Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NIENrB5r6b.exe

Overview

General Information

Sample name:NIENrB5r6b.exe
renamed because original name is a hash value
Original sample name:e42694fef0ce2a2df003a2babe0cc567e7ba27771a1558aa20a6f4e54053024d.exe
Analysis ID:1570403
MD5:a3803c97b3e291029df13c32f4651f14
SHA1:d3e957d79770abb14f7dd94b46d749f69879b32b
SHA256:e42694fef0ce2a2df003a2babe0cc567e7ba27771a1558aa20a6f4e54053024d
Tags:exeuser-Chainskilabs
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected XWorm
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NIENrB5r6b.exe (PID: 4432 cmdline: "C:\Users\user\Desktop\NIENrB5r6b.exe" MD5: A3803C97B3E291029DF13C32F4651F14)
    • RegAsm.exe (PID: 3192 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 4796 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • schtasks.exe (PID: 6584 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WerFault.exe (PID: 6780 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 1788 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • RegAsm.exe (PID: 3032 cmdline: C:\Users\user\AppData\Local\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 4404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • RegAsm.exe (PID: 6768 cmdline: C:\Users\user\AppData\Local\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • RegAsm.exe (PID: 5876 cmdline: C:\Users\user\AppData\Local\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 2884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • RegAsm.exe (PID: 2676 cmdline: C:\Users\user\AppData\Local\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 1084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • RegAsm.exe (PID: 6532 cmdline: C:\Users\user\AppData\Local\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 6284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["82.115.223.20"], "Port": 13001, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V3.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6530:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x65cd:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x66e2:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x636a:$cnc4: POST / HTTP/1.1
    00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x1c7840:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x1cf484:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x1d70e0:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x1e0b60:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x1c78dd:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x1cf521:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x1d717d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x1e0bfd:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x1c79f2:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x1cf636:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x1d7292:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x1e0d12:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x1c767a:$cnc4: POST / HTTP/1.1
      • 0x1cf2be:$cnc4: POST / HTTP/1.1
      • 0x1d6f1a:$cnc4: POST / HTTP/1.1
      • 0x1e099a:$cnc4: POST / HTTP/1.1
      Process Memory Space: NIENrB5r6b.exe PID: 4432JoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 2 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.RegAsm.exe.400000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
          3.2.RegAsm.exe.400000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x6730:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x67cd:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x68e2:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x656a:$cnc4: POST / HTTP/1.1
          0.2.NIENrB5r6b.exe.309fc94.1.raw.unpackJoeSecurity_XWormYara detected XWormJoe Security
            0.2.NIENrB5r6b.exe.309fc94.1.raw.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x11ebac:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x1267f0:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x12e44c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x137ecc:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x11ec49:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x12688d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x12e4e9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x137f69:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x11ed5e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x1269a2:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x12e5fe:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x13807e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x11e9e6:$cnc4: POST / HTTP/1.1
            • 0x12662a:$cnc4: POST / HTTP/1.1
            • 0x12e286:$cnc4: POST / HTTP/1.1
            • 0x137d06:$cnc4: POST / HTTP/1.1
            0.2.NIENrB5r6b.exe.30aaad8.2.raw.unpackJoeSecurity_XWormYara detected XWormJoe Security
              Click to see the 3 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
              Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\RegAsm.exe, CommandLine: C:\Users\user\AppData\Local\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\RegAsm.exe, NewProcessName: C:\Users\user\AppData\Local\RegAsm.exe, OriginalFileName: C:\Users\user\AppData\Local\RegAsm.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Local\RegAsm.exe, ProcessId: 3032, ProcessName: RegAsm.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentProcessId: 4796, ParentProcessName: RegAsm.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe", ProcessId: 6584, ProcessName: schtasks.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-06T22:55:32.897577+010028531931Malware Command and Control Activity Detected192.168.2.54984282.115.223.2013001TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: NIENrB5r6b.exeAvira: detected
              Found malware configuration
              Source: 00000003.00000002.4489768167.00000000028F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["82.115.223.20"], "Port": 13001, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V3.1"}
              Multi AV Scanner detection for submitted file
              Source: NIENrB5r6b.exeReversingLabs: Detection: 63%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: NIENrB5r6b.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 3.2.RegAsm.exe.400000.0.unpackString decryptor: 82.115.223.20
              Source: 3.2.RegAsm.exe.400000.0.unpackString decryptor: 13001
              Source: 3.2.RegAsm.exe.400000.0.unpackString decryptor: <123456789>
              Source: 3.2.RegAsm.exe.400000.0.unpackString decryptor: <Xwormmm>
              Source: 3.2.RegAsm.exe.400000.0.unpackString decryptor: USB.exe
              Source: NIENrB5r6b.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: NIENrB5r6b.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb-2246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: RegAsm.exe, 00000003.00000002.4491969795.0000000006100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: @o.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\mscorlib.pdbtc} source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb^0 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\RegAsm.pdbpdbAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb source: RegAsm.exe, 00000006.00000000.2090168777.0000000000C62000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe.3.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbw source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Configuration.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbf source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb2 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Core.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\RegAsm.pdbDc- source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.PDBl4 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: %%.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: mscorlib.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\exe\RegAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb< source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdbi source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000006.00000000.2090168777.0000000000C62000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe.3.dr
              Source: Binary string: ?oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: n0C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Management.pdbH source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdb6 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: mscorlib.pdb246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: RegAsm.exe, 00000003.00000002.4491969795.0000000006100000.00000004.00000020.00020000.00000000.sdmp

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49704 -> 82.115.223.20:13001
              Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49842 -> 82.115.223.20:13001
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: 82.115.223.20
              Source: global trafficTCP traffic: 192.168.2.5:49704 -> 82.115.223.20:13001
              Source: Joe Sandbox ViewASN Name: MIDNET-ASTK-TelecomRU MIDNET-ASTK-TelecomRU
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.20
              Source: RegAsm.exe, 00000003.00000002.4489768167.00000000028F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0.2.NIENrB5r6b.exe.30aaad8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0.2.NIENrB5r6b.exe.30b5934.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0165D1480_2_0165D148
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0165D1580_2_0165D158
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0165B2340_2_0165B234
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F923C80_2_02F923C8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9E6400_2_02F9E640
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F964500_2_02F96450
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F94AC80_2_02F94AC8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F958D00_2_02F958D0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F922D90_2_02F922D9
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F952BA0_2_02F952BA
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F952930_2_02F95293
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9225C0_2_02F9225C
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F953C40_2_02F953C4
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F953410_2_02F95341
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9530B0_2_02F9530B
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F951B20_2_02F951B2
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F946F10_2_02F946F1
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F936E80_2_02F936E8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F936D90_2_02F936D9
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9566C0_2_02F9566C
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F957F50_2_02F957F5
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9575C0_2_02F9575C
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F987480_2_02F98748
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F987390_2_02F98739
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9571E0_2_02F9571E
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F947000_2_02F94700
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F954FF0_2_02F954FF
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F954C80_2_02F954C8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9546B0_2_02F9546B
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F955EB0_2_02F955EB
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F955C40_2_02F955C4
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F955570_2_02F95557
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9FAE00_2_02F9FAE0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F94AB80_2_02F94AB8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F908D80_2_02F908D8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F988D00_2_02F988D0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F988C10_2_02F988C1
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F938390_2_02F93839
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F909B00_2_02F909B0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F909260_2_02F90926
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F9EFD00_2_02F9EFD0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F92C800_2_02F92C80
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F92C700_2_02F92C70
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B04E6480_2_0B04E648
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B04F6C00_2_0B04F6C0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B04C5080_2_0B04C508
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B04DB400_2_0B04DB40
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B04B1380_2_0B04B138
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B0426400_2_0B042640
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B042DD80_2_0B042DD8
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B213B600_2_0B213B60
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B2152100_2_0B215210
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B21125A0_2_0B21125A
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B216F800_2_0B216F80
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B2148700_2_0B214870
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_0B2332880_2_0B233288
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_01015BF03_2_01015BF0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_010164C03_2_010164C0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_010158A83_2_010158A8
              Source: C:\Users\user\AppData\Local\RegAsm.exeCode function: 20_2_013B09B020_2_013B09B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 1788
              Source: NIENrB5r6b.exe, 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiqtjsg4r2h3.dll4 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exe, 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedccw.exe4 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exe, 00000000.00000000.2010186759.0000000000C42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamephpC7F9.tmp5494 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exe, 00000000.00000002.2029847689.000000000127E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exe, 00000000.00000002.2039447268.000000000AE90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameiqtjsg4r2h3.dll4 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exe, 00000000.00000002.2037141972.00000000055B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamephpC7F9.tmp5494 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exeBinary or memory string: OriginalFilenamephpC7F9.tmp5494 vs NIENrB5r6b.exe
              Source: NIENrB5r6b.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0.2.NIENrB5r6b.exe.30aaad8.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0.2.NIENrB5r6b.exe.30b5934.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: NIENrB5r6b.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.evad.winEXE@19/11@0/1
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NIENrB5r6b.exe.logJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1084:120:WilError_03
              Source: C:\Users\user\AppData\Local\RegAsm.exeMutant created: NULL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\ViORF1rAjmREhSw8
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4404:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2884:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4796
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6284:120:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\feee2f64-f088-4462-97a3-73dc805d1df1Jump to behavior
              Source: NIENrB5r6b.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: NIENrB5r6b.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: NIENrB5r6b.exeReversingLabs: Detection: 63%
              Source: unknownProcess created: C:\Users\user\Desktop\NIENrB5r6b.exe "C:\Users\user\Desktop\NIENrB5r6b.exe"
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe"
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\RegAsm.exe C:\Users\user\AppData\Local\RegAsm.exe
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\RegAsm.exe C:\Users\user\AppData\Local\RegAsm.exe
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\RegAsm.exe C:\Users\user\AppData\Local\RegAsm.exe
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\RegAsm.exe C:\Users\user\AppData\Local\RegAsm.exe
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 1788
              Source: unknownProcess created: C:\Users\user\AppData\Local\RegAsm.exe C:\Users\user\AppData\Local\RegAsm.exe
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: NIENrB5r6b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: NIENrB5r6b.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb-2246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: RegAsm.exe, 00000003.00000002.4491969795.0000000006100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: @o.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\mscorlib.pdbtc} source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb^0 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\RegAsm.pdbpdbAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb source: RegAsm.exe, 00000006.00000000.2090168777.0000000000C62000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe.3.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbw source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Configuration.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbf source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb2 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Core.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\RegAsm.pdbDc- source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.PDBl4 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: %%.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: mscorlib.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Management.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\exe\RegAsm.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb< source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdbi source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000006.00000000.2090168777.0000000000C62000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe.3.dr
              Source: Binary string: ?oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: n0C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000003.00000002.4491743910.00000000056AA000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Management.pdbH source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: System.ni.pdb source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdb6 source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.ni.pdbRSDS source: WER7B02.tmp.dmp.18.dr
              Source: Binary string: mscorlib.pdb246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: RegAsm.exe, 00000003.00000002.4491969795.0000000006100000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 0.2.NIENrB5r6b.exe.55b0000.6.raw.unpack, -----------------------------------------.cs.Net Code: _206E_206D_206D_202A_202B_202C_206E_200D_206D_202B_206F_206F_202B_200D_200B_200B_206C_202B_202D_200E_206A_202B_206C_202C_200D_206E_206C_202A_202D_202B_202B_206A_206D_202A_200E_200E_200C_202E_202C_206D_202E System.AppDomain.Load(byte[])
              Source: 0.2.NIENrB5r6b.exe.55b0000.6.raw.unpack, -Module-.cs.Net Code: _202B_206A_200E_200F_200C_202A_206D_202C_206F_202B_200B_200E_202D_206B_202E_202E_206F_202A_202C_206D_200C_206D_202E_200D_200D_206D_202B_200D_200E_206E_200C_206C_202B_202C_200B_202D_202E_206B_206F_200F_202E System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeCode function: 0_2_02F982CD push esi; retf 0_2_02F982CE
              Source: NIENrB5r6b.exeStatic PE information: section name: .text entropy: 7.302175192090406
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\RegAsm.exeJump to dropped file

              Boot Survival

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe"
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: NIENrB5r6b.exe PID: 4432, type: MEMORYSTR
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 2FE0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 5610000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 6610000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 6740000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 7740000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 7A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 8A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 9A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: ABD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: BD10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: C1A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: D1A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 5610000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 6740000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 7A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 8A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: 9A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: FE0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 48F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 3180000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 1470000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: E00000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 49A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: C20000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 4810000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2900000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2900000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 13B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2FC0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 3016Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 6820Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exe TID: 572Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6536Thread sleep count: 32 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6536Thread sleep time: -29514790517935264s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5460Thread sleep count: 3016 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5460Thread sleep count: 6820 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exe TID: 5264Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exe TID: 6388Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exe TID: 6528Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exe TID: 3552Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exe TID: 6204Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, RunPE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, RunPE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, RunPE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, RunPE.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
              Source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, RunPE.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, payload, bufferSize, ref bytesRead)
              Allocates memory in foreign processes
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40A000Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40C000Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 9F4008Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe"Jump to behavior
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002922000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q'PING!<Xwormmm>Program Manager<Xwormmm>0Te]qT
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4489768167.0000000002922000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4489768167.0000000002922000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert-]q
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4489768167.0000000002922000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q'PING!<Xwormmm>Program Manager<Xwormmm>0Te]q@
              Source: RegAsm.exe, 00000003.00000002.4489768167.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4489768167.0000000002922000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\]q@\]q'PING!<Xwormmm>Program Manager<Xwormmm>0
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Users\user\Desktop\NIENrB5r6b.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NIENrB5r6b.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: RegAsm.exe, 00000003.00000002.4488935584.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: es%\Windows Defender\MsMpeng.exe
              Source: RegAsm.exe, 00000003.00000002.4488935584.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4488935584.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4491969795.0000000006100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.30aaad8.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.30b5934.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: NIENrB5r6b.exe PID: 4432, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4796, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.309fc94.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.30aaad8.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.NIENrB5r6b.exe.30b5934.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: NIENrB5r6b.exe PID: 4432, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4796, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Windows Management Instrumentation              		1
              Scheduled Task/Job              		312
              Process Injection              		1
              Masquerading              		OS Credential Dumping21
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job              		1
              DLL Side-Loading              		1
              Scheduled Task/Job              		1
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Native API              		Logon Script (Windows)1
              DLL Side-Loading              		31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Obfuscated Files or Information              		LSA Secrets1
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
              Software Packing              		Cached Domain Credentials13
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1570403 Sample: NIENrB5r6b.exe Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 47 Suricata IDS alerts for network traffic 2->47 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 11 other signatures 2->53 8 NIENrB5r6b.exe 3 2->8         started        12 RegAsm.exe 2 2->12         started        14 RegAsm.exe 1 2->14         started        16 3 other processes 2->16 process3 file4 43 C:\Users\user\AppData\...43IENrB5r6b.exe.log, ASCII 8->43 dropped 57 Writes to foreign memory regions 8->57 59 Allocates memory in foreign processes 8->59 61 Injects a PE file into a foreign processes 8->61 18 RegAsm.exe 4 8->18         started        22 RegAsm.exe 8->22         started        25 conhost.exe 12->25         started        27 conhost.exe 14->27         started        29 conhost.exe 16->29         started        31 conhost.exe 16->31         started        33 conhost.exe 16->33         started        signatures5 process6 dnsIp7 45 82.115.223.20, 13001, 49704, 49736 MIDNET-ASTK-TelecomRU Russian Federation 18->45 41 C:\Users\user\AppData\Local\RegAsm.exe, PE32 18->41 dropped 35 schtasks.exe 1 18->35         started        37 WerFault.exe 20 12 18->37         started        55 Uses schtasks.exe or at.exe to add and modify task schedules 22->55 file8 signatures9 process10 process11 39 conhost.exe 35->39         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              NIENrB5r6b.exe63%ReversingLabsByteCode-MSIL.Trojan.Cassiopeia
              NIENrB5r6b.exe100%AviraTR/Dropper.MSIL.Gen
              NIENrB5r6b.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\RegAsm.exe0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              82.115.223.200%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              No contacted domains info

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              82.115.223.20true
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 00000003.00000002.4489768167.00000000028F1000.00000004.00000800.00020000.00000000.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                82.115.223.20
                		unknownRussian Federation
                		209821MIDNET-ASTK-TelecomRUtrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1570403
                Start date and time:2024-12-06 22:53:09 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 32s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:22
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:NIENrB5r6b.exe
                renamed because original name is a hash value
                Original Sample Name:e42694fef0ce2a2df003a2babe0cc567e7ba27771a1558aa20a6f4e54053024d.exe
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@19/11@0/1
                EGA Information:
                • Successful, ratio: 14.3%
                HCA Information:
                • Successful, ratio: 96%
                • Number of executed functions: 295
                • Number of non-executed functions: 27
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target RegAsm.exe, PID 2676 because it is empty
                • Execution Graph export aborted for target RegAsm.exe, PID 3032 because it is empty
                • Execution Graph export aborted for target RegAsm.exe, PID 4796 because it is empty
                • Execution Graph export aborted for target RegAsm.exe, PID 5876 because it is empty
                • Execution Graph export aborted for target RegAsm.exe, PID 6532 because it is empty
                • Execution Graph export aborted for target RegAsm.exe, PID 6768 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • VT rate limit hit for: NIENrB5r6b.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                16:53:57API Interceptor1x Sleep call for process: NIENrB5r6b.exe modified
                16:54:06API Interceptor7286345x Sleep call for process: RegAsm.exe modified
                22:54:04Task SchedulerRun new task: RegAsm path: C:\Users\user\AppData\Local\RegAsm.exe

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                MIDNET-ASTK-TelecomRUV5P3YggUcy.exeGet hashmaliciousLummaC StealerBrowse
                • 82.115.223.154
                V5P3YggUcy.exeGet hashmaliciousLummaC StealerBrowse
                • 82.115.223.154
                LiteDBViewer.exeGet hashmaliciousLummaC StealerBrowse
                • 82.115.223.154
                file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                • 82.115.223.189
                file.exeGet hashmaliciousClipboard HijackerBrowse
                • 82.115.223.222
                file.exeGet hashmaliciousClipboard HijackerBrowse
                • 82.115.223.222
                HnJdZm51Xl.exeGet hashmaliciousAmadey, Clipboard HijackerBrowse
                • 82.115.223.189
                BWuMwnE7tw.exeGet hashmaliciousUnknownBrowse
                • 82.115.223.189
                file.exeGet hashmaliciousUnknownBrowse
                • 82.115.223.189
                file.exeGet hashmaliciousUnknownBrowse
                • 82.115.223.189

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Users\user\AppData\Local\RegAsm.exeDM6vAAgoCw.exeGet hashmaliciousOrcus, XmrigBrowse
                  File.exeGet hashmaliciousOrcus, XmrigBrowse
                    file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                      yhYrGCKq9s.exeGet hashmaliciousRedLineBrowse
                        file.exeGet hashmaliciousXWormBrowse
                          dX0P4SX3vv.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            Digital Agreement Terms and Payments Comprehensive Evaluation.exeGet hashmaliciousPureLog StealerBrowse
                              Digital Agreement Terms and Payments Comprehensive Evaluation.exeGet hashmaliciousPureLog StealerBrowse
                                DA92phBHUS.exeGet hashmaliciousXWormBrowse
                                  1XZFfxyWZA.exeGet hashmaliciousRedLineBrowse

                                    Created / dropped Files

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B02.tmp.dmp

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Mini DuMP crash report, 14 streams, Fri Dec 6 21:57:45 2024, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):306971
                                    Entropy (8bit):3.6364325126872616
                                    Encrypted:false
                                    SSDEEP:3072:CcpDfBc4uEqzyxLTgGur/EqtawlEIzFIuD:pdpc4+yNTgDEqtrFI
                                    MD5:2261D8D131729747802D5C812B2E22DF
                                    SHA1:DA9FFDB44D83671D748DDCA78C207A3F780C1D81
                                    SHA-256:F979D5C07EE6A1E171763B682F83CE909A74706317014BFEC7F23D37381C5D10
                                    SHA-512:5F5B8775675FC98940937439B3C3DEECC826327C740882041058430038EA51EA10E668CDFCBE8AF2B965AD9081B8CA565D31862FDA04A6C6FF72F4CADAC3D348
                                    Malicious:false
                                    Preview:MDMP..a..... .......YsSg.........................%...........#...i..........T.......8...........T...........xL...b..........l/..........X1..............................................................................eJ.......1......GenuineIntel............T...........urSg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C8A.tmp.WERInternalMetadata.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):6372
                                    Entropy (8bit):3.721134927679553
                                    Encrypted:false
                                    SSDEEP:192:R6l7wVeJia6geKYZaypro89bLfsfRxs5m:R6lXJf6geKYAKLEf3v
                                    MD5:698CB93871A52B9F60C2484B1CA5B3A0
                                    SHA1:391C3FA1C3A4FE16168524F77F8B587E55463095
                                    SHA-256:AC61C078D39FFD7EFD441A7A1B94378D814C85AA92282D13C8CE070BF3653D6D
                                    SHA-512:DFADDF8601B5569EF9DCB0CA209177118CC973A9B7A3814D002D1B7838454C92AB57CBB8EA1BE4E2B47D97C420D61DF83694F5BA567F97B6F9D7DF6DA48E4DA0
                                    Malicious:false
                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.7.9.6.<./.P.i.

                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CAA.tmp.xml

                                    Download File
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4715
                                    Entropy (8bit):4.44520378256987
                                    Encrypted:false
                                    SSDEEP:48:cvIwWl8zsZjJg77aI9HMWpW8VYMYm8M4JfuXmCtFBFRK+q8vZXmC06QgLuOLuLrd:uIjfPI79l7VIJfuX5IKZX59BukuLrd
                                    MD5:2225E4EBBB703A416288DD99ED6EFF3A
                                    SHA1:14230EAB15CDEB521E305DF42115514E976AD0D6
                                    SHA-256:9E74FF6E8EB9A2B2C473E5EF8C770AEDCE94D4B4E189DF707424A4B52E7A7B73
                                    SHA-512:02D2B6FC12D6BAECD93BDC5A27EEF0E0AFD779C7314A370BCF859E2C5D8AFA6A0FB4447C8E4FE9DB8FD35D2B370AF1F25024C7F31EAC8006610838D5EA5E3206
                                    Malicious:false
                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="619980" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NIENrB5r6b.exe.log

                                    Download File
                                    Process:C:\Users\user\Desktop\NIENrB5r6b.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1299
                                    Entropy (8bit):5.342376182732888
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4xLE4qE4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0H6
                                    MD5:D62639C5676A8FA1A0C2215824B6553A
                                    SHA1:544B2C6E7A43CE06B68DF441CC237AB7A742B5CD
                                    SHA-256:761379FF547D28D053F7683499D25F7F1B5523CC7262A2DA64AF26448F7E2D76
                                    SHA-512:5B46D1BDB899D8FA5C7431CA7061CDD1F00BE14CD53B630FAB52E52DA20F4B2BED405F932D7C0E9D74D84129D5BB5DE9B32CC709DA3D6995423E2ED91E92ACD3
                                    Malicious:true
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                    Download File
                                    Process:C:\Users\user\AppData\Local\RegAsm.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):42
                                    Entropy (8bit):4.0050635535766075
                                    Encrypted:false
                                    SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                    MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                    SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                    SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                    SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                    C:\Users\user\AppData\Local\RegAsm.exe

                                    Download File
                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):65440
                                    Entropy (8bit):6.049806962480652
                                    Encrypted:false
                                    SSDEEP:768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
                                    MD5:0D5DF43AF2916F47D00C1573797C1A13
                                    SHA1:230AB5559E806574D26B4C20847C368ED55483B0
                                    SHA-256:C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
                                    SHA-512:F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Joe Sandbox View:
                                    • Filename: DM6vAAgoCw.exe, Detection: malicious, Browse
                                    • Filename: File.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: yhYrGCKq9s.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: dX0P4SX3vv.exe, Detection: malicious, Browse
                                    • Filename: Digital Agreement Terms and Payments Comprehensive Evaluation.exe, Detection: malicious, Browse
                                    • Filename: Digital Agreement Terms and Payments Comprehensive Evaluation.exe, Detection: malicious, Browse
                                    • Filename: DA92phBHUS.exe, Detection: malicious, Browse
                                    • Filename: 1XZFfxyWZA.exe, Detection: malicious, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P...*..0.."........(......-.r...p.rI..p(....s....z.*...0..........(....~P.....o......*..(....*n(.....(..........%...(....*~(.....(..........%...%...(....*.(.....(..........%...%...%...(....*V.(......}Q.....}R...*..{Q...*..{R...*...0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......

                                    \Device\ConDrv

                                    Download File
                                    Process:C:\Users\user\AppData\Local\RegAsm.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1049
                                    Entropy (8bit):4.286073681226177
                                    Encrypted:false
                                    SSDEEP:24:z3d3+DO/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zNODBXZxo4ABV+SrUYE
                                    MD5:402278578416001C915480C7040F2964
                                    SHA1:B4833865ECE3609EC213509D4AB7D7A195C00753
                                    SHA-256:86E0747C9B54AA9AACB788589E70E19279DF13F1393795E689342AF3302912E1
                                    SHA-512:473600FBC051B22E9E7A6FBE1694ED736CF90DE5A8DF92AF1FA9A85DDD97379CFF0E8A5DF89937AE083BEBEFC81C407A907D0FB5ED9019BEDF6FB4703838321B
                                    Malicious:false
                                    Preview:Microsoft .NET Framework Assembly Registration Utility version 4.8.4084.0..for Microsoft .NET Framework version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Syntax: RegAsm AssemblyName [Options]..Options:.. /unregister Unregister types.. /tlb[:FileName] Export the assembly to the specified type library.. and register it.. /regfile[:FileName] Generate a reg file with the specified name.. instead of registering the types. This option.. cannot be used with the /u or /tlb options.. /codebase Set the code base in the registry.. /registered Only refer to already registered type libraries.. /asmpath:Directory Look for assembly references here.. /nologo Prevents RegAsm from displaying logo.. /silent Silent mode. Prevents displaying of success messages.. /verbose Displays extra information..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):7.26870563860879
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:NIENrB5r6b.exe
                                    File size:139'776 bytes
                                    MD5:a3803c97b3e291029df13c32f4651f14
                                    SHA1:d3e957d79770abb14f7dd94b46d749f69879b32b
                                    SHA256:e42694fef0ce2a2df003a2babe0cc567e7ba27771a1558aa20a6f4e54053024d
                                    SHA512:e931a7c371b20b8ac1f4fabad54f09b37c14817f9b9f3070be16e653b37878952a2be60285361f56c34da04627a918a3c49bdbddd5661c8e9ebf6bd8ffca770f
                                    SSDEEP:3072:Qgr4sxNzeKMvW8ac9JCV2lwW2rgymJuSrcW5y8oHsb:tMa/MvW/VmwW8gySrcW5y8oH
                                    TLSH:5DD3E78C766472CFC857C876DEA82CA4EA5064BB531BC203E45326ED9A0D99BCF151F3
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....XRg............................^7... ...@....@.. ..............................V.....@................................

