60B50F15806AFB458B248D6338D40CB91
                          Function 012209AD Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 63ced7fd5d37918018a3796a7f7b0b2f255a19760a021e05e80a3ae577e97a78
                          • Instruction ID: 9eea726fedfc62edd55ee0c8a23fbe2bd8ceee5a85a0290bd9e35cf0a12066f6
                          • Opcode Fuzzy Hash: 63ced7fd5d37918018a3796a7f7b0b2f255a19760a021e05e80a3ae577e97a78
                          • Instruction Fuzzy Hash: D2417CB1621612EFD721CF18C840B6ABBF4FF54714F60866AF649CB251E770E942CB94
                          Function 01250710 Relevance: .1, Instructions: 121COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                          • Instruction ID: 894bf4a2ee44943b9c6cdbec7aa331692984e49d0c19db2fc1e26449561bbe1a
                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                          • Instruction Fuzzy Hash: 8F411871A10605EFDB64CF98C9C0AAABBF8FF18700B10496DEA56D7691D370EA44CF54
                          Function 0122262C Relevance: .1, Instructions: 119COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: da6f4f5cdc58b63026068457743337e348575a7ccebeb5b34a863e927357a0ac
                          • Instruction ID: 32d04f98e6f5bcea542c521fe72d3a0d301444345b5b344b9ee5541fff050892
                          • Opcode Fuzzy Hash: da6f4f5cdc58b63026068457743337e348575a7ccebeb5b34a863e927357a0ac
                          • Instruction Fuzzy Hash: 954101B1525311EFC725EF68C901B79B7B5FF44310F1082A9C6169B2A1DB719941CF40
                          Function 0125C8F9 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b89024e4e2302532744fd6a14a94923b5ba198d3a2f3f385bd39e4d29c094678
                          • Instruction ID: 7778ab96cfeaf9c28683a8146b9c8f1d078190bc1080a6c9552055265fc5c42a
                          • Opcode Fuzzy Hash: b89024e4e2302532744fd6a14a94923b5ba198d3a2f3f385bd39e4d29c094678
                          • Instruction Fuzzy Hash: 6E317CB1920346DFDB51CF68C4407A9BBF4FF09714F2085AED619DB251D3729902CB90
                          Function 012A07C3 Relevance: .1, Instructions: 114COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 697f827291b2c712d5135e08fa94f7991c4191cbfaca5b9d870d2010c3cac67b
                          • Instruction ID: 24f910e4bb00b106364b731ca957ca37f52f035e2efcb9403bc16ce84ae985af
                          • Opcode Fuzzy Hash: 697f827291b2c712d5135e08fa94f7991c4191cbfaca5b9d870d2010c3cac67b
                          • Instruction Fuzzy Hash: 8641AE715143419FD360DF28C845BABBBE8FF88714F004A2EF998C7291D7709844CB96
                          Function 012180A0 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 24cd3d273aa48983f7b1aa0e4f0e60d18230e4fdee1aaa4466f447a9295c5c0d
                          • Instruction ID: 2a6662ac074b73732710a51b4b8cfe7ab3189aab24f08e99bfa63926688e370a
                          • Opcode Fuzzy Hash: 24cd3d273aa48983f7b1aa0e4f0e60d18230e4fdee1aaa4466f447a9295c5c0d
                          • Instruction Fuzzy Hash: 1A41EF72E24616AFCB11DF18C8C0AA9B7F1FF64760F248229D915A7284DB74ED418B90
                          Function 012A05A7 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2e1127750eb604d5fd1a9a0d1f378aff0ccad93e365830868df7e4df06804b71
                          • Instruction ID: 539a8daf5d3e65fa2a9237170c757bdd643b4e8b95ec0a9c651acaf74ef0b189
                          • Opcode Fuzzy Hash: 2e1127750eb604d5fd1a9a0d1f378aff0ccad93e365830868df7e4df06804b71
                          • Instruction Fuzzy Hash: DC41C4725147429FC320DF68D840A7AB7E9FFC8700F540619FA95D7680E730D914C7AA
                          Function 01224859 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2e7cb52dd8a069c8e9d282e287c9a25cd2e8580fdd41faba8a9e3db68436bd55
                          • Instruction ID: 484b89b8ab98d38a63ca757fa30cf543d29fd5aeb78e3af0255d63f94b191458
                          • Opcode Fuzzy Hash: 2e7cb52dd8a069c8e9d282e287c9a25cd2e8580fdd41faba8a9e3db68436bd55
                          • Instruction Fuzzy Hash: 8441D370320362ABD725EF28D894B3EBBE9EF80364F14482DE6458B2A1DB70D951CB51
                          Function 01218B50 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ff489dffe72d2d2fb298088ab2de7cda0c036fd21d7068e2542c794c75614f2d
                          • Instruction ID: 8592dc1eedd09e1be75b9e60ad2f671282c6dc19212576fc53ae50bbcd0dad07
                          • Opcode Fuzzy Hash: ff489dffe72d2d2fb298088ab2de7cda0c036fd21d7068e2542c794c75614f2d
                          • Instruction Fuzzy Hash: 9341C171E21216CFCB18CF69C9809ADBBF1FFA8320F20862ED566E7290D7349901CB40
                          Function 012302E1 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                          • Instruction ID: 32505dc988c3db94b94fc16f4b66c05fc989c2ea98009a51d8296ade9d406e14
                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                          • Instruction Fuzzy Hash: 0E312671A25285AFDB129B68CC80BAFBFE8AF54750F0441A5F855D7392C2B4D884CBA4
                          Function 012CE3DB Relevance: .1, Instructions: 105COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f45644dd224d42cc6157c4574a1b64ad4d40c4241ecbbcc8a80aa112fcd646e
                          • Instruction ID: 78f9d3757035537915474f0c9209bbf2498ae255626b278b37d28e4a8874a0de
                          • Opcode Fuzzy Hash: 7f45644dd224d42cc6157c4574a1b64ad4d40c4241ecbbcc8a80aa112fcd646e
                          • Instruction Fuzzy Hash: 1E31A875760756ABD736EF558C41F7BBAB9EB58F50F110028F700AB291DAA4DD00C7A0
                          Function 012D4B4B Relevance: .1, Instructions: 104COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 062f49e35b6091b917b0ac5ee1e4c92bc9509504ec1c88d51c4e1a5a4767d332
                          • Instruction ID: 6fb0f1b4dc2efbf03998346600336fdb69a31e6d6e8c90ab6e1c1ed5a174bca9
                          • Opcode Fuzzy Hash: 062f49e35b6091b917b0ac5ee1e4c92bc9509504ec1c88d51c4e1a5a4767d332
                          • Instruction Fuzzy Hash: 0331E4B2625241CFC721EF1DD881E26B7E9FB81360F0A446EEA958BA51D771E801CF91
                          Function 01224260 Relevance: .1, Instructions: 102COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9dad586378976cba3d88f4e898c6a07a5fed04a6a9557fd6d379d0cb6edbc63
                          • Instruction ID: 457dfdc2f78efa52d5fda818487808ceb8a7be4b6aa28a8b99758e528e0f7b4e
                          • Opcode Fuzzy Hash: f9dad586378976cba3d88f4e898c6a07a5fed04a6a9557fd6d379d0cb6edbc63
                          • Instruction Fuzzy Hash: B341C271221B46EFD726EF28C491FEA7BE9BF45314F10882DE6598B290C7B4E804CB54
                          Function 012D4BB0 Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2befd99fba4e252b45868bcf7e22aaaa50d82c2020f9a27e94c4d6d27b7120f0
                          • Instruction ID: ffaa9336c1ce2a750e6511166fe8d9ab2d1820f57a5596e6fd361c8cc6e5489b
                          • Opcode Fuzzy Hash: 2befd99fba4e252b45868bcf7e22aaaa50d82c2020f9a27e94c4d6d27b7120f0
                          • Instruction Fuzzy Hash: 1C31AD716242428FD724EF28D881A2AB7E9FB84720F05456DFA559BA90E770ED04CB91
                          Function 0129EB1D Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1281637915b5a65c17fb7bebcdde6b840baecc4b0c5e7d75347148df1bf5c153
                          • Instruction ID: 4f5dd1deb0dd71f940b0182ee54ba2209d9bc50c634b1039676198357306be7e
                          • Opcode Fuzzy Hash: 1281637915b5a65c17fb7bebcdde6b840baecc4b0c5e7d75347148df1bf5c153
                          • Instruction Fuzzy Hash: 9331E4712316C79BFB22D75DCD58B297BD8BF40744F1E04B0AB859B6D1EB68D840C225
                          Function 012E61C3 Relevance: .1, Instructions: 97COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 117d889a2d41c2ac59a9d9c892fd6bdcd8ab1360440f462b5833d77cf6977229
                          • Instruction ID: 1209c0df43a5fb975e939b3c5ac32ed51b54a7fc29f618b2338101f3de86b683
                          • Opcode Fuzzy Hash: 117d889a2d41c2ac59a9d9c892fd6bdcd8ab1360440f462b5833d77cf6977229
                          • Instruction Fuzzy Hash: 8231B275A10156EBDB15DF98C844BAEB7F9EB48740F454168EA00AB284D770ED40CBA4
                          Function 012C483A Relevance: .1, Instructions: 96COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 251a0b18f012995c247dcdc9436c170e982bb1efc0af2c77411e60cd43800323
                          • Instruction ID: aacfc6bac1557bde5d45441dab57f6deb3b55d934ec9bf4de026a4319a5758e7
                          • Opcode Fuzzy Hash: 251a0b18f012995c247dcdc9436c170e982bb1efc0af2c77411e60cd43800323
                          • Instruction Fuzzy Hash: F6316776A5016DABCF31EF54DC94BDEBBF9AB98710F1001A5E608A7250CA30DE91CF90
                          Function 0124EB20 Relevance: .1, Instructions: 96COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4d524270408b26ebf9caae6aef77719402f6ea60ee08d7cec360db6f646ae828
                          • Instruction ID: d3f023210c76e169db8db6e78c3ca248ceb6f1fb1e55d678c108c0aad31b47d0
                          • Opcode Fuzzy Hash: 4d524270408b26ebf9caae6aef77719402f6ea60ee08d7cec360db6f646ae828
                          • Instruction Fuzzy Hash: 0B31D872E21215EFEB21DFA9CD40AAFBBF8FF54750F114425E615D7250E2749E008BA0
                          Function 012E60B8 Relevance: .1, Instructions: 95COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd00a89003778bcf8ff5f588755d09d0c58aecbb34f2822f6ea2937e6e04bbe3
                          • Instruction ID: 332e32aa2165cbe3ee00fb6ec0d69f87354a0d9c43ac80d7986460563ca80c57
                          • Opcode Fuzzy Hash: fd00a89003778bcf8ff5f588755d09d0c58aecbb34f2822f6ea2937e6e04bbe3
                          • Instruction Fuzzy Hash: A331D472A60616EBDB179FA9C850B7ABBF9EF94354F440069E505EB342DA70DD008B90
                          Function 012207AF Relevance: .1, Instructions: 95COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 077dea746470aaab571f51a703bafecc57ee229596c0aab9e6b53770f4581e0f
                          • Instruction ID: 1fdd424e919231dbb07849713e536d1157bff217d260b55e83c84c0ed4c3d832
                          • Opcode Fuzzy Hash: 077dea746470aaab571f51a703bafecc57ee229596c0aab9e6b53770f4581e0f
                          • Instruction Fuzzy Hash: C7310572A24222EBC722DE288880E7FBBE5AFD4650F02452CFD5597310DA70DC0187E6
                          Function 01228550 Relevance: .1, Instructions: 94COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0a90728042e9ec16a5ad8e1a0227b7438ee1c0c43b572218263492cca549c313
                          • Instruction ID: b73b4c0ee7d9624f52bee9b6a8ef85f34da9a918db685019e0aa66c0f41a1470
                          • Opcode Fuzzy Hash: 0a90728042e9ec16a5ad8e1a0227b7438ee1c0c43b572218263492cca549c313
                          • Instruction Fuzzy Hash: B931ACB2629312DFE721DF19C840B2ABBE5FB98700F05496DEA8497391D774E848CB91
                          Function 0125A6C7 Relevance: .1, Instructions: 92COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                          • Instruction ID: fb7ab239edaf501a5d87268342ad73a88b2923bb73896c87111647c6bcaa7082
                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                          • Instruction Fuzzy Hash: ED312FB2B10701AFD765CF6DDD81B57BBF8BF08650F04052DAA5AC3650E630E900CB60
                          Function 012CEBD0 Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a98cc6fe2eca93e183154bc5fc05f50e818a011771b65efc0cb48eefe2d4c50
                          • Instruction ID: 8bb9e80838aef3c7a0302cf3442e9e91f72114cdde1e1838253e02d82e6c12a6
                          • Opcode Fuzzy Hash: 2a98cc6fe2eca93e183154bc5fc05f50e818a011771b65efc0cb48eefe2d4c50
                          • Instruction Fuzzy Hash: 3031EDB1519302CFC715DF19C44182ABFF1FF89A18F454AAEE6889B351D331DA44CB82
                          Function 0124438F Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c551d05463dc875f8a286598f06761656e34913d3c12d87cb07d09dd43ac03c7
                          • Instruction ID: 4aa83c7b759fb1fa4b0625bd15c49d2e9f02d82c3fc299c87592f9b8796ac7a2
                          • Opcode Fuzzy Hash: c551d05463dc875f8a286598f06761656e34913d3c12d87cb07d09dd43ac03c7
                          • Instruction Fuzzy Hash: CE31F471B202869FD728FFB9C881B6EBBF9EB84704F008429D605D7295D770D941CB90
                          Function 0121CB7E Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                          • Instruction ID: 7635222a810375ffd10c29b4cb8ab47d221ad73b5124de9f2ee9408855a61669
                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                          • Instruction Fuzzy Hash: 1121E636E6125BAADB11DFB98841BBFBBB5AF64750F0980359E55E7340E270DD0087A0
                          Function 0121C156 Relevance: .1, Instructions: 88COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c68f3036e9550414af53740bf3471cd13e551c44e249a33cc8e2dea6b06ec3ef
                          • Instruction ID: c63a1493a7fb322fc6b5270206d54680fb3d7798a6a03df1e4ccdbe315178f40
                          • Opcode Fuzzy Hash: c68f3036e9550414af53740bf3471cd13e551c44e249a33cc8e2dea6b06ec3ef
                          • Instruction Fuzzy Hash: 7F3190F15102058BD734AF58CC41B7AB7B4EF90314F44C5A8DA459B386DA74E981CB90
                          Function 012DC3CD Relevance: .1, Instructions: 88COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                          • Instruction ID: d439300ce43c3c0548ee136cc73629e0fa0ff3f366d63a0c0b36dc8564b17330
                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                          • Instruction Fuzzy Hash: 47214F3E620653B7CB15ABA5CC00EBBFBB5EF50710F40841EFA9587691E634D960C360
                          Function 0121E420 Relevance: .1, Instructions: 88COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 18f638e5088f53d2fbf44b8dfae9e90925d6da890d61957aa7df478bbdc3d03d
                          • Instruction ID: 774902ee33dc71899868d20c7817174f45c25e70c199f42859f4ec77030bb58e
                          • Opcode Fuzzy Hash: 18f638e5088f53d2fbf44b8dfae9e90925d6da890d61957aa7df478bbdc3d03d
                          • Instruction Fuzzy Hash: BE31FE3196011D9BDB32DF14DC41FEEB7F9EB25750F0100A1EB45A7194D6749E808FA0
                          Function 01254588 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                          • Instruction ID: 18af263b2336bd2afc4f14f57c79e379d4cb6f39d006487452a0a22b093702e2
                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                          • Instruction Fuzzy Hash: B021B135A10649EFCB50DF58C9C0A9EFBF9FF48314F508065EE159B241E670EE818BA0
                          Function 012544B0 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 87a2c64af5e5fa0720ebf26a9eb3b02c3a42575dae9c2c98654458a985b8efcd
                          • Instruction ID: c6ab1de968de8df36265c08c50d4b58956f044fd6641fe56ef8fadd07af91803
                          • Opcode Fuzzy Hash: 87a2c64af5e5fa0720ebf26a9eb3b02c3a42575dae9c2c98654458a985b8efcd
                          • Instruction Fuzzy Hash: 4A21E5725247869BCB22DF18D480F6BB7E4FB98764F004519FD449B240D730DD40CB91
                          Function 0121E388 Relevance: .1, Instructions: 86COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                          • Instruction ID: 140c9804dbd8e046ecfb097d127171ada9a55a1846c29c7df6f27f5fd262eaba
                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                          • Instruction Fuzzy Hash: 80318D31620609EFD721CB68C984F6AB7F9FF85354F1545A9EA12CB284E770EE41CB50
                          Function 0129E609 Relevance: .1, Instructions: 86COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d1c24f518482b061cb8eb74cb205038155d8174eea24622408fd7953515ee9ac
                          • Instruction ID: bea301c659a6e776a47db4810bbff7ac3bb786a2405d8e0e2844343f37f327b3
                          • Opcode Fuzzy Hash: d1c24f518482b061cb8eb74cb205038155d8174eea24622408fd7953515ee9ac
                          • Instruction Fuzzy Hash: ED31BC75A20206DFCF18DF1CC8849AEB7B9FF84300B168459E9099B391E771EA50CBD0
                          Function 012A06F1 Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0620d4da83e4193220aa396ec2e23ce6dde7e8873313a264ac9d9743760dc63c