                                    File Icon

                                    Icon Hash:00928e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x42375e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x67525811 [Fri Dec 6 01:49:05 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x237100x4b.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x240000x4e0.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x260000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x217640x218009789667d947b80c82747e99aab30b28fFalse0.7434847248134329data7.302175192090406IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0x240000x4e00x600950923a928bf1aaf3823b54a92e330fdFalse0.376953125data3.775961301767102IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x260000xc0x200e987cdcb828e4cad1507cb9b417a5802False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_VERSION0x240a00x254data0.46476510067114096
                                    RT_MANIFEST0x242f40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-12-06T22:54:17.555801+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.54970482.115.223.2013001TCP
                                    2024-12-06T22:55:32.897577+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.54984282.115.223.2013001TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 6, 2024 22:54:06.941086054 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:07.060900927 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:07.060982943 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:07.195480108 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:07.315390110 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:17.555800915 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:17.675718069 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:27.912230968 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:28.032011032 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:28.981761932 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:28.985760927 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:31.037272930 CET4970413001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:31.038749933 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:31.157074928 CET130014970482.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:31.158678055 CET130014973682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:31.161463976 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:31.197570086 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:31.317492962 CET130014973682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:45.147053003 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:45.266913891 CET130014973682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:53.044584990 CET130014973682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:53.044723034 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:53.286987066 CET4973613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:53.287754059 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:53.406913042 CET130014973682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:53.407618046 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:54:53.407742977 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:53.434572935 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:54:53.554440022 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:03.662265062 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:03.782046080 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:10.006854057 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:10.127051115 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:15.326332092 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:15.326401949 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:19.990022898 CET4978613001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:19.991099119 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:20.109766006 CET130014978682.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:20.110953093 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:20.111033916 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:20.142544031 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:20.262450933 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:20.265805006 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:20.385484934 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:23.194725037 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:23.315082073 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:23.315220118 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:23.435012102 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:25.240384102 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:25.360310078 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:25.480922937 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:25.603391886 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:26.145724058 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:26.265479088 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:26.265748978 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:26.385579109 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:27.113985062 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:27.233752012 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:30.130892038 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:30.250606060 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:30.352554083 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:30.472322941 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:32.552731037 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:32.672488928 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:32.897577047 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:33.017419100 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:33.366966963 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:33.486960888 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:34.506145954 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:34.626228094 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:35.200119972 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:35.320056915 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:35.449472904 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:35.569266081 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:35.569365025 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:35.689237118 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:37.568315983 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:37.689068079 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:38.063647032 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:38.183511019 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:38.209021091 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:38.328877926 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:39.291094065 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:39.411031008 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:40.020097017 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:40.140042067 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:40.140091896 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:40.259916067 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:42.014394045 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:42.014462948 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:42.802572966 CET4984213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:42.804125071 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:42.922302008 CET130014984282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:42.923747063 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:42.923815966 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:43.058753967 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:43.178553104 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:44.507760048 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:44.627623081 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:46.143431902 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:46.263118982 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:46.852230072 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:46.972115993 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:47.130940914 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:47.250724077 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:47.250890970 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:47.370709896 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:47.928214073 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:48.048051119 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:50.376389027 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:50.496145010 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:52.371299982 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:52.491087914 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:53.236622095 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:53.356740952 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:54.945173025 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:55.064877987 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:55.064925909 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:55.185434103 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:55:55.185507059 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:55:55.305458069 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:04.811785936 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:04.812289953 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.568331957 CET4989213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.570808887 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.688265085 CET130014989282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:09.690592051 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:09.690671921 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.720340967 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.843861103 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:09.843910933 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:09.963573933 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:09.963624001 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:10.083431959 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:10.083487988 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:10.203164101 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:12.157208920 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:12.276913881 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:22.990976095 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:23.111068010 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:23.554848909 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:23.674643040 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:25.412153006 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:25.532073021 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:25.532121897 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:25.652369022 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:26.911642075 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:27.031917095 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:27.649019957 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:27.768826008 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:27.768964052 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:27.888716936 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:27.963208914 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:28.082973957 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:29.492726088 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:29.613615036 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:29.613663912 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:29.733366966 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:30.947671890 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:31.067850113 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:31.609031916 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:31.609159946 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:36.318346977 CET4995013001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:36.321064949 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:36.438186884 CET130014995082.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:36.440793037 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:36.442015886 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:36.629908085 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:36.750163078 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:37.367719889 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:37.487560987 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:37.487615108 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:37.607379913 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:37.607439041 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:37.728439093 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:38.159337997 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:38.279361010 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:39.528856993 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:39.649535894 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:39.649591923 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:39.769634962 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:39.769869089 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:39.889743090 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:40.137742043 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:40.257667065 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:40.257720947 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:40.377510071 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:40.754084110 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:40.874042988 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:41.403795958 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:41.523659945 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:41.995074034 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:42.115291119 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:42.136847019 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:42.256669044 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:43.797195911 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:43.917222023 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:43.917275906 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:44.037621021 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:44.037686110 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:44.157740116 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:45.439491034 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:45.559365988 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:46.036050081 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:46.155893087 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:48.117697001 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:48.237546921 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:48.361352921 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:48.481184006 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:49.366749048 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:49.486613035 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:49.486747980 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:49.606468916 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:49.606522083 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:49.726351023 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:51.006927967 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:51.126807928 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:51.494326115 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:51.614173889 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:51.700529099 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:51.820590973 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:51.820637941 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:51.940413952 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:53.425312042 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:53.545187950 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:53.545238972 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:53.664969921 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:53.693490982 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:53.813275099 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:54.115355968 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:54.235272884 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:54.235394955 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:54.355182886 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:54.355232954 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:54.474978924 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:55.439687967 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:55.559571028 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:55.559617043 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:55.679657936 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:55.854811907 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:55.974637032 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:57.692811012 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:57.812813044 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:58.359679937 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:58.359750032 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:58.360121965 CET4998113001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:58.361294031 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:58.479967117 CET130014998182.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:58.481071949 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:58.481278896 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:58.555932999 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:58.675616026 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:59.234217882 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:59.353986025 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:56:59.354089975 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:56:59.473855019 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:01.112251997 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:01.232309103 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:01.518574953 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:01.638526917 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:01.638577938 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:01.758440018 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:01.758490086 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:01.878288031 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:03.607114077 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:03.727031946 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:04.137032032 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:04.257028103 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:05.006305933 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:05.126183987 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:05.519637108 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:05.828747988 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:06.724934101 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:06.844791889 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:06.940557003 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:07.060360909 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:09.593867064 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:09.713749886 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:09.723373890 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:09.843107939 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:10.362099886 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:10.482095003 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:11.415832996 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:11.535600901 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:11.535656929 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:11.655416965 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:11.913172007 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:12.033174038 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:12.033229113 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:12.153033972 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:12.153120995 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:12.272958040 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:13.424266100 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:13.544703960 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:13.544770956 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:13.664609909 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:13.664666891 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:13.784471035 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:14.349319935 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:14.469388962 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:14.475977898 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:14.595741034 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:15.496366978 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:15.617613077 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:15.617676973 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:15.737495899 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:15.737566948 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:15.857964039 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:15.858123064 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:15.977941990 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:16.236742020 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:16.356609106 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:16.356668949 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:16.476538897 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:17.418807030 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:17.538669109 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:17.538816929 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:17.658587933 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:18.062246084 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:18.182074070 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:18.253444910 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:18.373313904 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:19.422338963 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:19.542246103 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:19.542306900 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:19.662139893 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:19.898972034 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:20.018861055 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:20.360040903 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:20.360157013 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.255852938 CET4998213001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.256619930 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.375727892 CET130014998282.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:25.376362085 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:25.380117893 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.432004929 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.551820040 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:25.551868916 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:25.671644926 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:25.962238073 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:26.082103014 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:26.082173109 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:26.201867104 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:26.317137003 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:26.436903954 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:27.618443012 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:27.738404036 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:27.738476992 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:27.858237982 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:29.457649946 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:29.577498913 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:29.577553988 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:29.697346926 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:31.582531929 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:31.702346087 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:31.826229095 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:31.946023941 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:34.122987032 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:34.242902040 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:34.430686951 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:34.550654888 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:35.135859013 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:35.255743027 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:35.307039976 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:35.427155018 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:35.557315111 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:35.677138090 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:35.785001040 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:35.904886961 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:35.912904978 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:36.032711983 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:36.032768011 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:36.152546883 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:36.152699947 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:36.272433996 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:37.116302013 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:37.236515999 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:37.493710995 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:37.613573074 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:37.613626003 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:37.733376980 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:38.018335104 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:38.138219118 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:39.600003958 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:39.721389055 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:39.721447945 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:39.841224909 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:39.841285944 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:39.961461067 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:41.503139973 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:41.623009920 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:42.232243061 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:42.352467060 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:42.929853916 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:43.050189972 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:43.525187969 CET4998313001192.168.2.582.115.223.20
                                    Dec 6, 2024 22:57:43.645025015 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:47.282315969 CET130014998382.115.223.20192.168.2.5
                                    Dec 6, 2024 22:57:47.282473087 CET4998313001192.168.2.582.115.223.20

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:16:53:56
                                    Start date:06/12/2024
                                    Path:C:\Users\user\Desktop\NIENrB5r6b.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\NIENrB5r6b.exe"
                                    Imagebase:0xc40000
                                    File size:139'776 bytes
                                    MD5 hash:A3803C97B3E291029DF13C32F4651F14
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2036230847.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:16:53:57
                                    Start date:06/12/2024
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                    Imagebase:0x3e0000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:16:53:57
                                    Start date:06/12/2024
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                    Imagebase:0x640000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000003.00000002.4488360019.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                    Reputation:high
                                    Has exited:false

                                    General

                                    Target ID:4
                                    Start time:16:54:02
                                    Start date:06/12/2024
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RegAsm" /tr "C:\Users\user\AppData\Local\RegAsm.exe"
                                    Imagebase:0x8f0000
                                    File size:187'904 bytes
                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:16:54:02
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:6
                                    Start time:16:54:04
                                    Start date:06/12/2024
                                    Path:C:\Users\user\AppData\Local\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\RegAsm.exe
                                    Imagebase:0xc60000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Antivirus matches:
                                    • Detection: 0%, ReversingLabs
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:7
                                    Start time:16:54:04
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:10
                                    Start time:16:55:01
                                    Start date:06/12/2024
                                    Path:C:\Users\user\AppData\Local\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\RegAsm.exe
                                    Imagebase:0x6b0000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:11
                                    Start time:16:55:01
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:12
                                    Start time:16:56:00
                                    Start date:06/12/2024
                                    Path:C:\Users\user\AppData\Local\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\RegAsm.exe
                                    Imagebase:0x4e0000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:13
                                    Start time:16:56:00
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:14
                                    Start time:16:57:00
                                    Start date:06/12/2024
                                    Path:C:\Users\user\AppData\Local\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\RegAsm.exe
                                    Imagebase:0x7ff757150000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:15
                                    Start time:16:57:24
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:18
                                    Start time:16:57:44
                                    Start date:06/12/2024
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 1788
                                    Imagebase:0xc00000
                                    File size:483'680 bytes
                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:false

                                    General

                                    Target ID:20
                                    Start time:16:58:00
                                    Start date:06/12/2024
                                    Path:C:\Users\user\AppData\Local\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\RegAsm.exe
                                    Imagebase:0xc70000
                                    File size:65'440 bytes
                                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:21
                                    Start time:16:58:00
                                    Start date:06/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6d64d0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:13.5%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:106
                                      Total number of Limit Nodes:9
                                      execution_graph 51833 b232690 51834 b23281b 51833->51834 51836 b2326b6 51833->51836 51836->51834 51837 b2322f4 51836->51837 51838 b232910 PostMessageW 51837->51838 51839 b23297c 51838->51839 51839->51836 51712 16585e0 51713 1658622 51712->51713 51714 1658628 GetModuleHandleW 51712->51714 51713->51714 51715 1658655 51714->51715 51840 165ee10 51841 165ee78 CreateWindowExW 51840->51841 51843 165ef34 51841->51843 51843->51843 51751 ae71480 51752 ae714c2 51751->51752 51754 ae714c9 51751->51754 51753 ae7151a CallWindowProcW 51752->51753 51752->51754 51753->51754 51755 b220048 51756 b220056 51755->51756 51757 b2200ac 51756->51757 51761 b230e98 51756->51761 51766 b230ab1 51756->51766 51758 b2200a6 51762 b230ea4 51761->51762 51771 b231e29 51762->51771 51786 b231e38 51762->51786 51763 b230eec 51763->51758 51767 b230ea4 51766->51767 51769 b231e29 12 API calls 51767->51769 51770 b231e38 12 API calls 51767->51770 51768 b230eec 51768->51758 51769->51768 51770->51768 51773 b231e5c 51771->51773 51772 b23226f 51772->51763 51773->51772 51774 b231821 WriteProcessMemory 51773->51774 51775 b231828 WriteProcessMemory 51773->51775 51776 b231690 Wow64SetThreadContext 51773->51776 51777 b231688 Wow64SetThreadContext 51773->51777 51801 b231ab0 51773->51801 51805 b231aa4 51773->51805 51809 b231918 51773->51809 51813 b231910 51773->51813 51817 b231768 51773->51817 51821 b231761 51773->51821 51825 b2315e0 51773->51825 51829 b2315d8 51773->51829 51774->51773 51775->51773 51776->51773 51777->51773 51788 b231e5c 51786->51788 51787 b23226f 51787->51763 51788->51787 51789 b2315e0 ResumeThread 51788->51789 51790 b2315d8 ResumeThread 51788->51790 51791 b231761 VirtualAllocEx 51788->51791 51792 b231768 VirtualAllocEx 51788->51792 51793 b231910 ReadProcessMemory 51788->51793 51794 b231918 ReadProcessMemory 51788->51794 51795 b231ab0 CreateProcessA 51788->51795 51796 b231aa4 CreateProcessA 51788->51796 51797 b231821 WriteProcessMemory 51788->51797 51798 b231828 WriteProcessMemory 51788->51798 51799 b231690 Wow64SetThreadContext 51788->51799 51800 b231688 Wow64SetThreadContext 51788->51800 51789->51788 51790->51788 51791->51788 51792->51788 51793->51788 51794->51788 51795->51788 51796->51788 51797->51788 51798->51788 51799->51788 51800->51788 51802 b231b39 51801->51802 51802->51802 51803 b231c9e CreateProcessA 51802->51803 51804 b231cfb 51803->51804 51806 b231b39 51805->51806 51806->51806 51807 b231c9e CreateProcessA 51806->51807 51808 b231cfb 51807->51808 51810 b231963 ReadProcessMemory 51809->51810 51812 b2319a7 51810->51812 51812->51773 51814 b231963 ReadProcessMemory 51813->51814 51816 b2319a7 51814->51816 51816->51773 51818 b2317a8 VirtualAllocEx 51817->51818 51820 b2317e5 51818->51820 51820->51773 51822 b2317a8 VirtualAllocEx 51821->51822 51824 b2317e5 51822->51824 51824->51773 51826 b231620 ResumeThread 51825->51826 51828 b231651 51826->51828 51828->51773 51830 b231620 ResumeThread 51829->51830 51832 b231651 51830->51832 51832->51773 51844 b233d58 CloseHandle 51845 b233dbf 51844->51845 51716 1651828 51717 1651833 51716->51717 51719 1651ad0 51716->51719 51720 1651b15 51719->51720 51724 1651ff9 51720->51724 51728 1652008 51720->51728 51725 165202f 51724->51725 51727 165210c 51725->51727 51732 1651ca8 51725->51732 51730 165202f 51728->51730 51729 165210c 51729->51729 51730->51729 51731 1651ca8 CreateActCtxA 51730->51731 51731->51729 51733 1653098 CreateActCtxA 51732->51733 51735 165315b 51733->51735 51736 165a678 51737 165a6be GetCurrentProcess 51736->51737 51739 165a710 GetCurrentThread 51737->51739 51740 165a709 51737->51740 51741 165a746 51739->51741 51742 165a74d GetCurrentProcess 51739->51742 51740->51739 51741->51742 51743 165a783 51742->51743 51747 165a847 51743->51747 51744 165a7ab GetCurrentThreadId 51745 165a7dc 51744->51745 51748 165a8b7 DuplicateHandle 51747->51748 51750 165a857 51747->51750 51749 165a956 51748->51749 51749->51744 51750->51744

                                      Executed Functions

                                      Function 0B216F80 Relevance: 26.2, Strings: 20, Instructions: 1234COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $eq$,aq$,aq$4c]q$4c]q$heq$heq$heq$|b^q$|b^q$|b^q$$]q$$]q$$]q$c]q$c]q$c]q$c]q${&$(
                                      • API String ID: 0-2467032257
                                      • Opcode ID: d7797203650ef678b88955dc68ca10b18b2995b87461d203b80a09adbc7ae824
                                      • Instruction ID: f749468f3933d0a39728e49621698919112a257aa935ca3176d3b8ae0d285379
                                      • Opcode Fuzzy Hash: d7797203650ef678b88955dc68ca10b18b2995b87461d203b80a09adbc7ae824
                                      • Instruction Fuzzy Hash: 17B24A74B102158FCB14DF29C894A69BBF6FF88700F1589A9E84ADB3A5DB30DD81CB51
                                      Function 0B215210 Relevance: 3.2, Strings: 2, Instructions: 679COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1776 b215210-b215217 1777 b215225 1776->1777 1778 b215219-b215223 1776->1778 1779 b215227-b215229 1777->1779 1778->1779 1780 b215281-b215284 1779->1780 1781 b21522b-b21524a call b214770 1779->1781 1785 b215260-b21527f 1781->1785 1786 b21524c-b21525e 1781->1786 1785->1780 1790 b215285-b2152db 1785->1790 1786->1785 1795 b2152dd-b2152ea 1790->1795 1796 b2152ec 1790->1796 1797 b2152ee-b2152f0 1795->1797 1796->1797 1798 b2152f2-b215328 call b214770 1797->1798 1799 b21532a-b215358 1797->1799 1805 b21535a-b2153a4 call b210840 call b210ed0 1798->1805 1799->1805 1812 b2153a6-b2153a8 1805->1812 1813 b2153aa-b2153ad 1805->1813 1814 b2153b0-b215412 call b2123a8 1812->1814 1813->1814 1821 b21541a-b21542b 1814->1821 1822 b215431-b21543d 1821->1822 1823 b215584-b215588 1821->1823 1826 b21544c-b215455 1822->1826 1827 b21543f-b215444 1822->1827 1824 b215599 1823->1824 1825 b21558a-b215597 1823->1825 1828 b21559b-b21559d 1824->1828 1825->1828 1829 b2155d5-b215603 1826->1829 1830 b21545b-b215480 1826->1830 1827->1826 1831 b2155b4-b2155c0 1828->1831 1832 b21559f-b2155b2 call b214770 1828->1832 1836 b215611-b21561b 1829->1836 1837 b215605-b21560f 1829->1837 1830->1829 1840 b215486-b21552e 1830->1840 1843 b2155c8-b2155d2 1831->1843 1832->1843 1837->1836 1841 b21561e-b215643 1837->1841 1878 b215530-b215558 1840->1878 1879 b21555a 1840->1879 1851 b215652-b21566e 1841->1851 1852 b215645-b21564f 1841->1852 1855 b215670-b215673 1851->1855 1856 b21569a-b2156a7 1851->1856 1860 b2156c2-b215732 1855->1860 1861 b215675-b215698 1855->1861 1857 b2156b0 1856->1857 1858 b2156a9-b2156ae 1856->1858 1862 b2156b8-b2156bf 1857->1862 1858->1862 1871 b215734-b215736 1860->1871 1872 b215738 1860->1872 1861->1855 1861->1856 1873 b21573b-b21578d call b2155f0 1871->1873 1872->1873 1881 b215793-b2157a4 1873->1881 1882 b215a26-b215a39 1873->1882 1883 b21555c-b215560 1878->1883 1879->1883 1886 b2157a6-b2157b9 1881->1886 1887 b2157be-b2157c5 1881->1887 1884 b215a40 1882->1884 1888 b215562-b215565 1883->1888 1889 b215567-b215578 1883->1889 1893 b215a41 1884->1893 1886->1884 1890 b215874-b21587a 1887->1890 1891 b2157cb-b2157d1 1887->1891 1892 b21557b-b21557e 1888->1892 1889->1892 1897 b215880-b215889 1890->1897 1898 b215972-b21597f 1890->1898 1891->1890 1895 b2157d7-b2157e0 1891->1895 1892->1822 1892->1823 1893->1893 1899 b2157e2-b2157e7 1895->1899 1900 b2157ef-b2157f5 1895->1900 1901 b215898-b21589e 1897->1901 1902 b21588b-b215890 1897->1902 1911 b215a05-b215a09 1898->1911 1912 b215985-b21598c 1898->1912 1899->1900 1904 b215a3b 1900->1904 1905 b2157fb-b215801 1900->1905 1903 b2158a4-b2158aa 1901->1903 1901->1904 1902->1901 1907 b2158b8 1903->1907 1908 b2158ac-b2158b6 1903->1908 1904->1884 1909 b215803-b21580d 1905->1909 1910 b21580f 1905->1910 1916 b2158ba-b2158bc 1907->1916 1908->1916 1913 b215811-b215813 1909->1913 1910->1913 1921 b215a11-b215a20 1911->1921 1914 b215992-b21599b 1912->1914 1915 b21598e-b215990 1912->1915 1913->1890 1917 b215815-b21581e 1913->1917 1914->1904 1919 b2159a1 1914->1919 1918 b2159a6-b2159a8 1915->1918 1916->1898 1920 b2158c2-b2158cb 1916->1920 1922 b215820-b215825 1917->1922 1923 b21582d-b215833 1917->1923 1924 b2159aa-b2159b6 1918->1924 1925 b2159cf-b2159d3 1918->1925 1919->1918 1926 b2158da-b2158e0 1920->1926 1927 b2158cd-b2158d2 1920->1927 1921->1881 1921->1882 1922->1923 1923->1904 1929 b215839-b215847 1923->1929 1924->1904 1930 b2159bc-b2159cd 1924->1930 1931 b2159d5-b2159e4 1925->1931 1932 b2159eb-b215a03 1925->1932 1926->1904 1933 b2158e6-b2158ec 1926->1933 1927->1926 1929->1890 1940 b215849-b215852 1929->1940 1930->1911 1931->1932 1934 b2159e6-b2159e9 1931->1934 1932->1884 1935 b2158fa 1933->1935 1936 b2158ee-b2158f8 1933->1936 1934->1911 1939 b2158fc-b2158fe 1935->1939 1936->1939 1941 b215900-b215909 1939->1941 1942 b215934-b215943 1939->1942 1945 b215861-b215867 1940->1945 1946 b215854-b215859 1940->1946 1947 b215918-b21591e 1941->1947 1948 b21590b-b215910 1941->1948 1943 b215952-b215958 1942->1943 1944 b215945-b21594a 1942->1944 1943->1904 1950 b21595e-b21596d 1943->1950 1944->1943 1945->1904 1951 b21586d-b215871 1945->1951 1946->1945 1947->1904 1949 b215924-b215932 1947->1949 1948->1947 1949->1898 1949->1942 1950->1921 1951->1890
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: >e$Hb^q
                                      • API String ID: 0-247287517
                                      • Opcode ID: 4584ab18b6fc0be21074396fb7cfcb03d08e448d4214937642ec2489f4cf4035
                                      • Instruction ID: 3fbf48dc26dafde3f0d15d3d25f9bc121d90c9f06cb2b95ef4289283a40758ee
                                      • Opcode Fuzzy Hash: 4584ab18b6fc0be21074396fb7cfcb03d08e448d4214937642ec2489f4cf4035
                                      • Instruction Fuzzy Hash: 05523A74A202469FCB15DF68C4C4AAEBBF2FF98310F558999E845AB361D730ED41CB90
                                      Function 02F9E640 Relevance: 2.8, Strings: 2, Instructions: 285COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1954 2f9e640-2f9e669 1956 2f9e671 1954->1956 1957 2f9e673 1956->1957 1958 2f9e678-2f9e68d 1957->1958 1959 2f9e693 1958->1959 1960 2f9e8f4-2f9e906 1958->1960 1959->1957 1959->1960 1961 2f9e7b8-2f9e7c5 1959->1961 1962 2f9e6bb-2f9e6d1 1959->1962 1963 2f9e831-2f9e847 1959->1963 1964 2f9e771-2f9e774 1959->1964 1965 2f9e6f0-2f9e701 1959->1965 1966 2f9e8b7-2f9e8cd 1959->1966 1967 2f9e6a8-2f9e6ab 1959->1967 1968 2f9e761-2f9e76c 1959->1968 1969 2f9e7e0-2f9e7e9 1959->1969 1970 2f9e6e3-2f9e6ee 1959->1970 1971 2f9e818-2f9e81e 1959->1971 1972 2f9e798-2f9e79e 1959->1972 1973 2f9e71b-2f9e721 1959->1973 1974 2f9e89a-2f9e8a0 1959->1974 1975 2f9e69a-2f9e6a6 1959->1975 1976 2f9e85e-2f9e864 1959->1976 1977 2f9e751-2f9e75c 1959->1977 1978 2f9e6d3-2f9e6e1 1959->1978 1979 2f9e8d2-2f9e8d8 1959->1979 1980 2f9e809-2f9e813 1959->1980 1981 2f9e7ca-2f9e7cd 1959->1981 1982 2f9e84c-2f9e859 1959->1982 1983 2f9e741-2f9e74c 1959->1983 1984 2f9e787-2f9e793 1959->1984 1961->1958 1962->1958 1963->1958 1992 2f9e77d 1964->1992 1993 2f9e776-2f9e77b 1964->1993 1985 2f9e909-2f9e99c 1965->1985 1990 2f9e707-2f9e716 1965->1990 1966->1958 1988 2f9e6ad-2f9e6b2 1967->1988 1989 2f9e6b4 1967->1989 1968->1958 1969->1985 1997 2f9e7ef-2f9e804 1969->1997 1970->1958 1998 2f9e820-2f9e825 1971->1998 1999 2f9e827 1971->1999 1972->1985 1994 2f9e7a4-2f9e7b3 1972->1994 1973->1985 1991 2f9e727-2f9e73c 1973->1991 1974->1985 2001 2f9e8a2-2f9e8b2 1974->2001 1975->1958 1976->1985 2000 2f9e86a-2f9e87a 1976->2000 1977->1958 1978->1958 1979->1985 1986 2f9e8da-2f9e8ef 1979->1986 1980->1958 1995 2f9e7cf-2f9e7d4 1981->1995 1996 2f9e7d6 1981->1996 1982->1958 1983->1958 1984->1958 2018 2f9e9a4 1985->2018 1986->1958 2006 2f9e6b9 1988->2006 1989->2006 1990->1958 1991->1958 2003 2f9e782 1992->2003 1993->2003 1994->1958 2004 2f9e7db 1995->2004 1996->2004 1997->1958 2005 2f9e82c 1998->2005 1999->2005 2000->1985 2009 2f9e880-2f9e895 2000->2009 2001->1958 2003->1958 2004->1958 2005->1958 2006->1958 2009->1958 2019 2f9e9a9-2f9e9be 2018->2019 2020 2f9ea59-2f9ea5d 2019->2020 2021 2f9e9c4 2019->2021 2021->2018 2021->2020 2022 2f9e9cb-2f9e9d8 2021->2022 2023 2f9e9da-2f9e9e5 2021->2023 2024 2f9e9fa-2f9ea0c 2021->2024 2025 2f9ea0e-2f9ea2e 2021->2025 2026 2f9ea33-2f9ea3f 2021->2026 2027 2f9ea44-2f9ea54 2021->2027 2028 2f9e9e7-2f9e9ea 2021->2028 2022->2019 2023->2019 2024->2019 2025->2019 2026->2019 2027->2019 2029 2f9e9ec-2f9e9f1 2028->2029 2030 2f9e9f3 2028->2030 2032 2f9e9f8 2029->2032 2030->2032 2032->2019
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: '<$ilB
                                      • API String ID: 0-3294446456
                                      • Opcode ID: 650dfeb2611adcca4620bf2309787843a03c958ea3be72f4c173d999457367a1
                                      • Instruction ID: 9bdc70a12b0fb2617a51b6e087bc5d7b154c03621c68f030c3463cf0e3e8c750
                                      • Opcode Fuzzy Hash: 650dfeb2611adcca4620bf2309787843a03c958ea3be72f4c173d999457367a1
                                      • Instruction Fuzzy Hash: 4EB18732719251DFEB44CF38D8905297FA1BF8629075686A7CA16DF2B2C331DC51CB82
                                      Function 02F9225C Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 2033 2f9225c-2f9226d 2034 2f922e9-2f923ee call 2f92788 2033->2034 2035 2f9226f 2033->2035 2037 2f923f4 2034->2037 2035->2034 2038 2f923f6 2037->2038 2039 2f923fb-2f92410 2038->2039 2040 2f9262c-2f92631 2039->2040 2041 2f92416 2039->2041 2041->2038 2041->2040 2042 2f9261a-2f92627 2041->2042 2043 2f9253d-2f92540 2041->2043 2044 2f9241d-2f92420 2041->2044 2045 2f9243f-2f92445 2041->2045 2046 2f924f0-2f924f3 2041->2046 2047 2f92430-2f9243d 2041->2047 2048 2f92553-2f92561 2041->2048 2049 2f92493-2f92499 2041->2049 2050 2f924d5-2f924eb 2041->2050 2051 2f92594-2f9259f 2041->2051 2052 2f92517-2f9251d 2041->2052 2053 2f925ca-2f925d0 2041->2053 2054 2f924ac-2f924c0 2041->2054 2055 2f92463-2f92469 2041->2055 2056 2f924c5-2f924d0 2041->2056 2057 2f925a4-2f925c5 2041->2057 2058 2f92484-2f9248e 2041->2058 2059 2f925e6-2f925ec 2041->2059 2060 2f92506-2f92512 2041->2060 2042->2039 2063 2f92549 2043->2063 2064 2f92542-2f92547 2043->2064 2066 2f92429 2044->2066 2067 2f92422-2f92427 2044->2067 2062 2f92634-2f9263e 2045->2062 2068 2f9244b-2f92461 2045->2068 2074 2f924fc 2046->2074 2075 2f924f5-2f924fa 2046->2075 2047->2039 2048->2062 2065 2f92567-2f92577 2048->2065 2072 2f9249b-2f924a0 2049->2072 2073 2f924a2 2049->2073 2050->2039 2051->2039 2061 2f92523-2f92538 2052->2061 2052->2062 2053->2062 2070 2f925d2-2f925e1 2053->2070 2054->2039 2055->2062 2069 2f9246f-2f9247f 2055->2069 2056->2039 2057->2039 2058->2039 2059->2062 2071 2f925ee-2f925fe 2059->2071 2060->2039 2061->2039 2076 2f9254e 2063->2076 2064->2076 2065->2062 2077 2f9257d-2f9258f 2065->2077 2078 2f9242e 2066->2078 2067->2078 2068->2039 2069->2039 2070->2039 2071->2062 2082 2f92600-2f92615 2071->2082 2079 2f924a7 2072->2079 2073->2079 2081 2f92501 2074->2081 2075->2081 2076->2039 2077->2039 2078->2039 2079->2039 2081->2039 2082->2039
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .6Ak$h
                                      • API String ID: 0-1444390546
                                      • Opcode ID: 7db56003d0e5f7f753a337c7d311d571d5ac6e8d8f31e416e9d2e46388ee7d27
                                      • Instruction ID: 0ca48f7feef7b25ace7baaa359942aeed2560bc98a32e57325c8443e6149a780
                                      • Opcode Fuzzy Hash: 7db56003d0e5f7f753a337c7d311d571d5ac6e8d8f31e416e9d2e46388ee7d27
                                      • Instruction Fuzzy Hash: C291F572718180DFEB058F38D4A5AEA7FB2EF9625071A84A6DDC68F162C731DD46CB40
                                      Function 02F922D9 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 2089 2f922d9-2f923ee call 2f92788 2092 2f923f4 2089->2092 2093 2f923f6 2092->2093 2094 2f923fb-2f92410 2093->2094 2095 2f9262c-2f92631 2094->2095 2096 2f92416 2094->2096 2096->2093 2096->2095 2097 2f9261a-2f92627 2096->2097 2098 2f9253d-2f92540 2096->2098 2099 2f9241d-2f92420 2096->2099 2100 2f9243f-2f92445 2096->2100 2101 2f924f0-2f924f3 2096->2101 2102 2f92430-2f9243d 2096->2102 2103 2f92553-2f92561 2096->2103 2104 2f92493-2f92499 2096->2104 2105 2f924d5-2f924eb 2096->2105 2106 2f92594-2f9259f 2096->2106 2107 2f92517-2f9251d 2096->2107 2108 2f925ca-2f925d0 2096->2108 2109 2f924ac-2f924c0 2096->2109 2110 2f92463-2f92469 2096->2110 2111 2f924c5-2f924d0 2096->2111 2112 2f925a4-2f925c5 2096->2112 2113 2f92484-2f9248e 2096->2113 2114 2f925e6-2f925ec 2096->2114 2115 2f92506-2f92512 2096->2115 2097->2094 2118 2f92549 2098->2118 2119 2f92542-2f92547 2098->2119 2121 2f92429 2099->2121 2122 2f92422-2f92427 2099->2122 2117 2f92634-2f9263e 2100->2117 2123 2f9244b-2f92461 2100->2123 2129 2f924fc 2101->2129 2130 2f924f5-2f924fa 2101->2130 2102->2094 2103->2117 2120 2f92567-2f92577 2103->2120 2127 2f9249b-2f924a0 2104->2127 2128 2f924a2 2104->2128 2105->2094 2106->2094 2116 2f92523-2f92538 2107->2116 2107->2117 2108->2117 2125 2f925d2-2f925e1 2108->2125 2109->2094 2110->2117 2124 2f9246f-2f9247f 2110->2124 2111->2094 2112->2094 2113->2094 2114->2117 2126 2f925ee-2f925fe 2114->2126 2115->2094 2116->2094 2131 2f9254e 2118->2131 2119->2131 2120->2117 2132 2f9257d-2f9258f 2120->2132 2133 2f9242e 2121->2133 2122->2133 2123->2094 2124->2094 2125->2094 2126->2117 2137 2f92600-2f92615 2126->2137 2134 2f924a7 2127->2134 2128->2134 2136 2f92501 2129->2136 2130->2136 2131->2094 2132->2094 2133->2094 2134->2094 2136->2094 2137->2094
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .6Ak$h
                                      • API String ID: 0-1444390546
                                      • Opcode ID: 72346890ec58a7d62771e59f11b8a1c0bd7518c372f10c6a6da7f02975cab10f
                                      • Instruction ID: ba7c3b2b255b81e9af072e797ce96432217861e06d6107b698b351f4bc6c6017
                                      • Opcode Fuzzy Hash: 72346890ec58a7d62771e59f11b8a1c0bd7518c372f10c6a6da7f02975cab10f
                                      • Instruction Fuzzy Hash: 0F91E572718180DFEB058F38D4A5AEA7FF2EF9625071A84A6DDC28B262C731DD46C740
                                      Function 02F953C4 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 6bef49c66d75c0a60274ebcedd2ad404640bb08d32c1230f0b87714c9425ca2d
                                      • Instruction ID: 43965d5767b7a0237f07d5587abcca67aa346af9c7c2ee29d2154e0088f7b69e
                                      • Opcode Fuzzy Hash: 6bef49c66d75c0a60274ebcedd2ad404640bb08d32c1230f0b87714c9425ca2d
                                      • Instruction Fuzzy Hash: 52812471A20246CFEB058FB8C8969BEFFB5FF85200B94C56AD5419B252C730D946CB90
                                      Function 02F95341 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 8e0cb750bca57ceef7e21d2f85d49b11d92278e164519f6b9e1e63425c9bf198
                                      • Instruction ID: 5ee9e3e8c14577c127e755c0b5909d7075768dab9da636232eb98516d71f96ef
                                      • Opcode Fuzzy Hash: 8e0cb750bca57ceef7e21d2f85d49b11d92278e164519f6b9e1e63425c9bf198
                                      • Instruction Fuzzy Hash: 9181F471A241469FE7058FB8C8969BEFFB5FF8A240B94847AD5419B252CB30D906CB90
                                      Function 02F957F5 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 9ee19b62a795598407c34b81bc60c46895cf8de074d04c0781421b0b2672607c
                                      • Instruction ID: 65437e81bd6c6e94fe5411b3681e07d4ac62a0564fdbc0c425787732a98e36f1
                                      • Opcode Fuzzy Hash: 9ee19b62a795598407c34b81bc60c46895cf8de074d04c0781421b0b2672607c
                                      • Instruction Fuzzy Hash: AF713A317141868FEB058FB888976BEBFB5EF86310B54857AD5919B296CB308907CB50
                                      Function 02F951B2 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: e5d5d522ae8a63b011005b4dad0c08c484c31da79c3acb22dc80ff0d30ff532e
                                      • Instruction ID: 861461ce536a85d4e295278d4df626369cd29e488a27a88cffb291fef95ae385
                                      • Opcode Fuzzy Hash: e5d5d522ae8a63b011005b4dad0c08c484c31da79c3acb22dc80ff0d30ff532e
                                      • Instruction Fuzzy Hash: F271E571B141469FE7058FB9C896ABEBFB6FF89300B54847AD6419B252CB309906CB90
                                      Function 02F955EB Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 502f8bd2ea4c971956507e1066c97839986b3247999c9887d3c334db109b88e6
                                      • Instruction ID: f64d363dc1896f9f5f32c3cfb8100d32651893fb3457a22af8de14e22c7f7845
                                      • Opcode Fuzzy Hash: 502f8bd2ea4c971956507e1066c97839986b3247999c9887d3c334db109b88e6
                                      • Instruction Fuzzy Hash: 9481D571B141468FDB06CFB8C896ABEBFB6FF89300B55846AD5419B256CA309D06CB90
                                      Function 02F955C4 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 7b71dc95aa2d696d426bb4601f4a303fd0e6d4dda5025d5a515862cea6175fce
                                      • Instruction ID: d1a6379d03086553664a0acade6161f0b637c7787f2150295c264ed583a36e24
                                      • Opcode Fuzzy Hash: 7b71dc95aa2d696d426bb4601f4a303fd0e6d4dda5025d5a515862cea6175fce
                                      • Instruction Fuzzy Hash: B9711B71B141869FEB068FB8C8965BEBFB5FF86310F54847AD5819B252CA308D07CB91
                                      Function 02F9575C Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 54850342310501e64e12ab1791d4db741a360eee83a430401510cc7e52d8d09a
                                      • Instruction ID: bb3fc2bb3922d26d0fba7205915148c361fe012b93d7c105212b4473738cf422
                                      • Opcode Fuzzy Hash: 54850342310501e64e12ab1791d4db741a360eee83a430401510cc7e52d8d09a
                                      • Instruction Fuzzy Hash: 7E710971B141469FE7098FB988965BFBFB6EF89200B54C47AD545DB252CA308D07CB90
                                      Function 02F952BA Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: a456fe93e2040f0c746967f586de79f608a464d42e721ae3bcb273098664d990
                                      • Instruction ID: 4ab02f72a81729dc5caa90f8df5415caa9d85e3313893cfc5d61aeeef6f3965c
                                      • Opcode Fuzzy Hash: a456fe93e2040f0c746967f586de79f608a464d42e721ae3bcb273098664d990
                                      • Instruction Fuzzy Hash: EC71E631B141868FDB068FB9C8965BEBFB5EF85300B54C47AD581AB252CB309D07CB91
                                      Function 02F9546B Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: f627a948c23338f3fab0da44b7e22be6d7a8ae418348f00233be1928230a69ea
                                      • Instruction ID: 828fe4a4da61fe8ecaa90cb911a8d74ede965498409ffdefb1d86afde1b5dad6
                                      • Opcode Fuzzy Hash: f627a948c23338f3fab0da44b7e22be6d7a8ae418348f00233be1928230a69ea
                                      • Instruction Fuzzy Hash: 3E71F471B141468FE7068FB9C896ABAFFB5FF89200F54C47AD5819B252CB309907CB90
                                      Function 02F95557 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 5915f3806f3039695a1d3358f70cdb90f1d423c8127bce1fa5b4e872b31998f6
                                      • Instruction ID: 67d25f8cd2c1105acd6e41b389df0659a51fa469330d875e0d966241044be856
                                      • Opcode Fuzzy Hash: 5915f3806f3039695a1d3358f70cdb90f1d423c8127bce1fa5b4e872b31998f6
                                      • Instruction Fuzzy Hash: 57710A71B141869FE7058FB98897ABFBFB5EF85300F54847AD5819B252CB309907CB90
                                      Function 02F9566C Relevance: 2.7, Strings: 2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: c802bd98b49fc8d174fb305590ca97ef45c9559ec21ac6dc3f0981d8b5cd90a2
                                      • Instruction ID: 816dd4186686ca5aed1550e4515c910fc0b648c0f4cdda24b82e68e992b49b46
                                      • Opcode Fuzzy Hash: c802bd98b49fc8d174fb305590ca97ef45c9559ec21ac6dc3f0981d8b5cd90a2
                                      • Instruction Fuzzy Hash: B4711731B141468FEB068FB888976BEBFB5FF86200F54C47AD5819B252CB308907CB91
                                      Function 02F9571E Relevance: 2.7, Strings: 2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 6f9e70810d3be67da622a964ac4fd1985a2dfffc492e43d2d475657009c077f6
                                      • Instruction ID: 2bed645baebd4e95fff501c45b9a59f41e255f8092a6534124d605ed6e5b34e7
                                      • Opcode Fuzzy Hash: 6f9e70810d3be67da622a964ac4fd1985a2dfffc492e43d2d475657009c077f6
                                      • Instruction Fuzzy Hash: 4E711871B141869FE7058FB9C8975BEBFB5EF8A200B54847AD5819B252CB308907CB90
                                      Function 02F9530B Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 1a2f5afbbdb437583654a197e1893d1e4825f221000dd29547e485b3b7fef472
                                      • Instruction ID: 399184806cb91b78ed240fbd981bc4df2c8bcacd606c19262ee47689d4a84e53
                                      • Opcode Fuzzy Hash: 1a2f5afbbdb437583654a197e1893d1e4825f221000dd29547e485b3b7fef472
                                      • Instruction Fuzzy Hash: 20610971B141468FE7058FB988976BFBFB5FF8A210F54847AD5819B252CB309907CB90
                                      Function 02F954FF Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: cbe9e1fa66f734ccadb69bed5924ab1ad5130a5fa02c327440478b9ac464c6e6
                                      • Instruction ID: df8e9b70bab7678ff501293f58e404964c0abe9548a42ce684f634e8b29456f9
                                      • Opcode Fuzzy Hash: cbe9e1fa66f734ccadb69bed5924ab1ad5130a5fa02c327440478b9ac464c6e6
                                      • Instruction Fuzzy Hash: CD71F931B141468FE7058FB9C8979BFBFB5EF89210B54847AD5819B252CB309907CBA0
                                      Function 02F954C8 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: c3daf104c6a3f9337e1cb1e978fe7d22dc826bfa09089e40f350203272e55eaf
                                      • Instruction ID: b0f268d5845e4c6d876798a4be5111ae258af1a4aac32a15cb53c058b3160475
                                      • Opcode Fuzzy Hash: c3daf104c6a3f9337e1cb1e978fe7d22dc826bfa09089e40f350203272e55eaf
                                      • Instruction Fuzzy Hash: 1961F871B141468FE7098FB988975BEFFB5FF8A200B54847AD5819B252CB309907CB90
                                      Function 02F95293 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 045cab299ce96e3db29bdda8253e29726a8829de856c80ce88231222ed8d9c08
                                      • Instruction ID: b3b75dfc03f55b04934127a2ebaf119015057f3a6e39180ef4db033e263c9de8
                                      • Opcode Fuzzy Hash: 045cab299ce96e3db29bdda8253e29726a8829de856c80ce88231222ed8d9c08
                                      • Instruction Fuzzy Hash: BA6109317141868FE7068FB988976BEBFB5EF86310F54847AD581DB252CA308D07CB91
                                      Function 02F923C8 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .6Ak$h
                                      • API String ID: 0-1444390546
                                      • Opcode ID: b02dbfc1e3bda7b678ed2278f3ecce6d7851a204f9820662d3c256878b0b3878
                                      • Instruction ID: a5f5d1c855a3a1ea5cbd07fbfc481b405c0eabb0bdc1f506c0a1fc2b8d63a19f
                                      • Opcode Fuzzy Hash: b02dbfc1e3bda7b678ed2278f3ecce6d7851a204f9820662d3c256878b0b3878
                                      • Instruction Fuzzy Hash: AA61E5B2308140DFEF18CF19D5C096A7BA6EB99380B528462EE46DF2A6C730ED45CB45
                                      Function 02F958D0 Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 24a9ac7ba6bfaaa5ebbbd3ae130a2d822b3da689c83653674fd798a5140db1c3
                                      • Instruction ID: 4dd96572bd60ed020933623217c0b5dacadd3b828a2a29d24743a5f8b0d36e31
                                      • Opcode Fuzzy Hash: 24a9ac7ba6bfaaa5ebbbd3ae130a2d822b3da689c83653674fd798a5140db1c3
                                      • Instruction Fuzzy Hash: 8941A471B101198FEB189FA9C89467EBBB6FB88740F51842AD616EB364DF30CD05CB91
                                      Function 0B04E648 Relevance: 1.9, Strings: 1, Instructions: 637COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m
                                      • API String ID: 0-644662977
                                      • Opcode ID: 50595040a66153a86b2bcc6760adddc6c0c037d705684563f0099c195678e13a
                                      • Instruction ID: b936179dd096a252660fe66c1e98b803dcfd28c79259353db9169ff7b9d81dd5
                                      • Opcode Fuzzy Hash: 50595040a66153a86b2bcc6760adddc6c0c037d705684563f0099c195678e13a
                                      • Instruction Fuzzy Hash: AA426AB0A00211CFDB6DCF2AD58866ABBF2BF84315F144979E146CBA91CB75EC81CB51
                                      Function 0B04F6C0 Relevance: .7, Instructions: 737COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f35faa45924c01f013624a86f0e17ea6412d90206900d4e3f5ef9d2c7828263
                                      • Instruction ID: eedaef74c2e0e9359cf6f408c723b8b56db0d2c4fe82ddb9554ca8649525bfbe
                                      • Opcode Fuzzy Hash: 0f35faa45924c01f013624a86f0e17ea6412d90206900d4e3f5ef9d2c7828263
                                      • Instruction Fuzzy Hash: 8F525DB4B002169FCB59DF68D594AAEBBF2FF88310B158568E909DB361DB34DC41CB90
                                      Function 0B213B60 Relevance: .6, Instructions: 640COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29fac013566ada2048723543e350a9d5151843a65be5508a1f07b8f9a6fd6b15
                                      • Instruction ID: 5a315ff474ba7d43f3a012d587a3a62967a251983915597e3d9a5fc25937f02e
                                      • Opcode Fuzzy Hash: 29fac013566ada2048723543e350a9d5151843a65be5508a1f07b8f9a6fd6b15
                                      • Instruction Fuzzy Hash: 59426C70B102059FDB19EF69C494AAEBBF2BF89300F158868E41ADB395DB35EC45CB50
                                      Function 0B233288 Relevance: .6, Instructions: 629COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d80c8c615b2ab0b085ed5e9b40d43d59beff8c5ce667f0fdf1b682c02dcce53
                                      • Instruction ID: d6196643331439866a773bca39518c90d3889c6deacd178b8367001f58a84ff1
                                      • Opcode Fuzzy Hash: 4d80c8c615b2ab0b085ed5e9b40d43d59beff8c5ce667f0fdf1b682c02dcce53
                                      • Instruction Fuzzy Hash: 82328EB0B112059FDB19DB69C890BAEBBF6AF88B00F14446DE546DB3A0CB35DE41CB54
                                      Function 02F94AC8 Relevance: .5, Instructions: 500COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1c4b2efd304f84b6fe5010e418141a49b66a4da105a893d62c4769b5edd5b79
                                      • Instruction ID: 9169a86e1dddfe4d1c3e647cf1469e50d0d13663f2f573f77e8de95d98924a07
                                      • Opcode Fuzzy Hash: f1c4b2efd304f84b6fe5010e418141a49b66a4da105a893d62c4769b5edd5b79
                                      • Instruction Fuzzy Hash: 2C021234B142558FDB15CF28C8A5A6EBBF2EF85340B18C46AD566DB3A5C731EC02CB91
                                      Function 0B04C508 Relevance: .4, Instructions: 401COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d08238de36d21b9cffdc0aa494cf2b20088b7575a6ae7877ac2de47bcb7fdea
                                      • Instruction ID: 0d25c14c47895e0f201f02010851403a18eee873c2a9cd697900d1b64a79da24
                                      • Opcode Fuzzy Hash: 7d08238de36d21b9cffdc0aa494cf2b20088b7575a6ae7877ac2de47bcb7fdea
                                      • Instruction Fuzzy Hash: D8F15E70A112099FDB19DFA5D858AAEBBF2FF88300F108469E816EB355DB34EC45CB50
                                      Function 0B21125A Relevance: .4, Instructions: 393COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c41e54ab58d5a2980e9bd2cd1f3fc3046dd6bd512d2c3e62e6623fb6db69f4d3
                                      • Instruction ID: d5117481e1c481fb7a037c00f6cb0853f1f6cb3b68d367ed0a21ffba31e28d5d
                                      • Opcode Fuzzy Hash: c41e54ab58d5a2980e9bd2cd1f3fc3046dd6bd512d2c3e62e6623fb6db69f4d3
                                      • Instruction Fuzzy Hash: C1F16B35A207058FCB25CF69C484AAEBBF2BF58301F148969E55AEB7A1D734E851CF40
                                      Function 02F96450 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9d95bfb4931b0fbb19f54e013406e96d521736f3359855cdababddc3d1a4d28
                                      • Instruction ID: cb710e021d43688b5ef53dc2d89f5be637ffa2903cad96b87dd82c6714ce20ac
                                      • Opcode Fuzzy Hash: d9d95bfb4931b0fbb19f54e013406e96d521736f3359855cdababddc3d1a4d28
                                      • Instruction Fuzzy Hash: 49310872B043028BFF594ABD5A5013B698FABC66C0714883A9707CF398DE24CD02C792
                                      Function 0B046758 Relevance: 6.4, Strings: 5, Instructions: 169COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 789 b046758-b04676f 790 b046775 789->790 791 b04691e-b046956 789->791 792 b046783-b046788 790->792 793 b04677c-b04677e 790->793 794 b04678d-b04678f 790->794 795 b046798-b04679a 790->795 797 b046914-b04691b 792->797 793->797 798 b046791-b046793 794->798 799 b0467c8-b0467dc 794->799 800 b0467a3-b0467af 795->800 801 b04679c-b04679e 795->801 798->797 807 b0467de-b0467e4 799->807 805 b0467b1-b0467b6 800->805 806 b0467bb-b0467bf 800->806 801->797 805->797 806->799 808 b0467c1-b0467c3 806->808 810 b0467f5-b0467f8 807->810 811 b0467e6-b0467f3 807->811 808->797 812 b046816-b04681b 810->812 813 b0467fa-b046814 810->813 814 b04681d-b046821 811->814 812->807 812->814 813->814 818 b046823-b046825 814->818 819 b04682a 814->819 818->797 820 b04682d-b04682f 819->820 823 b046831-b046836 820->823 824 b04683b-b046840 820->824 823->797 825 b046842-b046846 824->825 826 b046848-b04684a 824->826 825->826 827 b04684c 825->827 828 b046856-b04685a 826->828 827->828 828->820 829 b04685c-b046860 828->829 830 b046862-b046864 829->830 831 b046869-b04686f 829->831 830->797 832 b046897-b04689c 831->832 833 b046871-b04687b 831->833 834 b04689f-b0468ab 832->834 833->832 836 b04687d-b046895 833->836 838 b0468dc-b0468e1 834->838 839 b0468ad-b0468b6 834->839 836->832 840 b0468e3-b0468e7 838->840 841 b0468e9-b0468eb 838->841 843 b0468d5-b0468da 839->843 844 b0468b8-b0468d3 839->844 840->841 845 b0468ed 840->845 846 b0468f7-b0468fb 841->846 843->797 844->838 844->843 845->846 846->834 849 b0468fd-b046901 846->849 850 b046907-b046909 849->850 851 b046903-b046905 849->851 853 b046912 850->853 854 b04690b-b046910 850->854 851->797 853->797 854->797
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m$ m$ m$ m$ m
                                      • API String ID: 0-220326396
                                      • Opcode ID: c79fc939fb30d67ad78462f8e57e63bd3819d80657482f388c62fae1923d9833
                                      • Instruction ID: 87073750a3a300af592b0227600172071e37e313dcccaecfd7baaf5784469c1a
                                      • Opcode Fuzzy Hash: c79fc939fb30d67ad78462f8e57e63bd3819d80657482f388c62fae1923d9833
                                      • Instruction Fuzzy Hash: 1E5192B0F002068FDB6C8E65845427F7BE6AB8AA54F2489BDD512C7244FB32DD85C7A1