                          • Instruction ID: 57f5d76185cd7a81e7b650b886cde0824e5f5ade674ceb831fdbe86da7bce33d
                          • Opcode Fuzzy Hash: 0620d4da83e4193220aa396ec2e23ce6dde7e8873313a264ac9d9743760dc63c
                          • Instruction Fuzzy Hash: 0121BF7191022ADBCF25DF59C881ABEBBF8FF48740F400069F941AB240D738AD41CBA5
                          Function 012A019F Relevance: .1, Instructions: 78COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 51550c0bcf0dfe00d46327c0d2bc0fc0c795865163f933ffb859800b74e5c676
                          • Instruction ID: dacb3b11dfd3588a771c72235fc39b04c813504750618e36f51c8e15d708831c
                          • Opcode Fuzzy Hash: 51550c0bcf0dfe00d46327c0d2bc0fc0c795865163f933ffb859800b74e5c676
                          • Instruction Fuzzy Hash: DB219AB1620645EFD715DB6CD844F6AB7B8FF88740F140069FA04DB6A0D638ED40CBA8
                          Function 012A0283 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9538ccc219a5a76551b17796c19e10668c0c9b5191398aace61136212124e440
                          • Instruction ID: 5c3e84b4b83ba43ab80be44992dd0f35ccbdbc76f18f9cc4232adfba64bb761e
                          • Opcode Fuzzy Hash: 9538ccc219a5a76551b17796c19e10668c0c9b5191398aace61136212124e440
                          • Instruction Fuzzy Hash: 3A21F2B29243469FD711EF69D848F6BBBDCAF90340F084456BE84C7251D734DA08C7A6
                          Function 01242835 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c38258ccd755bd4c3cef12e54f4a8ba9c7d072411485b46852728d3844d46e3
                          • Instruction ID: 8a89dbb022b07a14330b8c69456b1139947fbfe42cee5254ac457c0d9de191dd
                          • Opcode Fuzzy Hash: 7c38258ccd755bd4c3cef12e54f4a8ba9c7d072411485b46852728d3844d46e3
                          • Instruction Fuzzy Hash: 0B21DA31635686DBF326AB6D9D48B287BD5BF41774F180361FB20DB6D2DB68C841C250
                          Function 0125A30B Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2787b4a2136670d6ee623b0ce84be3a7b5ea926e32096d5fe613223fa72817c7
                          • Instruction ID: 951177e31d3fa9934019ad69f44020a1dec90a4f6d9a66de2fbdc3c55faac2c9
                          • Opcode Fuzzy Hash: 2787b4a2136670d6ee623b0ce84be3a7b5ea926e32096d5fe613223fa72817c7
                          • Instruction Fuzzy Hash: 2F21ACB5221601AFCB25DF29C842B5677F5BF48708F148468E909CB762E775E842CB94
                          Function 012DA49A Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7559866ee7786bcefccbd804bc458923c3373134c6aa5393b43b22ba5bf51a76
                          • Instruction ID: 5041d0e02072a90ac18198d66f7fde86631cdd8e779b61b753efadc03d53b984
                          • Opcode Fuzzy Hash: 7559866ee7786bcefccbd804bc458923c3373134c6aa5393b43b22ba5bf51a76
                          • Instruction Fuzzy Hash: 441129727A0B12BFE7225659EC01F3BB699DBD5B60F910028F758CB290EBB0DC018795
                          Function 012A0946 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1a740a848912d6caac76c72b31f65073279a1a1a0b23582a59f691a2b13402ab
                          • Instruction ID: 4f46649dc0445e6bf43bfb77302cdad7f6bc2ed0457b0f7036790b5f361f96ce
                          • Opcode Fuzzy Hash: 1a740a848912d6caac76c72b31f65073279a1a1a0b23582a59f691a2b13402ab
                          • Instruction Fuzzy Hash: CF21E4B1E10219ABCB24DFAAD8819AEFBF8FF98B10F10012FE505A7254D6749941CB64
                          Function 012B80A8 Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                          • Instruction ID: 4c2c47d57ec103a648e03b2f9d987cd92d0da99509de3b06d744d2e2450a13ed
                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                          • Instruction Fuzzy Hash: 18218E72A2020AEFDF129F98CC80BEEBBB9EF98350F244855F904A7251D774D9508F50
                          Function 01250124 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                          • Instruction ID: 0c93281886dd19e49a3a603837385a21bae96456c245f0b5720f4251e6c35647
                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                          • Instruction Fuzzy Hash: 28110173611606BFE7229F48CC81FAABBB8EB80754F108029FF048B180E671ED44DB65
                          Function 01228770 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e5951bbac842c08ce9bc219c7a9ecbf268a227d2ad9eb3184bcacf592e16482a
                          • Instruction ID: 843f977e6b78652610e1f06463643469dac636ec5a5bdae362b265c5070303ac
                          • Opcode Fuzzy Hash: e5951bbac842c08ce9bc219c7a9ecbf268a227d2ad9eb3184bcacf592e16482a
                          • Instruction Fuzzy Hash: 6A11C876721636ABDB19CF4DC4C096EBBE5EF5A710B14806DEE089F305D6B1D901C790
                          Function 0125AAEE Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                          • Instruction ID: 3277edb6d26b0716e93adfa963f23e564438b372e35c52cd3962e67d72140a2f
                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                          • Instruction Fuzzy Hash: F2218E71620642DFD775CF4DC582A66FBE6EBA4B10F148A3DEA4997610E770EC01CB80
                          Function 012280E9 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1c554a93d8c5664a8791a34ca7dd4f6d867a75e4ff9867249a36b2f4e15594d2
                          • Instruction ID: ce29e0f3345d14026aa937feb11bd81395e56070a704ce50e8896c9d77289cfa
                          • Opcode Fuzzy Hash: 1c554a93d8c5664a8791a34ca7dd4f6d867a75e4ff9867249a36b2f4e15594d2
                          • Instruction Fuzzy Hash: D8213875A10216EFCB14CF98C581AAEBBF5FB88318F244169D205AB391CB71ED16CB90
                          Function 0125674D Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 057363119a8b6463757418249387f680a11a74d5fb0f842183eacd395c58ae55
                          • Instruction ID: 6a810086f2f3f3836587b9b1f15bc195be29fb0cd88badf9d0cb5a64bde3172c
                          • Opcode Fuzzy Hash: 057363119a8b6463757418249387f680a11a74d5fb0f842183eacd395c58ae55
                          • Instruction Fuzzy Hash: B5218CB5620A01EFD7648F68C881B66B7F8FF84350F84882DE99AC7650DA71A840CB60
                          Function 012B6870 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 32ae2ada0353c2dd89ebefbbe683e1fe89bf81fcb856766c6f68913649e4f5d0
                          • Instruction ID: 7e3b4da88a3985b112528dee445e2e8e823b646d21d0e115838cc751528bdd81
                          • Opcode Fuzzy Hash: 32ae2ada0353c2dd89ebefbbe683e1fe89bf81fcb856766c6f68913649e4f5d0
                          • Instruction Fuzzy Hash: F011A372260915EFD722DF9DC980FDA77A8EF95790F114029F305DB251DA70E905C7A0
                          Function 0124E8C0 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 80e5a677a43babda4cbdd96875f5038efb43e6572a449b29d10ee892a729b3bf
                          • Instruction ID: 05c0622b4e482fea5244f1d04d7a7bf35a68f95b95d7f7671545ad45c406ce5d
                          • Opcode Fuzzy Hash: 80e5a677a43babda4cbdd96875f5038efb43e6572a449b29d10ee892a729b3bf
                          • Instruction Fuzzy Hash: 0A116B773211119FCB1DDB29CD82A7B7356EFD5374B254529DA22CB2C1E9709802C790
                          Function 012566B0 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a700a866bd2ae603f33edad035d6e1bc6cb67b52c9ea7469e17dc6612ae4e435
                          • Instruction ID: 5870dbb7036a8f8f725cecacf739d1406ccfee0d41f45076bc25de2e900c6b0c
                          • Opcode Fuzzy Hash: a700a866bd2ae603f33edad035d6e1bc6cb67b52c9ea7469e17dc6612ae4e435
                          • Instruction Fuzzy Hash: C711CEB6A21206DFCB69CF99C5C0A6ABBF8EF84710F454079DE059B314E674DD00CBA0
                          Function 012EA8E4 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                          • Instruction ID: 0eeb433e41b015e3de76a200c8e0bd962ca63102d96dfa38ac32e8a306019524
                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                          • Instruction Fuzzy Hash: ED110436A2090AAFDB19CB58C805BADBBF5FF84210F058269E84597340E671AE51CB80
                          Function 01220AD0 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                          • Instruction ID: 10fc71a54cb9e2a5c739a0630bbd8cddfe0870fda859b0a210b202fe0f3b629f
                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                          • Instruction Fuzzy Hash: 5021F4B5A00B059FD3A0CF29C481B56BBF4FB48B10F10492AE98AC7B40E371E854CB94
                          Function 012AE7E1 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                          • Instruction ID: 1abfb0f9ebb5a3efafe22abf4d42c2a7ac38dd8a885772fbbc4f7ac2d0bf0e8b
                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                          • Instruction Fuzzy Hash: AB11C671620602EFEB219F48CC40B6A7BE6EF55754F468428EA099B170D771DD42DBA0
                          Function 012427ED Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b2b56772a133c1e4bdd024fde99650db632bf577d5f644ad4a70000fe72bfebe
                          • Instruction ID: 3ab6f9d5780295abba5fa8d0d2dab7f8d7c2a877ec88476d6a4186e94683871e
                          • Opcode Fuzzy Hash: b2b56772a133c1e4bdd024fde99650db632bf577d5f644ad4a70000fe72bfebe
                          • Instruction Fuzzy Hash: 9201D671636646ABF31AA66EE889F3B7B9CFF80394F050065FA00CB291D964DC00C271
                          Function 01224690 Relevance: .1, Instructions: 57COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52c60d72e141e1c0349da38ec323b33c3d554599a090b1e210423c09a2e6d6a2
                          • Instruction ID: b8e4cedf29112613ea89bf2309433b79eb8b5af8070353eb15fc2815bd577aba
                          • Opcode Fuzzy Hash: 52c60d72e141e1c0349da38ec323b33c3d554599a090b1e210423c09a2e6d6a2
                          • Instruction Fuzzy Hash: 7111E5763606A6FFDB29EF59D840F5A7BA8EB85764F004519FA288B250C770F840CF60
                          Function 012F4B00 Relevance: .1, Instructions: 57COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 587a0720be054e13957276eeb1b4bcaab236cd31806e819d3ad9eb669e00ed98
                          • Instruction ID: 969a44243639693e681b42ad8fb40198ed9aff5eb4046be2919e69c8ff4f7dfe
                          • Opcode Fuzzy Hash: 587a0720be054e13957276eeb1b4bcaab236cd31806e819d3ad9eb669e00ed98
                          • Instruction Fuzzy Hash: 4111293262064A9FD722EA29D844F27F7A5FFC4710F14443DEB46C7251EAB0E802CB90
                          Function 01256620 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 381ae8bb5a23204c0fa769c4d3262cf7fe40202ab10bac3be9b017337e7e5aaa
                          • Instruction ID: 68c22260e7645b6576b65b0f3ba6ab7a7ff9617818e42e45f06875479b7fe99d
                          • Opcode Fuzzy Hash: 381ae8bb5a23204c0fa769c4d3262cf7fe40202ab10bac3be9b017337e7e5aaa
                          • Instruction Fuzzy Hash: CD11C272A10616AFDB21DF59C9C0B6EFBB8EF88740F900458EE01A7200D738AD41CB60
                          Function 0124EA2E Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cb4570e76d6b8c48dd2d97341ed180fc752a3e19085092e420dca749d289b818
                          • Instruction ID: 84cc91d5d0aac8d3e6a486e80450e0eb2dc7d7c6faf34a716fb3c14ff655519e
                          • Opcode Fuzzy Hash: cb4570e76d6b8c48dd2d97341ed180fc752a3e19085092e420dca749d289b818
                          • Instruction Fuzzy Hash: D801247151010AAFD729DF18D404F26BBFDFBC6318F22816AE1058B264D7B4EC42CB90
                          Function 0124E53E Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                          • Instruction ID: 999d191851d42a5e5c885db9c06cfc8e3edb8bc2654fba37a4bbf61c04de6ffe
                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                          • Instruction Fuzzy Hash: 3F1182722326C79BF726A72CEA58B257B94FB41754F1A00A0DF41C7692F76CD942C290
                          Function 012AE75D Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                          • Instruction ID: cdfd02d19f7c801de07143020c4d79ed80d40848321bedd41f6b6af2a9937200
                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                          • Instruction Fuzzy Hash: 1C01D232620206AFFB299F58CC41F6A7EA9EB80750F468424EB059B260E771DD42CB90
                          Function 0121A250 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                          • Instruction ID: ac014fdc2fe0dccb1084e1befcac5981899a20a2b0461c4f7dc759fce00436b7
                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                          • Instruction Fuzzy Hash: E60126714267669BCB31CF19DC40AB27BE4FF65760B00852DFE958B285C331D400CB60
                          Function 012F4940 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1bdb2d47211e8122fd21036b022222299bc1a50c668e693852451c98ef81b1b9
                          • Instruction ID: 744f98451abea9a0a5714acd3f97ae9e73609aeddd41f64ba4d222a7a806d860
                          • Opcode Fuzzy Hash: 1bdb2d47211e8122fd21036b022222299bc1a50c668e693852451c98ef81b1b9
                          • Instruction Fuzzy Hash: EF0104726611429BC322EF1CD800E23F7A8EB81370F154229EB689B292E670D801CB80
                          Function 0129E1D0 Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ac54b2900d85afbde36f9a91dd2f14f9d07acc4c350a77697ec5435d6e76d557
                          • Instruction ID: 36f0a4bc255d7301405b8b017cfabd625fbe157eba0e13936ac9de2e18603181
                          • Opcode Fuzzy Hash: ac54b2900d85afbde36f9a91dd2f14f9d07acc4c350a77697ec5435d6e76d557
                          • Instruction Fuzzy Hash: 7411ED32261241EFCB15EF19CD80F26BBB8FF58B44F2000A5EA058B6A1C275ED00CA90
                          Function 01226259 Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0862cd53e782b57db5b78b8a519824cadd7e456f21f78d938719ff75a1102a61
                          • Instruction ID: e292ed09ef616895af373086106b1c0589064e395d3e1b809421cb2aa0633a8e
                          • Opcode Fuzzy Hash: 0862cd53e782b57db5b78b8a519824cadd7e456f21f78d938719ff75a1102a61
                          • Instruction Fuzzy Hash: 00115A71551229ABEB25EB64CD42FE9B278EB14710F504194A718A61E0EA709E85CF84
                          Function 012A6050 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b0a67ee5269500de50dc4323e1bbc66023b58365c06072cbdf778eb25f2d5553
                          • Instruction ID: 7d41c03a02f9a90baeb46ecc615b39dc0fb1235add43036699b801968d8aff9a
                          • Opcode Fuzzy Hash: b0a67ee5269500de50dc4323e1bbc66023b58365c06072cbdf778eb25f2d5553
                          • Instruction Fuzzy Hash: 141117B2900119ABCB11DB94CC84DEFBB7CEF48358F044166AA06A7211EA34EA55CBA0
                          Function 0122208A Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                          • Instruction ID: 2427d04efc3808dd13a2f6b8c8728ca1f6486bce8a6a66eee752a6613fc7b3a1
                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                          • Instruction Fuzzy Hash: 22014532220122DBEF118A58D880B6B7766FFE4600F1540A9EE008F246DAB68C80C390
                          Function 012B6500 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26eb6089a363fb867ec1c2ff2323d7b2880140cd25d4c9dffda177dae09c9591
                          • Instruction ID: d7690d4b4cf584d634a3d81190ae63704c822aef6f23c46d0eeff8527e34b8c0
                          • Opcode Fuzzy Hash: 26eb6089a363fb867ec1c2ff2323d7b2880140cd25d4c9dffda177dae09c9591
                          • Instruction Fuzzy Hash: 6D11C4726541469FD711CF58E840BE6BBB9FB9A354F088159E948CB315D732EC81CBA0
                          Function 012AC810 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6e424f70f5a54db2c7f84568589363232cf3df3c98c73b19e938f592092606c
                          • Instruction ID: 5a2d5c0893eed1225797d5e25559b5156a9f758a4dee8796bf15a770fd23a37c
                          • Opcode Fuzzy Hash: d6e424f70f5a54db2c7f84568589363232cf3df3c98c73b19e938f592092606c
                          • Instruction Fuzzy Hash: AA1118B1E10209DFCB00DFA9D541AAEBBF8FF58350F10406AA905E7351D674EA018BA4
                          Function 012CEA60 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 611f85fe292b0024ef6586edf0d75ab9ac546580dbf830cad441ea2ba89d8597