                                      Function 0165A668 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 855 165a668-165a707 GetCurrentProcess 859 165a710-165a744 GetCurrentThread 855->859 860 165a709-165a70f 855->860 861 165a746-165a74c 859->861 862 165a74d-165a781 GetCurrentProcess 859->862 860->859 861->862 863 165a783-165a789 862->863 864 165a78a-165a7a5 call 165a847 862->864 863->864 868 165a7ab-165a7da GetCurrentThreadId 864->868 869 165a7e3-165a845 868->869 870 165a7dc-165a7e2 868->870 870->869
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0165A6F6
                                      • GetCurrentThread.KERNEL32 ref: 0165A733
                                      • GetCurrentProcess.KERNEL32 ref: 0165A770
                                      • GetCurrentThreadId.KERNEL32 ref: 0165A7C9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: a8fb62ffeb96df7821aa34e007c550b485136f49a84ad2f99a3e5e417fafd532
                                      • Instruction ID: 3166841ed3eba150a721572c9cedbfa6e5501fb4fd43ac9689f804ba61b64b1e
                                      • Opcode Fuzzy Hash: a8fb62ffeb96df7821aa34e007c550b485136f49a84ad2f99a3e5e417fafd532
                                      • Instruction Fuzzy Hash: 805166B09003498FDB59DFA9D948BAEBFF1EF88314F20855DE40AA7250D7345984CF65
                                      Function 0165A678 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 877 165a678-165a707 GetCurrentProcess 881 165a710-165a744 GetCurrentThread 877->881 882 165a709-165a70f 877->882 883 165a746-165a74c 881->883 884 165a74d-165a781 GetCurrentProcess 881->884 882->881 883->884 885 165a783-165a789 884->885 886 165a78a-165a7a5 call 165a847 884->886 885->886 890 165a7ab-165a7da GetCurrentThreadId 886->890 891 165a7e3-165a845 890->891 892 165a7dc-165a7e2 890->892 892->891
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0165A6F6
                                      • GetCurrentThread.KERNEL32 ref: 0165A733
                                      • GetCurrentProcess.KERNEL32 ref: 0165A770
                                      • GetCurrentThreadId.KERNEL32 ref: 0165A7C9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: e95f6520277a0f7e993532450a5cdf73fe79ed9e2c14a3c97fcefae950333ddc
                                      • Instruction ID: b21ec3fdbac713d021b65c1067185acda8892f4e817f15cdcfcc4bd4565148cf
                                      • Opcode Fuzzy Hash: e95f6520277a0f7e993532450a5cdf73fe79ed9e2c14a3c97fcefae950333ddc
                                      • Instruction Fuzzy Hash: 0F5155B09003098FDB58DFAAD988BAEBFF1EB88314F208559E409A7350D7356984CF65
                                      Function 0B218168 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 981 b218168-b218181 982 b218183-b218185 981->982 983 b2181bb-b2181e0 981->983 984 b2181e7-b21820c 982->984 985 b218187-b218189 982->985 983->984 987 b218213-b21826c 984->987 985->987 988 b21818f-b218198 985->988 1003 b218278-b2182b2 987->1003 1004 b21826e 987->1004 989 b2181a6 988->989 990 b21819a-b2181a4 988->990 992 b2181a8-b2181ab 989->992 990->992 997 b2181b3-b2181b8 992->997 1004->1003
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (aq$(aq$(aq$`
                                      • API String ID: 0-1997867318
                                      • Opcode ID: 58bcf0c3ce5e209f0a1f3f2adeffd2a685a07ff7bd328a32c379d624ed3cfcb5
                                      • Instruction ID: abc76a71d7923c45a4aeb20ee3e99e6da1708443e68b69661d1a75773b8b1a24
                                      • Opcode Fuzzy Hash: 58bcf0c3ce5e209f0a1f3f2adeffd2a685a07ff7bd328a32c379d624ed3cfcb5
                                      • Instruction Fuzzy Hash: 6C3124317146464FC755DF6DD89096FBBE6EFD93A03248A29E809DB385DE31ED028390
                                      Function 0B219DE8 Relevance: 3.3, Instructions: 3309COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1071 b219de8-b219df4 1072 b219df6 1071->1072 1073 b219df8-b219dfe 1071->1073 1072->1073 1074 b219e00-b219e05 1073->1074 1075 b219e2f-b219eb0 1073->1075 1076 b219e07-b219e0c 1074->1076 1077 b219e1e-b219e24 1074->1077 1086 b219eb2-b219ef7 1075->1086 1087 b219f07-b219f29 1075->1087 1770 b219e0e call b219de8 1076->1770 1771 b219e0e call b219dd8 1076->1771 1077->1075 1078 b219e26-b219e2e 1077->1078 1080 b219e14-b219e17 1080->1077 1772 b219ef9 call b21d751 1086->1772 1773 b219ef9 call b21d760 1086->1773 1774 b219ef9 call b21d808 1086->1774 1775 b219ef9 call b21d7b8 1086->1775 1090 b219f2b 1087->1090 1091 b219f2d-b219f44 1087->1091 1090->1091 1094 b219f51-b21a0e5 1091->1094 1095 b219f46-b219f50 1091->1095 1120 b21d6c2-b21d700 1094->1120 1121 b21a0eb-b21a145 1094->1121 1098 b219eff-b219f06 1121->1120 1127 b21a14b-b21ceea 1121->1127 1127->1120 1678 b21cef0-b21cf5f 1127->1678 1678->1120 1683 b21cf65-b21cfd4 1678->1683 1683->1120 1688 b21cfda-b21d553 1683->1688 1688->1120 1753 b21d559-b21d6c1 1688->1753 1770->1080 1771->1080 1772->1098 1773->1098 1774->1098 1775->1098
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c46b78d4439c29606919db3839dc6cb07f55850bb8ea4b1e58190244177a512f
                                      • Instruction ID: 8a027a9d428b14c53b3a6380af89d74c8edd2482bfba14f53d55cedb21d4c974
                                      • Opcode Fuzzy Hash: c46b78d4439c29606919db3839dc6cb07f55850bb8ea4b1e58190244177a512f
                                      • Instruction Fuzzy Hash: D5637D70A412199FEB259FA4CC94BAEBA72FB88740F1040E9E7097B2D0DB715E84CF55
                                      Function 02F940D9 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: h-ND$$]q
                                      • API String ID: 0-914910118
                                      • Opcode ID: 141f17f7d21a0747652cb9d28828bbf195a310e23b8bffeb5b9bc92967a257ee
                                      • Instruction ID: bc81fce5b4b8d5b8a6800e0839b96a23093ba7bc6f63a236b164ac36180dd4b0
                                      • Opcode Fuzzy Hash: 141f17f7d21a0747652cb9d28828bbf195a310e23b8bffeb5b9bc92967a257ee
                                      • Instruction Fuzzy Hash: DA5122317102418FD7549B7988663AB7FE7FFD5240B28C8B9C846DB7A6CA348C478750
                                      Function 02F90FB1 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 73524d59f31c588437cbe2a2bf69e6d14ae328808279198dff32b31ee6c456e2
                                      • Instruction ID: 6bfca03c33404c3de1f844fd36db1a396e4055001dfe956565fb687a1aa3825a
                                      • Opcode Fuzzy Hash: 73524d59f31c588437cbe2a2bf69e6d14ae328808279198dff32b31ee6c456e2
                                      • Instruction Fuzzy Hash: 92510430B101868FDB45DFB8C8A66BEBFF6FF85750F188169C54A97265CA318D02CB50
                                      Function 02F9D268 Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 6649fb57720a03570530d8bbeef90719571a19bd465b5e37043ce078fa2450bf
                                      • Instruction ID: 39e93325b03fa15fd2072c78d46885db67c3d80bccf63e6f5ab7e6bfebc1ad32
                                      • Opcode Fuzzy Hash: 6649fb57720a03570530d8bbeef90719571a19bd465b5e37043ce078fa2450bf
                                      • Instruction Fuzzy Hash: E0418471B102198FDB04DFA9C894ABEBAF6BF88750F218569D605EB364CB31DD01CB91
                                      Function 02F91020 Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q
                                      • API String ID: 0-3320153681
                                      • Opcode ID: 66be85057fd6406fc545a548d760d7a6a6b4bcec0716c8316f94339050b2586c
                                      • Instruction ID: 94bfd2576d26237bbdf68ed6efa80219d7cde308b4fb870c0a1814fb86a5b050
                                      • Opcode Fuzzy Hash: 66be85057fd6406fc545a548d760d7a6a6b4bcec0716c8316f94339050b2586c
                                      • Instruction Fuzzy Hash: E741A475F0010A8FDB04DFA9C895A7FB7B6FB88740F108529D605EB3A4CA719D01CB51
                                      Function 0B218AA0 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: dQ$dQ
                                      • API String ID: 0-3648994286
                                      • Opcode ID: 2026dcb094b799d55846ea94e7a7a6831fde02abe74e17e789890e02b8d5a2dc
                                      • Instruction ID: 267e4501f0a40c959691a4d2a78f4a717c5149e52f33576d46fd4fa0730f464e
                                      • Opcode Fuzzy Hash: 2026dcb094b799d55846ea94e7a7a6831fde02abe74e17e789890e02b8d5a2dc
                                      • Instruction Fuzzy Hash: 82F0E932B292168F8B08DEB8B4854EB77E9EB4813571445BBE00EDB291EF31D940C794
                                      Function 0B231AA4 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B231CE6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: b7f90cf8b463dafe57234120b9ca60e385a06d591aa8f71022b26fec3e874ff8
                                      • Instruction ID: 73cc7185a79132a366dabce4d22d20dd308c9bf2781b94877c6c0c114d46536f
                                      • Opcode Fuzzy Hash: b7f90cf8b463dafe57234120b9ca60e385a06d591aa8f71022b26fec3e874ff8
                                      • Instruction Fuzzy Hash: E4A18EB1D1021A8FDB24CF69C880BDDBBB2FF49B15F148569D808B7280DB749995CF92
                                      Function 0B231AB0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B231CE6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: e7bb0c7ac9e4e6b6c4f11aa6304c179c359c0dc3c6825fe18e69ec1f03ce112b
                                      • Instruction ID: f97fb3f8f2503e7286afb5288ac8ba7dc19c494634546536d1ef8beb7f8cc5c4
                                      • Opcode Fuzzy Hash: e7bb0c7ac9e4e6b6c4f11aa6304c179c359c0dc3c6825fe18e69ec1f03ce112b
                                      • Instruction Fuzzy Hash: 13917CB1D1021A8FDB24CF69C8807EDBBB2BF49B15F148569D808B7280DB749995CF92
                                      Function 0B045C40 Relevance: 1.7, Strings: 1, Instructions: 411COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ({
                                      • API String ID: 0-631187086
                                      • Opcode ID: e72424280d64d5c9fa8665a3f2f15dfa6eb1ff74fff29e93b14fc91c3b0eaeab
                                      • Instruction ID: 51901fb9d7e704e0de4092006e8ff391f28336867bb8cf25e23b72e3b6d38fcc
                                      • Opcode Fuzzy Hash: e72424280d64d5c9fa8665a3f2f15dfa6eb1ff74fff29e93b14fc91c3b0eaeab
                                      • Instruction Fuzzy Hash: 5AE19FB0B1060A8BCB59EB6CD89066E77E2FF95744F248539E816DB358EF34DC058B81
                                      Function 0165EE05 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0165EF22
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 6810d211b0c2a14df280639722629f53de1a52a2beb1d99f743739c077614426
                                      • Instruction ID: f72f38e8b7273b52fc64a027fb83ea69de84a24da860ca753af0617d92f5be5e
                                      • Opcode Fuzzy Hash: 6810d211b0c2a14df280639722629f53de1a52a2beb1d99f743739c077614426
                                      • Instruction Fuzzy Hash: F551BDB1D103099FDF14CF9AD984ADEFBB5BF48310F24812AE819AB210DB75A945CF90
                                      Function 0165EE10 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0165EF22
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 5e5e88be23d13130ec0e68b43f867dac4aa5dac885fa376a625d79a1bd6fa367
                                      • Instruction ID: a96dbbe876e80e8afe2286dc1885c76abd8611adf77ae064e851566dab6f3a50
                                      • Opcode Fuzzy Hash: 5e5e88be23d13130ec0e68b43f867dac4aa5dac885fa376a625d79a1bd6fa367
                                      • Instruction Fuzzy Hash: 9241A0B1D103499FDF14CF9AC984ADEFBB5BF48310F24812AE819AB210D775A945CF91
                                      Function 0165A847 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0165A947
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: b448318ef8100145344d687c0ab641283d71abf1fb8dad976bdc4e10ed30231c
                                      • Instruction ID: 5546de4270c08029f097c30c93ea72bbcff62dd62aacdd23e0c213d49776f3da
                                      • Opcode Fuzzy Hash: b448318ef8100145344d687c0ab641283d71abf1fb8dad976bdc4e10ed30231c
                                      • Instruction Fuzzy Hash: 2B417B769002499FCB01CF99D844AEEBFF5FF89310F14805AE959A7361C3359915DFA0
                                      Function 0165308C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01653149
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 8834390d34295b6eaf05db7081c176b536205b7b3a267c34ceb53062cf490238
                                      • Instruction ID: a0f33541e580d0e9cbc6168dea62355035bf8c222a7df576226d8fc870fb7e4a
                                      • Opcode Fuzzy Hash: 8834390d34295b6eaf05db7081c176b536205b7b3a267c34ceb53062cf490238
                                      • Instruction Fuzzy Hash: 7341F2B0C00719CFDB24CFA9C884BDEBBB1BF49704F20806AD408AB251DB716946CF91
                                      Function 01651CA8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01653149
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 9b0a8a59071a46ef821f9f108eb89174d676034f6886404d740478a3bcadf470
                                      • Instruction ID: 01288ec21557d5587883dbe8b50c261f87ec0a8b4b066cae65dd146ef80775cc
                                      • Opcode Fuzzy Hash: 9b0a8a59071a46ef821f9f108eb89174d676034f6886404d740478a3bcadf470
                                      • Instruction Fuzzy Hash: 9441C1B0C00719CBDB25DFAAC844BDEBBB5BF49704F20806AD409AB251DB75694ACF91
                                      Function 0AE71480 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                      Download Yara Rule
                                      APIs
                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 0AE71541
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039422601.000000000AE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AE70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_ae70000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CallProcWindow
                                      • String ID:
                                      • API String ID: 2714655100-0
                                      • Opcode ID: a9fd0152cc1d3ca42523c6b8b9e6cfbb0fc67139ac90f32d36eeb191e510041a
                                      • Instruction ID: 47f14b3b70d0606327d9b613a3e2beafb2eaef6e16f7c5126786768007300271
                                      • Opcode Fuzzy Hash: a9fd0152cc1d3ca42523c6b8b9e6cfbb0fc67139ac90f32d36eeb191e510041a
                                      • Instruction Fuzzy Hash: F14116B49003099FCB18DF99C848AAEBBF6FB88314F25C559D519AB321D735A941CFA0
                                      Function 0B231821 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B2318B8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: b3bee237b54ee6ee062efe3fbe97069826c7cc96d4e745430b76196df9c3583f
                                      • Instruction ID: 34defc2830d09b3d39e0fb85bb7ab0be05cefffe9ae8be9bf99d9667c3428e88
                                      • Opcode Fuzzy Hash: b3bee237b54ee6ee062efe3fbe97069826c7cc96d4e745430b76196df9c3583f
                                      • Instruction Fuzzy Hash: 9A2135B5D103099FDB10CFA9C984BDEBBF1FF48310F10882AE519A7240C7789554CBA0
                                      Function 0B231828 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B2318B8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: 54866a80bb8e51ba1694385ca066b5f095588586d8c7051233aa706fb35b7333
                                      • Instruction ID: b355213264cbe6c3286b74e3ea297fa4bedc186fbe284c8dfb836cd930099e6d
                                      • Opcode Fuzzy Hash: 54866a80bb8e51ba1694385ca066b5f095588586d8c7051233aa706fb35b7333
                                      • Instruction Fuzzy Hash: DB2157B1D003099FDB10CFAAC885BDEBBF5FF48310F108429E919A7240C7789950CBA5
                                      Function 0B231910 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B231998
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: c2f45ce763913981f5640ea33608a1776fc2ceedc7bf40ed101de48ff6481538
                                      • Instruction ID: 8e083f95d435e9827d0c24b18dbd165aa40c8dea4c09373d81eb14da2e331dbc
                                      • Opcode Fuzzy Hash: c2f45ce763913981f5640ea33608a1776fc2ceedc7bf40ed101de48ff6481538
                                      • Instruction Fuzzy Hash: BC2148B1D002099FCB10CFAAC985AEEBBF5FF48310F10842AE519A3240C7349555CBA1
                                      Function 0165A8B8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0165A947
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 0f41171b9dd0c197457904b7279eda4936ddd77152b4fc84f0d7f26b5b44d364
                                      • Instruction ID: 6871c3863374621f3fcaed9b511074e4b2f4384b6cabe6b1e9e9bf94305eb123
                                      • Opcode Fuzzy Hash: 0f41171b9dd0c197457904b7279eda4936ddd77152b4fc84f0d7f26b5b44d364
                                      • Instruction Fuzzy Hash: A02103B5D102099FDB10CFAAD984AEEBBF4FB48320F14842AE918A3310C374A944CF60
                                      Function 0B231688 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B23170E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID:
                                      • API String ID: 983334009-0
                                      • Opcode ID: d281305c982ce2eb40d76b4d85fcec032523215f798d856f8b0ac9ff55ae8c26
                                      • Instruction ID: 57ee343044eed600d184bafb381c35d4cffc7536a785d3229fbd124ea14d3f03
                                      • Opcode Fuzzy Hash: d281305c982ce2eb40d76b4d85fcec032523215f798d856f8b0ac9ff55ae8c26
                                      • Instruction Fuzzy Hash: 252168B1D102098FCB10CFAAC5857EEBBF5EF88314F14842AD419B7240CB789945CFA1
                                      Function 0B231690 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B23170E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID:
                                      • API String ID: 983334009-0
                                      • Opcode ID: a4083a5fb6817a67059bebcf0df146d78f4150d087b82111517e0c4fe49ebd45
                                      • Instruction ID: 4841e1e20ca9df7f1b2678abf714d67828db8373bf8cbd02e69a4076f0195255
                                      • Opcode Fuzzy Hash: a4083a5fb6817a67059bebcf0df146d78f4150d087b82111517e0c4fe49ebd45
                                      • Instruction Fuzzy Hash: C82149B1D103098FDB10DFAAC5857EEBBF4EF88314F148429D519A7240CB78A945CFA1
                                      Function 0B231918 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B231998
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: c3c7932d0160a3876bb8be79b7eeb1214f557e69c8ec747ab3c2c1988802ecdd
                                      • Instruction ID: 9a193e78481576e9766ad8caad77eabcaddb50245d6cacf4564c8a6f9c24382e
                                      • Opcode Fuzzy Hash: c3c7932d0160a3876bb8be79b7eeb1214f557e69c8ec747ab3c2c1988802ecdd
                                      • Instruction Fuzzy Hash: 262139B1D003499FCB10DFAAC885AEEFBF5FF48310F108429E519A7240C7359555DBA1
                                      Function 0165A8C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0165A947
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 59ae354945a25ad7cd477754069de8e3460ea26d9139c011f084b62c23d7ebb9
                                      • Instruction ID: 09ec0540b61ca5d739a973ff412b196ec9f6271bba8495e7f6a125a71499aa7f
                                      • Opcode Fuzzy Hash: 59ae354945a25ad7cd477754069de8e3460ea26d9139c011f084b62c23d7ebb9
                                      • Instruction Fuzzy Hash: 2D21E4B5D002099FDB10CF9AD984ADEBFF8FB48310F14801AE918A3310D375A944CFA1
                                      Function 0B231761 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B2317D6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 84433fffd39c496fd845c436f40298ebb7303d05ddbbe4d0048648f31608e942
                                      • Instruction ID: 92c607e1f76fd60de8810f08f1e340ee052c1303ecaa7b9616ced1ca4c020095
                                      • Opcode Fuzzy Hash: 84433fffd39c496fd845c436f40298ebb7303d05ddbbe4d0048648f31608e942
                                      • Instruction Fuzzy Hash: AE1147759002499FCB20DFAAC944ADEBFF5EB88720F248819E519A7250CB359554CFA1
                                      Function 0B231768 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B2317D6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 79b0a70d43a62c9d2c582fadb79944a8974ceb21b0adff9360ba9f474fb4dd70
                                      • Instruction ID: 558241a8216fd097ed4b39e9278a5ba32328e34c839ca04e6f3e7c34a6152815
                                      • Opcode Fuzzy Hash: 79b0a70d43a62c9d2c582fadb79944a8974ceb21b0adff9360ba9f474fb4dd70
                                      • Instruction Fuzzy Hash: E01137B5D002499FCB10DFAAC845ADFBFF5EF88720F248419E519A7250CB75A550CFA1
                                      Function 0B2315D8 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 7139ba25ec9dc1e43f620c8be98a7f3eabd1c17b850b95d351d1119ae89da055
                                      • Instruction ID: 2ab3013ea8f3834c3295769f4b97d861328cc8d386bf9adf724799a258d875ed
                                      • Opcode Fuzzy Hash: 7139ba25ec9dc1e43f620c8be98a7f3eabd1c17b850b95d351d1119ae89da055
                                      • Instruction Fuzzy Hash: 821158B1D002498FCB20DFAAC5497DEFFF5EB88724F24841AD519A7240CB35A544CF95
                                      Function 0B2315E0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 81b48fc9b15bca6b7aca98d2f2b993ca610192f54cb7533c21faaa8c3ada400d
                                      • Instruction ID: 937a7fdf2209d23564cf07c80e09aca391859f13cd805f99ba4acf0608457226
                                      • Opcode Fuzzy Hash: 81b48fc9b15bca6b7aca98d2f2b993ca610192f54cb7533c21faaa8c3ada400d
                                      • Instruction Fuzzy Hash: A61136B1D003498FCB20DFAAC4457DEFBF8EB88724F24841AD519A7240CB75A945CFA5
                                      Function 016585DA Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01658646
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 90176e44e0468825516c85783d506674f66f3668527419d38af0e0aedcd51289
                                      • Instruction ID: 4b4c2365f17e23a6283b1dd1b5f1d868a11a9c7eb3f7214f80f5c8f9bd59da93
                                      • Opcode Fuzzy Hash: 90176e44e0468825516c85783d506674f66f3668527419d38af0e0aedcd51289
                                      • Instruction Fuzzy Hash: 0911F0B5C013498FDB64CF9AD944ADEFBF4EB88310F10846AD819B7610C375A545CFA1
                                      Function 0B2322F4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B23296D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: efe367db7ef5d58a111791afde6009b3b4bf5db4f310de1ebb5a9a2625f9372a
                                      • Instruction ID: bdfab9d467709d62e44aac0d5ea1027343a390bbe1d551c6350dfd14f926f958
                                      • Opcode Fuzzy Hash: efe367db7ef5d58a111791afde6009b3b4bf5db4f310de1ebb5a9a2625f9372a
                                      • Instruction Fuzzy Hash: C01103B5810349DFCB10DF9AD988BDEFBF8EB48720F208459E919A7240C375A944CFA5
                                      Function 016585E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01658646
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 5f71ad78d99fdfd85893af8a7b2106768dd88dcd04f58fe122a4f0a52a1979ad
                                      • Instruction ID: 0dd81d7102fcdf1a3b7e6de4f61ae8ab348ce26e9cc147f38d930b0ec048fb62
                                      • Opcode Fuzzy Hash: 5f71ad78d99fdfd85893af8a7b2106768dd88dcd04f58fe122a4f0a52a1979ad
                                      • Instruction Fuzzy Hash: 3B1110B5C003498FDB10CF9AD844ADEFBF8EB88310F10842AD919B7610C379A545CFA1
                                      Function 0B232909 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B23296D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 01ee766102cc1e253e465af60593941d681a78551045620aa11a27b21d905141
                                      • Instruction ID: 99f7e35bb057cce884b11b9d6ced6644ec2c1f34510f8e4f8cd38bfb61051af3
                                      • Opcode Fuzzy Hash: 01ee766102cc1e253e465af60593941d681a78551045620aa11a27b21d905141
                                      • Instruction Fuzzy Hash: 0B1133B5800349DFCB10CF9AD884BDEBBF8EB48320F208419E518A3210C375A944CFA1
                                      Function 0B0475E0 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,aq
                                      • API String ID: 0-3092978723
                                      • Opcode ID: 06bb1f6035a8d66ff27aae47245ea43291f0b24d97a73fd9e746fcf278abe274
                                      • Instruction ID: 12e7e93e630b282416eb88fb92049b8396279bfc5dfd90ccf1fa2221225662c3
                                      • Opcode Fuzzy Hash: 06bb1f6035a8d66ff27aae47245ea43291f0b24d97a73fd9e746fcf278abe274
                                      • Instruction Fuzzy Hash: 5BA14FB0A102059FCB19DF69D55496EBBF2FF89740F248529E9069B394DF30EC06CB91
                                      Function 0B219A9B Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: >e
                                      • API String ID: 0-801173227
                                      • Opcode ID: 01dfab42778487eaa02d5009f8f526594195200d0d358c0f2138e6c3b7f3c3e2
                                      • Instruction ID: f53a996fd2b948029e3111444aa8e631ddf31cc57b48fb63b810cd84254d9c11
                                      • Opcode Fuzzy Hash: 01dfab42778487eaa02d5009f8f526594195200d0d358c0f2138e6c3b7f3c3e2
                                      • Instruction Fuzzy Hash: C091D271A11311CFCB1ACF68C894AAEBBF2FF8A322F1484ADE1459B355D7349852CB51
                                      Function 0B046E18 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $]q
                                      • API String ID: 0-1007455737
                                      • Opcode ID: 5fac46194333eb71fd2d010adbad4db337fa4588157e33c55aff462b0939f4c1
                                      • Instruction ID: 805afb24130963a24c00ca7c95c9af28e30fdb2098b371ad41258f75fb1e1c03
                                      • Opcode Fuzzy Hash: 5fac46194333eb71fd2d010adbad4db337fa4588157e33c55aff462b0939f4c1
                                      • Instruction Fuzzy Hash: 55613971A00105CFC758DF69E858AAEB7F1FB89711F1184A9E816EB394EB31EC45CB90
                                      Function 0B219B70 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: >e
                                      • API String ID: 0-801173227
                                      • Opcode ID: 41a32fc04315c14df3185574aa97b2c86afe5ad2b65e582d0798f0bdb405d45b
                                      • Instruction ID: aab27200d63c16eab373c4a96eccdb7a04f2f1415decc3341fe3c6ebd52dfda2
                                      • Opcode Fuzzy Hash: 41a32fc04315c14df3185574aa97b2c86afe5ad2b65e582d0798f0bdb405d45b
                                      • Instruction Fuzzy Hash: 9D616D70E112059FCB05DFA9D894AAEBBF3FF99310F248929E416A7354DB309C82CB50
                                      Function 02F96C7B Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: <fL"
                                      • API String ID: 0-1582263930
                                      • Opcode ID: a75ffc6ceab5a54883aa2faaeafc6dca32c7d9f1a213ec51f05edfdf74da3a6d
                                      • Instruction ID: de7b4d3dae6f43d57d5bd7f9dc9b3f07afc6571966a375f37d581b47179cdf2b
                                      • Opcode Fuzzy Hash: a75ffc6ceab5a54883aa2faaeafc6dca32c7d9f1a213ec51f05edfdf74da3a6d
                                      • Instruction Fuzzy Hash: DA51CF71A282C18FDB674B7899B72FABFB5ED8325031CC5FAD8D09A167D6118807CB00
                                      Function 02F96CD0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: sl *
                                      • API String ID: 0-1463553886
                                      • Opcode ID: d48bea976362e64420cd18991c2201898f8aa18895fe0452cd78039876f8e449
                                      • Instruction ID: 2dfa3cdeeef9d8486a18137dc1f26b92b1fca865790896e6778e7bc69bef378a
                                      • Opcode Fuzzy Hash: d48bea976362e64420cd18991c2201898f8aa18895fe0452cd78039876f8e449
                                      • Instruction Fuzzy Hash: C751BD71A282C18FDB674B7899B72F6BFB5ED8325031CC5FAD9D18A1A7D6108807CB40
                                      Function 0B2139A8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 582194a53cead8050e624e62d97c3ad16709c2d34b7ae2ec0d26391f6da32b24
                                      • Instruction ID: a09cd925e47cba8537996324187deaec0a1d218363f79d64df2ead370fd436e9
                                      • Opcode Fuzzy Hash: 582194a53cead8050e624e62d97c3ad16709c2d34b7ae2ec0d26391f6da32b24
                                      • Instruction Fuzzy Hash: 26518C71A1021AAFCB15CFA8C885AEEBBF6FF58300F148469E815EB255D730DE44CB90
                                      Function 0B2162E8 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4']q
                                      • API String ID: 0-1259897404
                                      • Opcode ID: 668907b0586779381215834bcff4890834dc971b66b407834012aa7334f026d2
                                      • Instruction ID: cb0e3331266c688342aa874939bbc6e89edb299f3e1296bcd1e5e5caa2a0b866
                                      • Opcode Fuzzy Hash: 668907b0586779381215834bcff4890834dc971b66b407834012aa7334f026d2
                                      • Instruction Fuzzy Hash: 275188B5A007069FC705DF68C48499EBBF2FF89314B258AA9E449DB362D730ED45CB90
                                      Function 0B045C30 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ({
                                      • API String ID: 0-631187086
                                      • Opcode ID: e8e84a2cf209fa18a75464225e70425a429d4d1d24609eb5c91a27edfebef4ee
                                      • Instruction ID: c740f6f78b0fc89f6fb6951ccb69716a930bb8a7a402b0eae8517206e8f3bebc
                                      • Opcode Fuzzy Hash: e8e84a2cf209fa18a75464225e70425a429d4d1d24609eb5c91a27edfebef4ee
                                      • Instruction Fuzzy Hash: 7B418270A102099FCB59DF68E895A9EBBF6FF85340F148468E815AB360DF35EC05CB90
                                      Function 0B2162F8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4']q
                                      • API String ID: 0-1259897404
                                      • Opcode ID: 41ceceeac9ff7c391f4e0809daf1b2d5c9506dc377f45b1a1a7659ed2ebcebbb
                                      • Instruction ID: b50f57edd02c081b3bbc2f631d5fc557fbb5da47448235ef6a5d276ed6430a66
                                      • Opcode Fuzzy Hash: 41ceceeac9ff7c391f4e0809daf1b2d5c9506dc377f45b1a1a7659ed2ebcebbb
                                      • Instruction Fuzzy Hash: 4D5175B5A00706DFC705DF68C48489EBBF2FF89314B258AA9E4499B362D730ED45CB90
                                      Function 0B048B00 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `]bq
                                      • API String ID: 0-248503667
                                      • Opcode ID: 4bd23a7a20fbaf52cbdf213ea0782f63eaa459727d5239499b16b36ba7a229cf