                          • Instruction ID: 34695221338d57f731d591d78bb58d784b286d412150c2f7b354518f42ce8a32
                          • Opcode Fuzzy Hash: 611f85fe292b0024ef6586edf0d75ab9ac546580dbf830cad441ea2ba89d8597
                          • Instruction Fuzzy Hash: AB01B1B21602129FC736AE1D844193ABFA9FF91A60B06452EE3555B251CB219D41CB91
                          Function 012F4D30 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b97dd1f20beab8a0c016d97cfad2e3a735c91aafa8b95bcf42b6846e173e0e96
                          • Instruction ID: 26b82767f0147299c52fa0020b5169bfc8c3973b49e33ae101b5ea07cb1dc73f
                          • Opcode Fuzzy Hash: b97dd1f20beab8a0c016d97cfad2e3a735c91aafa8b95bcf42b6846e173e0e96
                          • Instruction Fuzzy Hash: F7019A72A10148ABCB21EFA9CC45EAFFFBDEB58650F040028E605E3251C630DA10CBA0
                          Function 0121C020 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                          • Instruction ID: 4ee7a8ce89957a51f8558a55f477f077f954e455314013cf5fa432165f7358c8
                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                          • Instruction Fuzzy Hash: D501283222074A9FEB22D6AAD840FB777E9FFD6610F044819EA468B540DAB0E401CB50
                          Function 012620F0 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b2e00e5a6e09ca59d7dd389027eaed0233456c90b85cdb0044c669489e992fe7
                          • Instruction ID: 4eb552d07f1e440d3508caa6caf21ff7cb945c9ddf845165a93852bc3e7e56ff
                          • Opcode Fuzzy Hash: b2e00e5a6e09ca59d7dd389027eaed0233456c90b85cdb0044c669489e992fe7
                          • Instruction Fuzzy Hash: E6116D75A2024DEBCF05EF68C851FAE7BB9FB44380F004099EA0197290D635AE51CB90
                          Function 0125E5CF Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 539d95608ac2bbc1861bf0c1ea3a20d8be1e29e2c3eb21752ed3a23a7c58b79b
                          • Instruction ID: 19c6c7854bd27b7d99eeb96190f4d83105fe6d12e1d8a3a00509f4095bc70857
                          • Opcode Fuzzy Hash: 539d95608ac2bbc1861bf0c1ea3a20d8be1e29e2c3eb21752ed3a23a7c58b79b
                          • Instruction Fuzzy Hash: 0201D4F2621502BBD715AB6DCD80E63BBACFB986647000529B60583550DB64EC01C6A0
                          Function 012B69C0 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2cb5b6a63944b3feae79bd4fad3c451058277a0a52f553c424a46f99ee25704a
                          • Instruction ID: f944d01ef061ff07d9eec52f983fcbc899f6a30e3d79ecb766a457de300fe3e7
                          • Opcode Fuzzy Hash: 2cb5b6a63944b3feae79bd4fad3c451058277a0a52f553c424a46f99ee25704a
                          • Instruction Fuzzy Hash: 86014C322342069BC720DF69C8C89B7FBACFF88760F204129EA58872C0E7309941C7D1
                          Function 012AC460 Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c38ac2eca905c59def5fcc971c56d036bf9f1fd5eb4e5d7532f8e80e9d21f918
                          • Instruction ID: 22a733977bd7c39e889c5ced8b6d3c7e109ce2f6f8977030ae5142e1e88e07f7
                          • Opcode Fuzzy Hash: c38ac2eca905c59def5fcc971c56d036bf9f1fd5eb4e5d7532f8e80e9d21f918
                          • Instruction Fuzzy Hash: E4115B75A1024DABDF15EF68C844EAEBBB9FB48340F004059B90197380DA35EA61CB94
                          Function 012AC97C Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e5db640eb86fe6eba98388c8ab4f6f23269f69ccf93ed5388b4d099abe042e19
                          • Instruction ID: e05893037ac01f731d7e6c84d568bcabdad2f39a46429fa5762f9054a69dbf53
                          • Opcode Fuzzy Hash: e5db640eb86fe6eba98388c8ab4f6f23269f69ccf93ed5388b4d099abe042e19
                          • Instruction Fuzzy Hash: 151179B16283099FC700DF69D44296BBBF8FF98310F00491ABA98D7390E630E910CB92
                          Function 012ACA11 Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: debac42a7c9c1b52449c6aebb2349ace857c2a68c0c0a6fcef4d380a968cb5db
                          • Instruction ID: 1f1701a73c84c64ab1582386ba6d6f4dc967316de49ec0407ab040abf6e6a795
                          • Opcode Fuzzy Hash: debac42a7c9c1b52449c6aebb2349ace857c2a68c0c0a6fcef4d380a968cb5db
                          • Instruction Fuzzy Hash: 601179B16283099FC300DF69D44195BBBF8FF99350F00892AB998D73A5E630E910CB92
                          Function 012F4A80 Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                          • Instruction ID: 7c4b7049f1f3748fb898f38de0e2af0f123a001bc7d30b374edcccb3f8470739
                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                          • Instruction Fuzzy Hash: E3012833220A469FD721EA59D854F63F7EAFBC1210F04452DE7428B650DAF0F840C754
                          Function 0123E016 Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                          • Instruction ID: 898cc82162491a80cbcc3395f1b08472bef7472e1ab42fadcf0e6a073a7343fe
                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                          • Instruction Fuzzy Hash: FE0184713246859FE722871DD948F37BBD8EF84754F0A04A1FA05DB691D678DC40CA25
                          Function 0121826B Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5288c4915d0a776b3006ac5adac9062af8527246f5deaf390b6bf224ee6296a0
                          • Instruction ID: 62866267ef224852607ad0ab87772e0b2139920e5ba6b5ff0affa5af144498b6
                          • Opcode Fuzzy Hash: 5288c4915d0a776b3006ac5adac9062af8527246f5deaf390b6bf224ee6296a0
                          • Instruction Fuzzy Hash: 6001DF317206499BD715EF69D8419BABBE9EF90320F4944299A01A7688DE30D801C790
                          Function 012CEB50 Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: f6d76f42c8be5f5020c75405cbf12473d556877927ac695e47c39241a0409616
                          • Instruction ID: b5405a724d59b1296238e2cf3bbaa00e04505188eeb429bfd1232ee77fe2b67e
                          • Opcode Fuzzy Hash: f6d76f42c8be5f5020c75405cbf12473d556877927ac695e47c39241a0409616
                          • Instruction Fuzzy Hash: 4001A2B1290702AFD3355B19D841F22BEA8EF55F64F05442EB3069F390D6B1E8418B64
                          Function 01222582 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71ca7c2b5f6c1a17351b36a8f6880767439c9ca8677ae3ac77969de8f3e7ef18
                          • Instruction ID: 1686663c0a4e5e37d79aa652cc7f0d10caf24004e0fd64fa96b1fe18b14372f9
                          • Opcode Fuzzy Hash: 71ca7c2b5f6c1a17351b36a8f6880767439c9ca8677ae3ac77969de8f3e7ef18
                          • Instruction Fuzzy Hash: 5AF0F432661A21B7C735DB5A9D40F1BBAA9EBC4A90F048029F60597600DA30ED01CBA0
                          Function 0124C073 Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                          • Instruction ID: 6992a967b5157305a51ebc0f8190f63a1a6150f39dd9b0def2378add378c4893
                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                          • Instruction Fuzzy Hash: A3F062B2601615ABD328CF4DDC40E67FBEEDBD5A90F058129A659D7220EA31DD05CB90
                          Function 0121C310 Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                          • Instruction ID: f3775989d18ba6ad43fdb6c4a99bf8ee5157b44337d08b82a3081e9cc6d75684
                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                          • Instruction Fuzzy Hash: 9BF04C372A46339BD732D7594840B3BA9D58FF1A60F190035E3059B608C9B08D1253D0
                          Function 012F634F Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4434f99ca3a17b2b490b3e39a9247da9a41f641adb92ba14d7d8eb04ec7bb6f0
                          • Instruction ID: c67c3394ad5ddaf9ffb3666a06ec082a4afb3d766908807c1772bf2f5da12c86
                          • Opcode Fuzzy Hash: 4434f99ca3a17b2b490b3e39a9247da9a41f641adb92ba14d7d8eb04ec7bb6f0
                          • Instruction Fuzzy Hash: F4014475A2024DEFDB04DFA9D5519AEF7F8FF58704F10406AFA04E7390D6749A018BA4
                          Function 012F625D Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e979d6ed2026de8f98aca1d95ad119515c3ea62b25bacf7896f51087c6f20964
                          • Instruction ID: c8eeb8e5842a0e342126cd2760d181873bc33798e9d2afacf8d56aa883c545c9
                          • Opcode Fuzzy Hash: e979d6ed2026de8f98aca1d95ad119515c3ea62b25bacf7896f51087c6f20964
                          • Instruction Fuzzy Hash: 27012175A2024AABDB04DFA9D4519AEB7F8FF58304F10406AFA04E7391D6749A018BA4
                          Function 012F62D6 Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 862d355de6eb433644f5ecb5ae1a7da7a751647c0c878c0155733d47f2d4bf22
                          • Instruction ID: 33a66048d359537be3c2e942dec618701a1fa9bb43b3e64c6ee1b81bc0caf3e0
                          • Opcode Fuzzy Hash: 862d355de6eb433644f5ecb5ae1a7da7a751647c0c878c0155733d47f2d4bf22
                          • Instruction Fuzzy Hash: 30012171A10249ABDB04DFA9D4459AEB7F8FF58704F50406AEA14E7390D6749A018BA4
                          Function 0125CA6F Relevance: .0, Instructions: 42COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                          • Instruction ID: 4b075a6489eb7371dfdb6f9d4180a5e1144cf780b5db0f2b929818f3d7ff8d7e
                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                          • Instruction Fuzzy Hash: C401D63122068A9BD7269A1DD849B59BF9CFF42750F0C4065FF048B691E679C910C250
                          Function 012F61E5 Relevance: .0, Instructions: 41COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48245ced66c8a9b4f5cab25100b8a70971882f06f01474562eb2a8ea859b4bd1
                          • Instruction ID: a4599e7d93413c2c96704f0a484677c4fb62391cdb4771035ffa3f7f88b22b5b
                          • Opcode Fuzzy Hash: 48245ced66c8a9b4f5cab25100b8a70971882f06f01474562eb2a8ea859b4bd1
                          • Instruction Fuzzy Hash: 86014F71A202499BDB04DFA9D445AEEFBF8FF58314F14406AE505E7380D774EA01CB94
                          Function 012AA4B0 Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ae019640a6349f25fddcefac52a57c7757b646d041d0fb3766683bc9c6b806c5
                          • Instruction ID: 6fe7d83c3ee6433887d0b2c1cbe60fdf3a8193f4b8e0619b2d16ce13a6a15c60
                          • Opcode Fuzzy Hash: ae019640a6349f25fddcefac52a57c7757b646d041d0fb3766683bc9c6b806c5
                          • Instruction Fuzzy Hash: A5014536520259ABCF229F84D840EDA7F6AFF4C764F068115FE1966220C736D971EB81
                          Function 0121C0F0 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 84cc7f0f486489ab18318667d04f76d190f484f7ac6d160796c1b0df873600ce
                          • Instruction ID: 5993e1216baabae12c8900dc8e34d294f7ed6880d01214e7a3473ca232549d6e
                          • Opcode Fuzzy Hash: 84cc7f0f486489ab18318667d04f76d190f484f7ac6d160796c1b0df873600ce
                          • Instruction Fuzzy Hash: 7FF024752E42425BF714D6298D02F3332D6E7E0660F65802AEB058F2D9EA71DC1183A4
                          Function 0125656A Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5e6229c33d5e48ff9da87413422fbfc596315feb850510c6fa7d04862b201542
                          • Instruction ID: 0ac2764f458300f5226b3faa62e62ec9e9ed4d5a1ec54fa6010bfe1c9266c26b
                          • Opcode Fuzzy Hash: 5e6229c33d5e48ff9da87413422fbfc596315feb850510c6fa7d04862b201542
                          • Instruction Fuzzy Hash: A401A4706706C69BE772AB3CDD98B3537A8BB81B48F980190BF01CB6D6D778D402C214
                          Function 012C437C Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                          • Instruction ID: db479e8c85e9ebdf1b64cfb19ff89a97c553ecf132d29ae8f6418c08cd7767be
                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                          • Instruction Fuzzy Hash: DAF0B431371D9347E776BB2E8830B3BAA559FD0D00B26072C97458B680DF60DC408790
                          Function 012AE872 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                          • Instruction ID: 019b10185463538e33a6409ca5c61677040fc98d3d51e423ead5ac3b88fa0ec7
                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                          • Instruction Fuzzy Hash: C8F05E727316129FE3219A4ECC80F16B7A8AFD5B60F9B0465A7049B270C764EC0287D0
                          Function 012AC89D Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9dd3c991dcc51ec0f14381b3d3200b81d44810e780d19276e05baa676bfcd07d
                          • Instruction ID: 0a060d0c19883653524b372de3e8396d4f0f3a48a35dbf5ade79c789b49148da
                          • Opcode Fuzzy Hash: 9dd3c991dcc51ec0f14381b3d3200b81d44810e780d19276e05baa676bfcd07d
                          • Instruction Fuzzy Hash: 6AF0C8706253449FC310EF28C445A2BB7E4FF98710F40465AB898DB3D4E634E910CB56
                          Function 01250854 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                          • Instruction ID: fc01329c145273776d27fa5a9f36a57a36d7e7d2392ea523720cd05b1fc0d5e4
                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                          • Instruction Fuzzy Hash: 94F0E972620205AFE714DF26CC45F56B7E9EFA8350F148078AA45D7164FAB0ED41C658
                          Function 012A8D20 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4f1b32105d95ddd1014b5e50d92c4d08b8914f69f7b03090e0799d640143bbce
                          • Instruction ID: dc42035f9ebf3f024e3f8e44b64075ba58a972c5e4d2601fb67bfe2af0014a9d
                          • Opcode Fuzzy Hash: 4f1b32105d95ddd1014b5e50d92c4d08b8914f69f7b03090e0799d640143bbce
                          • Instruction Fuzzy Hash: 4AF059330206486BD7366B2CEC44BDABB6DFBD8715F890015FA4427125C7346C81C7C0
                          Function 012AC912 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa257ccae3b5df3b646ee731cc2c92317247761b795ac203a1c7b85320de046b
                          • Instruction ID: 08f607a86c4bdd58b1d8c7f11dae3fcfc38fc77c86d1bacdadc58b5a9c1ee9d7
                          • Opcode Fuzzy Hash: aa257ccae3b5df3b646ee731cc2c92317247761b795ac203a1c7b85320de046b
                          • Instruction Fuzzy Hash: D6F0C270A2024EDFCB04EF69C515AAEB7B8FF18300F008055B945EB385DA38EA01CB50
                          Function 012247FB Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3915409eba13ad43f505e39bcae3fe04063480bce7cabe564a4b50289845e1e1
                          • Instruction ID: 132e732412838bc369862e2d3199b7be5119809314cdf15097316a56eb2386eb
                          • Opcode Fuzzy Hash: 3915409eba13ad43f505e39bcae3fe04063480bce7cabe564a4b50289845e1e1
                          • Instruction Fuzzy Hash: F4F0BB319356F2BFD732FB5CC844B697FD49B00628F05496ADB458B542C7E4D840C653
                          Function 012E0115 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6b310402c34a4b58be0eab58ba081d4159eecce42ab94306240145aaead4a516
                          • Instruction ID: afeac2e0546a72782cc40b10222c98dd12028dcecb052dc516a62534c69e69e2
                          • Opcode Fuzzy Hash: 6b310402c34a4b58be0eab58ba081d4159eecce42ab94306240145aaead4a516
                          • Instruction Fuzzy Hash: E3F027A65396820BCF325B6CB4593E13BA9A742220F4A1489E5A15F209C5F4D483C328
                          Function 0125C5ED Relevance: .0, Instructions: 31COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8e7e3a6e7e38c48743c9bcba95b503a3e5dbfd5070c19ea8b97ef57393b2a912
                          • Instruction ID: c1f40ce8eb528912bb7cfbb55c2dc3c1e5f094a0ad4a23cdf595c8c1971d41fe
                          • Opcode Fuzzy Hash: 8e7e3a6e7e38c48743c9bcba95b503a3e5dbfd5070c19ea8b97ef57393b2a912
                          • Instruction Fuzzy Hash: 34F059758313429FD3A2971CC1C4B2177DC9BC0B60F089425CE1183202E3B0E960C670
                          Function 01262619 Relevance: .0, Instructions: 31COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                          • Instruction ID: 063c0800fc4abca9ef6fa3fe27620026e2b6409a3ec76ed81b2480187d391717
                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                          • Instruction Fuzzy Hash: 0CE0D8723106016FE7119E598CC0F67776EDFD2B10F040079B6045F291C9E2DC4983A4
                          Function 012B6030 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                          • Instruction ID: ffb372e40ea75583a70faf900b16546c1e0db881a5a26d5a509f750c6cb04d9a
                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                          • Instruction Fuzzy Hash: 40F030721242049FE3218F0AD984FA2B7F8FB453A4F45C425E7099B561D379EC40CBA4
                          Function 01220710 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                          • Instruction ID: 23cd607f496f864db7e3cc76f970b87642b9836048ea17e02602c695cd6971dc
                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                          • Instruction Fuzzy Hash: 68F0E57A224355ABDB1ACF19D040AA97BA4FB51350F010094F9428B301E771E981CB55
                          Function 012549D0 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                          • Instruction ID: 08ee43f365cb7599f3c3bb95c072f6008c535c504d31239884d4976afa5044d8
                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                          • Instruction Fuzzy Hash: 77E09B322741C59BD3A179598851B76B6A597D47A0F150425EA0887150FB70EC80C798
                          Function 012F4164 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 621bdac3b813be7f1ee4da92dae071a82c43b2ff8c4b218adb24e739f0173bc0
                          • Instruction ID: 6743233c52eb28642b1c3bec18e093514fe625f91b091b56f439fb3fa2d1af1b
                          • Opcode Fuzzy Hash: 621bdac3b813be7f1ee4da92dae071a82c43b2ff8c4b218adb24e739f0173bc0
                          • Instruction Fuzzy Hash: 58F0E531A355D28FE772E72CD650B53B7E0AB10630F0A057CD70087A12C3A0DC40C650
                          Function 012C678E Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                          • Instruction ID: 335494755889dc0e45ff20be6f5cf46ca3daa7ef79e2914d8da06afd8346a59e
                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                          • Instruction Fuzzy Hash: F5E0DF72A50510BBEB21A7998D01FAABEADDF90EA0F050058BB00E7190E530DE04C690
                          Function 012F08C0 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                          • Instruction ID: 23424d6784fc949cdd005cfd0bd4808c1de26285ecbe08ec652e32d79986be86
                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                          • Instruction Fuzzy Hash: D1E09B316503518BCB258A1DC141A63F7EDDF95661F15807DEF0547613C271F852C6D4
                          Function 012225E0 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: f62f78dcc716b2451de4a46a05521a2281b6592cdb10c2480c1b5edd9121096c
                          • Instruction ID: 81f14b773e1e66ad8b0b889fe0146c1adfc81c5e5a3248f9c6440a72c1e71649
                          • Opcode Fuzzy Hash: f62f78dcc716b2451de4a46a05521a2281b6592cdb10c2480c1b5edd9121096c
                          • Instruction Fuzzy Hash: E2E09272110594ABC321FB29DD01FAA779AEBA0360F114615F11557190CA74A950C784
                          Function 012DA456 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                          • Instruction ID: 289327c4573db2b4d3d3fe3b50418cb5c086a9a1fd99fd0e6dd27e636cf91939
                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                          • Instruction Fuzzy Hash: DCE01231030652DFE7366F2AD948F627BE5FF50711F158C2DE196124B0D77598D1DA40
                          Function 012A4000 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                          • Instruction ID: 871c90c4b275af10c8c2cb8221f3ea5ed28f33eb5317f9c9cc72f1bdf39dda79
                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                          • Instruction Fuzzy Hash: 62E0C2343503468FE719DF19C040B627BB6BFD5B10F68C068AA488F205EB72E842DB40
                          Function 0125CA38 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65adf58673091b11454fe8a00a30a050b6358fb839ae22aeefa7e9db6246a1b4
                          • Instruction ID: 30f6b138b3099299e6b4d96cb465ab0778adaebf3e209d7c95e01906e5b2498f
                          • Opcode Fuzzy Hash: 65adf58673091b11454fe8a00a30a050b6358fb839ae22aeefa7e9db6246a1b4
                          • Instruction Fuzzy Hash: 23D0C2328A11216ACBA6E9187C44FE33E5D9B50220F014860FA0892010E574CC9182D4
                          Function 0121823B Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                          • Instruction ID: ed29535b9b47d73796e1edddbf82bcf8adb5a9a06eaeca5ef3a1df0b0bff7ecd
                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                          • Instruction Fuzzy Hash: EDE0C231030A52EFDB33AF15DC40FA276E9FFA4B10F204829E181164A887B4ACC1CB44
                          Function 01222050 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4391e153f425ed2c14bec4ea825b3df1214a266c8c1b91fd51456ca29f48bc07
                          • Instruction ID: ec8445ba21c4be2199eead8c7f5ad1840b47b0f3c6dd2d7c3a3ef00cd1567083
                          • Opcode Fuzzy Hash: 4391e153f425ed2c14bec4ea825b3df1214a266c8c1b91fd51456ca29f48bc07
                          • Instruction Fuzzy Hash: 27E0C2732104A0ABC321FB5DDD01F6E739EEFA4370F010221F15187290CA64AD00C794
                          Function 01258A90 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                          • Instruction ID: f54e5a705975cbe2b87e4d0bb472809c7d414b363b654a4578e0a60bb24ac5e9
                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                          • Instruction Fuzzy Hash: A8E08633121A1487C728DE18D552B7277A4EF45720F09463EAA5347780C574E544C794
                          Function 01276AA4 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                          • Instruction ID: af9553076d7d6d1656f4dab154a4c0b658a4a66ce3e139e50006ce6351bf2e51
                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                          • Instruction Fuzzy Hash: C2D05E36521A50AFD3329F1BEA00C13BBF9FBC4A107050A2EE54583920C670AC06CBA0
                          Function 0125E59C Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                          • Instruction ID: 96cfd10869aa956620245f871bf2b60cb73ecbb4c5df8206e05a4d48e1d46567
                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                          • Instruction Fuzzy Hash: A7D0A932624620ABDB32AA1CFC00FD333E8BB88720F060899F008C7050C364AC81CA84
                          Function 0129E908 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                          • Instruction ID: 3eb970513e1994c348da4b6c4458e1b0b74619df6ba6ba9564b74925fcae81d7
                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                          • Instruction Fuzzy Hash: 5CE0EC75960685ABDF12DF5DC640F5EBBB5BB94B40F160454E1485B660C664AD00CB40
                          Function 0121A0E3 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                          • Instruction ID: 50f304a8eddb0f94239814568eac928361a353f7b9182b4395787dc9720a89f2
                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                          • Instruction Fuzzy Hash: 0DD022322330B193CB28D6556900F636945ABD0A90F0A002C750AA3804C0088C42C2E0
                          Function 0125A830 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                          • Instruction ID: 1eba3e0dbba1cf18d6c45347b3c8082ce359d79ca88b7523dfbfcc5e46c74609
                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                          • Instruction Fuzzy Hash: F3D012771E054DBBCB11DF66DC01FA57BA9E7A4BA0F444420F504875A0C63AE950D684
                          Function 0125CA24 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06251c867e8f187b01a9710cab417e404f1e705a06c97f6a01add3c5d9f4c6ee
                          • Instruction ID: e8034a5b679267e43074aee97e97b05d418beb7fcbd126fea643cc6226932aef
                          • Opcode Fuzzy Hash: 06251c867e8f187b01a9710cab417e404f1e705a06c97f6a01add3c5d9f4c6ee
                          • Instruction Fuzzy Hash: 40D052316722068BDF2ACF48CA51A3A3AB8EF20A41B440068EB00A2020E328E8118A00
                          Function 012302A0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                          • Instruction ID: e8b1c09d1660b76bca89eeb3b9aeaab0014fe7d131ed9a626c718b78500f6768
                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                          • Instruction Fuzzy Hash: 4AD0C975222E81CFD61BCB1DC5A4F1533A8BB84B44F810490F501CBB62D66CD940CB14
                          Function 0125C700 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                          • Instruction ID: 0889fae44eb1d344a825947ad9d9860128118490462164fa7ef224684ece9b92
                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                          • Instruction Fuzzy Hash: B5C012322A0648AFC712EA99CD01F127BA9EBA8B40F000421F2048B670C635E920EA84
                          Function 01240310 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                          • Instruction ID: c01a5b7332b2c9573478b231d916aed94b05ecbecb963dba8e323c00739cdbb5
                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                          • Instruction Fuzzy Hash: A8D01236110248EFCB05DF41C890DAA7B2AFBD8710F108019FD19076108A71ED62DA50
                          Function 01220750 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                          • Instruction ID: f099d67f9a27a2efbe62d1ef045de3ed443eaa4d3b435dd76bb2dd324d9c9022
                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                          • Instruction Fuzzy Hash: 14C04C797215468FCF15DB19D294F5677E4F744750F1508D0E905CB721E624E901CA10
                          Function 01264340 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 376b17c3499ef1b99f30c5ea251bf7635a5155134d0da489473c4b1d8712d83f
                          • Instruction ID: 03d65e55d4b72c474161b7b0d422ed404d806ded4e41e2aa99fc1b97cb8cfd91
                          • Opcode Fuzzy Hash: 376b17c3499ef1b99f30c5ea251bf7635a5155134d0da489473c4b1d8712d83f
                          • Instruction Fuzzy Hash: B8900231616800129240715848885474005A7E0301B55C021E1424554CCA248A565361
                          Function 01264650 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12738f8df6d84e02f496f2f8e1317938d2b903e2109719cbcbdef6199c1034f3
                          • Instruction ID: f4029e59fccbb3544bcc4013e520144fd6a7bf647ed2ff1fe142b326d89eb09d
                          • Opcode Fuzzy Hash: 12738f8df6d84e02f496f2f8e1317938d2b903e2109719cbcbdef6199c1034f3
                          • Instruction Fuzzy Hash: 1D900261612500424240715848084076005A7E1301395C125A1554560CC62889559369
                          Function 01262BA0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 352767a28905c9e379ec1acef23ac90e2248d216ba973191e5d250c4bfa296fa
                          • Instruction ID: 5a4e8fb47f39797281f112706b6ef14719b814631a8232ddcb45caee3b718550
                          • Opcode Fuzzy Hash: 352767a28905c9e379ec1acef23ac90e2248d216ba973191e5d250c4bfa296fa
                          • Instruction Fuzzy Hash: F690023161640802D25071584418747000597D0301F55C021A1024654DC7658B5577A1
                          Function 01262B80 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55dda763c70c8e039ee361c13d682f33babcee819f0aef40662511160c5b0384
                          • Instruction ID: c150dbc45cddb36c214a13ddf63fe485d5e107338b5da83bc5dc2048182f1724
                          • Opcode Fuzzy Hash: 55dda763c70c8e039ee361c13d682f33babcee819f0aef40662511160c5b0384
                          • Instruction Fuzzy Hash: BC90023121240802D20471584808687000597D0301F55C021A7024655ED67589917231
                          Function 01262BE0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1982983e3cbadba8e4303c3c6119e5e338831e860e9938593049a9c65cee0b00
                          • Instruction ID: 696d4b37193e30e33ebc69b7ac0daaa4824da8917ca3391d3d92603547505602
                          • Opcode Fuzzy Hash: 1982983e3cbadba8e4303c3c6119e5e338831e860e9938593049a9c65cee0b00
                          • Instruction Fuzzy Hash: 6E90023121644842D24071584408A47001597D0305F55C021A1064694DD6358E55B761
                          Function 01262BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec6d7007ddeef07c5e3c1c8bdb1f5fda18a9d00e41c215db98b10420eb0bb0dc
                          • Instruction ID: eb306b89aada229da58d6d6718de0a80c0cf5986c884302315a22df636c33b2d
                          • Opcode Fuzzy Hash: ec6d7007ddeef07c5e3c1c8bdb1f5fda18a9d00e41c215db98b10420eb0bb0dc
                          • Instruction Fuzzy Hash: 3790023121240802D2807158440864B000597D1301F95C025A1025654DCA258B5977A1
                          Function 01262AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4a931cb8926801b853cc0915c7c9c39ed942837e40b45139a9a2174fc97760ad
                          • Instruction ID: 67d1ae6e2ca5e0aade1cc87c0c5d55edbe31fc77245e1cf70642ac7f2ba16582
                          • Opcode Fuzzy Hash: 4a931cb8926801b853cc0915c7c9c39ed942837e40b45139a9a2174fc97760ad
                          • Instruction Fuzzy Hash: BB9002A1212540924600B2588408B0B450597E0201B55C026E2054560CC53589519235
                          Function 01262AF0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 706ec87bb68d8a59f6952733cd84cf8b604d75e298ccf390fd39c54900112cbf
                          • Instruction ID: b9f3b03001f47b807475e1548f8ae1d25a25149531930aa2b445ab7281f3c8e9
                          • Opcode Fuzzy Hash: 706ec87bb68d8a59f6952733cd84cf8b604d75e298ccf390fd39c54900112cbf
                          • Instruction Fuzzy Hash: 81900225232400020245B558060850B0445A7D6351395C025F2416590CC63189655321
                          Function 01262AD0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3861fd79130a8767a33f3ee6e4a60117704f0ae4b749f4c3fad3def4efb881d0
                          • Instruction ID: 08aa7991bd517d16b6ea3c6243f8884bf0f5fe5fe67559278925964e73ede826
                          • Opcode Fuzzy Hash: 3861fd79130a8767a33f3ee6e4a60117704f0ae4b749f4c3fad3def4efb881d0
                          • Instruction Fuzzy Hash: 51900435333400030305F55C070C5070047D7D5351355C031F3015550CD731CD715331
                          Function 01262D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10c189a7e4bafd2ca4f720ba90778e44e3c6f42947e141a220a0c914b90f6f75
                          • Instruction ID: 612b82226336d346b10522c58ff56f6a94a37261134e6e1054b72b3c43997862
                          • Opcode Fuzzy Hash: 10c189a7e4bafd2ca4f720ba90778e44e3c6f42947e141a220a0c914b90f6f75
                          • Instruction Fuzzy Hash: 7990022131240003D2407158541C6074005E7E1301F55D021E1414554CD92589565322
                          Function 01262D00 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0584455118de26b6766d7387327287b82731fc568b356e8e6a9ff7a4175bed76
                          • Instruction ID: cef821ac5ad9e23426a111bcfe9c6074f03dc228628b38a09f93b12ab97afce5
                          • Opcode Fuzzy Hash: 0584455118de26b6766d7387327287b82731fc568b356e8e6a9ff7a4175bed76
                          • Instruction Fuzzy Hash: 4190022121644442D2007558540CA07000597D0205F55D021A2064595DC6358951A231
                          Function 01262D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3f6030fe9ce9d35ba2452bf73a7442267fc73f09157b6ef640f9d6b05dabec9
                          • Instruction ID: cacefd3da9236fb71126cdfd66aba57dec6db2d770ecf36bb5dd698618ab061e
                          • Opcode Fuzzy Hash: f3f6030fe9ce9d35ba2452bf73a7442267fc73f09157b6ef640f9d6b05dabec9
                          • Instruction Fuzzy Hash: 2090022922340002D2807158540C60B000597D1202F95D425A1015558CC92589695321
                          Function 01262DB0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 869935db56b523ea38470ada6443de2cf492b4abd87656bc82e3005967c7fef5
                          • Instruction ID: 63ca2c5529cd6073f3340bbb378f043b887db23fac7f518756aa28244787ca7c
                          • Opcode Fuzzy Hash: 869935db56b523ea38470ada6443de2cf492b4abd87656bc82e3005967c7fef5
                          • Instruction Fuzzy Hash: CB90023125240402D241715844086070009A7D0241F95C022A1424554EC6658B56AB61
                          Function 01262DD0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c53c720cacdf61d5fe305f7067d2602cd2d1cd699bb1113cae23287d9be3c1e1