                                      • Instruction ID: 6dd89e610f08fbe4d70789e899737720c90adb989546b74b1af418ca46d7d092
                                      • Opcode Fuzzy Hash: 4bd23a7a20fbaf52cbdf213ea0782f63eaa459727d5239499b16b36ba7a229cf
                                      • Instruction Fuzzy Hash: 9C41EFB07007058FCB19DF69C94496ABBF5EF89710B0588B9D909CB3A2DB70EC41CBA1
                                      Function 0B047058 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /
                                      • API String ID: 0-1947442784
                                      • Opcode ID: b6b706833604302b8607375710993a583245b40b4508d222f65d10e839421302
                                      • Instruction ID: 61524886b3fd563ab8ba94102f720db3a1bc53a341454cc47649db71b2d94d12
                                      • Opcode Fuzzy Hash: b6b706833604302b8607375710993a583245b40b4508d222f65d10e839421302
                                      • Instruction Fuzzy Hash: F8314C74B002058FCB19DF39C89046EBBF6BF8965071889A9E905DB366DB34EC05CB91
                                      Function 0B213997 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 9fd89d272575909b37f463700967c0b3be8a9c07cc76257cc602448d52e40641
                                      • Instruction ID: 1e416d22f2c86bcbb09c4f5f1a075ca4413fb92ce803e9421afde4490e7a2160
                                      • Opcode Fuzzy Hash: 9fd89d272575909b37f463700967c0b3be8a9c07cc76257cc602448d52e40641
                                      • Instruction Fuzzy Hash: B7219172A01219AFCB11CFA9C884DEFBFF9EF89310B14846AE914DB251D730DA55DB90
                                      Function 0B046290 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4']q
                                      • API String ID: 0-1259897404
                                      • Opcode ID: cdbea41b9ba6df203da0eb8d7548fbe159a29f3f8f2707d64701118b98c7e9eb
                                      • Instruction ID: 30b838d617a596af19bdf6e21d65df2c74c58162012c8badf140aa80b832add9
                                      • Opcode Fuzzy Hash: cdbea41b9ba6df203da0eb8d7548fbe159a29f3f8f2707d64701118b98c7e9eb
                                      • Instruction Fuzzy Hash: E8318D71A00205DFC718CF68D584AAE77F6FF4A310B2444A9E816DB361DB31EC40CB60
                                      Function 02F91AA8 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: lmLU
                                      • API String ID: 0-1467378342
                                      • Opcode ID: 97f71cf8d221270fd806461e219d9f5d82d0a34f38e8c474447b9da607b1b1b3
                                      • Instruction ID: 30e7ff23b5680997cb12a0b6162f80f2e985f7dc834534522a4adb8c2ae38711
                                      • Opcode Fuzzy Hash: 97f71cf8d221270fd806461e219d9f5d82d0a34f38e8c474447b9da607b1b1b3
                                      • Instruction Fuzzy Hash: 7921C931E00209CFEB15CFA4D8405AFBBF6EB88350F20813AD906A7390D3319D56CB61
                                      Function 02F97688 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: {=_
                                      • API String ID: 0-1858852281
                                      • Opcode ID: 6f16177966a044c816b2b1a41dae23c1d4f4950cebd43bb7458fdf3d7205ebd6
                                      • Instruction ID: fbb10a8cf883e1a8319362b0f97867b6aaf63cd39944714daed40e5eaa1a571a
                                      • Opcode Fuzzy Hash: 6f16177966a044c816b2b1a41dae23c1d4f4950cebd43bb7458fdf3d7205ebd6
                                      • Instruction Fuzzy Hash: C9014572B283519FD749872A6C41527FFA7EBD6290308C533D909CB350DB24D8228BA0
                                      Function 0B233D52 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 0B233DB0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 8f899813889fe4696011ac932baa488b07614027a047fe99f120ad16000c5e09
                                      • Instruction ID: 38cfa360f1c697f97bb02eec0e29241d7749e16316f3e8daecca148e4e2096a4
                                      • Opcode Fuzzy Hash: 8f899813889fe4696011ac932baa488b07614027a047fe99f120ad16000c5e09
                                      • Instruction Fuzzy Hash: 321125B5C106498FCB10DF9AC585BDEBBF4EF48320F10845AD558A7340D739A544CFA5
                                      Function 0B233D58 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 0B233DB0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039831161.000000000B230000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B230000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b230000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 042415c8f3da9f0f27920a3f266325025cb11804b7c1045b43346af748d78aba
                                      • Instruction ID: c36d19babab571c26931e9499a7587c48dcabc93ba1282d3d8e57a3318acfe3b
                                      • Opcode Fuzzy Hash: 042415c8f3da9f0f27920a3f266325025cb11804b7c1045b43346af748d78aba
                                      • Instruction Fuzzy Hash: 7D1115B5C103498FCB20DF9AD585BDEBBF4EB48320F24845AD558A7340D739A644CFA5
                                      Function 02F9CAD8 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: sGMp
                                      • API String ID: 0-952699743
                                      • Opcode ID: 7cd55da930a5d4fc75007bcc9563fddd5b8f87be09c6f186586bf51fe4f07aa5
                                      • Instruction ID: cd4ab0768077ae2165b76149d9cc6a45fb772ff7e8f88cf13ea245662d970ce2
                                      • Opcode Fuzzy Hash: 7cd55da930a5d4fc75007bcc9563fddd5b8f87be09c6f186586bf51fe4f07aa5
                                      • Instruction Fuzzy Hash: 66018170E05208DFDB44DFA4A69815DBBF1FB99244F24C4A6C509E7254E6309B518B50
                                      Function 0B047A80 Relevance: .4, Instructions: 399COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d06116a814b321779cd815e292788c7a8fb4e7b747b534a33ac20a6298581575
                                      • Instruction ID: eecb0bdfe29884c68eee4079fb3905fd4430e63b97737c442c0f28fc169befce
                                      • Opcode Fuzzy Hash: d06116a814b321779cd815e292788c7a8fb4e7b747b534a33ac20a6298581575
                                      • Instruction Fuzzy Hash: 44F138B5B006018FDB59DF2AC489A6EBBF2FF85214F1984A9E546CB361CB34EC01CB51
                                      Function 0B04A008 Relevance: .3, Instructions: 296COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8c3fac4dd0d1e59c9f5197bf3fd47a4d0f95ad13f6250dc3368415b7dc3a98a
                                      • Instruction ID: e12b713ca87abfc280b3e1472511d5323486d9f9c68c18f9998446ba59c03fa7
                                      • Opcode Fuzzy Hash: a8c3fac4dd0d1e59c9f5197bf3fd47a4d0f95ad13f6250dc3368415b7dc3a98a
                                      • Instruction Fuzzy Hash: EBB18AB07406018FDB69CE39C54462BB7E2BF84741F144839E896D7691EB39ED41CB61
                                      Function 0B211DF8 Relevance: .3, Instructions: 269COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4b3e5ab90c58685824b2a0b7cb18d95f1759128d24687c2c76d07798ab6263a
                                      • Instruction ID: 7e90b9f901ced3cf8f8abc93c9d76ba3cabcdd353150fd90ff19ff0e6b1b6997
                                      • Opcode Fuzzy Hash: d4b3e5ab90c58685824b2a0b7cb18d95f1759128d24687c2c76d07798ab6263a
                                      • Instruction Fuzzy Hash: B7B17C30624342CFD721CF24D5C4B66BBE6EF60315F4889AAE5498F6A2D379EC85CB50
                                      Function 0B0491B8 Relevance: .2, Instructions: 248COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 144990fa0f58fd271edea71f84a252196060280cfe23b809ba38612cf0ff111f
                                      • Instruction ID: c9a90b166801fc2c470fdd76b2adeb08a5dc3a09a114d58e6125bdcd1835930c
                                      • Opcode Fuzzy Hash: 144990fa0f58fd271edea71f84a252196060280cfe23b809ba38612cf0ff111f
                                      • Instruction Fuzzy Hash: 9F91B2707002058FCB55EB78E8996AFBBB3FFC5300B109829E9029B394CF359D098B95
                                      Function 0B04F6B1 Relevance: .2, Instructions: 247COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 34284f82b3e1c062459b7fb95a46dca19dce1260653eae6807a9e3bbf4d6903f
                                      • Instruction ID: b25a9621fb3764d96660c05f8e549d68c5e96aadb29212b7ce930284faef4052
                                      • Opcode Fuzzy Hash: 34284f82b3e1c062459b7fb95a46dca19dce1260653eae6807a9e3bbf4d6903f
                                      • Instruction Fuzzy Hash: F6A16DB4B002069FDB59DF65D494AAEBBF2FF89300F148069E8199B3A5DB34DC41CB90
                                      Function 0B04F686 Relevance: .2, Instructions: 238COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 026c44ac03c91b324350d40f2fc9bfd512d1c312ca48b4f9d0f79e2dfcdc3a75
                                      • Instruction ID: ab7cf11764100725e6abe7ca9e7bfad38bd52f250eb342bcc53bcd3cac2e1d5a
                                      • Opcode Fuzzy Hash: 026c44ac03c91b324350d40f2fc9bfd512d1c312ca48b4f9d0f79e2dfcdc3a75
                                      • Instruction Fuzzy Hash: 94917FB4B002069FDB59DF65D494AAEBBF2FF88300F148468E9199B3A5DB35DC41CB90
                                      Function 0B04756B Relevance: .2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f45300cd95b6f5651123f49579c083d1dc623d5665e11e773524e896a9f85de0
                                      • Instruction ID: 63d81e2306089acf446e122ae70da4ab0b2f5586cf9f4aef279b41305b726b02
                                      • Opcode Fuzzy Hash: f45300cd95b6f5651123f49579c083d1dc623d5665e11e773524e896a9f85de0
                                      • Instruction Fuzzy Hash: 9281A0B0A103058FCB19DF68D9549AEBBF2FF85300B14856AE8569F365DB30AC06CB91
                                      Function 0B210618 Relevance: .2, Instructions: 208COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 606a16aff0eb60f869d0576785d7668ed54112dd4bcc45a259700810c60d52fe
                                      • Instruction ID: 41471d6f2ceaa24523c966325a837e7c70320c691ae3deb41b8d14983c9cf444
                                      • Opcode Fuzzy Hash: 606a16aff0eb60f869d0576785d7668ed54112dd4bcc45a259700810c60d52fe
                                      • Instruction Fuzzy Hash: 34819D35A0020A9FCB01DFA9C884AEFFBF5FF88310F148566E915E7251D730A995CBA0
                                      Function 0B04E327 Relevance: .2, Instructions: 207COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf3b9f301ca41f3b1d583bd30c7f4e7dea4d2bdcb3f361a26a27cbeb08efae3b
                                      • Instruction ID: 031ceb614e841d728bda82ed33499acaf628628778073c9d972cabbc4e51db61
                                      • Opcode Fuzzy Hash: bf3b9f301ca41f3b1d583bd30c7f4e7dea4d2bdcb3f361a26a27cbeb08efae3b
                                      • Instruction Fuzzy Hash: 0B818FB06013068FDB29DF28D544A6EBBF2FF88314F248939E916C7255DB34E946CB91
                                      Function 0B047598 Relevance: .2, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3266582de37709280c7c133db486c8ebf632b3147eb945a3d1dffd9b0c230c85
                                      • Instruction ID: 0d349354c1916c7fda61943c8c05f184ec259d5477329b40e27e618e9a995f59
                                      • Opcode Fuzzy Hash: 3266582de37709280c7c133db486c8ebf632b3147eb945a3d1dffd9b0c230c85
                                      • Instruction Fuzzy Hash: 8D819F70A102058FCB19DF68D5949AEBBF2FF85740B248569E816AF365DF30EC06CB90
                                      Function 0B0475B8 Relevance: .2, Instructions: 190COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4604e77f521c384d43684ba69fe3fade312805c5300ffd98f07e8c22e10c76be
                                      • Instruction ID: f9fa0405176b77fe1fd971afeb7e19044e12f2917bc2067496b44e8f101445cf
                                      • Opcode Fuzzy Hash: 4604e77f521c384d43684ba69fe3fade312805c5300ffd98f07e8c22e10c76be
                                      • Instruction Fuzzy Hash: 4971A370A102058FCB19DF68D5949AEBBF2FF89740B248569E816AF355DF30EC06CB90
                                      Function 0B049500 Relevance: .2, Instructions: 188COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cbb1dc6097076797e13d1ee32826e2207520775189490dfcfe1338916d606f15
                                      • Instruction ID: 00c364b5fd2085d515103eef72ec2f8328422196edce17ade3e2488ae83b4b8d
                                      • Opcode Fuzzy Hash: cbb1dc6097076797e13d1ee32826e2207520775189490dfcfe1338916d606f15
                                      • Instruction Fuzzy Hash: AE718D70A003158FC719DF28C494A6ABBF2FF85310B5585B9E855DB362DB34ED45CB90
                                      Function 02F96AEC Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d42ef8eabe6579b647e2f51558bdb99c427d01a148efc9a74bd57dc3c0ea100
                                      • Instruction ID: b7052d8d7fe538f6bc3f9f2b0e2a36984fdcb6cd1e1aeacd48ff1a21bf13ad2d
                                      • Opcode Fuzzy Hash: 9d42ef8eabe6579b647e2f51558bdb99c427d01a148efc9a74bd57dc3c0ea100
                                      • Instruction Fuzzy Hash: F751D1716286C14FDB674B7898B72F6BFB5EE8726031CC5FAD8D186657D6109807CB00
                                      Function 02F94EB0 Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 99b6b0f7fe5b1ee3222ee3f003176466da553da820f56924fab78686ebcf4631
                                      • Instruction ID: 4b785fbba2ae734f1977e4406ee77ca945208a74f7ba2a6746df114fa2384dd5
                                      • Opcode Fuzzy Hash: 99b6b0f7fe5b1ee3222ee3f003176466da553da820f56924fab78686ebcf4631
                                      • Instruction Fuzzy Hash: B261D174B102558FDB15DF38C894A6ABBF2FF85744B1584AAE546CB3A1CB31DC02CB91
                                      Function 0B0475D0 Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9efdfcfb0662bdbef13210e9fc8ac24e21d412e8ac9b5760f620eed484bccf17
                                      • Instruction ID: 796c58f65a983845cef659780f971d0a6ab39bb0bf534016036148ab4cc2e274
                                      • Opcode Fuzzy Hash: 9efdfcfb0662bdbef13210e9fc8ac24e21d412e8ac9b5760f620eed484bccf17
                                      • Instruction Fuzzy Hash: 62718470A102059FCB19DF65D5949AEBBF2FF89740B248569E816AF354DF30EC06CB90
                                      Function 0B21E0F0 Relevance: .2, Instructions: 182COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3779f63eb94cd908085902dc2452094615b6ddf3e8d19bb33ef5c676cf1c341
                                      • Instruction ID: 69a7798224a74c9e4ed5ed0dc8c74039590589eb17c5668bbebe89c7a7f3ef0a
                                      • Opcode Fuzzy Hash: a3779f63eb94cd908085902dc2452094615b6ddf3e8d19bb33ef5c676cf1c341
                                      • Instruction Fuzzy Hash: 036174717102058FCB14EF68D898AADBBF2EF89310F158569E815EB3A1DB71DC45CB90
                                      Function 0B21D760 Relevance: .2, Instructions: 177COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c467523335d8745e1ee97a3ab05d31f26cf23f69dfabd99717dab99e100cdb1
                                      • Instruction ID: 5598b28dd610404a6a3e42a6fe9d4cc0cf1312badf1dc99da0cb2ad2e790f8ce
                                      • Opcode Fuzzy Hash: 7c467523335d8745e1ee97a3ab05d31f26cf23f69dfabd99717dab99e100cdb1
                                      • Instruction Fuzzy Hash: 5851B236B10246AFCB12DF69E8808EBBFFAEF892507158466E915C7251C731DC16CBA0
                                      Function 02F94EE0 Relevance: .2, Instructions: 169COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fcafb0bb081e50b3ebd661987048395fbaa46ac5d32bdfef036f69577109887
                                      • Instruction ID: 8307d432b1116fae9f01b3086f18d38cddb0dca6550e5622666a53a48aff5135
                                      • Opcode Fuzzy Hash: 2fcafb0bb081e50b3ebd661987048395fbaa46ac5d32bdfef036f69577109887
                                      • Instruction Fuzzy Hash: 78519174B002168FDB14DF79C854A2ABBE6FF84B44F2584A9E556CB3A1DB31DC02CB91
                                      Function 0B04E148 Relevance: .2, Instructions: 169COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 68dfc52746dbcde3a4621309c430637654f4e6adc9fd1a773e886a4f317ccede
                                      • Instruction ID: e650a05dd9e6daac9165bd8dbbac54818d744fee3f8d364620f5361185310c01
                                      • Opcode Fuzzy Hash: 68dfc52746dbcde3a4621309c430637654f4e6adc9fd1a773e886a4f317ccede
                                      • Instruction Fuzzy Hash: B061A2B5E002198FDB58CFA9C980A9EBBF6FF8C310F14452AE919EB354E7749901CB50
                                      Function 02F970FC Relevance: .2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ee72d49356fb225b2d30022f1c0c47fe1ba32ea962df700b60ac99f1033adf4
                                      • Instruction ID: 6967552bd161a0827a949060fbd7ddf4c688019629a20e64ab7a48ffa3923fec
                                      • Opcode Fuzzy Hash: 3ee72d49356fb225b2d30022f1c0c47fe1ba32ea962df700b60ac99f1033adf4
                                      • Instruction Fuzzy Hash: C551D1716282C18FDB275B7899B72F6BFB4EE8325031CC5FAD9D19A1A7D6118807CB00
                                      Function 0B049B58 Relevance: .2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45566592e4af86f1201a9a5d41f6e5a7c1a792581e3adb0f3af901d859a2ac9b
                                      • Instruction ID: 7949bdddd3beff86b3aca178ae653c364182b46dfa0ac2f29031e612b10b98ee
                                      • Opcode Fuzzy Hash: 45566592e4af86f1201a9a5d41f6e5a7c1a792581e3adb0f3af901d859a2ac9b
                                      • Instruction Fuzzy Hash: 7D7181B0A003069FCB15DF68D484A9EBBF2FF49300B24C969E4599B362D771ED95CB90
                                      Function 02F96BFF Relevance: .2, Instructions: 166COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae28ef6269050c7cac6448f2ad020ec6e4cc45ca02d469ddfd9ab637915fd213
                                      • Instruction ID: 6660b3a1c558ebfa927f33fef453c257f869f24c73a880971243bcf2824eb1f1
                                      • Opcode Fuzzy Hash: ae28ef6269050c7cac6448f2ad020ec6e4cc45ca02d469ddfd9ab637915fd213
                                      • Instruction Fuzzy Hash: 8551AF71A282C14FDB674B7899B72F6BFB5ED8325031CC5FAD9D09A16BD6119807CB00
                                      Function 02F9708E Relevance: .2, Instructions: 164COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a61b96a84aec2b63b1a483f578c9ea7f1d229517b9df113bbf2716508318d60
                                      • Instruction ID: 054d2ad7ac862c6685bd959e2552ec52917d447cf4a4005bef75c63c7224763b
                                      • Opcode Fuzzy Hash: 7a61b96a84aec2b63b1a483f578c9ea7f1d229517b9df113bbf2716508318d60
                                      • Instruction Fuzzy Hash: 8F51DF71A282C18FDB274F7899B72FABFB4ED8325031C85FAD8D18A167D6118807CB40
                                      Function 02F9705D Relevance: .2, Instructions: 162COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d5853bb258d5546872b8101db48657ef5f31a41e0f17c2819ed2a344fa08300
                                      • Instruction ID: dae426dd0ca01a21c423d5f77265071f9700049b94626924a8217b606d098a51
                                      • Opcode Fuzzy Hash: 8d5853bb258d5546872b8101db48657ef5f31a41e0f17c2819ed2a344fa08300
                                      • Instruction Fuzzy Hash: 11419D716282C18FDB674B7899B72F6BFB4ED8326031C85FAD9D19A167D6118807CB40
                                      Function 02F96BAC Relevance: .2, Instructions: 162COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 155ff7f079535a579a5643bc2d3aa6d689e15727152cea7738d363bb7c081e90
                                      • Instruction ID: 1f9fcf3612b79be1a08d56decdddefa06668cda815bd1e17969f0e67b33b2d2d
                                      • Opcode Fuzzy Hash: 155ff7f079535a579a5643bc2d3aa6d689e15727152cea7738d363bb7c081e90
                                      • Instruction Fuzzy Hash: EB41AE716282C18FDB674B7899B72F6BFB4ED8325031CC5FAD9D18A567D611880BCB00
                                      Function 02F96F29 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca3456f1cb8602950aa35eb76b40a0718dabf1df49d56e08612ea89ae6c22d60
                                      • Instruction ID: 5a69c66ae604ad98ecbf1c6770eef1f89fc2c3a1a5acfa9655a175664816bf15
                                      • Opcode Fuzzy Hash: ca3456f1cb8602950aa35eb76b40a0718dabf1df49d56e08612ea89ae6c22d60
                                      • Instruction Fuzzy Hash: 0841BF716282C14FDB674B7899B72F6BFB4ED8325031DC5FAD8D18A1A7D6118807CB40
                                      Function 0B04E339 Relevance: .2, Instructions: 157COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e19e1ce557f0a282b5bc4205170f32ff1d4cf11a3c571dd06bd1ef1d2e2561c9
                                      • Instruction ID: dfd936be9b1d12a311c20e6e449198637050c8bcc424b98e3848da139016a336
                                      • Opcode Fuzzy Hash: e19e1ce557f0a282b5bc4205170f32ff1d4cf11a3c571dd06bd1ef1d2e2561c9
                                      • Instruction Fuzzy Hash: 08516DB0A01206DFDB69CF29C584A6BBBF2FF84310F248939E815C7255DB74E945CB91
                                      Function 0B04CB88 Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53025bf80a1977bba900848fb3eead6c487d3fd7f1345613515565c7ac3cf6e
                                      • Instruction ID: c39efdf2d2c03787fcc717ba6c3015ce1688f7385a5f3e30b2afc7aa093be056
                                      • Opcode Fuzzy Hash: f53025bf80a1977bba900848fb3eead6c487d3fd7f1345613515565c7ac3cf6e
                                      • Instruction Fuzzy Hash: 7E51A0B07066019FF7794A39881066B7BE7EF85680F184D39E653CB282DB24E881C7A5
                                      Function 02F96868 Relevance: .1, Instructions: 142COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 629334ee42b3938004490f457c11ebcc4fde5698b12b71fe1348f68cb8458c56
                                      • Instruction ID: 857b34e2e1ce0bba3778227947ea7a98afad1c7b3761d49c9e0108ef9842ae01
                                      • Opcode Fuzzy Hash: 629334ee42b3938004490f457c11ebcc4fde5698b12b71fe1348f68cb8458c56
                                      • Instruction Fuzzy Hash: C8512431B183818FDB068BB8C4945AE7FB5FF8A390F0484ABD545DB651C730AC16CB91
                                      Function 0B21DF40 Relevance: .1, Instructions: 140COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c39f0727e270b794c1e17f731ce7eb82f23a05910fe242ec60ef8561a6e237a
                                      • Instruction ID: a40c347c37a0b88ba92d099052ee931ba656c624d36c8cfef2dea023e58179bb
                                      • Opcode Fuzzy Hash: 9c39f0727e270b794c1e17f731ce7eb82f23a05910fe242ec60ef8561a6e237a
                                      • Instruction Fuzzy Hash: 4351C235A142068FCB21DF68C880AAABBF6FF55320F158959E855EB3E1D774E940CB90
                                      Function 0B211269 Relevance: .1, Instructions: 132COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0c2e283813c17ef2f6e2e659100c119b6183120d3e12716d8a4cec6ea5fb286
                                      • Instruction ID: 32baffb7b490ae4e3cc37d700930415613b200cf74afa5c4de41d3a365b9d7f5
                                      • Opcode Fuzzy Hash: f0c2e283813c17ef2f6e2e659100c119b6183120d3e12716d8a4cec6ea5fb286
                                      • Instruction Fuzzy Hash: 44510574E107198FDB15CF99C884A9EBBF2BF48300F148569E949AB765D770EC81CB40
                                      Function 0B21F0D8 Relevance: .1, Instructions: 119COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e5a1d48e9110ac9bac1f8cb4fb7e34fcdcc22ac0740bdfad311aba63c25e7b1
                                      • Instruction ID: b015db9bdd0947804d1da09ac391c7534ecf09162f9d751bbf0215cb7192adca
                                      • Opcode Fuzzy Hash: 6e5a1d48e9110ac9bac1f8cb4fb7e34fcdcc22ac0740bdfad311aba63c25e7b1
                                      • Instruction Fuzzy Hash: C84123353106008FC718CF69D98892AB7F6FF99710B1549A9E55ACB7B2CB71EC81CB50
                                      Function 02F9FDC0 Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 83b078d661ca154b2ffd0cb6b1ddba780f494c3f6f6776eabe40db9700ca31e6
                                      • Instruction ID: da434bc81c7747c0420573adcabcc6c8662c484f5585c6deb652dd5deeb6a94b
                                      • Opcode Fuzzy Hash: 83b078d661ca154b2ffd0cb6b1ddba780f494c3f6f6776eabe40db9700ca31e6
                                      • Instruction Fuzzy Hash: 9D31C036F112158FCB18EF79D95956EBBF6FF88240B10466AD90AD7361DB309C00CB90
                                      Function 02F96440 Relevance: .1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f112ff7487b80b1fe168a004b6393def6b8ca04f406fe659ecc9f1e54fe8aa55
                                      • Instruction ID: 55bc650a7f732114b6a728d923ed96f3f975d5e29ab5cc21a6547edf91d4da9a
                                      • Opcode Fuzzy Hash: f112ff7487b80b1fe168a004b6393def6b8ca04f406fe659ecc9f1e54fe8aa55
                                      • Instruction Fuzzy Hash: 0A31C272F143428BEF694ABD5A5023B699FABD26C4714883B8707CF399DE24CD05C752
                                      Function 0B046980 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2d4179638c09a0142282466d8b70ce2f1f688da2582440259d8446eae19c06a
                                      • Instruction ID: d6e2c641d043efcd91a3c3f3d8b6676bcca79b59fda0a42250e1f7175a4ab1f5
                                      • Opcode Fuzzy Hash: c2d4179638c09a0142282466d8b70ce2f1f688da2582440259d8446eae19c06a
                                      • Instruction Fuzzy Hash: D631ACB0B012118FCB589F75E84866EB7E6BF8A210F108478E916CB385EF36DC05CB90
                                      Function 0B04EEE0 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f3ff41c4082d8426a9ad49058a23747da164688f1625b9cc189f55ef00cc741
                                      • Instruction ID: f69a003bd446b7293e19d49b9205489a358c5b156b167d3cd66fbf80f1d4976f
                                      • Opcode Fuzzy Hash: 8f3ff41c4082d8426a9ad49058a23747da164688f1625b9cc189f55ef00cc741
                                      • Instruction Fuzzy Hash: BA314AB0B002459FDB19DF29C845A6EBBB6FF99210F14447AE415CB3A2D730DC40CB91
                                      Function 0B210DC8 Relevance: .1, Instructions: 81COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1a675c662a45b37b5759a0a1e0bda1920e3b75d59114e0e3f6a059b2991a74b3
                                      • Instruction ID: 02a7aec3a2fd8bfa6cb1098917432d60acc02b4ba91d3b3c9205a1a24a275f2c
                                      • Opcode Fuzzy Hash: 1a675c662a45b37b5759a0a1e0bda1920e3b75d59114e0e3f6a059b2991a74b3
                                      • Instruction Fuzzy Hash: C7219F7472021A9FCB059F66D8886BF7BE6FB98750F004828E916D7381DA75AC018BA1
                                      Function 0B21620F Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84996d47ad99a663aa18cb5f6f212b481ac733556df3ef88d3eddcf20cb552c2
                                      • Instruction ID: b39e2055479bd1cb19ad9a772afac186933249b926d1f80d3d9b8c082611e9c5
                                      • Opcode Fuzzy Hash: 84996d47ad99a663aa18cb5f6f212b481ac733556df3ef88d3eddcf20cb552c2
                                      • Instruction Fuzzy Hash: DE31C1356093958FC702DB28D8549997FB1EF86354B2585DAE884CB263C7319D0ACB91
                                      Function 0B210DBA Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1b99f87dd5e5392b5e5e2c36b458355f581e8d39d98a07b2bc67cddc58edc89
                                      • Instruction ID: c27b72af1a715c4e76702a0e53670a4f6d567892e92b6e3a33f8f79c727a5993
                                      • Opcode Fuzzy Hash: a1b99f87dd5e5392b5e5e2c36b458355f581e8d39d98a07b2bc67cddc58edc89
                                      • Instruction Fuzzy Hash: 9621E2707202469FCB02DF6698845BF7FF1FF99640B004429E941D7381CA35AC15CBA0
                                      Function 0B04A781 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2717c90788d4bbbf8a38ff565305e73f00016b0f3d918be51668ebafcc25f3e6
                                      • Instruction ID: 8046635ddce2b0f3871a7b06b7081f3efe96ed91f6d4ed025e41157bd5f94733
                                      • Opcode Fuzzy Hash: 2717c90788d4bbbf8a38ff565305e73f00016b0f3d918be51668ebafcc25f3e6
                                      • Instruction Fuzzy Hash: AD21D1B1B453409FD7268F35E480963BFF6EFC6364B1888BED58A87252C721E846C751
                                      Function 0126D01C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2028727735.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_126d000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a91f87c57f5f26dbfb599381d91230c378a3649eb5a217bf02c92d622e0c326
                                      • Instruction ID: eec14605340865e161f9c609c0ef2bf631f66d6ace0bcfc1debd6432b3a3689a
                                      • Opcode Fuzzy Hash: 3a91f87c57f5f26dbfb599381d91230c378a3649eb5a217bf02c92d622e0c326
                                      • Instruction Fuzzy Hash: EE21457061420CDFCB11CF58D4C0B26BB69EB84314F24C56DD98A0B282C377D487CAA1
                                      Function 0B04E5A8 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b8c9cb5a2ef19c60034b9ef83cc1b75d42cf4b28a0df54bd0e4f2a55cc33062a
                                      • Instruction ID: 0bf202dd29afe5473b006f2279a951e02e9da575c67c35d07af41a810781dc1a
                                      • Opcode Fuzzy Hash: b8c9cb5a2ef19c60034b9ef83cc1b75d42cf4b28a0df54bd0e4f2a55cc33062a
                                      • Instruction Fuzzy Hash: 3511C1B3B082658FE75DDA69E8456AAF7D9FBC4271F088137E508C7140E735A811C7A4
                                      Function 0B04A640 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ff8d0e0f17238f73a314e85fc0a11ef513e97b4730e47bae48d97b8f9333dec
                                      • Instruction ID: 5a0e4a9f2ddc621309bbbc7bdc1c5cbdb922648a5e60383dc9cf4d5e52fec258
                                      • Opcode Fuzzy Hash: 0ff8d0e0f17238f73a314e85fc0a11ef513e97b4730e47bae48d97b8f9333dec
                                      • Instruction Fuzzy Hash: FB119E727002148FD71A5E7AB44816AB7AAEFC16AA318047EE10ACB690CF71CC42C790
                                      Function 0B049D90 Relevance: .1, Instructions: 67COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 286c1cd96682ccaba3667d361d9c03bb64539fb2068875a289541ae0f7357d43
                                      • Instruction ID: bb3a7f9fc880b26e261eeefb696519015626cc01ec70269a9c140728608d84b9
                                      • Opcode Fuzzy Hash: 286c1cd96682ccaba3667d361d9c03bb64539fb2068875a289541ae0f7357d43
                                      • Instruction Fuzzy Hash: ED219A717013409FD326DF25D488F1ABBF6EF85350B2588AAE4868B3A2CB31EC45CB50
                                      Function 0B211D87 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a3ba71953fc7d871eb1a735a3ee995522dfda744161757f860e711d801f2e6c
                                      • Instruction ID: 282cc24d21ced2cfa02358d824f82dc643723286fd86b0a3f00f2ec69e05778a
                                      • Opcode Fuzzy Hash: 3a3ba71953fc7d871eb1a735a3ee995522dfda744161757f860e711d801f2e6c