                          • Instruction ID: f0c4d62a3403aa6b71387e89f98bce6d50aa01ca6e804b4f758017e4fae7d9df
                          • Opcode Fuzzy Hash: c53c720cacdf61d5fe305f7067d2602cd2d1cd699bb1113cae23287d9be3c1e1
                          • Instruction Fuzzy Hash: 75900221253441525645B15844085074006A7E0241795C022A2414950CC5369956D721
                          Function 01262C60 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c85de712638272d7d9a00d71fe6f80b0cee30f070b38495f9a1918427af6577
                          • Instruction ID: f54017568b9ec0d1e423e946a816386d7b8d4155f91660e25530014b80e9f8f9
                          • Opcode Fuzzy Hash: 0c85de712638272d7d9a00d71fe6f80b0cee30f070b38495f9a1918427af6577
                          • Instruction Fuzzy Hash: CB90023121240842D20071584408B47000597E0301F55C026A1124654DC625C9517621
                          Function 01262CA0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 983fa80c70789a4fd640a91c6be4bd9d0f6aa4f99212b5aa40f25b325191bcfb
                          • Instruction ID: ee30160c4f4fc312190dcdfc8cbdcc041dac57f427bf99cb743ecf8f36dd67a5
                          • Opcode Fuzzy Hash: 983fa80c70789a4fd640a91c6be4bd9d0f6aa4f99212b5aa40f25b325191bcfb
                          • Instruction Fuzzy Hash: AD90023121240402D2007598540C647000597E0301F55D021A6024555EC67589916231
                          Function 01262CF0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0a6a6c73ec0fb148c372541f6aa2804fa35dd4acb9be5a3282ba6a16d28d67c8
                          • Instruction ID: 051647e80d58425d08a2898a7804616e661738d08ac87a004f969063569c697e
                          • Opcode Fuzzy Hash: 0a6a6c73ec0fb148c372541f6aa2804fa35dd4acb9be5a3282ba6a16d28d67c8
                          • Instruction Fuzzy Hash: 7190023121240403D2007158550C707000597D0201F55D421A1424558DD66689516221
                          Function 01262CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b8477e579ca05daf645cd0035d548bac19433c4a86ee667db8287cbabfd7cb44
                          • Instruction ID: e3e04f00708f440dac10ecd6fd3d5c0d3cf8dbe2bb1b7f75047ae513a4031e32
                          • Opcode Fuzzy Hash: b8477e579ca05daf645cd0035d548bac19433c4a86ee667db8287cbabfd7cb44
                          • Instruction Fuzzy Hash: 4090022161640402D2407158541C707001597D0201F55D021A1024554DC6698B5567A1
                          Function 01262F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c51c32b4d5fb7de625c21f0ba434c3c3443981cb761c2be186431d6adc4cd7c
                          • Instruction ID: 57fa554c684bad070fd3cb5e3f431f485c68da0d9e1c8d471949792036c81c0e
                          • Opcode Fuzzy Hash: 7c51c32b4d5fb7de625c21f0ba434c3c3443981cb761c2be186431d6adc4cd7c
                          • Instruction Fuzzy Hash: 8590026135240442D20071584418B070005D7E1301F55C025E2064554DC629CD526226
                          Function 01262F60 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1f4e25673e10234b13e5d87f1096e3da6fdea64e3ad72e7f1e358d0d9f8d16ed
                          • Instruction ID: 27685442a436e56f494d7763662336807084f565a666342746672a206b58c4d9
                          • Opcode Fuzzy Hash: 1f4e25673e10234b13e5d87f1096e3da6fdea64e3ad72e7f1e358d0d9f8d16ed
                          • Instruction Fuzzy Hash: 5790026122240042D20471584408707004597E1201F55C022A3154554CC5398D615225
                          Function 01262FA0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ca4803e7cbedc7c064c7bd770729716118a75164c6c9478082aaa27a66376e35
                          • Instruction ID: c4821b49e8cdfcebfbd06e180f48b97f90e11492f51c6f6b7e618607e548c5fd
                          • Opcode Fuzzy Hash: ca4803e7cbedc7c064c7bd770729716118a75164c6c9478082aaa27a66376e35
                          • Instruction Fuzzy Hash: B190023121280402D2007158480C747000597D0302F55C021A6164555EC675C9916631
                          Function 01262FB0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: faae5bebe6ec7a2ccbeffdaa77c4f8d18fe658a0470719e12f5a173546ac8811
                          • Instruction ID: ca19492bb7aea3c5d2df5fac2913e846b8d47cdf878004572c305ee7df4faa71
                          • Opcode Fuzzy Hash: faae5bebe6ec7a2ccbeffdaa77c4f8d18fe658a0470719e12f5a173546ac8811
                          • Instruction Fuzzy Hash: BC900221612400424240716888489074005BBE1211755C131A1998550DC56989655765
                          Function 01262F90 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 74d2bc718134019030ed2e7465132950bcd0530c16682c17d021412319b3988f
                          • Instruction ID: 61c82cf9a875d0dc586fee70ddd59f47ade0446bafa107cb4ba011047b60371e
                          • Opcode Fuzzy Hash: 74d2bc718134019030ed2e7465132950bcd0530c16682c17d021412319b3988f
                          • Instruction Fuzzy Hash: A490023121280402D2007158481870B000597D0302F55C021A2164555DC63589516671
                          Function 01262FE0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fdb30fb5a8eb42e8dd6d8d7e41e7b9cafb82b39782b823de165b51d269e68297
                          • Instruction ID: 0c51f8b85acf6b8c869b2d64e7593c98e2683c874435735c1db25eaea3e4a5b4
                          • Opcode Fuzzy Hash: fdb30fb5a8eb42e8dd6d8d7e41e7b9cafb82b39782b823de165b51d269e68297
                          • Instruction Fuzzy Hash: 16900221222C0042D30075684C18B07000597D0303F55C125A1154554CC92589615621
                          Function 01262E30 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1578a0ba1f483e5c60187b1807229bca2bac062ad6ec0ce487d14677386d3d32
                          • Instruction ID: 3efab65860cb5692501fdf09eab301c7caee3a17077eca346f6235331b3b8421
                          • Opcode Fuzzy Hash: 1578a0ba1f483e5c60187b1807229bca2bac062ad6ec0ce487d14677386d3d32
                          • Instruction Fuzzy Hash: 8690022131240402D202715844186070009D7D1345F95C022E2424555DC6358A53A232
                          Function 01262EA0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8c4c774e62030c9e6a129b7f77d9146c554be48e0de21f538e786d9cc9b6dbe0
                          • Instruction ID: a3cb098a4f11e79c7a914473fa7e6eddf69b54e73e10e0b1ffee1e6c3de503af
                          • Opcode Fuzzy Hash: 8c4c774e62030c9e6a129b7f77d9146c554be48e0de21f538e786d9cc9b6dbe0
                          • Instruction Fuzzy Hash: A590027121240402D24071584408747000597D0301F55C021A6064554EC6698ED56765
                          Function 01262E80 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57bb8ba8e57250b04f203d08ebdaf8277c77c43805a005c948d02add560ac6a9
                          • Instruction ID: 9f2d2963b916bdba37f4dad438e7e6077452b43a4c19a7374d9e013990c1e1cd
                          • Opcode Fuzzy Hash: 57bb8ba8e57250b04f203d08ebdaf8277c77c43805a005c948d02add560ac6a9
                          • Instruction Fuzzy Hash: 8C90022161240502D20171584408617000A97D0241F95C032A2024555ECA358A92A231
                          Function 01262EE0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 21cff4de713777de7b12ff36b6502f46acd8ab6587b69b738ad5d6f96fb8fbd7
                          • Instruction ID: b15a1f3819f03d5b1504adcb5ceda68ebfda8665f4c64e6240076214b8d76950
                          • Opcode Fuzzy Hash: 21cff4de713777de7b12ff36b6502f46acd8ab6587b69b738ad5d6f96fb8fbd7
                          • Instruction Fuzzy Hash: EA90026121280403D24075584808607000597D0302F55C021A3064555ECA398D516235
                          Function 01263010 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 736e6426a1b44f6e81bac825edc1a7ab51b4a76600b93f7d29fa4a4ba0c05cca
                          • Instruction ID: b598fcdf33aa129e53af85cfa0acc44a21235f149dd32e2a87228e5a65fcf028
                          • Opcode Fuzzy Hash: 736e6426a1b44f6e81bac825edc1a7ab51b4a76600b93f7d29fa4a4ba0c05cca
                          • Instruction Fuzzy Hash: F290022121284442D24072584808B0F410597E1202F95C029A5156554CC92589555721
                          Function 01263090 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dacb00b6660553f1f821c9d40892bc5c4b4526349f4abf25b7c749c260227c08
                          • Instruction ID: 378d4656de4b25525b73ed998136491f1cbf561f8fdea84bb8713797eed05769
                          • Opcode Fuzzy Hash: dacb00b6660553f1f821c9d40892bc5c4b4526349f4abf25b7c749c260227c08
                          • Instruction Fuzzy Hash: 7090022125240802D240715884187070006D7D0601F55C021A1024554DC6268A6567B1
                          Function 012639B0 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8c962f18aa2d5196c189af0292b51081b0b403efd62bf05ecd42b74f71cb84d7
                          • Instruction ID: 3f6a2e3cd9b32884e6ce1a014cd374d6422778c8cb61c33927361183f2c6a9d4
                          • Opcode Fuzzy Hash: 8c962f18aa2d5196c189af0292b51081b0b403efd62bf05ecd42b74f71cb84d7
                          • Instruction Fuzzy Hash: 7D90022125645102D250715C44086174005B7E0201F55C031A1814594DC56589556321
                          Function 01263D10 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eeeba30df3dcdfe15ea5f1918d2a6b6aaf9fad4c75a61ceaf853cd0d23f096e5
                          • Instruction ID: 10c87c07a0f5f78247010cb2b74a1dbecb732dadec22b3385d9adb722add6862
                          • Opcode Fuzzy Hash: eeeba30df3dcdfe15ea5f1918d2a6b6aaf9fad4c75a61ceaf853cd0d23f096e5
                          • Instruction Fuzzy Hash: 1090023121340142964072585808A4F410597E1302B95D425A1015554CC92489615321
                          Function 01263D70 Relevance: .0, Instructions: 4COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26f4811db2918316aea995e989d2aabacc023329837283bf78c4bdb74593e992
                          • Instruction ID: 20c9bba84fd7a65be5abdba463055513476b505dbddb2ec062167c782e109a7c
                          • Opcode Fuzzy Hash: 26f4811db2918316aea995e989d2aabacc023329837283bf78c4bdb74593e992
                          • Instruction Fuzzy Hash: CC90023521240402D61071585808647004697D0301F55D421A1424558DC66489A1A221
                          Function 01262C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                          • Instruction ID: 086408ec3c2432fe1f68a9e814731704395c99cb7cbf41fcf06ddafc4159e156
                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                          • Instruction Fuzzy Hash:
                          Function 01262890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 3839e6f9a53d400b6492ca219d8d60759679ef39e1eeb598b3a9b0a131ead74b
                          • Instruction ID: 7428d133ed13f03d022b412eda207d2f5fd347460d0f2223fb672ebb0116fd31
                          • Opcode Fuzzy Hash: 3839e6f9a53d400b6492ca219d8d60759679ef39e1eeb598b3a9b0a131ead74b
                          • Instruction Fuzzy Hash: F451E5B2A20217AFDB15DF9C888097EFBBCBB58240714C129E569D7681D374DE848BA0
                          Function 012D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 8f8a73c36f925ec56629ee566039527623c2535a0f9023dca7041c3978de89ba
                          • Instruction ID: 48393d5c351b361181a9acd3c4a2a64fae27f23c238ec61222970423fa472a12
                          • Opcode Fuzzy Hash: 8f8a73c36f925ec56629ee566039527623c2535a0f9023dca7041c3978de89ba
                          • Instruction Fuzzy Hash: 89513671A20646EFCB34DF9CD99097FBBF9EF44200B448459EA96D3641E6B4EE00C760
                          Function 01257630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                          Download Yara Rule
                          Strings
                          • Execute=1, xrefs: 01294713
                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01294725
                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01294655
                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01294742
                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01294787
                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012946FC
                          • ExecuteOptions, xrefs: 012946A0
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                          • API String ID: 0-484625025
                          • Opcode ID: 3cfc84124ce5c9c5d1cde2476ff52fff848ba64adf7abd432dff349f60b34935
                          • Instruction ID: 76d961e37a84f8475009ef97592489877df60170b7c5f2bd6b71784faebafd8b
                          • Opcode Fuzzy Hash: 3cfc84124ce5c9c5d1cde2476ff52fff848ba64adf7abd432dff349f60b34935
                          • Instruction Fuzzy Hash: FD51193166021ABFEF25AAA8ECC5FFD77ACAF14304F440199DA05A71D1D770DA418F61
                          Function 012F6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                          • Instruction ID: a3529e4bfeb19d0dfefbd6cfd5f89743f76fe8ab9286513ba0ebbace98e3a04f
                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                          • Instruction Fuzzy Hash: 1D021471528342AFD305CF18C494A6BFBE5EFC8700F048A2DFA999B264DB31E945CB42
                          Function 0126B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: __aulldvrm
                          • String ID: +$-$0$0
                          • API String ID: 1302938615-699404926
                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction ID: 376fbd8883c503ddef54b3517b8973442574e169b1ccf90b290d1d0b0b0dabbe
                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction Fuzzy Hash: F181C231F2524A8EEF298E6CC8917FEBBB9AF45320F184119DA51E72D1C73488C0CB51
                          Function 012D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$[$]:%u
                          • API String ID: 48624451-2819853543
                          • Opcode ID: 38dab1bbf86b3e200033036a8838d4ff6aabb2e3fa97cd67c2265c57f9b6da12
                          • Instruction ID: cdb9dc188ce07c511217631bead11f66773c1ad2c7cf091d75e70c0c64996e07
                          • Opcode Fuzzy Hash: 38dab1bbf86b3e200033036a8838d4ff6aabb2e3fa97cd67c2265c57f9b6da12
                          • Instruction Fuzzy Hash: E921927AA2011AEBDB11DF79CC40AFEBBFCEF54650F044116EA15E3241E730DA018BA0
                          Function 0124F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                          Download Yara Rule
                          Strings
                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012902BD
                          • RTL: Re-Waiting, xrefs: 0129031E
                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012902E7
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                          • API String ID: 0-2474120054
                          • Opcode ID: 847ab19252313410435e5e55f4cfd46ea5e741716b5f807695f3f0b72f8bec34
                          • Instruction ID: 28c849d14b925c7a674d257e6cf08f1f92f3318a03bf2b1e2184431871d60d13
                          • Opcode Fuzzy Hash: 847ab19252313410435e5e55f4cfd46ea5e741716b5f807695f3f0b72f8bec34
                          • Instruction Fuzzy Hash: 2EE1AE706247429FEB29CF2CC985B2ABBE4BF84314F140A5DF6A58B2D1D774D844CB46
                          Function 0125BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01297B7F
                          • RTL: Re-Waiting, xrefs: 01297BAC
                          • RTL: Resource at %p, xrefs: 01297B8E
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                          • API String ID: 0-871070163
                          • Opcode ID: c3c737273c4628ff0423658b72c20939d50ea6d9929fd9eeb95e7cd48ba43e0c
                          • Instruction ID: b5bbf7f948a754798aa6117a74604355a7c09486091de49ade91892ab8bf4897
                          • Opcode Fuzzy Hash: c3c737273c4628ff0423658b72c20939d50ea6d9929fd9eeb95e7cd48ba43e0c
                          • Instruction Fuzzy Hash: 2641E3317207039FDB25CE29C891B6AB7E6EF98710F100A1DFE5A97280DB71E8058B91
                          Function 0125B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                          Download Yara Rule
                          APIs
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0129728C
                          Strings
                          • RTL: Re-Waiting, xrefs: 012972C1
                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01297294
                          • RTL: Resource at %p, xrefs: 012972A3
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                          • API String ID: 885266447-605551621
                          • Opcode ID: 3210dff805f92ee8ad3e503b66914da50a097756cb4e903531b1941a936f21dc
                          • Instruction ID: 53640f62c498ccb8618ad95ffe44a003ba724559a595f41c9ebb1f66c8594622
                          • Opcode Fuzzy Hash: 3210dff805f92ee8ad3e503b66914da50a097756cb4e903531b1941a936f21dc
                          • Instruction Fuzzy Hash: 00410531B70603ABDB21CE29CC81B6ABBA5FF54710F100619FE5597280DB31E8518BD1
                          Function 012D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$]:%u
                          • API String ID: 48624451-3050659472
                          • Opcode ID: 5550d8cf68afc5ef11f586a295772f604675c340b9d9edc0ea8f64c26b001b29
                          • Instruction ID: 09a5e9c366279e267d30b110e64c65cf747791530b80de2260cd3ad1e94d3d66
                          • Opcode Fuzzy Hash: 5550d8cf68afc5ef11f586a295772f604675c340b9d9edc0ea8f64c26b001b29
                          • Instruction Fuzzy Hash: DF314372A20219DFDB60DF29DC40BAEB7F8EB54610F544555ED49E3244EF309A448BA0
                          Function 01267D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: __aulldvrm
                          • String ID: +$-
                          • API String ID: 1302938615-2137968064
                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                          • Instruction ID: 5bf33b978ce3a227ad70af083d1dcc32650266b09832bbf73441c8a142182149
                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                          • Instruction Fuzzy Hash: 6D91D470E202079BEB24DF6DE881ABEBBADFF44728F14451AEA55E72C0D77489C08751
                          Function 01229126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID:
                          • String ID: $$@
                          • API String ID: 0-1194432280
                          • Opcode ID: 2bababc836590b36ccd5fd6951a13c324412a471f820fb47c2e9d215be95b938
                          • Instruction ID: c0cef3585181f71a7888bf11d2aa997eec5b0951db07b824c0194a45bf634234
                          • Opcode Fuzzy Hash: 2bababc836590b36ccd5fd6951a13c324412a471f820fb47c2e9d215be95b938
                          • Instruction Fuzzy Hash: 85812971D1127ADBDB259B54CC45BEEB6B8AF48714F0041EAEA09B7280D7709E84CFA0
                          Function 012ACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                          Download Yara Rule
                          APIs
                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 012ACFBD
                          Strings
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2194952985.00000000011F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011F0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_11f0000_Swift copy.jbxd
                          Similarity
                          • API ID: CallFilterFunc@8
                          • String ID: @$@4rw@4rw
                          • API String ID: 4062629308-2979693914
                          • Opcode ID: fd8e5db6eff75fbb516b2bc155d771a81fffda1b352dd691a7b78f78cebf885f
                          • Instruction ID: e6326007c697498a99b7bdf7b44232cb3ced9a238a46d4be32ea954aad6e1a4b
                          • Opcode Fuzzy Hash: fd8e5db6eff75fbb516b2bc155d771a81fffda1b352dd691a7b78f78cebf885f
                          • Instruction Fuzzy Hash: D941AEB5960219DFDB21DFE9C840ABEBBB8FF54B14F00842AEA05EB254D774D901CB61

                          Execution Graph

                          Execution Coverage:1.5%
                          Dynamic/Decrypted Code Coverage:6.2%
                          Signature Coverage:0%
                          Total number of Nodes:289
                          Total number of Limit Nodes:43
                          execution_graph 95924 2d2ba5 95927 2d66d0 95924->95927 95926 2d2bd0 95928 2d6703 95927->95928 95929 2d6727 95928->95929 95934 2e9300 95928->95934 95929->95926 95931 2d674a 95931->95929 95938 2e9780 95931->95938 95933 2d67ca 95933->95926 95935 2e931a 95934->95935 95941 2e82ca0 LdrInitializeThunk 95935->95941 95936 2e9343 95936->95931 95939 2e979a 95938->95939 95940 2e97a8 NtClose 95939->95940 95940->95933 95941->95936 95942 2c9f20 95944 2c9f2f 95942->95944 95943 2c9f6d 95944->95943 95945 2c9f5a CreateThread 95944->95945 96094 2c9f80 96096 2ca2cb 96094->96096 96097 2ca659 96096->96097 96098 2eb450 96096->96098 96099 2eb476 96098->96099 96104 2c4230 96099->96104 96101 2eb482 96103 2eb4bb 96101->96103 96107 2e5950 96101->96107 96103->96097 96111 2d3650 96104->96111 96106 2c423d 96106->96101 96108 2e59b2 96107->96108 96110 2e59bf 96108->96110 96122 2d1e00 96108->96122 96110->96103 96112 2d366d 96111->96112 96114 2d3680 96112->96114 96115 2ea1c0 96112->96115 96114->96106 96117 2ea1da 96115->96117 96116 2ea209 96116->96114 96117->96116 96118 2e8e30 LdrInitializeThunk 96117->96118 96119 2ea266 96118->96119 96120 2eb7f0 RtlFreeHeap 96119->96120 96121 2ea27f 96120->96121 96121->96114 96123 2d1e3b 96122->96123 96138 2d8290 96123->96138 96125 2d1e43 96126 2eb8d0 RtlAllocateHeap 96125->96126 96137 2d211b 96125->96137 96127 2d1e59 96126->96127 96128 2eb8d0 RtlAllocateHeap 96127->96128 96129 2d1e6a 96128->96129 96130 2eb8d0 RtlAllocateHeap 96129->96130 96132 2d1e7b 96130->96132 96133 2d1f15 96132->96133 96153 2d6e30 NtClose LdrInitializeThunk LdrInitializeThunk 96132->96153 96134 2d4990 LdrLoadDll 96133->96134 96135 2d20cd 96134->96135 96149 2e8290 96135->96149 96137->96110 96139 2d82bc 96138->96139 96154 2d8180 96139->96154 96142 2d82e9 96144 2d82f4 96142->96144 96146 2e9780 NtClose 96142->96146 96143 2d8301 96145 2d831d 96143->96145 96147 2e9780 NtClose 96143->96147 96144->96125 96145->96125 96146->96144 96148 2d8313 96147->96148 96148->96125 96150 2e82f2 96149->96150 96152 2e82ff 96150->96152 96165 2d2130 96150->96165 96152->96137 96153->96133 96155 2d819a 96154->96155 96159 2d8276 96154->96159 96160 2e8ec0 96155->96160 96158 2e9780 NtClose 96158->96159 96159->96142 96159->96143 96161 2e8edd 96160->96161 96164 2e835c0 LdrInitializeThunk 96161->96164 96162 2d826a 96162->96158 96164->96162 96167 2d2150 96165->96167 96181 2d8560 96165->96181 96174 2d26b3 96167->96174 96185 2e1510 96167->96185 96169 2d21ae 96169->96174 96188 2ec890 96169->96188 96171 2d2372 96172 2ec9c0 2 API calls 96171->96172 96175 2d2387 96172->96175 96173 2d8500 LdrInitializeThunk 96177 2d23cb 96173->96177 96174->96152 96175->96177 96193 2d0c80 96175->96193 96177->96173 96177->96174 96179 2d0c80 LdrInitializeThunk 96177->96179 96178 2d8500 LdrInitializeThunk 96180 2d2520 96178->96180 96179->96177 96180->96177 96180->96178 96182 2d856d 96181->96182 96183 2d858c SetErrorMode 96182->96183 96184 2d8593 96182->96184 96183->96184 96184->96167 96187 2e1531 96185->96187 96197 2eb760 96185->96197 96187->96169 96189 2ec8a6 96188->96189 96190 2ec8a0 96188->96190 96191 2eb8d0 RtlAllocateHeap 96189->96191 96190->96171 96192 2ec8cc 96191->96192 96192->96171 96194 2d0c91 96193->96194 96204 2e9a00 96194->96204 96200 2e98e0 96197->96200 96199 2eb791 96199->96187 96201 2e9978 96200->96201 96203 2e990e 96200->96203 96202 2e998b NtAllocateVirtualMemory 96201->96202 96202->96199 96203->96199 96205 2e9a1a 96204->96205 96208 2e82c70 LdrInitializeThunk 96205->96208 96206 2d0ca2 96206->96180 96208->96206 95946 2d7720 95947 2d7738 95946->95947 95949 2d778f 95946->95949 95947->95949 95950 2db660 95947->95950 95952 2db686 95950->95952 95951 2db8b3 95951->95949 95952->95951 95975 2ec9c0 95952->95975 95954 2db718 95954->95951 95955 2db7ec 95954->95955 95996 2e8e30 95954->95996 95957 2db80b 95955->95957 95958 2d5f50 LdrInitializeThunk 95955->95958 95963 2db89b 95957->95963 95981 2e89a0 95957->95981 95958->95957 95960 2db783 95960->95951 95961 2db7d4 95960->95961 95962 2db7b2 95960->95962 96000 2d5f50 95960->96000 96004 2d8500 95961->96004 96003 2e4ae0 LdrInitializeThunk 95962->96003 95969 2d8500 LdrInitializeThunk 95963->95969 95971 2db8a9 95969->95971 95970 2db872 95986 2e8a50 95970->95986 95971->95949 95973 2db88c 95991 2e8bb0 95973->95991 95976 2ec930 95975->95976 95977 2ec98d 95976->95977 96008 2eb8d0 95976->96008 95977->95954 95979 2ec96a 96011 2eb7f0 95979->96011 95982 2e8a1d 95981->95982 95983 2e89cb 95981->95983 96020 2e839b0 LdrInitializeThunk 95982->96020 95983->95970 95984 2e8a3f 95984->95970 95987 2e8ad0 95986->95987 95989 2e8a7e 95986->95989 96021 2e84340 LdrInitializeThunk 95987->96021 95988 2e8af2 95988->95973 95989->95973 95992 2e8bde 95991->95992 95993 2e8c30 95991->95993 95992->95963 96022 2e82fb0 LdrInitializeThunk 95993->96022 95994 2e8c52 95994->95963 95997 2e8e4a 95996->95997 96023 2e82c0a 95997->96023 95998 2db77a 95998->95955 95998->95960 96002 2d5f8b 96000->96002 96026 2e8ff0 96000->96026 96002->95962 96003->95961 96005 2d8513 96004->96005 96032 2e8d30 96005->96032 96007 2d853e 96007->95949 96014 2e9a90 96008->96014 96010 2eb8e8 96010->95979 96017 2e9ad0 96011->96017 96013 2eb806 96013->95977 96015 2e9aaa 96014->96015 96016 2e9ab8 RtlAllocateHeap 96015->96016 96016->96010 96018 2e9aea 96017->96018 96019 2e9af8 RtlFreeHeap 96018->96019 96019->96013 96020->95984 96021->95988 96022->95994 96024 2e82c1f LdrInitializeThunk 96023->96024 96025 2e82c11 96023->96025 96024->95998 96025->95998 96027 2e90a1 96026->96027 96029 2e901f 96026->96029 96031 2e82d10 LdrInitializeThunk 96027->96031 96028 2e90e3 96028->96002 96029->96002 96031->96028 96033 2e8dae 96032->96033 96034 2e8d5b 96032->96034 96037 2e82dd0 LdrInitializeThunk 96033->96037 96034->96007 96035 2e8dd0 96035->96007 96037->96035 96038 2d71a0 96039 2d71ca 96038->96039 96042 2d8330 96039->96042 96041 2d71f1 96043 2d834d 96042->96043 96049 2e8f10 96043->96049 96045 2d839d 96046 2d83a4 96045->96046 96047 2e8ff0 LdrInitializeThunk 96045->96047 96046->96041 96048 2d83cd 96047->96048 96048->96041 96050 2e8fab 96049->96050 96052 2e8f3b 96049->96052 96054 2e82f30 LdrInitializeThunk 96050->96054 96051 2e8fe1 96051->96045 96052->96045 96054->96051 96055 2d11e0 96056 2d11fa 96055->96056 96061 2d4990 96056->96061 96058 2d1215 96059 2d1249 PostThreadMessageW 96058->96059 96060 2d125a 96058->96060 96059->96060 96062 2d49b4 96061->96062 96063 2d49bb 96062->96063 96064 2d49f7 LdrLoadDll 96062->96064 96063->96058 96064->96063 96065 2d67e0 96066 2d6805 96065->96066 96069 2e9130 96066->96069 96070 2e914a 96069->96070 96073 2e82c60 LdrInitializeThunk 96070->96073 96071 2d6879 96073->96071 96074 2e8c60 96075 2e8cf2 96074->96075 96076 2e8c8e 96074->96076 96079 2e82ee0 LdrInitializeThunk 96075->96079 96077 2e8d20 96079->96077 96080 2e8de0 96081 2e8dfa 96080->96081 96084 2e82df0 LdrInitializeThunk 96081->96084 96082 2e8e1f 96084->96082 96209 2e1b40 96210 2e1b5c 96209->96210 96211 2e1b98 96210->96211 96212 2e1b84 96210->96212 96213 2e9780 NtClose 96211->96213 96214 2e9780 NtClose 96212->96214 96216 2e1ba1 96213->96216 96215 2e1b8d 96214->96215 96219 2eb910 RtlAllocateHeap 96216->96219 96218 2e1bac 96219->96218 96220 2e9480 96221 2e9537 96220->96221 96223 2e94af 96220->96223 96222 2e954a NtCreateFile 96221->96222 96224 2e63c0 96225 2e641a 96224->96225 96227 2e6427 96225->96227 96228 2e3e10 96225->96228 96229 2eb760 NtAllocateVirtualMemory 96228->96229 96231 2e3e51 96229->96231 96230 2e3f50 96230->96227 96231->96230 96232 2d4990 LdrLoadDll 96231->96232 96234 2e3e91 96232->96234 96233 2e3ed2 Sleep 96233->96234 96234->96230 96234->96233 96235 2e82ad0 LdrInitializeThunk 96236 2d5fd0 96237 2d8500 LdrInitializeThunk 96236->96237 96238 2d6000 96236->96238 96237->96238 96240 2d602c 96238->96240 96241 2d8480 96238->96241 96242 2d84c4 96241->96242 96247 2d84e5 96242->96247 96248 2e8b00 96242->96248 96244 2d84d5 96245 2d84f1 96244->96245 96246 2e9780 NtClose 96244->96246 96245->96238 96246->96247 96247->96238 96249 2e8b2b 96248->96249 96250 2e8b7d 96248->96250 96249->96244 96253 2e84650 LdrInitializeThunk 96250->96253 96251 2e8b9f 96251->96244 96253->96251 96254 2d26d0 96255 2d2706 96254->96255 96256 2e8e30 LdrInitializeThunk 96254->96256 96259 2e9810 96255->96259 96256->96255 96258 2d271b 96260 2e989f 96259->96260 96262 2e983b 96259->96262 96264 2e82e80 LdrInitializeThunk 96260->96264 96261 2e98cd 96261->96258 96262->96258 96264->96261 96091 2ec8f0 96092 2eb7f0 RtlFreeHeap 96091->96092 96093 2ec905 96092->96093 96265 2d3553 96266 2d8180 2 API calls 96265->96266 96267 2d3563 96266->96267 96268 2e9780 NtClose 96267->96268 96269 2d357f 96267->96269 96268->96269 96270 2e1ed0 96274 2e1ee9 96270->96274 96271 2e1f31 96272 2eb7f0 RtlFreeHeap 96271->96272 96273 2e1f41 96272->96273 96274->96271 96275 2e1f71 96274->96275 96277 2e1f76 96274->96277 96276 2eb7f0 RtlFreeHeap 96275->96276 96276->96277 96283 2e16d1 96288 2e95f0 96283->96288 96285 2e16f2 96286 2e9780 NtClose 96285->96286 96287 2e1719 96286->96287 96289 2e969a 96288->96289 96291 2e961e 96288->96291 96290 2e96ad NtReadFile 96289->96290 96290->96285 96291->96285

                          Executed Functions

                          Function 002E9480 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • NtCreateFile.NTDLL(?,?,5BC7A5B0,?,?,?,?,?,?,?,?), ref: 002E957B
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: 8ba261b2d37e6a8c686c9a337af97115225191aaef6764030400665b8a8f1ef3
                          • Instruction ID: 6aef2f2fbf2a79c9119dccbcd73264d235594e33d7ffb3ca5290785bf340228e
                          • Opcode Fuzzy Hash: 8ba261b2d37e6a8c686c9a337af97115225191aaef6764030400665b8a8f1ef3
                          • Instruction Fuzzy Hash: 3A31DBB1A11248ABCB54DF99D881EEEB7F9EF88304F108209F908A7340D730A951CFA5
                          Function 002E95F0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • NtReadFile.NTDLL(?,?,5BC7A5B0,?,?,?,?,?,?), ref: 002E96D6
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: 8854d8be901c82b9d220803e696c0cf83c1867f68dd6e83b9ca46992c6265491
                          • Instruction ID: d4a37551a84b9d5fbfd5c6caed1133f93935d6175d3c46dc55b902a1ecf8e760
                          • Opcode Fuzzy Hash: 8854d8be901c82b9d220803e696c0cf83c1867f68dd6e83b9ca46992c6265491
                          • Instruction Fuzzy Hash: FD31E3B5A10248AFCB14DF99D881EEFB7F9EF89704F108209F958A7341D630A911CFA5
                          Function 002E98E0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtAllocateVirtualMemory.NTDLL(002D21AE,?,5BC7A5B0,00000000,00000004,00003000,?,?,?,?,?,002E82FF,002D21AE), ref: 002E99A8
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID:
                          • API String ID: 2167126740-0
                          • Opcode ID: 5b92f69d731c09572eaa479caca9063e28d84d04115c7dc8f8bf517fd5e8e384
                          • Instruction ID: c92e52840a1fd63f4651c4f423df4fe2bde9783ede79992a3868bee7cf3828ad
                          • Opcode Fuzzy Hash: 5b92f69d731c09572eaa479caca9063e28d84d04115c7dc8f8bf517fd5e8e384
                          • Instruction Fuzzy Hash: D32139B1A10249ABDB10DF99CC41EEFB7B9EF89300F104109F948AB341D774A920CFA1
                          Function 002E9780 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 002E97B1
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: Close
                          • String ID:
                          • API String ID: 3535843008-0
                          • Opcode ID: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                          • Instruction ID: fe0c9c9a03116ef2ebed5f9493c6041ed53d5550aff8e753213ee1967d047a2b
                          • Opcode Fuzzy Hash: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                          • Instruction Fuzzy Hash: F0E08C36211604BBD220FA5ADC02F9BB76CEFC6711F418119FA48A7242C671B9248BF1
                          Function 02E84340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 35288223995c9f4aac4194e9062b5cc20542a36af81de596e6f2dfa7cb15e2da
                          • Instruction ID: 49b074a46f0cef3ffa3784b65187bf6ae7af278a6415af7d50736165b4691400
                          • Opcode Fuzzy Hash: 35288223995c9f4aac4194e9062b5cc20542a36af81de596e6f2dfa7cb15e2da
                          • Instruction Fuzzy Hash: 45900231645800129980B1584885547400597E1301B55D012E0428555C8A548A569365