                                      • Instruction Fuzzy Hash: 3611822111E3E28FD7139B78ACA02D67FB49F17151B1908D7D0C4CF0A3D528855DC76A
                                      Function 0B220000 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039817591.000000000B220000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B220000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b220000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ac0f609eae53f4570c9a170b59eb2d0c82d6a25a9fad678177694e6ff7189a3
                                      • Instruction ID: 76c8bdcbecb13b3eba98f3afb08a7671399232992f678e3643ab3f8a68251ca9
                                      • Opcode Fuzzy Hash: 4ac0f609eae53f4570c9a170b59eb2d0c82d6a25a9fad678177694e6ff7189a3
                                      • Instruction Fuzzy Hash: 4F21CE3115E3E09FD7079B3488A59627F719E8324030E48EBC081CF1F3D6695949DB72
                                      Function 0B220048 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039817591.000000000B220000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B220000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b220000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13304721fe22967f818646b9cdaa61997b8aae301202e57582f8ed61a4b98fc8
                                      • Instruction ID: 4268256cbc0de151fe05e6fe6b1e00dfc5759a170388a2a523cce5b9586205cb
                                      • Opcode Fuzzy Hash: 13304721fe22967f818646b9cdaa61997b8aae301202e57582f8ed61a4b98fc8
                                      • Instruction Fuzzy Hash: B5114832320236DBE72857AE942057BF797DBC46A1714C83ED616C7380DE76CA8183A0
                                      Function 0B047F50 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 72f1464cddb84e4a8729ca0c393b0727cc08cf8ba55d8d07f82bd2f155704af2
                                      • Instruction ID: 34283954d77e30cf1b2ed66e1ea170e51de51ecacef980f3416269da70307386
                                      • Opcode Fuzzy Hash: 72f1464cddb84e4a8729ca0c393b0727cc08cf8ba55d8d07f82bd2f155704af2
                                      • Instruction Fuzzy Hash: 5911E572B002205FD3259A689850A6BB7DAEBC8760F100139FA05DB350DE30DC0183D0
                                      Function 0B21FB88 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 612cd6ed09e3e25f4c1dc977fd9ab1468ba3d7c7b24f11d3e0ef60913c12000c
                                      • Instruction ID: 48e75313808591c535388443510d1feee9cf643f87b362be663d260191e4df23
                                      • Opcode Fuzzy Hash: 612cd6ed09e3e25f4c1dc977fd9ab1468ba3d7c7b24f11d3e0ef60913c12000c
                                      • Instruction Fuzzy Hash: B21106717241168BC314A66C89D096BFAC7EFED640B218A25E929CF344DE70DC5183D1
                                      Function 0B04D0D0 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47a2f85e1c41ea213dea50c13baa92d2db58e020711de03ac7eb5fde2e2ff366
                                      • Instruction ID: 364d33c25ab2990f349ff325a3f83587e00a6a0a617dbb351197e5d9b3e02c52
                                      • Opcode Fuzzy Hash: 47a2f85e1c41ea213dea50c13baa92d2db58e020711de03ac7eb5fde2e2ff366
                                      • Instruction Fuzzy Hash: 5E1140F0358100AB96AE261995AC13F36E7E7CBA40B288636E817C7374DF65DC828752
                                      Function 0B21F020 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14cee47767cfb84be18eb4154fd9837a9ca689ddcd8b8a18d0e9f670c01a054c
                                      • Instruction ID: 4d6ef67efe3d7787e0b3c549a73b9f0036d58effa99576225c1a158bdae237fe
                                      • Opcode Fuzzy Hash: 14cee47767cfb84be18eb4154fd9837a9ca689ddcd8b8a18d0e9f670c01a054c
                                      • Instruction Fuzzy Hash: 671148303382568FCB15973996A007B3FE95F952803050DE6D819CB3D6DE25CC05C791
                                      Function 0B04A848 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75f5f74bdec3dd81ecb7b0fc3cab847801ad0bc5abb0f53050ce2a16c52ce1b0
                                      • Instruction ID: 9ef637f3add21e7b45a14dea036915ad1f8964c33b85d946b4ffb72e7545d94f
                                      • Opcode Fuzzy Hash: 75f5f74bdec3dd81ecb7b0fc3cab847801ad0bc5abb0f53050ce2a16c52ce1b0
                                      • Instruction Fuzzy Hash: 03019EF1B851119BE769152E985072B6ADFFBD4B80F14443EE50AC72C4DF68CC4292A2
                                      Function 0B21FD20 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2bfed15568f9f5499a64507a2926da331c26e726b91814c2232048e17d10600
                                      • Instruction ID: 191de1083a0b7076e649bbecea05cf34cc248b086bcb2e31310e58633b31a0fd
                                      • Opcode Fuzzy Hash: c2bfed15568f9f5499a64507a2926da331c26e726b91814c2232048e17d10600
                                      • Instruction Fuzzy Hash: AC11FE31537596CFC768AFA8E69C5B97BF0ABAB611B104856E477C6140CB70EA808611
                                      Function 0B21FB78 Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7bbca63c5c1f0e987bf280b430152cc2ab1cd519d0915771c00e575af99b66e
                                      • Instruction ID: f2f7b7cdfbb14bb9e21101e21442732f167dc5dbd847767447df04947707dc8c
                                      • Opcode Fuzzy Hash: a7bbca63c5c1f0e987bf280b430152cc2ab1cd519d0915771c00e575af99b66e
                                      • Instruction Fuzzy Hash: AC1102717252028BC311DB289AE096AFBD3EFE9240B208E29E969DF255DA30DC5587D1
                                      Function 0B049EC0 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e5fbcc3c1fc7fdea0e533b490955afda6d0b2de19138165f2fb234c16e95f3c
                                      • Instruction ID: 6287d09357c61993977a791f0389924a6a3d2fa4fdd7848a2fa9c16af65b68f8
                                      • Opcode Fuzzy Hash: 7e5fbcc3c1fc7fdea0e533b490955afda6d0b2de19138165f2fb234c16e95f3c
                                      • Instruction Fuzzy Hash: CA11C8723103056FD705DF95D844EABB7A9FB88760F10492AF504CB280DB71EC1587A0
                                      Function 0B218140 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b7b1be6ffb24af84cf9c40d2acaa0ef63ea1b0dd3230e5027e92527d343df86
                                      • Instruction ID: 03e4c08a7ed3f08166ad3a1525f62505e788c31cb10cc12badd19e042f933223
                                      • Opcode Fuzzy Hash: 6b7b1be6ffb24af84cf9c40d2acaa0ef63ea1b0dd3230e5027e92527d343df86
                                      • Instruction Fuzzy Hash: DA01263261D3C15FC7239BA888D08967FF59E9766031949A7D888CF262D631C8068761
                                      Function 0B214608 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eac74e8a4d18b31c6a9e0415ff0c0f79e48c524ca485557244ba051b297ba3a9
                                      • Instruction ID: 28beffd9e87f8d6abfa450f613f0028e742b3d4021a46ff002a386e17bbb0a58
                                      • Opcode Fuzzy Hash: eac74e8a4d18b31c6a9e0415ff0c0f79e48c524ca485557244ba051b297ba3a9
                                      • Instruction Fuzzy Hash: 3C11E131A1420A9FCF019FB5E8488AFBFFABB88211710446AE508D3255D6308D01CBE1
                                      Function 0126D017 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2028727735.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_126d000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                      • Instruction ID: 74c7b5cbfdd79ab84c53b208597655becf3a93cdb46dd67d89d61846bb7d5997
                                      • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                      • Instruction Fuzzy Hash: 7E11BE75604288CFDB12CF54D5C4B15BB61FB84314F24C6A9D9494B696C33BD44ACBA1
                                      Function 02F92788 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 670ccb763411e14e690255481894c1bebf4e7b8b4fa14a3b7809aaf6927c2392
                                      • Instruction ID: eecf9f57e9e1371a4c5d5f58a98fab5b9fa01850bab4ce920fd1463ff303a7cb
                                      • Opcode Fuzzy Hash: 670ccb763411e14e690255481894c1bebf4e7b8b4fa14a3b7809aaf6927c2392
                                      • Instruction Fuzzy Hash: C1016832748216AFD7498A369C4052ABBEBB7C42A0305C537EE05DB3A1D734CD52C7E2
                                      Function 0B216258 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b4892f53fc5f0aba6a979ca2b9e7e6abb3ae5e0de761c9731b2668e5bf495f4
                                      • Instruction ID: ef9b1913fe6e77ed993424c4be8a5a87a96b8aa0c6ce88de5d660697f0087001
                                      • Opcode Fuzzy Hash: 5b4892f53fc5f0aba6a979ca2b9e7e6abb3ae5e0de761c9731b2668e5bf495f4
                                      • Instruction Fuzzy Hash: 101151756002059FC745DF68C888D5EBBF6FF89364B248569E809CB361C771ED42CB90
                                      Function 0B214618 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a551d9a52b5b288ce59d5e2524331e6692c8638dddfdcd6936824450457ce75
                                      • Instruction ID: cb21d6eb6238f3f703f2a50119cf55b95338f79527cf69cf3db82c747c5af680
                                      • Opcode Fuzzy Hash: 4a551d9a52b5b288ce59d5e2524331e6692c8638dddfdcd6936824450457ce75
                                      • Instruction Fuzzy Hash: 4C118B35A1021A9F8B01DFA5E8488AFBBF6FB8C721B008529E519D7354DB309D01CBA0
                                      Function 02F963A0 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56dadc2b44620e15ae856b4ee37f75d1dd93a50b5f69c2319f27799e6086b5c4
                                      • Instruction ID: 0271daf0eebae5c3ac401cb8698d21df50714b9e112942d688aa1c555ad0eb58
                                      • Opcode Fuzzy Hash: 56dadc2b44620e15ae856b4ee37f75d1dd93a50b5f69c2319f27799e6086b5c4
                                      • Instruction Fuzzy Hash: 33012432B045918FE7048F7D5840463BBEABBCA260315C97BD918C7766CA389855C791
                                      Function 02F91B41 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7335aabe1f7e588fba4a2e07e24fac5442dd6242bfb36ecfa9badbb24504235f
                                      • Instruction ID: 1ab6e6e03db00e12f3dbb9840c63a2f83f7f332203138f0f85d6d1443fe0224c
                                      • Opcode Fuzzy Hash: 7335aabe1f7e588fba4a2e07e24fac5442dd6242bfb36ecfa9badbb24504235f
                                      • Instruction Fuzzy Hash: 4D112571A04206CBEB05DFA4C9846AFBAF7AF88280B24853AD50AA6390D735AD41CB51
                                      Function 02F97738 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98391a1b9ac70ca0e92d6beae0cd5c939fbdaf794f11145b9b2a4a7c68ac3e9e
                                      • Instruction ID: 23c676fd060058586e4c4d3f05bd37463bacc04b914bc70e801a77679600df81
                                      • Opcode Fuzzy Hash: 98391a1b9ac70ca0e92d6beae0cd5c939fbdaf794f11145b9b2a4a7c68ac3e9e
                                      • Instruction Fuzzy Hash: 68014431B2425A9FD3499B7C98A0276FBEAFFCA250708C5A6D408C7348CA20DC128391
                                      Function 02F92839 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b27d97db9644348ecb48ac48b1845c8c14acd89db597d5ea1a808e1fb1bbb383
                                      • Instruction ID: ecd65ed9452baee76b34465f7fbfeff9fd2905a84c2e8e7d36425c10cc90ef29
                                      • Opcode Fuzzy Hash: b27d97db9644348ecb48ac48b1845c8c14acd89db597d5ea1a808e1fb1bbb383
                                      • Instruction Fuzzy Hash: 48014432718105ABE3148F6E9990D67FBE5FB8E3D030584BBE809CB290CB31DC02C291
                                      Function 0B04CB00 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47d2921ce35b39ddd9f5200f13a0806d4879032e22afa1ed4b711e0aa78a9012
                                      • Instruction ID: 49bc67afd12a00699e62a8a4a82a988ca398a4ba7758d3a55aedebdd5225baf9
                                      • Opcode Fuzzy Hash: 47d2921ce35b39ddd9f5200f13a0806d4879032e22afa1ed4b711e0aa78a9012
                                      • Instruction Fuzzy Hash: D50125712007068FC721DF29E88494BBBE2FF853107208A29F8598B625EB70FD558B90
                                      Function 02F91680 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 53aef9938ddf077c405737f3a8a2a5996787734c39c094014b7646dcbfb340f5
                                      • Instruction ID: bec55ca1aa5e82667c86f65d5e2fa8efc09db6043be71a5dfa5f0c682ea5daa8
                                      • Opcode Fuzzy Hash: 53aef9938ddf077c405737f3a8a2a5996787734c39c094014b7646dcbfb340f5
                                      • Instruction Fuzzy Hash: 6C014972F046469FD704DE6A5840097FBE5FBC52A030C827BD01DD6210C374DC11CBA0
                                      Function 0B049F60 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dae20b6056d6290186d424aabdfa45d87eb5facc2615715e191a2ef9426bf3a9
                                      • Instruction ID: 77985124522084d2226e8f2a57c384d365b3dcc4541bf5b8967ae7a24533356e
                                      • Opcode Fuzzy Hash: dae20b6056d6290186d424aabdfa45d87eb5facc2615715e191a2ef9426bf3a9
                                      • Instruction Fuzzy Hash: 6F0125712007068FC725DF29E88494BBBE6FF85350B10CA29F85A8B665DB70FD558B90
                                      Function 02F92848 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2dbcf033f41f85e332483972a837925e98c4950356eddc6c7689b8dcc8b8cfde
                                      • Instruction ID: 1822e4f826ea37d99f5c009d37a02a12f0cdebcfda45d74a2646a313c18a0808
                                      • Opcode Fuzzy Hash: 2dbcf033f41f85e332483972a837925e98c4950356eddc6c7689b8dcc8b8cfde
                                      • Instruction Fuzzy Hash: 7BF0F632714104A7A7149A6E9980D27FBDAF7C9790701C437E919C7240DA31DC018691
                                      Function 02F90838 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c671a8fadb94deeb858e1258fb7ab4156d0899fb2c1046d7090af6c9bdcd53c1
                                      • Instruction ID: 931b93dcc5576df6bd9f90465af2edd9f244d1f0f162f605d1dd0132add8fd62
                                      • Opcode Fuzzy Hash: c671a8fadb94deeb858e1258fb7ab4156d0899fb2c1046d7090af6c9bdcd53c1
                                      • Instruction Fuzzy Hash: E8019E30E11309DFCB84DFA4954859CBFF2FB96200F2085AAC545D7254E6308A01CB80
                                      Function 02F9EB48 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6db254f7915cfafb1bf2f0ad3c4e2089b41ded7991a2ac4bc9020bd04e57250d
                                      • Instruction ID: 5b31e4ba20df9b6f19c09d020b459c4d750daace9fdb0a8a1bdb037fdd6f1f91
                                      • Opcode Fuzzy Hash: 6db254f7915cfafb1bf2f0ad3c4e2089b41ded7991a2ac4bc9020bd04e57250d
                                      • Instruction Fuzzy Hash: 45F0B47570450597D748DEAAA984A2BFADBFBC8660B04C437E509C7744DE31DC118691
                                      Function 0B219DD8 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4253cefa54631ca463af1b1146b43355725d30c2e858852c848a53e9e637431
                                      • Instruction ID: adba490091e940931027b8de168b169b0f3baae4f946c94eb2d7f6c193268bcc
                                      • Opcode Fuzzy Hash: e4253cefa54631ca463af1b1146b43355725d30c2e858852c848a53e9e637431
                                      • Instruction Fuzzy Hash: 1EF046316041605FC711875CC0E4896BFE9AF8532071689ABD459CB362C720EC838781
                                      Function 02F97748 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 758b19057708a5b6f960d7ff707d16eb6b2c938b486967563bf8a0e2101de0da
                                      • Instruction ID: a12e039f72281e53943541f69e7408384a1a08ee6f5a84e8e622fc69fb224885
                                      • Opcode Fuzzy Hash: 758b19057708a5b6f960d7ff707d16eb6b2c938b486967563bf8a0e2101de0da
                                      • Instruction Fuzzy Hash: C9F0B475B101195BD74C9A6E9854626F6DBBBC8650B04C466E908C7348DE30DC1183D5
                                      Function 0B048C88 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1b19b3851c505653f309d097ad4758b6f28698cfb70a9c1a64d30e1de4374e23
                                      • Instruction ID: 65951883eca83063fb1742ca108b9b1876846a6c17edf7ee097b50396d9c467d
                                      • Opcode Fuzzy Hash: 1b19b3851c505653f309d097ad4758b6f28698cfb70a9c1a64d30e1de4374e23
                                      • Instruction Fuzzy Hash: 57F0F8797106108FC748DA3ED85486A77EBAFCD6A531584B9E60ACB371EFB0DC028A50
                                      Function 02F90848 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b858db0f8468caa046e302fab21dd7cb0204f87e673dba3383b7de6806b35bb
                                      • Instruction ID: bca60cff15e11037642a5b333f98d87d77e90d237910d00c273318f8f46ed932
                                      • Opcode Fuzzy Hash: 5b858db0f8468caa046e302fab21dd7cb0204f87e673dba3383b7de6806b35bb
                                      • Instruction Fuzzy Hash: 9A01D130F0020CEFDB44DFA5964855DBFF2FB94240F20C0A9C505E3358EA308A11CB80
                                      Function 0B218B10 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f19b4c7912c74902b53e27536b8a7a8e3bb6c7adb4338598330736cb219b9e55
                                      • Instruction ID: 11d73ccf5ed6cf2fb24f9567cc45b5ae867444fc35337a2da14a08a12f5b7ed8
                                      • Opcode Fuzzy Hash: f19b4c7912c74902b53e27536b8a7a8e3bb6c7adb4338598330736cb219b9e55
                                      • Instruction Fuzzy Hash: 97E0D810B193B50FC757677C246802E7FF69BC669075448E6D406CB3C5DD2D9C4643D6
                                      Function 0B219D98 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 110d15938f38e1ea5e1de7dde22f95246e9552f48bb48a958622f5b5c3bff40c
                                      • Instruction ID: b7830547541fc350e7894839a645da687734483f89a0e0a469ddd93fca3c1687
                                      • Opcode Fuzzy Hash: 110d15938f38e1ea5e1de7dde22f95246e9552f48bb48a958622f5b5c3bff40c
                                      • Instruction Fuzzy Hash: F0E0DF3530C2901F8703126F68A48AB7FAA8BCA1203290ABAE608C3392CD428C06C750
                                      Function 02F972C0 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a0941398ed409b0bd6b753f709980d0f7c4b9b964cdcb8710d4e3d7c92759c84
                                      • Instruction ID: 8daa80fc501c50f36b2ca77414d771b35497a6443995287b21e6349d268748fc
                                      • Opcode Fuzzy Hash: a0941398ed409b0bd6b753f709980d0f7c4b9b964cdcb8710d4e3d7c92759c84
                                      • Instruction Fuzzy Hash: D6F0B4B1D15350CFCB619F38D94896E7FF4BB4A2507110679E916C6195D2309C40CB90
                                      Function 02F972D0 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 05bd34e207178c10d84448d9851c921f89d1639d0e0d62d74dca8b2aca791c53
                                      • Instruction ID: 7ade97925a26b24206feb1c0cd97e5672d1f4568301bf759028684d253b463ef
                                      • Opcode Fuzzy Hash: 05bd34e207178c10d84448d9851c921f89d1639d0e0d62d74dca8b2aca791c53
                                      • Instruction Fuzzy Hash: 11F0A070A14354CFCB64AF2DD58896ABFF8BF0A280B100468EE06CA24AD731EC00CB90
                                      Function 0B048C40 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76fa447288544f901351fa9e673ff544967f0459dbaec7c7096b1480e28a8813
                                      • Instruction ID: ff811dd472d2d3cdd8a7bdec19cf5ccdda5b1ba51dcb8c26f16c6148269a6c66
                                      • Opcode Fuzzy Hash: 76fa447288544f901351fa9e673ff544967f0459dbaec7c7096b1480e28a8813
                                      • Instruction Fuzzy Hash: EAE09272200625AF8315CE59D980817F7EDFB847607008535E808C7300C731EC41C7D4
                                      Function 0B21F011 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7bb87ad6f53a199a12670dc797ebe01ef7d5511167402768ed999ae28917c7fa
                                      • Instruction ID: 7f8d3494d86f58f5b3689a4e04f83cdb6f41fe4f9e0eaae59bc4ad245bdf8ac7
                                      • Opcode Fuzzy Hash: 7bb87ad6f53a199a12670dc797ebe01ef7d5511167402768ed999ae28917c7fa
                                      • Instruction Fuzzy Hash: 8BF0ED343292818FC314DF18D6908263BE9BF492013040E9AC888CB2A2CA60D944CBA1
                                      Function 0B04A9B0 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f721f7a6d7b5e360b6640595f1750a7d662c01be0e8aa160a712fcfec234efe
                                      • Instruction ID: 083480f7aa15ecb527caef246d5330f48c25c2e1c1a3bfb70ea61030d5c82569
                                      • Opcode Fuzzy Hash: 4f721f7a6d7b5e360b6640595f1750a7d662c01be0e8aa160a712fcfec234efe
                                      • Instruction Fuzzy Hash: 6DE04F373001245B87149A4EE404D9ABBADDBD97727058037F608C7360CA71DC5287A4
                                      Function 0B219DA8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f3f03699bd50a978f654a5c30ec2e142d3881a282d491cafbfba3b2a5114ecd
                                      • Instruction ID: 08a3040edb07e9e9f418913f4738edf232e0afcb246eaf076ca40d94719cad4f
                                      • Opcode Fuzzy Hash: 5f3f03699bd50a978f654a5c30ec2e142d3881a282d491cafbfba3b2a5114ecd
                                      • Instruction Fuzzy Hash: A2D0A736714215170715255F78D883FBBDED7CC5753254A3AF60DC3380DD91CC024290
                                      Function 0B21FF20 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f86300880723e253eab13b1dfe83a8fdc4ff074cbbad4e520e42e225821b625f
                                      • Instruction ID: 9fe22526ddc0215b40e20698b0b8bc4371b180e2accbcdbdbd8677358fdd015f
                                      • Opcode Fuzzy Hash: f86300880723e253eab13b1dfe83a8fdc4ff074cbbad4e520e42e225821b625f
                                      • Instruction Fuzzy Hash: 7DE01272B202254F8204F768D5A0D5E7BE7FFCC250B110AD5EA4D9F36ACE60AC0547D5
                                      Function 0B04F4F8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57d030a7c9e91786742153615f057fa1c1c0031b6d3e659454ea87aab9016d7c
                                      • Instruction ID: e3e1f2aec3161b8a3204cbc054141c938f65fd2e08d22c7ba330803ce33a0daa
                                      • Opcode Fuzzy Hash: 57d030a7c9e91786742153615f057fa1c1c0031b6d3e659454ea87aab9016d7c
                                      • Instruction Fuzzy Hash: D1D0C7753441147F5A1A1915A8848BF6F1BE7D45F57104426F44985250CF224D12E690
                                      Function 02F95227 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e74d2da959530b90203753970cf808f6ff51f1072abe22de28cb0ae312b02c82
                                      • Instruction ID: cc9fd929c37f6b6886a38a19a432b5432574307796a1b2bb1a7021f4acb6dcae
                                      • Opcode Fuzzy Hash: e74d2da959530b90203753970cf808f6ff51f1072abe22de28cb0ae312b02c82
                                      • Instruction Fuzzy Hash: 16E04F70E40108CFEB09CFB5E854AADBA77AB88340F44C426C102AA294CF708891DF44
                                      Function 02F9719A Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76dc5c5153ba10c94185aed41a9ade6660b73355581f1c6218caea0f220226e8
                                      • Instruction ID: 39a4054c7081d68cad30c3bc5298906b22534e2af54bc23e2c743878c4b25ae5
                                      • Opcode Fuzzy Hash: 76dc5c5153ba10c94185aed41a9ade6660b73355581f1c6218caea0f220226e8
                                      • Instruction Fuzzy Hash: 36D05E33621509DFC714DB21F4080CCB336FF85326750D52AD52A86AE0CB329862DB40
                                      Function 02F96D2A Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff5b9ea203fd8faaae687d9a7ec277c69b35f26b8c019ea69c628386ec091477
                                      • Instruction ID: aec225bf0cbf8a977b9080cd0cee9df303917e181e8249f4a449acfdab72165c
                                      • Opcode Fuzzy Hash: ff5b9ea203fd8faaae687d9a7ec277c69b35f26b8c019ea69c628386ec091477
                                      • Instruction Fuzzy Hash: 11D05B36742601DBD3181A31A5597063A65BBD5B05F20CC7AD7039D7D4C636D441CB11
                                      Function 0B21EF79 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bfd948edb96c9873ec3a4e2010bd0c3d9daca5b87c9f5502d9c9c789bc732671
                                      • Instruction ID: 576f816baafd213316febbf2ba56b28f58a02deed65a902458c65d99e8e4063a
                                      • Opcode Fuzzy Hash: bfd948edb96c9873ec3a4e2010bd0c3d9daca5b87c9f5502d9c9c789bc732671
                                      • Instruction Fuzzy Hash: BAD05E715102808FE309DF99C485E617BF4FF46700B444D94D1C4CB063C724E845CB50
                                      Function 0B2190AC Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90282abdb86317791d4a918d27a9f8f7f523bed1d67ed8017dae052d106c0a99
                                      • Instruction ID: 763ff8505ed2d886e83066d88778f6c0646416b291ebef7743c45121268bbb0f
                                      • Opcode Fuzzy Hash: 90282abdb86317791d4a918d27a9f8f7f523bed1d67ed8017dae052d106c0a99
                                      • Instruction Fuzzy Hash: A8D0C975F14004CF9B44DBADE4654DD7BF1EFC8615B1004A6E219CB224DB3098118B81
                                      Function 0B219D70 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ef8d49a2e6ae235719b06b7ceff085ccebba3b1139ed16d7edcf99c2ca5fdba
                                      • Instruction ID: ad506c5449a97d094a4f73fb8f4dce769d9896971a32df95574ca39b7dbf4c6a
                                      • Opcode Fuzzy Hash: 3ef8d49a2e6ae235719b06b7ceff085ccebba3b1139ed16d7edcf99c2ca5fdba
                                      • Instruction Fuzzy Hash: E6D0C9300092808FCF1A8B3880A44A23FB1BE8320572D19E9C6868B6A3CB369847DB00
                                      Function 0B219314 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1864c2548bb64a22ffba54fe322ede785dd398b76d753332c56d676114ee1d11
                                      • Instruction ID: 064b919f9865ab4c99fb04af6ff841a6e149f92a23fd2dea645ee1f48a8603db
                                      • Opcode Fuzzy Hash: 1864c2548bb64a22ffba54fe322ede785dd398b76d753332c56d676114ee1d11
                                      • Instruction Fuzzy Hash: CFD0C935750004CF86549A5CD4644DD37A1EBC461571004A5E206C7624CA209C518791
                                      Function 02F96D94 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9018a3c65a172667995cfb1360c22b069bb2771348774bfd52a1765539f6ceb9
                                      • Instruction ID: e2d86c5e79fc4119baef7325feea6e41743228b33a80db621ea142b661694c96
                                      • Opcode Fuzzy Hash: 9018a3c65a172667995cfb1360c22b069bb2771348774bfd52a1765539f6ceb9
                                      • Instruction Fuzzy Hash: A0D01735701202EBD3289A30E6587167B61BB88601F108979E9028ABD4C736E821CF81
                                      Function 02F956D1 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: df34342e29408274df762d1f90ea399c5bd7ba7dd956682a127a96a0f4572f69
                                      • Instruction ID: 5f101032ce84eac89ff197761ed9acdafcf6a723510d49a8207fccc5d21b08ac
                                      • Opcode Fuzzy Hash: df34342e29408274df762d1f90ea399c5bd7ba7dd956682a127a96a0f4572f69
                                      • Instruction Fuzzy Hash: A7D01770E105098BAB1CCF9AC5914AEFAF3BB88340B20C116C011BB268DA308900CF11
                                      Function 02F96600 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae27228324b3cd8417df9d93986a6e059b71eb3ed7979d97979f68981665ab58
                                      • Instruction ID: 0c12b93576f4ec5a540829747d4cff5eb8372f9bc62c43f54912d167151a02e5
                                      • Opcode Fuzzy Hash: ae27228324b3cd8417df9d93986a6e059b71eb3ed7979d97979f68981665ab58
                                      • Instruction Fuzzy Hash: D2C08C1060E2C00EC3074B3015A1080BF70DE0328038F14E6C0C08B477C6044407D300
                                      Function 02F96DEC Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bcbedd2bc2c0e1cb6296d69a5c32d03f5e90ef5ac361cca9c601bff1ad72abc2
                                      • Instruction ID: 8dd9e3006ccf7dafb859f1b8444e0d66abd330913f47f75f8aa99fa7a8420f01
                                      • Opcode Fuzzy Hash: bcbedd2bc2c0e1cb6296d69a5c32d03f5e90ef5ac361cca9c601bff1ad72abc2
                                      • Instruction Fuzzy Hash: C3C08CB6F042128E5BA90621332902E3918F6A1542B51D8BBBD23C89A0D92A89128A47
                                      Function 02F91DBA Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55f6f792d70752a932eed0a2faba2ee9168ed3b066110f5cfeab3d4197af7aea
                                      • Instruction ID: 0ac70b32c56bba6a1f295871500556722ecda829e00d2fc321362e1b7263634f
                                      • Opcode Fuzzy Hash: 55f6f792d70752a932eed0a2faba2ee9168ed3b066110f5cfeab3d4197af7aea
                                      • Instruction Fuzzy Hash: 87C08C337349004B6344CB218D62243ABE7FFCC2C03CFE41684AECF6A9D530E0028188
                                      Function 02F93CE4 Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26d635ad8b2beb261d4d3a2da90f72562e479582c8a1ad11883625030a7f405a
                                      • Instruction ID: 71b2fd62ba8689b055ddcd8fbf1a065282a0b58fb89e6341292bcc773d450311
                                      • Opcode Fuzzy Hash: 26d635ad8b2beb261d4d3a2da90f72562e479582c8a1ad11883625030a7f405a
                                      • Instruction Fuzzy Hash: D4C02473110107437F03F5D4D1057001D4115405443C01F51CD00DF117C11050C34341
                                      Function 02F90C1A Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f3fe7d72364fd263252c6e7572caf16046f628ba26a000c0aa9b593a836a2acf
                                      • Instruction ID: 0718d193c84fd3199cbd9283bb741ef0a1ab13dfb7c7302d2e696d9fc70fb30e
                                      • Opcode Fuzzy Hash: f3fe7d72364fd263252c6e7572caf16046f628ba26a000c0aa9b593a836a2acf
                                      • Instruction Fuzzy Hash: C3D0127861020A8FCF19EB74E5A946C77B1BB853407514919E4019B158DA345944CA44
                                      Function 02F93CED Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5dccf7a9b324e35b57a28da06bbc034fbff1b0707130739ad03aad98a7c8dc88
                                      • Instruction ID: 02c8d8f9f04f52f9b8ea7bd5772be1b8f43a0930af0dd2b60d279a2c1a76dd2d
                                      • Opcode Fuzzy Hash: 5dccf7a9b324e35b57a28da06bbc034fbff1b0707130739ad03aad98a7c8dc88
                                      • Instruction Fuzzy Hash: D1C02B7313020753C701FB64ED40E08BA236F806803000E355000AB125C52008408542
                                      Function 0B219D80 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a59ceec6b35f1518b01d6ad278050d539e1b1c397e8302e80ac4255fe6bef9d4
                                      • Instruction ID: ccd0beb62a9c2d6381e4871695a294ff348492d79cb2c4bbe2e68c2c0179005e
                                      • Opcode Fuzzy Hash: a59ceec6b35f1518b01d6ad278050d539e1b1c397e8302e80ac4255fe6bef9d4
                                      • Instruction Fuzzy Hash: E9C09230502240CFCB06CF24D1488047B72BF4230536A44D8D00A8B562C732DC86CB00