                          Function 02E84650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: bb47bf280a017728abff5ba0c2ea36df6a1f14cb9bcea5db3ed13143ce74f7b3
                          • Instruction ID: 51e644f1048b4d73e90fb18964b1777794131eb8517c442abeae45a3e6b45bf0
                          • Opcode Fuzzy Hash: bb47bf280a017728abff5ba0c2ea36df6a1f14cb9bcea5db3ed13143ce74f7b3
                          • Instruction Fuzzy Hash: D9900271641500424980B1584805407600597E2301395D116A0558561C86588955D26D
                          Function 02E82AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: e7dac116a7bab81c0c33488b80fed3f08fff4f2653f87af9f5b43e4ff331aae9
                          • Instruction ID: 4339bda32fa7af3197c1e0858ed5c5d1e15be399d89a54104dc8a8e1c603e85c
                          • Opcode Fuzzy Hash: e7dac116a7bab81c0c33488b80fed3f08fff4f2653f87af9f5b43e4ff331aae9
                          • Instruction Fuzzy Hash: 8E900435351400030D45F55C07055070047C7D7351355D033F101D551CD771CD71D135
                          Function 02E82BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 3e35913a0afad0219dd780f3c0348f2da4e9788ef3f9c576ab2e1b0ef1a0e413
                          • Instruction ID: cff4d7ba83cbb9db7fbd9f1d180a8f9c28ab1eb4229d323527d29db3725319a7
                          • Opcode Fuzzy Hash: 3e35913a0afad0219dd780f3c0348f2da4e9788ef3f9c576ab2e1b0ef1a0e413
                          • Instruction Fuzzy Hash: 6E90023124544842D980B1584405A47001587D1305F55D012A0068695D96658E55F665
                          Function 02E82BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 256f0781a692dbd215a54969ff39dc3bc3f7580bd9dd7bda1e02c4e7bbcbf4ef
                          • Instruction ID: f5e30d16065ae383384df37835be0514c812590da6d5cd718dc2094115250da9
                          • Opcode Fuzzy Hash: 256f0781a692dbd215a54969ff39dc3bc3f7580bd9dd7bda1e02c4e7bbcbf4ef
                          • Instruction Fuzzy Hash: 0F90023124140802D9C0B158440564B000587D2301F95D016A0029655DCA558B59B7A5
                          Function 02E82B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 55f19695320d67834e8e4fc75708bcdce8d7b88816a3f538062a6a7db306ac4d
                          • Instruction ID: d8d74660482c5988f6fbb748cb37eb7f8471cd596b371a0be13002dce00aa6c6
                          • Opcode Fuzzy Hash: 55f19695320d67834e8e4fc75708bcdce8d7b88816a3f538062a6a7db306ac4d
                          • Instruction Fuzzy Hash: A1900271242400034945B1584415617400A87E1201B55D022E1018591DC5658991A129
                          Function 02E82EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: ab14a1084ca6876392f203ad24b80e2fd506e48ed0749c8eba8ca079e1d4f872
                          • Instruction ID: 3dcaa5f8c214b2b7f33be3d3e2f2e578184e1c29602bac6132ac361525ffd8d0
                          • Opcode Fuzzy Hash: ab14a1084ca6876392f203ad24b80e2fd506e48ed0749c8eba8ca079e1d4f872
                          • Instruction Fuzzy Hash: D690027124180403D980B5584805607000587D1302F55D012A2068556E8A698D51A139
                          Function 02E82E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: c6c80b1c654d9a91dc59eaac1fbd44639110391c2713464ff11e11571845373f
                          • Instruction ID: 486bb9b66625a82dad9941a93909d719f29c9d311f9a7cf9c603b7295b5e99b0
                          • Opcode Fuzzy Hash: c6c80b1c654d9a91dc59eaac1fbd44639110391c2713464ff11e11571845373f
                          • Instruction Fuzzy Hash: 4F90023164140502D941B1584405617000A87D1241F95D023A1028556ECA658A92E135
                          Function 02E82FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 6812511ecc649087bde94c69598fb74902eea2cc53ab2376f5b43712fb3ed2e9
                          • Instruction ID: a51a3544c8c487e61a4175438d6637be13ef601d585f83b6f161344968a741ec
                          • Opcode Fuzzy Hash: 6812511ecc649087bde94c69598fb74902eea2cc53ab2376f5b43712fb3ed2e9
                          • Instruction Fuzzy Hash: EB900231251C0042DA40B5684C15B07000587D1303F55D116A0158555CC95589619525
                          Function 02E82FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: af65843bf7d5811f55b36831459121cbae92a4c95626615b2629a0d83f0a702f
                          • Instruction ID: 8b04b1accfc4f87bcfc5d3606867edc4ca47fb600cf360c4bfccae57cea1ae7f
                          • Opcode Fuzzy Hash: af65843bf7d5811f55b36831459121cbae92a4c95626615b2629a0d83f0a702f
                          • Instruction Fuzzy Hash: D8900231641400424980B16888459074005ABE2211755D122A099C551D859989659669
                          Function 02E82F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 5cc1147f93e9115da9c9f6e8589f1818a1b6b833b2794fba058984105fc42bd3
                          • Instruction ID: cf5052b89afac04b73b11aa7fade901194ac6f283a3e7fcd45980f2aa176f1a7
                          • Opcode Fuzzy Hash: 5cc1147f93e9115da9c9f6e8589f1818a1b6b833b2794fba058984105fc42bd3
                          • Instruction Fuzzy Hash: D790027138140442D940B1584415B070005C7E2301F55D016E1068555D8659CD52A12A
                          Function 02E82CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 07b6c82f21c750f66247f0a97a87ec4ebe463bc18942233753308b80f1236414
                          • Instruction ID: 430f5e1288d62e5b59e84d5a60fb777937b87f01ae0d1ef75c73561651296f91
                          • Opcode Fuzzy Hash: 07b6c82f21c750f66247f0a97a87ec4ebe463bc18942233753308b80f1236414
                          • Instruction Fuzzy Hash: B790023124140402D940B5985409647000587E1301F55E012A5028556EC6A58991A135
                          Function 02E82C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 06197b131bdee78d71ca85cc9b7b9ef0806b25d1a45c72a27ff9d12bda364dbb
                          • Instruction ID: 0f7068bf23a3d1a97337968a3837a46a8dcec5bf2be7a27b82e6681010d7bddf
                          • Opcode Fuzzy Hash: 06197b131bdee78d71ca85cc9b7b9ef0806b25d1a45c72a27ff9d12bda364dbb
                          • Instruction Fuzzy Hash: A290023124140842D940B1584405B47000587E1301F55D017A0128655D8655C951B525
                          Function 02E82C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 3504cd1c2178b4ab6c55ae0e8236efe721807f1cb995eecd38583b9af5217f35
                          • Instruction ID: 176039c86e412ad76d57a9339c822e7f5a9a76e8ce9f3cf4397678d9b77df9ea
                          • Opcode Fuzzy Hash: 3504cd1c2178b4ab6c55ae0e8236efe721807f1cb995eecd38583b9af5217f35
                          • Instruction Fuzzy Hash: 7690023124148802D950B158840574B000587D1301F59D412A4428659D86D58991B125
                          Function 02E82DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: c61c6f773ad36da4b8cff5d2c2038550ce6bab7d35b40560c5e955f3ab909115
                          • Instruction ID: 29d040dba23322bb0038a31641dcd94e1a642b4f59c2ed5bc15a57ec1ed7f2f6
                          • Opcode Fuzzy Hash: c61c6f773ad36da4b8cff5d2c2038550ce6bab7d35b40560c5e955f3ab909115
                          • Instruction Fuzzy Hash: 9B90023124140413D951B1584505707000987D1241F95D413A0428559D96968A52E125
                          Function 02E82DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 8aa5de9d17ef25f509145519e1dcdbd9973d4b7ef4b07cae1cab4d3e1ec1c7a5
                          • Instruction ID: a8b17d102d6663ca5d2b028e4ea75b288ccf8fd673589e80d10a7ec1d6361afa
                          • Opcode Fuzzy Hash: 8aa5de9d17ef25f509145519e1dcdbd9973d4b7ef4b07cae1cab4d3e1ec1c7a5
                          • Instruction Fuzzy Hash: 50900231282441525D85F1584405507400697E1241795D013A1418951C85669956D625
                          Function 02E82D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 0130b0f3ecf243dd232f49498001b7f69ff82e0b539229454891e6b79950a7cd
                          • Instruction ID: 60ab7b198842f4d3e638a9a8a6758db28abb81d44690c0796fdc2da61d6af66b
                          • Opcode Fuzzy Hash: 0130b0f3ecf243dd232f49498001b7f69ff82e0b539229454891e6b79950a7cd
                          • Instruction Fuzzy Hash: 7D90023134140003D980B15854196074005D7E2301F55E012E0418555CD95589569226
                          Function 02E82D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 4f4876022f271fb80650957086a512b35977d215eb44f2e9377106517ed04302
                          • Instruction ID: 7d0ab85acaaca63ac03c140c800e082c16324146d6d03a3747df0a66230b549e
                          • Opcode Fuzzy Hash: 4f4876022f271fb80650957086a512b35977d215eb44f2e9377106517ed04302
                          • Instruction Fuzzy Hash: ED90023925340002D9C0B158540960B000587D2202F95E416A0019559CC95589699325
                          Function 02E835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: c325afb17a0d1fda6417cb4a6148d5055012be3967fc18454be52ff7a5bbff01
                          • Instruction ID: 832f40db4b9bcd9d09a63d613430b2463b2eed6db1fd25cf59473ebfdc4836d7
                          • Opcode Fuzzy Hash: c325afb17a0d1fda6417cb4a6148d5055012be3967fc18454be52ff7a5bbff01
                          • Instruction Fuzzy Hash: 0390023164550402D940B1584515707100587D1201F65D412A0428569D87D58A51A5A6
                          Function 02E839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 1d9b81c5dcdfa9bdcfd78861390f587a40cfa9519ffef4b34fe5980417642062
                          • Instruction ID: 56ab82fd8cf6bf3cd7d67352ff4a94ae13addca2837a78a66ecf24602c7a3bda
                          • Opcode Fuzzy Hash: 1d9b81c5dcdfa9bdcfd78861390f587a40cfa9519ffef4b34fe5980417642062
                          • Instruction Fuzzy Hash: 9590023128545102D990B15C44056174005A7E1201F55D022A0818595D85958955A225
                          Function 002D114D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 97 2d114d-2d1158 98 2d11d8-2d1247 call 2eb890 call 2ec2a0 call 2d4990 call 2c13e0 call 2e2000 97->98 99 2d115a-2d1166 97->99 113 2d1249-2d1258 PostThreadMessageW 98->113 114 2d1267-2d126d 98->114 100 2d1168 99->100 101 2d11c3-2d11d4 99->101 100->101 113->114 115 2d125a-2d1264 113->115 115->114
                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 002D1254
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: e1c25d61a32346dc8d004d841f9ed90adaa04ebb10f9600b25de5f3ab2dbb7f9
                          • Instruction ID: 775ac410587f018c2978441c888080d7c4306c7328c2663e5328999f452d236e
                          • Opcode Fuzzy Hash: e1c25d61a32346dc8d004d841f9ed90adaa04ebb10f9600b25de5f3ab2dbb7f9
                          • Instruction Fuzzy Hash: 22212972A1424C7EEB01EE959C83DEFBB7CEF41394F00416AF904A7241D6259D258BE1
                          Function 002D11D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 116 2d11d6-2d1247 call 2eb890 call 2ec2a0 call 2d4990 call 2c13e0 call 2e2000 128 2d1249-2d1258 PostThreadMessageW 116->128 129 2d1267-2d126d 116->129 128->129 130 2d125a-2d1264 128->130 130->129
                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 002D1254
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: 628f241b7f1b559bfb0e8fdbb7383d1f4dc0679f126a59f5884e36911a76a547
                          • Instruction ID: 637fb74205b93a84d817f2d2fb2f899399ff5f86472a11225fd691ecdb3e6d61
                          • Opcode Fuzzy Hash: 628f241b7f1b559bfb0e8fdbb7383d1f4dc0679f126a59f5884e36911a76a547
                          • Instruction Fuzzy Hash: 2D11E1B294028D7AEB10ABE18CC2DEFBB3CDF41794F008159FA04B7241D6345E168BA1
                          Function 002D11E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 131 2d11e0-2d1247 call 2eb890 call 2ec2a0 call 2d4990 call 2c13e0 call 2e2000 142 2d1249-2d1258 PostThreadMessageW 131->142 143 2d1267-2d126d 131->143 142->143 144 2d125a-2d1264 142->144 144->143
                          APIs
                          • PostThreadMessageW.USER32(UQ63g7r-,00000111,00000000,00000000), ref: 002D1254
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID: UQ63g7r-$UQ63g7r-
                          • API String ID: 1836367815-2341035416
                          • Opcode ID: f03869fda7b0d1a7782fc448fc1cae66ffdd3959067e50402559fb878f61b7a5
                          • Instruction ID: 0eaabb9a0a6b8640ea9f4578f4140e04cef7b98d5a309d6212906e3b3f8715c5
                          • Opcode Fuzzy Hash: f03869fda7b0d1a7782fc448fc1cae66ffdd3959067e50402559fb878f61b7a5
                          • Instruction Fuzzy Hash: 0701C0B2D5029D7AEB10ABE18C82DEF7B7C9F41794F008069FA14B7241D6385E168BA1
                          Function 002E3E10 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 145 2e3e10-2e3e58 call 2eb760 148 2e3e5e-2e3ecd call 2eb840 call 2d4990 call 2c13e0 call 2e2000 145->148 149 2e3f56-2e3f5c 145->149 158 2e3ed2-2e3ee6 Sleep 148->158 159 2e3ee8-2e3efa 158->159 160 2e3f47-2e3f4e 158->160 161 2e3f1c-2e3f35 call 2e6320 159->161 162 2e3efc-2e3f1a call 2e6280 159->162 160->158 163 2e3f50 160->163 167 2e3f3a-2e3f3d 161->167 162->167 163->149 167->160
                          APIs
                          • Sleep.KERNELBASE(000007D0), ref: 002E3EDD
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: Sleep
                          • String ID: net.dll$wininet.dll
                          • API String ID: 3472027048-1269752229
                          • Opcode ID: c03434077a262bb91a166c5ced5b1df84fe2de735978dd3df07cd974cc944c52
                          • Instruction ID: 6950617a3091330f33588b8dc79b5ca3a19b88020cc60bf005d2ff2ea4760aec
                          • Opcode Fuzzy Hash: c03434077a262bb91a166c5ced5b1df84fe2de735978dd3df07cd974cc944c52
                          • Instruction Fuzzy Hash: D4318DB1A41646BBD714DFA5CC85FEBBBB9EF88700F404119F61D5B241C774AA108FA0
                          Function 002E9AD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 191 2e9ad0-2e9b0e call 2c1470 call 2ea980 RtlFreeHeap
                          APIs
                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4), ref: 002E9B09
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeHeap
                          • String ID: 6-
                          • API String ID: 3298025750-686971292
                          • Opcode ID: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                          • Instruction ID: 04a57044b52972ea46f9882605bb7688415923f69680468ca4ccd24465b776fe
                          • Opcode Fuzzy Hash: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                          • Instruction Fuzzy Hash: 5DE0E572240204BBD624EE59DC42FAB77ADEF8AB14F004419F949A7242D671B9248AB5
                          Function 002D4A0B Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 497 2d4a0b-2d4a0c 498 2d4a0e-2d4a20 497->498 499 2d4a82-2d4a94 497->499 504 2d4a5b-2d4a65 498->504 500 2d4a95-2d4a9b 499->500 502 2d4a9d 500->502 503 2d4a9f-2d4aa1 502->503 502->504 503->500 505 2d4aa3-2d4aaf 503->505 504->499 506 2d4a67-2d4a68 504->506 511 2d4aed-2d4aee 505->511 512 2d4ab1 505->512 507 2d4a6a 506->507 508 2d49f7-2d4a04 LdrLoadDll 506->508 507->502 510 2d4a07-2d4a0a 508->510 513 2d4ab4-2d4ac5 512->513 514 2d4ac6-2d4adb 512->514 513->514 515 2d4add 514->515 516 2d4b44-2d4b58 call 2e87e0 514->516 518 2d4adf-2d4aeb 515->518 519 2d4b5b-2d4b6c 515->519 516->519 518->511
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59613f67ab0b44fc569472441be565e37fa422d4333c6dd1dd2efb647779117c
                          • Instruction ID: 766506e0dc6f57d6d2d75ac6c0be802668cc5afa09e3fa808994926d1fe0e3ee
                          • Opcode Fuzzy Hash: 59613f67ab0b44fc569472441be565e37fa422d4333c6dd1dd2efb647779117c
                          • Instruction Fuzzy Hash: EE21AC777502061BC311DE28D881BF9B728EB51325F14029AF914CB381EA315E3687E0
                          Function 002D4A25 Relevance: 1.6, APIs: 1, Instructions: 96libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 536 2d4a25-2d4a50 538 2d4a9d 536->538 539 2d4a52-2d4a55 536->539 542 2d4a9f-2d4aa1 538->542 543 2d4a5b-2d4a65 538->543 540 2d4a57 539->540 541 2d4a12-2d4a20 539->541 544 2d4a59-2d4a65 540->544 545 2d49e5-2d49ee 540->545 541->536 546 2d4a95-2d4a9b 542->546 547 2d4aa3-2d4aaf 542->547 548 2d4a67-2d4a68 543->548 549 2d4a82-2d4a94 543->549 544->548 544->549 553 2d4a07-2d4a0a 545->553 554 2d49f0-2d49f6 545->554 546->538 555 2d4aed-2d4aee 547->555 556 2d4ab1 547->556 550 2d4a6a 548->550 551 2d49f7-2d4a04 LdrLoadDll 548->551 549->546 550->538 551->553 554->551 557 2d4ab4-2d4ac5 556->557 558 2d4ac6-2d4adb 556->558 557->558 559 2d4add 558->559 560 2d4b44-2d4b58 call 2e87e0 558->560 562 2d4adf-2d4aeb 559->562 563 2d4b5b-2d4b6c 559->563 560->563 562->555
                          APIs
                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 002D4A02
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: Load
                          • String ID:
                          • API String ID: 2234796835-0
                          • Opcode ID: 13101d87153f534a621201f1e41ee956f4d3d49a6db7afff3e75b9ff053a77b7
                          • Instruction ID: abb420f416bbeae4b1dee2bee3bf5c373a2677fe8812f045622f8269d2bcdfbe
                          • Opcode Fuzzy Hash: 13101d87153f534a621201f1e41ee956f4d3d49a6db7afff3e75b9ff053a77b7
                          • Instruction Fuzzy Hash: FD21D2377601478FCB11EE24C851AFAFF64EB96718B6442DBD464CB342D232DD268794
                          Function 002D4990 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 002D4A02
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: Load
                          • String ID:
                          • API String ID: 2234796835-0
                          • Opcode ID: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                          • Instruction ID: eb684f8ca3c2a8b3659d1558592b90ac18bcf64e4af683c44e330b57433cdd62
                          • Opcode Fuzzy Hash: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                          • Instruction Fuzzy Hash: 05015EB5D5020EBBDF10EAE1DC42FDEB7B89B14308F1041A5E91897241F630EB24CB91
                          Function 002C9F20 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                          Download Yara Rule
                          APIs
                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 002C9F62
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateThread
                          • String ID:
                          • API String ID: 2422867632-0
                          • Opcode ID: c463900b9fbcea7865d729dbd8ce692ca1e0d4df9bad2f7c5cf101c691f30119
                          • Instruction ID: b551ba038025dcbf11a0414dce493fb32d8b4bb7c5e2d58788280b8dbe0a3a94
                          • Opcode Fuzzy Hash: c463900b9fbcea7865d729dbd8ce692ca1e0d4df9bad2f7c5cf101c691f30119
                          • Instruction Fuzzy Hash: D0F06D3339034436E22065EA9C03FDBB79C8F85B65F64002AF60DEB5C1D896F8118AA4
                          Function 002C9F1A Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                          Download Yara Rule
                          APIs
                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 002C9F62
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateThread
                          • String ID:
                          • API String ID: 2422867632-0
                          • Opcode ID: 5b05dc4f9ac00e1fb97425b4699cabbd5fdff5ea68f0ab42ae6c2005985b54c1
                          • Instruction ID: 80781d55b543b678ef7fa61cd426f267c7474188d24d06c1e2a3af2ea2699646
                          • Opcode Fuzzy Hash: 5b05dc4f9ac00e1fb97425b4699cabbd5fdff5ea68f0ab42ae6c2005985b54c1
                          • Instruction Fuzzy Hash: C4F0E5322803403AE33066A98C03FDBA79C8F95B60F24021DF609AB5C1C592B4158BA4
                          Function 002E9A90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(002D1E59,?,002E5F17,002D1E59,?,002E5F17,?,002D1E59,002E59BF,00001000,?,00000000), ref: 002E9AC9
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                          • Instruction ID: 7fe2a577ddbaa35eb4ad3dcfaeb17d040801814460474afea98089ca60c4cf0c
                          • Opcode Fuzzy Hash: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                          • Instruction Fuzzy Hash: DEE01A762542187BD614EF59DC42F9B77ACEFC9710F004419FA48A7242D671B9208BF9
                          Function 002D8560 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNELBASE(00008003,?,?,002D2150,002E82FF,?,002D211B), ref: 002D8591
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorMode
                          • String ID:
                          • API String ID: 2340568224-0
                          • Opcode ID: 8078e4b5b8cf14619579fb5ecae74e25a8c9f02cfd6a8169a37789255bfbf125
                          • Instruction ID: 6179c1f81e41b5afb9976582ed979a0214d7ea551d28155b37ed5783568ebf85
                          • Opcode Fuzzy Hash: 8078e4b5b8cf14619579fb5ecae74e25a8c9f02cfd6a8169a37789255bfbf125
                          • Instruction Fuzzy Hash: F7D05E723903057BFA00A6E5DC43F56328D4F04B55F4601A4BA0CEB2C2D965F6208965
                          Function 002D85BB Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNELBASE(00008003,?,?,002D2150,002E82FF,?,002D211B), ref: 002D8591
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3129333283.00000000002C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 002C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2c0000_tzutil.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorMode
                          • String ID:
                          • API String ID: 2340568224-0
                          • Opcode ID: 5193b698df80697d7c25e3d78140eb0ced322a2af1f6f7416de4098c3f257b0d
                          • Instruction ID: 9f20e874073cf74901ef774bc23133fd0473ad188391102156748cf7662055d3
                          • Opcode Fuzzy Hash: 5193b698df80697d7c25e3d78140eb0ced322a2af1f6f7416de4098c3f257b0d
                          • Instruction Fuzzy Hash: BED0971280834919EB619EF06C016922B442F18200B8E889DE48880A83F901CA209600
                          Function 02E82C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: aa3dfd325f4f7620396dc7ef3f7d1b7f674dd86422e4f7e9a578d42c235331d0
                          • Instruction ID: d0a1289ef338c3b805175550c68231c5d2d963a52942e3805d3145fb2e4de5dc
                          • Opcode Fuzzy Hash: aa3dfd325f4f7620396dc7ef3f7d1b7f674dd86422e4f7e9a578d42c235331d0
                          • Instruction Fuzzy Hash: 48B09B719415C5C5DE51F7604A09717790067D1705F15D062D3474646E4778C1D1F175

                          Non-executed Functions

                          Function 02E82890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 423e47ca670be69991fc0343d6bf4f15985beb76e3c72db761c95ca60265a126
                          • Instruction ID: 2a6b9c60259b7a4603f338e705e1ee5411fbace526a64bc915f38c5f3b2f7b7e
                          • Opcode Fuzzy Hash: 423e47ca670be69991fc0343d6bf4f15985beb76e3c72db761c95ca60265a126
                          • Instruction Fuzzy Hash: D251D6B1A40156AFDF11EB98C8809BFF7B8BB08204750E169E9ADD7641D334DE50CBA0
                          Function 02EF2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 9805bd6cc3901b9f7221feaf082cbaf38355206f675188b6ce4f7dab8e05a72f
                          • Instruction ID: 821fbfbe3cad80130c569ab5fa893862168eaab069ef68d5737977f422f0a6ea
                          • Opcode Fuzzy Hash: 9805bd6cc3901b9f7221feaf082cbaf38355206f675188b6ce4f7dab8e05a72f
                          • Instruction Fuzzy Hash: 89511575A80645AFDB70DF9CC8A097FB7F9EB44204B40D45AEB96C7681E7B4DA00CB60
                          Function 02E77630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                          Download Yara Rule
                          Strings
                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02EB46FC
                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02EB4725
                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02EB4655
                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 02EB4787
                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02EB4742
                          • ExecuteOptions, xrefs: 02EB46A0
                          • Execute=1, xrefs: 02EB4713
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID:
                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                          • API String ID: 0-484625025
                          • Opcode ID: 6c4306ff1c07603933ee75d20192679a2a8ed15bfcb8ebcd8a8f75448a72cd30
                          • Instruction ID: fe0652991d69a690f9ca37ed41d77981d463c3cf1df6e45d1ad787a11cc08ee9
                          • Opcode Fuzzy Hash: 6c4306ff1c07603933ee75d20192679a2a8ed15bfcb8ebcd8a8f75448a72cd30
                          • Instruction Fuzzy Hash: FF511B316C02197AEF11AAE4DC95FEAB3B9EF04308F14A4A9E509AB1C1E7719A45CF50
                          Function 02F16940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                          • Instruction ID: ea61e9a238dd718a024d2d1cfabda3a12fcf2fd0259b95b8d79d72eda457687b
                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                          • Instruction Fuzzy Hash: 78022871508341AFD309DF18C890A6FB7EAEFC4744F848A2DFA999B254DB31E905CB42
                          Function 02E8B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: __aulldvrm
                          • String ID: +$-$0$0
                          • API String ID: 1302938615-699404926
                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction ID: 1151ed80f231e10d6edf2eda37e476d28ae7d72ed5faaf588dc01319cac5fe9e
                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction Fuzzy Hash: 9B81B170E852499EDF24AE68C8517FEBBA2AF4531CF18E21DE8DDE7290C7359840CB50
                          Function 02EF20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$[$]:%u
                          • API String ID: 48624451-2819853543
                          • Opcode ID: 2b64f90071700d15a344eccc87e36f37fcfd67b59b77513992fb949499b7e3ba
                          • Instruction ID: f9ac07d2caa95eddb863f2de80980d5ab7f871a94a2c2954500a56a331c933d7
                          • Opcode Fuzzy Hash: 2b64f90071700d15a344eccc87e36f37fcfd67b59b77513992fb949499b7e3ba
                          • Instruction Fuzzy Hash: 77215E76A40119ABDB50DE79C844AEFBBE9EF44748F449126EE49E3240E730DA018BA5
                          Function 02E6F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                          Download Yara Rule
                          Strings
                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02EB02E7
                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02EB02BD
                          • RTL: Re-Waiting, xrefs: 02EB031E
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID:
                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                          • API String ID: 0-2474120054
                          • Opcode ID: 613edf70d37f360dcc50f2a09a47e51aeb7af222924367c695289a0365051a48
                          • Instruction ID: 708b31bbcaa8da5e1caa50a7d5a3c771416bf90ae62365e7cd7f3458458ce61e
                          • Opcode Fuzzy Hash: 613edf70d37f360dcc50f2a09a47e51aeb7af222924367c695289a0365051a48
                          • Instruction Fuzzy Hash: 1EE1F1306887419FD725CF28D888B6BB7E1BF84358F149A5DF5A68B6D1D730E844CB42
                          Function 02E7BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          • RTL: Resource at %p, xrefs: 02EB7B8E
                          • RTL: Re-Waiting, xrefs: 02EB7BAC
                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02EB7B7F
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID:
                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                          • API String ID: 0-871070163
                          • Opcode ID: 98038fd45c9f058b246509bdba45089c1cdbf06d81a5e9d04bac5086dda5c4b3
                          • Instruction ID: 8365677ad7839e73daa24bf4e20d7beb543ecf38d67aae4217e37c9f95bd91ee
                          • Opcode Fuzzy Hash: 98038fd45c9f058b246509bdba45089c1cdbf06d81a5e9d04bac5086dda5c4b3
                          • Instruction Fuzzy Hash: CA41D1313847028BD728DE258C50B6BB7E6EF88B18F109A1DF95AD7680DB31E5058F91
                          Function 02E7B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                          Download Yara Rule
                          APIs
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02EB728C
                          Strings
                          • RTL: Resource at %p, xrefs: 02EB72A3
                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02EB7294
                          • RTL: Re-Waiting, xrefs: 02EB72C1
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                          • API String ID: 885266447-605551621
                          • Opcode ID: 2250c1456516ac989dadcb4762f3e9edb56d2b67d70c97b130beadeb394cfbe8
                          • Instruction ID: ca01135ba9fca7da47fb1f02765208c8377bc52405a2695547b92b1b51b46909
                          • Opcode Fuzzy Hash: 2250c1456516ac989dadcb4762f3e9edb56d2b67d70c97b130beadeb394cfbe8
                          • Instruction Fuzzy Hash: 0A411772A802029BD715DE24CC41BA6B7A6FF94718F10A61DFD59D7640E731E842CBD0
                          Function 02EF2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$]:%u
                          • API String ID: 48624451-3050659472
                          • Opcode ID: 5635d578e5d6364eb48e9dea2727d9b14e040fa27dc040adbee20c2859ab2fa5
                          • Instruction ID: f4c0fb08f9dceaba6a287ad6c3ad4ddb34d9a5984bf312cf16f19d8b328f0e07
                          • Opcode Fuzzy Hash: 5635d578e5d6364eb48e9dea2727d9b14e040fa27dc040adbee20c2859ab2fa5
                          • Instruction Fuzzy Hash: E8318872A415199FDB60DE28CC40BEE77B9EB44714F449596EE49D3140EB30DA448FA0
                          Function 02E87D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: __aulldvrm
                          • String ID: +$-
                          • API String ID: 1302938615-2137968064
                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                          • Instruction ID: 413b8ed7667c710b45beae68909adc5ec5fa18d82a2f157f52785cdb7c8887b0
                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                          • Instruction Fuzzy Hash: 1B91B879E802199ADB24EE5AC8806BEF7A5AF45358F74E51AE8DDE72C0D7309940CB10
                          Function 02E49126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID:
                          • String ID: $$@
                          • API String ID: 0-1194432280
                          • Opcode ID: adc0878f0c76e48b5c0863d64fc4866392a1adef1d34fe7db20b348977e07baf
                          • Instruction ID: 1b1e6a43b2eecb4507a92a82c41a2a726e9759501e28cec160bbb374165b980f
                          • Opcode Fuzzy Hash: adc0878f0c76e48b5c0863d64fc4866392a1adef1d34fe7db20b348977e07baf
                          • Instruction Fuzzy Hash: 1E814B71D402699BDB35DB54CC54BEEB7B9AF48754F0091EAEA09B7240D730AE80CFA0
                          Function 02ECCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                          Download Yara Rule
                          APIs
                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 02ECCFBD
                          Strings
                          Memory Dump Source
                          • Source File: 0000000F.00000002.3131107778.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: true
                          • Associated: 0000000F.00000002.3131107778.0000000002F39000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002F3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 0000000F.00000002.3131107778.0000000002FAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_15_2_2e10000_tzutil.jbxd
                          Similarity
                          • API ID: CallFilterFunc@8
                          • String ID: @$@4rw@4rw
                          • API String ID: 4062629308-2979693914
                          • Opcode ID: fd9946f34aedceb37ec1ac1eb8a68ad5d2b642188b72a526fed4c282805a6ccc
                          • Instruction ID: ef2ea39c4e375e41b8b6275eba06250e3ca9cc428dd54975f2335ab08e8cf2dc
                          • Opcode Fuzzy Hash: fd9946f34aedceb37ec1ac1eb8a68ad5d2b642188b72a526fed4c282805a6ccc
                          • Instruction Fuzzy Hash: B641C171980268DFDB21DF99C940AADBBBAEF44754F10906EFE05DB250D735C801CB64