                                      Non-executed Functions

                                      Function 0B042DD8 Relevance: 20.8, Strings: 16, Instructions: 780COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]$`]
                                      • API String ID: 0-2961156157
                                      • Opcode ID: 36ba22896ba9322c57a6f51481ed069bac66ae3b6e17c6886d7a48e98b90a812
                                      • Instruction ID: c75c7617ae0346e669d9080cced8182a843bff8c755b2fb8b41d3490ba2beb08
                                      • Opcode Fuzzy Hash: 36ba22896ba9322c57a6f51481ed069bac66ae3b6e17c6886d7a48e98b90a812
                                      • Instruction Fuzzy Hash: 35626FB07102059FD749DF58C49876ABAE2FB85308F64C85CD1098F391CBBBD94B8BA5
                                      Function 0B04B138 Relevance: 2.5, Strings: 1, Instructions: 1269COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :H
                                      • API String ID: 0-2365605704
                                      • Opcode ID: 3c58f9d66a56a9a49ebbd7b4cf4560abe299a376f077d3b3bf97d1baa46c35e1
                                      • Instruction ID: 0b16ac7eb7225162d69645c61a878ad577b9b5ac6d73d507013bfa46bac7309a
                                      • Opcode Fuzzy Hash: 3c58f9d66a56a9a49ebbd7b4cf4560abe299a376f077d3b3bf97d1baa46c35e1
                                      • Instruction Fuzzy Hash: 5EC21870A00219CFDB29DF65C954BAEBBB2FF89301F1085A9D90AAB254DB71DD81CF50
                                      Function 0B04DB40 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %
                                      • API String ID: 0-2567322570
                                      • Opcode ID: 09b3ad88e6661107be272c5e83a3b3e1fd84f42ba902f09457e7adad9c14d147
                                      • Instruction ID: 2f0786122a804166cdae902bf911439e2a7c8bec6b74b15c9467c41d92446f1a
                                      • Opcode Fuzzy Hash: 09b3ad88e6661107be272c5e83a3b3e1fd84f42ba902f09457e7adad9c14d147
                                      • Instruction Fuzzy Hash: 870249B0A002099FDB59EFA9C854AAEBBF2FF88300F108579E5169B395DB35DC45CB50
                                      Function 0B042640 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039562875.000000000B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b040000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m
                                      • API String ID: 0-644662977
                                      • Opcode ID: 491f5cb36890b4be61f77fb962729eeef5351ab2cb053bdcbf0c3c605a60e7ac
                                      • Instruction ID: 1365bd805b9af53afdef4da607ed018697a51acecb7ad632c4ceaf2492e885ac
                                      • Opcode Fuzzy Hash: 491f5cb36890b4be61f77fb962729eeef5351ab2cb053bdcbf0c3c605a60e7ac
                                      • Instruction Fuzzy Hash: E9E15C70B1120A9FDB59DF68D844AAEBBF2FF88300F158569E805EB251DB34ED45CB90
                                      Function 02F988D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: My:P
                                      • API String ID: 0-1574470574
                                      • Opcode ID: b666a644e4e014943e99bc2be00943ef00d0dff86dca0a4e668e64e516943c37
                                      • Instruction ID: f9fe6aa9384cd4c3394054cc28923ccf4f6258ec378904be1451691497e03c03
                                      • Opcode Fuzzy Hash: b666a644e4e014943e99bc2be00943ef00d0dff86dca0a4e668e64e516943c37
                                      • Instruction Fuzzy Hash: 73315931F083858FDB05CB69C8B44AEBFB2EF97684B15449BC584EB252C2709D12CB92
                                      Function 02F988C1 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: My:P
                                      • API String ID: 0-1574470574
                                      • Opcode ID: 01c5b19b27d914f7c8c5712091191da8f283fd59cd3bebda29fb294ea98501cf
                                      • Instruction ID: 7dbd1fa28d01126652a50418636525711c868f6a41ba252ffb7fb074d33291b7
                                      • Opcode Fuzzy Hash: 01c5b19b27d914f7c8c5712091191da8f283fd59cd3bebda29fb294ea98501cf
                                      • Instruction Fuzzy Hash: ED21E532F042168FEB00CBA9C9809AEFBB5EFD2690F11845BD514E7251D3709911CBD1
                                      Function 0B214870 Relevance: .5, Instructions: 475COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82de79da8e691948b3927da3e11500de41e0256c39e328c5fa77e75a3027da13
                                      • Instruction ID: b7c3122337cc05e1d314aacb03bd7067d0cef910b5a925356d386ad42082292c
                                      • Opcode Fuzzy Hash: 82de79da8e691948b3927da3e11500de41e0256c39e328c5fa77e75a3027da13
                                      • Instruction Fuzzy Hash: 54223770A11219CFCB15DF65C498A9ABBF2BF89301F1488A9E8199B391CB31DD85CF51
                                      Function 0165D158 Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b000f2e92f7fb243cd25a17999c318e62d710bbb4258efe97061d7021021486a
                                      • Instruction ID: b525eae7553b13765cf82910626fec6075ba5e18fb9326b706a928ea2b3f3969
                                      • Opcode Fuzzy Hash: b000f2e92f7fb243cd25a17999c318e62d710bbb4258efe97061d7021021486a
                                      • Instruction Fuzzy Hash: 0712B0F14287468AE718CF75E84E1853FF2F785328B51520AE2A52E2D5DBB8118FEF44
                                      Function 02F94AB8 Relevance: .3, Instructions: 266COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8869ad5040b1217b43366f56b4a8f7e7950f5b28408e5e108900924f29f16c2c
                                      • Instruction ID: 13170ff91ff98f3355732eb52eb3c0dbdcd8a1fd3864c46204f4f2940c5732ee
                                      • Opcode Fuzzy Hash: 8869ad5040b1217b43366f56b4a8f7e7950f5b28408e5e108900924f29f16c2c
                                      • Instruction Fuzzy Hash: 44A10F35B042148BDF08CF28C491A7EFBF6AFD5340B18C96AD266DB268C630ED42CB51
                                      Function 0165B234 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4543087d71cf5580ef6e47a0b46133edba2e3819b43539684903b11e7c6c5dab
                                      • Instruction ID: df3bd005d7773d4e9f2ea12ed62c73a0c64d04ddc1055baaae9610e4eea2758d
                                      • Opcode Fuzzy Hash: 4543087d71cf5580ef6e47a0b46133edba2e3819b43539684903b11e7c6c5dab
                                      • Instruction Fuzzy Hash: 2FA14C36E0070A8FCF15DFA5CC805AEBBB7FF84300B15856AE905AB215DB71E956CB90
                                      Function 02F946F1 Relevance: .3, Instructions: 260COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: facc5df6ca12302646ac2e4e5eda62a6a4c30ff4abc5cd37c640458b30b22843
                                      • Instruction ID: f38fefe3f0fbc474603d8b5304d6f01ef3f1de03478525523c6af9e11b672157
                                      • Opcode Fuzzy Hash: facc5df6ca12302646ac2e4e5eda62a6a4c30ff4abc5cd37c640458b30b22843
                                      • Instruction Fuzzy Hash: 8AA1DD31B042188FDF25CF68D89167AFBF2AFD5354B18866AD196DB264C331AC42CB49
                                      Function 02F94700 Relevance: .3, Instructions: 260COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 781bae30c0a6b9eb2e95d7d21b95cd476cee876d941d5df166cae21ebeaa32f8
                                      • Instruction ID: 47f491169295f820e797ba7b154118f4d63a9999c3f2307d502219792b7c81db
                                      • Opcode Fuzzy Hash: 781bae30c0a6b9eb2e95d7d21b95cd476cee876d941d5df166cae21ebeaa32f8
                                      • Instruction Fuzzy Hash: 5AA1ED31B142188BDB15CF29D89167EFBF2AFD5344B14866AD196DB368C331EC42CB89
                                      Function 02F936E8 Relevance: .2, Instructions: 223COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00344b118c66dbf3d9a96a00bae6c9cf06c6c3c3a98f2b6c8c0e8d90a19a33e3
                                      • Instruction ID: 569fe362f557b1331ca801108e133f1c18cac2c065a3787f423f1223db652001
                                      • Opcode Fuzzy Hash: 00344b118c66dbf3d9a96a00bae6c9cf06c6c3c3a98f2b6c8c0e8d90a19a33e3
                                      • Instruction Fuzzy Hash: 5D71C672F182198FDF04CB69C9829AEBFB5EF89250B1581A7D545EB251C230DE02CB92
                                      Function 0165D148 Relevance: .2, Instructions: 221COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2033864719.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1650000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ebeacb0bcedd3596a4a8c060326b62f6826ae894777a31314d25de28a13d0e3
                                      • Instruction ID: f8e466012ffa1477a6c0bd7845fa00dbc2c56b30584ee6a58b2f1bc22aff1b0c
                                      • Opcode Fuzzy Hash: 6ebeacb0bcedd3596a4a8c060326b62f6826ae894777a31314d25de28a13d0e3
                                      • Instruction Fuzzy Hash: ECC103B18247458AE719CF75E84E1897FB2FB85328F11420AE1612F2D1DBB8148FEF44
                                      Function 02F9EFD0 Relevance: .1, Instructions: 113COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3fdf33109b634b1abea633b8ede741120f2b59b151abed08eda4ea21501b8b6a
                                      • Instruction ID: 18f0ae131f0ff53224a6a84008f9b479c7f14ec9a29001948bd0dfd6e5bfd7db
                                      • Opcode Fuzzy Hash: 3fdf33109b634b1abea633b8ede741120f2b59b151abed08eda4ea21501b8b6a
                                      • Instruction Fuzzy Hash: D141A232710605CFDB21CA69D881A5AB7F6FBC4394F14C86BE25BDBA64D234E941CB41
                                      Function 02F93839 Relevance: .1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e859fd98f0d99b571572e4b2cac71ead95c3d21ce1f917f3a72a5b9fa43f43c6
                                      • Instruction ID: 777de747a1e91d43f023db29035e2453a85862bba9183840d2053a4880e1d454
                                      • Opcode Fuzzy Hash: e859fd98f0d99b571572e4b2cac71ead95c3d21ce1f917f3a72a5b9fa43f43c6
                                      • Instruction Fuzzy Hash: 87419F73F1421A8FDF44CFA9C9819AABBB6FF88284F0581A6D905EB355C234DD01CB91
                                      Function 02F92C70 Relevance: .1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0012a9b0ca21b28a935d7b9874c7db55b37b5f6020ec112524faeea8db6a5ee5
                                      • Instruction ID: c9274f7011aac299335e50bd3b22a6ea927e6d1b7cbede809e422835f28241a2
                                      • Opcode Fuzzy Hash: 0012a9b0ca21b28a935d7b9874c7db55b37b5f6020ec112524faeea8db6a5ee5
                                      • Instruction Fuzzy Hash: 9241E372B10605CFDB54CB69D885A6ABBF2EF85350F04886BD56ACBA60C230E941CF01
                                      Function 02F908D8 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f566d5d43f6080e2fc914f9f26b1c330bc80dba81affa3c850bc98cea8bb1ece
                                      • Instruction ID: 787b44f34c3cde1793935a71e13305f95715976890ca25f61836037ba775c2f1
                                      • Opcode Fuzzy Hash: f566d5d43f6080e2fc914f9f26b1c330bc80dba81affa3c850bc98cea8bb1ece
                                      • Instruction Fuzzy Hash: 76414231A142488FEB49CF78C4605EABBF2FF86360B1584AAC485EB251DB34DD06CB91
                                      Function 02F92C80 Relevance: .1, Instructions: 108COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9444eb9c9d1b7c1b20786c7d5e193cc30aae7e977a149c3bc41a487383769618
                                      • Instruction ID: 8d1ab1e8ba2921ed1e4386495a220e2f6ef6d13e08e397b128f415b59459f515
                                      • Opcode Fuzzy Hash: 9444eb9c9d1b7c1b20786c7d5e193cc30aae7e977a149c3bc41a487383769618
                                      • Instruction Fuzzy Hash: 0E41D272B10205CFDB64CB6DD885A6BB7F6FB84350F04C82AE66ACBA54C230E941CF41
                                      Function 02F98739 Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d451d3acb5af0cf4a0a6ef17c8ebc7f28684b3990604a3f236fe13dade827d2
                                      • Instruction ID: e82ae70c4a14f36185cee343883d4d5839b8862e0deabaa2113eacff0ae13aee
                                      • Opcode Fuzzy Hash: 3d451d3acb5af0cf4a0a6ef17c8ebc7f28684b3990604a3f236fe13dade827d2
                                      • Instruction Fuzzy Hash: 49419236F142198FDF44CF68C9819AEBBF5EF8A280B058166DA05E7361D234DD01CF91
                                      Function 02F98748 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 928bbfd477b446031c952235dcae5e1e835406eb3e36b23f40014fdc6d54435e
                                      • Instruction ID: 735da122630453931dd08685cef2b3d31781febb399e379307a708397049aeef
                                      • Opcode Fuzzy Hash: 928bbfd477b446031c952235dcae5e1e835406eb3e36b23f40014fdc6d54435e
                                      • Instruction Fuzzy Hash: 33316F36F142198BDF44CF69C9819AEFBB5EB89280B158126DA15E7360D634DD01CF92
                                      Function 02F9FAE0 Relevance: .1, Instructions: 100COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd06ad273d3944bb4dd9d4850e5bede7dbfb2e89e50546cf786ae4aad68d7021
                                      • Instruction ID: 4db07043728caa81783f3383afcb23e93ac0af159d00a012bf5706e1414902ee
                                      • Opcode Fuzzy Hash: cd06ad273d3944bb4dd9d4850e5bede7dbfb2e89e50546cf786ae4aad68d7021
                                      • Instruction Fuzzy Hash: 98318D32F1020A8FDF44CF9DC8959AEF7B6BB89250B548226EA15EB754D234DD02CE91
                                      Function 02F90926 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab29a85c9dd8cb2fcacfbcd12f4f385767f6356d4bd4ff9ed57d24b9edde4cdd
                                      • Instruction ID: dd061a2365746526cbd653f2fd80f2d4aa832ff10f409b7c623cb0a35159beca
                                      • Opcode Fuzzy Hash: ab29a85c9dd8cb2fcacfbcd12f4f385767f6356d4bd4ff9ed57d24b9edde4cdd
                                      • Instruction Fuzzy Hash: 7C41BF30D142088FEB59CF64C1A0A9AFBF2FF85390F15C59AC495AB621CB34E946CB55
                                      Function 02F936D9 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c2c7e47fd94c22f95680b0175306404cde51d8df3158394bc9f55b24999755d
                                      • Instruction ID: fd07e46e086839d867875c35f9ad9699bc746499c19d76ae21201c4996d54978
                                      • Opcode Fuzzy Hash: 7c2c7e47fd94c22f95680b0175306404cde51d8df3158394bc9f55b24999755d
                                      • Instruction Fuzzy Hash: C031F572F1811ACBEF04CA69D9819AEFFB5ABD4280B018167C606E7251D331DF42CBC2
                                      Function 02F909B0 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2035654226.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_2f90000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4cbd70dd941a2a091b8e979eeb85cfa1887fb7f109268c63e05981a14d6eccab
                                      • Instruction ID: 5d5da97e5692f8b48db56f56c93a7977cfb7629966e351ca6ea2267c0d981149
                                      • Opcode Fuzzy Hash: 4cbd70dd941a2a091b8e979eeb85cfa1887fb7f109268c63e05981a14d6eccab
                                      • Instruction Fuzzy Hash: 2621AC31E102098FEB48CF94C190AAEB7F2BB99390F21C56AC116BB254DB34EE45CB55
                                      Function 0B216F70 Relevance: 6.5, Strings: 5, Instructions: 232COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2039794557.000000000B210000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B210000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b210000_NIENrB5r6b.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $eq$4c]q$4c]q$heq$heq
                                      • API String ID: 0-4251209141
                                      • Opcode ID: dea843965b9b1f4e666391a84a954b3f27fab1f5474cc48e668f44a87ae1c41d
                                      • Instruction ID: e8673023be3008001bcb3c3e8e8afdfe58895d5a924d86bf65cea254c285dbc2
                                      • Opcode Fuzzy Hash: dea843965b9b1f4e666391a84a954b3f27fab1f5474cc48e668f44a87ae1c41d
                                      • Instruction Fuzzy Hash: B6A12870A102058FC715CF29C484AA9BBF6FF98310F19C9A9D4499B3B6DB31EC84CB51

                                      Executed Functions

                                      Function 01015BF0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \V%m
                                      • API String ID: 0-324988934
                                      • Opcode ID: 01404d334330736965dae889da1b330f02ef83ece09d4ddbc0dae88b0db0fb2d
                                      • Instruction ID: b7e2cc0819661a5c99a1420144063b8b4cd6412f06ce863e89e65432f2898c61
                                      • Opcode Fuzzy Hash: 01404d334330736965dae889da1b330f02ef83ece09d4ddbc0dae88b0db0fb2d
                                      • Instruction Fuzzy Hash: 0EB13070E002098FDF54CFA9DD857DEBBF2BF89314F148129D455AB298EB789846CB81
                                      Function 010164C0 Relevance: .3, Instructions: 266COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5be4dbaf73d4efbdd1f7eb39e23d7cc9ae790e6d73494a594c277ae06894ab5d
                                      • Instruction ID: 0002bbbac1dadf08d61c5c19f5bd15204869922fa5cb162d39294b96325ed295
                                      • Opcode Fuzzy Hash: 5be4dbaf73d4efbdd1f7eb39e23d7cc9ae790e6d73494a594c277ae06894ab5d
                                      • Instruction Fuzzy Hash: BFB14C70E002098FDF50CFA9DD857DDBBF2BF88314F148529D859A7298EBB99845CB81
                                      Function 01012377 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: a]q$4']q$Te]q$xaq
                                      • API String ID: 0-3979092346
                                      • Opcode ID: efd6a208a9b6e47958cd39257cdc6884c2a1792123edcd311d4ebe8bf32473f1
                                      • Instruction ID: 6509e3dca0e3b078222d191dd3ac641d1c33e60a21fb138d3366a86d12825e73
                                      • Opcode Fuzzy Hash: efd6a208a9b6e47958cd39257cdc6884c2a1792123edcd311d4ebe8bf32473f1
                                      • Instruction Fuzzy Hash: 5761C2747002019FC705EF78C854A6E7BA2EF88710B2049ADD502AF399DFB99D46CB80
                                      Function 01017168 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$xaq$c"
                                      • API String ID: 0-3863342730
                                      • Opcode ID: e80be9b376348330a56a903ca4323610f606c6ad42b72d65760a88d3c89df32e
                                      • Instruction ID: 36743b100da03c181362a8f2c09d8a85363591b2b111f889e768d85e4f69c449
                                      • Opcode Fuzzy Hash: e80be9b376348330a56a903ca4323610f606c6ad42b72d65760a88d3c89df32e
                                      • Instruction Fuzzy Hash: 92514674A002059FDB54DB79D898BADBBF2BF88710F2481A9E546AB3A5DB749C01CB40
                                      Function 01017178 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$xaq$c"
                                      • API String ID: 0-3863342730
                                      • Opcode ID: 0404c776ab990176876f83dd91d6fdcfcc0bae03753407ed412124622a9cea60
                                      • Instruction ID: b8fe485386e75e8e56ab4accfdc2f877cfb5dc58d0b13d0c1e3d3fa9f8f340ca
                                      • Opcode Fuzzy Hash: 0404c776ab990176876f83dd91d6fdcfcc0bae03753407ed412124622a9cea60
                                      • Instruction Fuzzy Hash: E5514734B002059FDB54DB79C858BADBBF2BF88710F248169E545AB3A5DF749C41CB50
                                      Function 01016238 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \V%m$\V%m
                                      • API String ID: 0-3465736428
                                      • Opcode ID: a989b779c516aa392dd120c7fff58634bdeed6c258ebdcc1499a64cc4d844ca2
                                      • Instruction ID: 186fa4ccf5a70183e00f920869a78753fee68da2c43900395964b795a1d1cde2
                                      • Opcode Fuzzy Hash: a989b779c516aa392dd120c7fff58634bdeed6c258ebdcc1499a64cc4d844ca2
                                      • Instruction Fuzzy Hash: 48716FB0E00209DFDF54CFA9C8857DDBBF2BF88314F148129E455A7258EBB99846CB91
                                      Function 0101622D Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \V%m$\V%m
                                      • API String ID: 0-3465736428
                                      • Opcode ID: ab97d464c59aa71f2d7c81798b248678afff47f6ba43d353057ea5eccbfd2e7c
                                      • Instruction ID: a1a64d931ae8aaa914ce4449d66bc64e74013da7a213b283564d9763450f5232
                                      • Opcode Fuzzy Hash: ab97d464c59aa71f2d7c81798b248678afff47f6ba43d353057ea5eccbfd2e7c
                                      • Instruction Fuzzy Hash: B1714EB0E00209DFDF54CFA9C8857DDBBF2BF88314F148129E455A7258EBB99846CB91
                                      Function 01016D80 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Haq$P
                                      • API String ID: 0-626237337
                                      • Opcode ID: dda3fd2dca93e4ba77d56fd769f75c91ac00606b08efcb1f238677271cccf800
                                      • Instruction ID: ff4d4b05eac711b1303cd240b321bf38cbef87e1de242f6a83923e90c94a0267
                                      • Opcode Fuzzy Hash: dda3fd2dca93e4ba77d56fd769f75c91ac00606b08efcb1f238677271cccf800
                                      • Instruction Fuzzy Hash: B2513A71E00248DFCB14DFA8C995BDDBBF6AF48300F208169E445AB294DB75AD45CB91
                                      Function 01010B08 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LR]q
                                      • API String ID: 0-3081347316
                                      • Opcode ID: e69a51cb67745227994d49ce1437b6e56efba41cb40f3674358a921948373625
                                      • Instruction ID: 4d5972b2a849d86e514db7839a5991a492f93aa4496342e0a98b2585b45bb0ee
                                      • Opcode Fuzzy Hash: e69a51cb67745227994d49ce1437b6e56efba41cb40f3674358a921948373625
                                      • Instruction Fuzzy Hash: 62D1A3747002068FCB05EB78D858A6E7BE3FFC8700B204569E54A9B3A9DF759D41CB91
                                      Function 01015BE5 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \V%m
                                      • API String ID: 0-324988934
                                      • Opcode ID: ab469e626817b6bb54c5c821d8936db01305fe959ea4cd375825f4321a774800
                                      • Instruction ID: e92d292bc7a6e65bbea6fe5ef3ddd1b3c0f1e6c399970f0762bc01b93e86f5cd
                                      • Opcode Fuzzy Hash: ab469e626817b6bb54c5c821d8936db01305fe959ea4cd375825f4321a774800
                                      • Instruction Fuzzy Hash: F9B15070E002098FDB54CFA8C9857DDBBF2BF89314F148129D455AB258EB789846CB91
                                      Function 01016F90 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LR]q
                                      • API String ID: 0-3081347316
                                      • Opcode ID: 9ced85b331fdb8ef695075247dc26a986cae12af3dd3262407b25d86fe88464e
                                      • Instruction ID: 7d8503be5b6afbde1d5e7c1e5d5094d8f456461409c7ffaa99a418986cfb845e
                                      • Opcode Fuzzy Hash: 9ced85b331fdb8ef695075247dc26a986cae12af3dd3262407b25d86fe88464e
                                      • Instruction Fuzzy Hash: 1F41C334A01209CFCB15DB78D460AAD7BF2AF89704F20856CD442AB399DF759C46CB91
                                      Function 01010AFB Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LR]q
                                      • API String ID: 0-3081347316
                                      • Opcode ID: b31741f2711107d48406407a3f1b7f8c4024a101fa111d8e8fcfe6fd5997df0a
                                      • Instruction ID: 37045fc7231664253504409bafe7fd5ee315cbfc2e13ef1986a3f9c3d70b4921
                                      • Opcode Fuzzy Hash: b31741f2711107d48406407a3f1b7f8c4024a101fa111d8e8fcfe6fd5997df0a
                                      • Instruction Fuzzy Hash: B821F730B011558FCB49EB78895467F7BF3BFC9604B1884ADE089DB399DE349D028792
                                      Function 01013217 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: |
                                      • API String ID: 0-2343686810
                                      • Opcode ID: 7e63ccec6d63bef111f58bf2db43c479efc75127663dbde5b9240dcc1fb8301a
                                      • Instruction ID: 723c7b2574b4d4f3e10d5b9f9a3136d52104572475a5c6217392cb00feb99f8d
                                      • Opcode Fuzzy Hash: 7e63ccec6d63bef111f58bf2db43c479efc75127663dbde5b9240dcc1fb8301a
                                      • Instruction Fuzzy Hash: E9118471B442159FDB44EBB888147AE77F1AF88614F10846DE54AEB3A4DB389D01CB81
                                      Function 01012288 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: m
                                      • API String ID: 0-3775001192
                                      • Opcode ID: 3f9adc135a2012bc40d3d2e78b8b89c3c76ea3e98b668a82d00af4d516e6b7c5
                                      • Instruction ID: 5675066b71731cbed5e8983d02bb67b6898a227d36d8caf120d2d6fcb27f4971
                                      • Opcode Fuzzy Hash: 3f9adc135a2012bc40d3d2e78b8b89c3c76ea3e98b668a82d00af4d516e6b7c5
                                      • Instruction Fuzzy Hash: 8F215978A00904DFCB59EF69D444AADBBF1FF88714B2581E9D409CB369EB759902CB40
                                      Function 01016CD9 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,
                                      • API String ID: 0-3772416878
                                      • Opcode ID: 81482fb76570b39907b0bd314203a83b40c53255da1f5d8833e9263f176efb49
                                      • Instruction ID: b08b1b65e92c00f7cafdda4accea8921e68db3081d8ba8941f3877fa609e2bec
                                      • Opcode Fuzzy Hash: 81482fb76570b39907b0bd314203a83b40c53255da1f5d8833e9263f176efb49
                                      • Instruction Fuzzy Hash: A801F932E00208D7EB14A778DC057EE3BF2EBC8310F4481A5ED45AB298DFBA8D58C651
                                      Function 01017A09 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LR]q
                                      • API String ID: 0-3081347316
                                      • Opcode ID: d2280415e5b62ef3727c3e12622eb0604b71af8e556a8fa2f27bbdd7c2948235
                                      • Instruction ID: 3dd06fbc0f7ae0c91e4fdb1431c11ae98553ddbdf4c826745651a4f306404bcf
                                      • Opcode Fuzzy Hash: d2280415e5b62ef3727c3e12622eb0604b71af8e556a8fa2f27bbdd7c2948235
                                      • Instruction Fuzzy Hash: 50F0C875F002068FD749EFB8981276E77E1FBC4604F5045A9D586DB298FB745B028BC1
                                      Function 010164B4 Relevance: .3, Instructions: 262COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5369625ee5c30dabedc8dfd420e7be0c8d1b5e48588d84cc70b4a235215a3210
                                      • Instruction ID: 22d74ed18fcf54cf4a4ebfcee21ed9c7fe8e77097f8058e56afe0dd6647ee5c3
                                      • Opcode Fuzzy Hash: 5369625ee5c30dabedc8dfd420e7be0c8d1b5e48588d84cc70b4a235215a3210
                                      • Instruction Fuzzy Hash: D2B16D70E002098FDF50CFA8DD857DDBBF2BF88314F148529D859A7298EBB99845CB81
                                      Function 01012F63 Relevance: .2, Instructions: 195COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de1aafff14cb1104b0f9ef62eea7b501e63f33402dfb51394a93e8a44ebc7fa3
                                      • Instruction ID: 85e2947310651c57df022ef60532847f4a79f6f9956fdbd4b49228233dcda84e
                                      • Opcode Fuzzy Hash: de1aafff14cb1104b0f9ef62eea7b501e63f33402dfb51394a93e8a44ebc7fa3
                                      • Instruction Fuzzy Hash: 4851D3B87102059FD709AB78D814B2E3B9BEFCC300F1184ADD149C77A9DE759C528BA2
                                      Function 01012FA0 Relevance: .2, Instructions: 171COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f4b3a311eaec9fdd00c53d32ccf85364a692fde16bdab94487e5c1e77448065b
                                      • Instruction ID: 93fad4a347c9715af82ac87a63ef68b30c7a9f96790182fcef6928a9aaa9dc44
                                      • Opcode Fuzzy Hash: f4b3a311eaec9fdd00c53d32ccf85364a692fde16bdab94487e5c1e77448065b
                                      • Instruction Fuzzy Hash: 7E514EB83206059FD748ABB8D814B2E379BEBCC740F11846DA109D77A8DF759C518BA2
                                      Function 0101270B Relevance: .1, Instructions: 148COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b49d16bb9fe65aaad678a96baaaceebea02543039de8167b35c34f1727d449f
                                      • Instruction ID: 577d612238e86096a678011a5d9d23317980845f3e633d94aa4c9f3d1b788c6b
                                      • Opcode Fuzzy Hash: 6b49d16bb9fe65aaad678a96baaaceebea02543039de8167b35c34f1727d449f
                                      • Instruction Fuzzy Hash: 7C51B971E052568FCB599F7CC8541BE7BF2BF89200B2484BAE885D7355EB388C42C791
                                      Function 01010CEA Relevance: .1, Instructions: 137COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eab2a98c55981f46fe4a19c681bf5de4628feea3a87045162425fb2c2b50b512
                                      • Instruction ID: 915344ac20a164a5bffa33be68d8fd18fe16babc86a54313bb1a8bebafb963b2
                                      • Opcode Fuzzy Hash: eab2a98c55981f46fe4a19c681bf5de4628feea3a87045162425fb2c2b50b512
                                      • Instruction Fuzzy Hash: F641B2753006068FCB09EB79C81867E76E3FFC8700B204969E55A9B398DF399D418B92
                                      Function 010132F0 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9d95d3a65942f2e2b065185275f146232a6425e33ee379906b385889a1638ef
                                      • Instruction ID: 4a87a4564b5f2f94b712be048e40223ff6e2c4a00164b31438b4a499208add1b
                                      • Opcode Fuzzy Hash: d9d95d3a65942f2e2b065185275f146232a6425e33ee379906b385889a1638ef
                                      • Instruction Fuzzy Hash: 8041A071A002498FCB14EB79D4547AEBBE6AFC9714F24846DD14AA7344CF3899068B91
                                      Function 0101211F Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8e59c8a02d7129db177ede759f2ab82e3dade23fc53849cf7f49a42b153fe154
                                      • Instruction ID: cdb0d67aacaf045814925c29eef5e5a255508ff88d5d72244e0bebc20936d674
                                      • Opcode Fuzzy Hash: 8e59c8a02d7129db177ede759f2ab82e3dade23fc53849cf7f49a42b153fe154
                                      • Instruction Fuzzy Hash: D54105B59082858FD701DF69D944AAAFFF0FF89300F19C1AAD444E7352DB38A845CBA1
                                      Function 0101560C Relevance: .1, Instructions: 103COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1e084f81c5f958f1a3f3a1891aa6bfb9040907536ec90ea2155d3583b53bfc9c
                                      • Instruction ID: 399f8db76271634c5d0d47fa200a28596a6ddd494d6fd42acfd1617865316fbf
                                      • Opcode Fuzzy Hash: 1e084f81c5f958f1a3f3a1891aa6bfb9040907536ec90ea2155d3583b53bfc9c
                                      • Instruction Fuzzy Hash: 5241F2B1E00258DFCB14CF99C984BDEBBF5EF48300F20816AE409AB294DB75A945CF91
                                      Function 01010D8E Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1802f9cf2a65eed07a38d1bdeb7f264701d7f28ad1dedea24161af6164e16e27
                                      • Instruction ID: fae2782cdd45b0531c0201899743d49b1d535915e15c13f845841651c4a0d6b2
                                      • Opcode Fuzzy Hash: 1802f9cf2a65eed07a38d1bdeb7f264701d7f28ad1dedea24161af6164e16e27
                                      • Instruction Fuzzy Hash: F83106753006068FCB09AB79C81867D76E3FFC8700B20496CE45A8B798DF399C418BD2
                                      Function 01013CFC Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 217e85570217d00ad6424341735e6405dd894e497165c2c92c32f4e98559c8fb
                                      • Instruction ID: 788506c3288822be34cfe76fb191c43f41e32c4a106bbd944aaf977ace398d93
                                      • Opcode Fuzzy Hash: 217e85570217d00ad6424341735e6405dd894e497165c2c92c32f4e98559c8fb
                                      • Instruction Fuzzy Hash: 21410DB0D003489FDB10DFA9C584ADEBFF1FF48310F648429E809AB254DB39A946CB91
                                      Function 01013D08 Relevance: .1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 827fa5295b53d8f1092fcbb321847deaa88afc77bf115aacbd10109bd97b76f3
                                      • Instruction ID: d20b4c3d1a400f5538a4115fda1b54d62eff524d87ee2c6a35980b55d06aad39
                                      • Opcode Fuzzy Hash: 827fa5295b53d8f1092fcbb321847deaa88afc77bf115aacbd10109bd97b76f3
                                      • Instruction Fuzzy Hash: 4C41FFB0D003499FDB10DFA9C484ADEBFF5FF48314F608429E819AB254DB75A945CB91
                                      Function 01012600 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00efae29c3278fb55e3bbbef597b7a76e8ac5dd41b8666f1bd83e1754acf1d25
                                      • Instruction ID: b02dfbedf4ac4e9f63c37f3b3fd99a609611173c21f99eb77f5def7042105256
                                      • Opcode Fuzzy Hash: 00efae29c3278fb55e3bbbef597b7a76e8ac5dd41b8666f1bd83e1754acf1d25
                                      • Instruction Fuzzy Hash: A7215C30A00118DBDB44EBB8E8586EEBAF6AF8C310F604469E582A72D8DF355D41CB65
                                      Function 010109E8 Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09bf4b77fa6443d6f5b834ee064eb59e67828b45302626954478dab1e643668a
                                      • Instruction ID: ba5f1dbabf5d6156cd85ad69aed9af28f337e9788140bdfc162d562ee23e1830
                                      • Opcode Fuzzy Hash: 09bf4b77fa6443d6f5b834ee064eb59e67828b45302626954478dab1e643668a
                                      • Instruction Fuzzy Hash: 3221C675B002059FCB08AFBD885936FBAE6EFC8710B25842DE54AD7355DE388D068761
                                      Function 010108D0 Relevance: .1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e55f82d9d3eca02a5f9e235746eb207ba5100be045c57debac30b682938c0623
                                      • Instruction ID: a41e6b88b3994fd7b3e5195bbf9f6b7648b8f17bd4ae20611edaccd72c4af91a
                                      • Opcode Fuzzy Hash: e55f82d9d3eca02a5f9e235746eb207ba5100be045c57debac30b682938c0623
                                      • Instruction Fuzzy Hash: 1E31A5B4A0024ADFCB01FF74D844AADBBB6FFC9300F2089A9E405A7355EB745A95CB51
                                      Function 010109F8 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4676d0a63527f509eb3dec15837f9e15b33777f018ce341f5e7a86e0174ac36a
                                      • Instruction ID: b6756d2952487df6fa70f95f8f04c6a77af70871e4dc010830ac131af103d810
                                      • Opcode Fuzzy Hash: 4676d0a63527f509eb3dec15837f9e15b33777f018ce341f5e7a86e0174ac36a
                                      • Instruction Fuzzy Hash: 4B118471B002065FCB48AFBE485836FBADAEFC8710B15482DD54AD3385DE388C4147A1
                                      Function 010108E0 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a6dfb700ec31fad38abc57e5c23acfcfb0a9b8f198cebfc29b2e33b29f1e8f3a
                                      • Instruction ID: 6d2ae8e0e666489e2ba37620d686d7775895acc6e72322b3d392941b5a8ecb77
                                      • Opcode Fuzzy Hash: a6dfb700ec31fad38abc57e5c23acfcfb0a9b8f198cebfc29b2e33b29f1e8f3a
                                      • Instruction Fuzzy Hash: 702141B4A0020ADFCB05EFB4D844AADBBB6FFC8304F2049A9E505A7354EF745A95CB51
                                      Function 0101793C Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c99c0b29444870f7b40f74f13448d9c4a9d66398a3f906e7b7312516bb3e2cba
                                      • Instruction ID: 6d689b1b1c04e229adb97d2dcc0d7fa0f86ef674a6e657a00929d65ab5abce07
                                      • Opcode Fuzzy Hash: c99c0b29444870f7b40f74f13448d9c4a9d66398a3f906e7b7312516bb3e2cba
                                      • Instruction Fuzzy Hash: 16115975B0020A9FDB06BBB898187BE3AE6DBC8310F1001A9D909C3398DF750D958781
                                      Function 010132E0 Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d0c5c6110f276d61f01e0da35452f3b72646e5e8ac11c69b6d85df03adebb44
                                      • Instruction ID: ec313bb265442e98ca46d92d6146c2a8c031567e3410109fcb545dec93417e8a
                                      • Opcode Fuzzy Hash: 6d0c5c6110f276d61f01e0da35452f3b72646e5e8ac11c69b6d85df03adebb44
                                      • Instruction Fuzzy Hash: 7F01B1313092404BCB16A73999A466E77E3AFCA158BA9447ED54ACB345CF38DC079711
                                      Function 01017948 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 096ee7dbe475c498900b16f4a511c06e5ad14609280623da6ee3807fdda37cb9
                                      • Instruction ID: 484f7b3290c5c7a38ff98dd89e00a39bbe1414f0e94fc30a5561b3325329bba6
                                      • Opcode Fuzzy Hash: 096ee7dbe475c498900b16f4a511c06e5ad14609280623da6ee3807fdda37cb9
                                      • Instruction Fuzzy Hash: 92012474B002169FCB06BBB8D8187BE3AA6EBCC710F104169A609D7398DF754E9587D1
                                      Function 01010EE9 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67cfcf87b07a13db0641b4df57a5b808f4718f838ec4d3490603c69671aa096d
                                      • Instruction ID: 005baaba2f71fe8b0367b097eea97637cd00406cb50a98c7d8755a0c0578ba70
                                      • Opcode Fuzzy Hash: 67cfcf87b07a13db0641b4df57a5b808f4718f838ec4d3490603c69671aa096d
                                      • Instruction Fuzzy Hash: 0C018C72700A054BCA1AEB7DD81812E76E2FB842103108E6DE46A8B695DF389D098BC2
                                      Function 01017AA0 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4de58d7c5196aed835f04dee6ef00458e2eab06327ab95bce0be4d5993511312
                                      • Instruction ID: 179195c9d63e787ae72ac932a62055881fb726c0d0a8a1248d0a9208f3ee82c6
                                      • Opcode Fuzzy Hash: 4de58d7c5196aed835f04dee6ef00458e2eab06327ab95bce0be4d5993511312
                                      • Instruction Fuzzy Hash: B01100B5C002498FCB20DF99D588BDEBBF4EB48324F208449D559B7210D339A548CFA5
                                      Function 01011F88 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 429c2ad24f54de6fcee27a2913600dba3d9c3bacbd6dcc440e131f1e09df0e1a
                                      • Instruction ID: af40385d3e5c125402adea0d4b2e3e79feb0bf265e901adba5e7c487df9a1055
                                      • Opcode Fuzzy Hash: 429c2ad24f54de6fcee27a2913600dba3d9c3bacbd6dcc440e131f1e09df0e1a
                                      • Instruction Fuzzy Hash: 7E01F23490020A8FC704FBB8C855A7E7BB6FF84304B10462CE546A7349DF74A944CBA2
                                      Function 010169B1 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ca7a5885f40ebeba5fd96ec34434c6d33ba5e19a2e3081ac464f8d2445330bc
                                      • Instruction ID: d0ff0a5514815e8c89c3c20c3764bc42f4f4a3c17e0e932062c0301741cb8df7
                                      • Opcode Fuzzy Hash: 1ca7a5885f40ebeba5fd96ec34434c6d33ba5e19a2e3081ac464f8d2445330bc
                                      • Instruction Fuzzy Hash: 0EF0C83AB044585FCB05E678E4509EF7BF2AFC9604F1481A8D945A7349DB215E07CFE1
                                      Function 01011868 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d6c7af5486542894c3c712d778c290e5e0e5ba9d16fc0dbc22c2b74b80e950e
                                      • Instruction ID: e8457bed2d9e668a108b1f209a4ee99ccbcb7877eaeaaeed2ddeb6665c0b7c15
                                      • Opcode Fuzzy Hash: 5d6c7af5486542894c3c712d778c290e5e0e5ba9d16fc0dbc22c2b74b80e950e
                                      • Instruction Fuzzy Hash: 53F0C236B044589FCB009FB9E8195EE7BB0AF89600F4505A9D942BB7A6CA249D068BD1
                                      Function 01017AA8 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c9d6af4d371e1c8b0a0156edc1e626acf9e973df7ef4cf89d9dbd19288f44f4c
                                      • Instruction ID: 3bdea9c1531967b4269c0aad2dcf8011e02caaedd7095bfb60d8446ce792d62e
                                      • Opcode Fuzzy Hash: c9d6af4d371e1c8b0a0156edc1e626acf9e973df7ef4cf89d9dbd19288f44f4c
                                      • Instruction Fuzzy Hash: 6B111EB5C002498FCB20CF9AD588BDEBBF4FB48324F208459D559A3200C378A944CFA1
                                      Function 010122C9 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 18619556ee46dc3f47879190e18483f73f166f31be951680e032929583414cef
                                      • Instruction ID: 27fb4d03ed3d361d984bd801b9ce07fe63c36be95e9d629ffbc29f8574db0d12
                                      • Opcode Fuzzy Hash: 18619556ee46dc3f47879190e18483f73f166f31be951680e032929583414cef
                                      • Instruction Fuzzy Hash: D5011A38600910DFCB09EF29E8589687BB1FF8871532585E9E9168F3B8DF75AD05CB40
                                      Function 01011F7B Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cc3d69a840a44fe33c51cc7098cf4ab84158e1f758d363149f1317158cc9590
                                      • Instruction ID: 83dc0cc08adc95f998eeb46c08ce69422619498763cff7261ee6efed22fcd164
                                      • Opcode Fuzzy Hash: 0cc3d69a840a44fe33c51cc7098cf4ab84158e1f758d363149f1317158cc9590
                                      • Instruction Fuzzy Hash: C20186349082898FD701EBB8C8955BD7F71EF42304B04469DD5C2672AADF745419CB52
                                      Function 01011878 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c509de0b0329c03c46eb7a2eda114dcef32250e2a1ad7037b77fbd73b630ba2c
                                      • Instruction ID: fb2224665a9519462e2e959403601efd26a8abcf59adeddc564d2ad98e0d7395
                                      • Opcode Fuzzy Hash: c509de0b0329c03c46eb7a2eda114dcef32250e2a1ad7037b77fbd73b630ba2c
                                      • Instruction Fuzzy Hash: FCF08232B001185FCB04AAB9D8085DE77A5EF89611F410065D502EB394DF349D058BD1
                                      Function 010120B0 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0b924a9204f70ceadb47846b804b1812c6df5f12301f66fd438e15c73d1f75e
                                      • Instruction ID: 6bb76268539720786b6f45a9f45d26fcaaff69fa7cc553d51ed825d4d0b537af
                                      • Opcode Fuzzy Hash: b0b924a9204f70ceadb47846b804b1812c6df5f12301f66fd438e15c73d1f75e
                                      • Instruction Fuzzy Hash: 45F09074B142509FC7459B34D818A2A37A2AF49324B6600EAE506DB3B6CF78AC44C791
                                      Function 01012306 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 59ec1d2dbb3d603e5f1781319311b2149b135256de17395400ed48ee7ef5e9cc
                                      • Instruction ID: d5b17e15c8e01d79f3c4fc61b894810d4a3b5524a5ad7f61edc896191f32fa1a
                                      • Opcode Fuzzy Hash: 59ec1d2dbb3d603e5f1781319311b2149b135256de17395400ed48ee7ef5e9cc
                                      • Instruction Fuzzy Hash: 6AF08235600510DFCB19AB34D90456C7BB1FF8872072046E8D9169F3B4DF759E42DB80
                                      Function 01016A3C Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c7fc6d0ca829b7b720f35b479c18afece25028cc9959820611f084cc7f8a424f
                                      • Instruction ID: 9fb831f98c26e534a9d8b8ac1d6574767e4ed06265192787f19d968564e32908
                                      • Opcode Fuzzy Hash: c7fc6d0ca829b7b720f35b479c18afece25028cc9959820611f084cc7f8a424f
                                      • Instruction Fuzzy Hash: BCE061B7B040508FC301836CAC1146B3FA4DBC6555348C5D6D949CF229D71ADD07CB91
                                      Function 010120C0 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1e060c1c9760219d1de801eb4ad1586d2e613280390d462d61e58feb6f15ccac
                                      • Instruction ID: 6809041e420c8c8b1333e0e2573180699ba8bc01739662eda45fa01febd1558e
                                      • Opcode Fuzzy Hash: 1e060c1c9760219d1de801eb4ad1586d2e613280390d462d61e58feb6f15ccac
                                      • Instruction Fuzzy Hash: EEF08C787002049FD744AB38D80CA3A37E6AF49724B6101E8E106DB3B6CF68EC40CB91
                                      Function 01012353 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb0507d8cd9717799c22c150ea02825df1ff28d5a3f083f7e771a3a79d0c4516
                                      • Instruction ID: e62fdf738862d3bdf711d273c0adc6aeaa935a8a88c764d79020723ec1138a38
                                      • Opcode Fuzzy Hash: bb0507d8cd9717799c22c150ea02825df1ff28d5a3f083f7e771a3a79d0c4516
                                      • Instruction Fuzzy Hash: 2DC01231540004C7CB04A7B8ED090EC7721DF803317204BA5E22A874E09F710E26C640
                                      Function 01011F63 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4811bdf1b97b82f2a9a095cb0db1f88517e9d5a9222bdeb43e58eaf346d5664a
                                      • Instruction ID: eea70c9d4c13cc2daad38c563e7cb0ddae2a91f2d93bdea5078cfd910fdac0cc
                                      • Opcode Fuzzy Hash: 4811bdf1b97b82f2a9a095cb0db1f88517e9d5a9222bdeb43e58eaf346d5664a
                                      • Instruction Fuzzy Hash: 30B09210C082848FCB0223E404680A42F708C8330130944C28281870A38A05281ACA22
                                      Function 0101792C Relevance: .0, Instructions: 3COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e31b9bde149cc9e21bff6ef9e930db462524c7d7c5e13496780998ac5c36bc2f
                                      • Instruction ID: 7ffaf91ad34d3cf48cbd9acef09b368003fc8feb829709356350641311511ddb
                                      • Opcode Fuzzy Hash: e31b9bde149cc9e21bff6ef9e930db462524c7d7c5e13496780998ac5c36bc2f
                                      • Instruction Fuzzy Hash:

                                      Non-executed Functions

                                      Function 01017D40 Relevance: 5.2, Strings: 4, Instructions: 223COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.4489516756.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_1010000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Te]q$Te]q$xaq$xaq
                                      • API String ID: 0-1546386772
                                      • Opcode ID: 5ad6ff31c9b11afefaca984b4ec0e2a09557d1cd2b5e44869bcfcdd4d187c2fe
                                      • Instruction ID: e75e0f5a2a94485fcfc0b3ede186bc6d440dc6b673274663e9880177def05a8b
                                      • Opcode Fuzzy Hash: 5ad6ff31c9b11afefaca984b4ec0e2a09557d1cd2b5e44869bcfcdd4d187c2fe
                                      • Instruction Fuzzy Hash: C691A2746006068FC756EF39D844B2A77E2FF88720B208699E495DB3A9DF74ED44CB50

                                      Executed Functions

                                      Function 012C08B0 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: tP]q
                                      • API String ID: 0-2175968468
                                      • Opcode ID: f08bb8868b231cf0a1a16b9dd9e2a1b9a4e30ac7505564173a5cafa5ad18f5a5
                                      • Instruction ID: 8308578cb8e82e5f0c79b8062611979f1346deb9ab608ce0a7adcbdb8c98452f
                                      • Opcode Fuzzy Hash: f08bb8868b231cf0a1a16b9dd9e2a1b9a4e30ac7505564173a5cafa5ad18f5a5
                                      • Instruction Fuzzy Hash: F5212A753045118FCB4DEB38D49891D7BE2AF89B1532505A8E50ACF371DA35DC42CB91
                                      Function 012C1541 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8aq
                                      • API String ID: 0-538729646
                                      • Opcode ID: 566521eed98e8fbddaddc7ef360651641be4ddc1edda3f57f392061be9e7e0b6
                                      • Instruction ID: 1988fbd7dff71bf41421d1cb98e105619af21768343548cca1605a2512e33647
                                      • Opcode Fuzzy Hash: 566521eed98e8fbddaddc7ef360651641be4ddc1edda3f57f392061be9e7e0b6
                                      • Instruction Fuzzy Hash: CDE026306003198BC606E6BAF420619B399FBCCA84B08483CDD1A97244DB3DDC414BD6
                                      Function 012C0E30 Relevance: .4, Instructions: 440COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7f4dcac8de4c05579e3dc79d3044358065fb301269e8f57ae677deabccb8cd61
                                      • Instruction ID: 796db9b0a31bc36e810f74159b683a26c956b6d2fbfc8be750efcfd5124849a3
                                      • Opcode Fuzzy Hash: 7f4dcac8de4c05579e3dc79d3044358065fb301269e8f57ae677deabccb8cd61
                                      • Instruction Fuzzy Hash: C5027F70710216DFCB15DF68C89096EBBF2FF88704B248A68DA199B345DB75EC42CB91
                                      Function 012C09B0 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7f265aeef25c88d4c709791e1049c6eb278c9e5ba1d1ee018ee8e361ef1ab43
                                      • Instruction ID: 2fad023428d9ba8b554196b3c5773ecb0291b9a314d397986d94e07b6533b9b3
                                      • Opcode Fuzzy Hash: f7f265aeef25c88d4c709791e1049c6eb278c9e5ba1d1ee018ee8e361ef1ab43
                                      • Instruction Fuzzy Hash: DBD17D38210302CFD71ADF29C554A297BE2FF88B04F2485ACEA168B354DB75ED91CB95
                                      Function 012C1498 Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57b49616aeac68e00ac2913a7db36ecb7f5fe2c0fa5482217028b4be65b5e56f
                                      • Instruction ID: 0358e3af63979b1af0b8bcac4690b7c7c696d9a4c34d88334ce8bfb991e0fa2a
                                      • Opcode Fuzzy Hash: 57b49616aeac68e00ac2913a7db36ecb7f5fe2c0fa5482217028b4be65b5e56f
                                      • Instruction Fuzzy Hash: 3711C031F001189FC758EBB9D82569E7BB6EF89B00F1080AAD6199B394DB35ED01CB95
                                      Function 012C1421 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b537991228a998b10b4ecab24f921e47e5bc66e450f1ea287fcb1aa1bd8bba2
                                      • Instruction ID: d52ac32274c2d5265abd9da44637f222f649e8d51967044f5e75c500c8da5b86
                                      • Opcode Fuzzy Hash: 5b537991228a998b10b4ecab24f921e47e5bc66e450f1ea287fcb1aa1bd8bba2
                                      • Instruction Fuzzy Hash: 4AF0E272B053259FD31C5A799C509AB7BEAFFC9624714447EE00AC7341EE799C4283E0
                                      Function 012C0857 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fe56d11a76c528158b4737739ac6ab3f48d942ccfcfa40acf52a5dd8308db43
                                      • Instruction ID: f23f595c4c948842ca7e8d928e44c80ad66487fc15896272ad0f78303e9adc87
                                      • Opcode Fuzzy Hash: 2fe56d11a76c528158b4737739ac6ab3f48d942ccfcfa40acf52a5dd8308db43
                                      • Instruction Fuzzy Hash: EFF0E531A08259AFC705DFF9D8885DA7FF9EF0A61070480FEE008D3205E6319840CB61
                                      Function 012C0868 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1e735d8fd802b23fdb1a0e60ca266c95de53fefcbcde6d8c2fea6fe7392ac170
                                      • Instruction ID: 170738b485f0cce79297985bbfb4b4af37368cf742b6452b55288c86c4d94261
                                      • Opcode Fuzzy Hash: 1e735d8fd802b23fdb1a0e60ca266c95de53fefcbcde6d8c2fea6fe7392ac170
                                      • Instruction Fuzzy Hash: 98E09B33A08129AF9718EFF9E4484DF7FEDEB44521700807AF119D2508EA7554808B60
                                      Function 012C13E0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0040d19c3e9e7cc12b3dc646130c59b887f5c5092322e1916368cd3ec8745e60
                                      • Instruction ID: 108f272fc51638a967957ba417db8a1a21b372514fe1a9cdb173cff29cf21db6
                                      • Opcode Fuzzy Hash: 0040d19c3e9e7cc12b3dc646130c59b887f5c5092322e1916368cd3ec8745e60
                                      • Instruction Fuzzy Hash: 62E0C2341083848FC71EDF65EA34AD13FF5EB0AA04B8400ECE9618B66BC638ACC0CB55
                                      Function 012C1489 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dab203fdd6952bf65ecc2212e25baf35ff065fc8ecba045525295f14af79b887
                                      • Instruction ID: 9cb8c945d7e0fbf05d5193556298fedce21e7c0149bcaee2cb213ac79acdd98c
                                      • Opcode Fuzzy Hash: dab203fdd6952bf65ecc2212e25baf35ff065fc8ecba045525295f14af79b887
                                      • Instruction Fuzzy Hash: B5D0A732E05714CBD7B855BAA8061DC7B65DB02A50B4441BBD654C714AE7249A1483D2
                                      Function 012C1590 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.2100084405.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_12c0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 396ffab918b82a696a6f24052372188609a4689f7e0bbf76c7216d9246f66219
                                      • Instruction ID: faff23d103cd7e9a9465e815d9fc5f1b684b4d278bcd8207414aa11501123c1e
                                      • Opcode Fuzzy Hash: 396ffab918b82a696a6f24052372188609a4689f7e0bbf76c7216d9246f66219
                                      • Instruction Fuzzy Hash: A7D0C9705483C28ED7279B34C9153803FA16F03208F6C04CEC0808B1A7C26A9598D796

                                      Executed Functions

                                      Function 00E008B0 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: tP]q
                                      • API String ID: 0-2175968468
                                      • Opcode ID: facc0920ca16a315fdda4d3a8ebae2e6c1d98909b14a9fc1449ea2aced28d683
                                      • Instruction ID: a16cb1a2ee8d05d834306ab870b15512d5995fa15d3936fc8baafad700a9442e
                                      • Opcode Fuzzy Hash: facc0920ca16a315fdda4d3a8ebae2e6c1d98909b14a9fc1449ea2aced28d683
                                      • Instruction Fuzzy Hash: 5121EC753005118FCB49EB38D55892C77F2AF8971632605A9E50ACF3B2DA35DD42CB91
                                      Function 00E01539 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8aq
                                      • API String ID: 0-538729646
                                      • Opcode ID: 15ba2e2165a78d6b7476c0397b49996ff2f28a71501a8c8980089738deabb0b6
                                      • Instruction ID: 1cb5c4d996668cb191b5d52ada467821b45a9dee99c0ff2b2d7f6116b89d13f9
                                      • Opcode Fuzzy Hash: 15ba2e2165a78d6b7476c0397b49996ff2f28a71501a8c8980089738deabb0b6
                                      • Instruction Fuzzy Hash: 59F055A0504B014BC302B7A8AC1071D7AA59F8B794F801AA0E84EAF385DE608C418BE2
                                      Function 00E00E30 Relevance: .4, Instructions: 434COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 66ffee7521ca8a486b86237bc6444682273cb0854dc259679211b44fb96e08f3
                                      • Instruction ID: d56c4cb83d4ff40662b9619a29ba466aac9b58bfefb607ea95c466016052adc6
                                      • Opcode Fuzzy Hash: 66ffee7521ca8a486b86237bc6444682273cb0854dc259679211b44fb96e08f3
                                      • Instruction Fuzzy Hash: 4702B2707006468FCB15DF68C884A6EB7F2FF84304B158968D549AF395DB35EC86CB91
                                      Function 00E009B0 Relevance: .3, Instructions: 308COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce664c00f6a3f0910730260ce2345cae2afca406997598d5aeeadda9eb56e575
                                      • Instruction ID: 34c2ac0ee9ee4e6b4ba2f0c7f80437e868147bbd2391f49f89151ffb092fd338
                                      • Opcode Fuzzy Hash: ce664c00f6a3f0910730260ce2345cae2afca406997598d5aeeadda9eb56e575
                                      • Instruction Fuzzy Hash: 5DC17B34204602DFD709DF24C844B697BE2FF89704F648968E95A9B3A5DB70EDC1CB90
                                      Function 00E01498 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e6dc9cc33b13cbf0bec7b2f98a14ccd77b5ed0024965c5d72330eb468975afa
                                      • Instruction ID: 9e9430f213d49e5368b16b0f19a88811fedf6f637014eb3a6ea2b95d96be8778
                                      • Opcode Fuzzy Hash: 2e6dc9cc33b13cbf0bec7b2f98a14ccd77b5ed0024965c5d72330eb468975afa
                                      • Instruction Fuzzy Hash: EE01C071F001089FC704ABB9D81575E7BB6EF86301F0080A9D6099B390CE74AD41CB91
                                      Function 00E01348 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ce8db09a8f48ec07d0f2423e6bab9572aab162e329acec81e978ebadabf0060
                                      • Instruction ID: 9254bff0b4dcd4a2ffef3547a18196fb165bcdd76e010096a530e4a3a435a3ea
                                      • Opcode Fuzzy Hash: 1ce8db09a8f48ec07d0f2423e6bab9572aab162e329acec81e978ebadabf0060
                                      • Instruction Fuzzy Hash: EE01FE777006109FC3169B24F848A1E37A5FF89B503134A95E8859F355CE71DC81C7D1
                                      Function 00E01421 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 213e5f61c195a571f65bdb2e4de34894df6d484f74b1150e7314f79b4535a862
                                      • Instruction ID: 037487e9d448d3b1b283c3ee5b94e5d00e386bd54a3813c69f34dc5fa96752bf
                                      • Opcode Fuzzy Hash: 213e5f61c195a571f65bdb2e4de34894df6d484f74b1150e7314f79b4535a862
                                      • Instruction Fuzzy Hash: B6F0E2B6B053245FC3095B785C546AF3BEAEFC9211301086AE00EC7351DE754C4783A1
                                      Function 00E00868 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f68fb15056e576c1d110ee9f72332fca0a1934ee33ae33e09cdbcd7c8633ea8
                                      • Instruction ID: 7f50aa824b411bad644517e4e73de646f5028a0f53df83f29e871d416e19440d
                                      • Opcode Fuzzy Hash: 3f68fb15056e576c1d110ee9f72332fca0a1934ee33ae33e09cdbcd7c8633ea8
                                      • Instruction Fuzzy Hash: 05E0E576604119AF8708DFA9A8487DEBBE9FA44176B148066E00DD2210EB7155814790
                                      Function 00E00857 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f465bfb8746429cd34f1c97d89841b79f4c12969d8c99f24d4ccfaf77044eba0
                                      • Instruction ID: 2643681ad42235afaa8693bbd43e1a24c6c8520ac0e64a6139eb6922e5ccde5c
                                      • Opcode Fuzzy Hash: f465bfb8746429cd34f1c97d89841b79f4c12969d8c99f24d4ccfaf77044eba0
                                      • Instruction Fuzzy Hash: 73E09272A087499FC70ACFF9985868DBFF9EF45111B0480DBD008E3251F73058859721
                                      Function 00E01489 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7443226e8e0243d0e25a5cfa3d90838e3408cffc07c5acea02274940bb0aedcd
                                      • Instruction ID: 7dc6e337281a8ba8d3f2c9b99f5ddec49ad3b1ba9eb547755ad92c1ac9f1e28a
                                      • Opcode Fuzzy Hash: 7443226e8e0243d0e25a5cfa3d90838e3408cffc07c5acea02274940bb0aedcd
                                      • Instruction Fuzzy Hash: 15D0A722A0DA509BD70156B16D0939C3F64DF02251B4501FAD44CDB1A1E6458954C3D2
                                      Function 00E013E0 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84f484b477c780af19055c7624901125773a8f4ae874f6325cc6a2794af90b6e
                                      • Instruction ID: f7d3414afaad3ea48009cc773ef78ce959851ae7fb205eb231da129db476f4e5
                                      • Opcode Fuzzy Hash: 84f484b477c780af19055c7624901125773a8f4ae874f6325cc6a2794af90b6e
                                      • Instruction Fuzzy Hash: 60E0123520D6C04FDB869F71EA28B593FA19F4B70570506DAE4894B167CAB41840CB95
                                      Function 00E01590 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.2663366101.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_e00000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19b174b77df3c919e51b1eb776e0326e2515b2cb520208ea2c6c13b00952917b
                                      • Instruction ID: 658e2cb5ef03eb5ffc5e3ed18db81c6fe9f94ff86578a1674406664ccf26eada
                                      • Opcode Fuzzy Hash: 19b174b77df3c919e51b1eb776e0326e2515b2cb520208ea2c6c13b00952917b
                                      • Instruction Fuzzy Hash: 8FC04CF46503525DEB161F608C153043BD1AF56704F9110C8D0480F2A1C3B81481976A

                                      Executed Functions

                                      Function 00C208B0 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: tP]q
                                      • API String ID: 0-2175968468
                                      • Opcode ID: 31915688b9c059135171bda5687bea70493d6ef0682eaa299f7ca84b13dde517
                                      • Instruction ID: 25139efef96f45c0b379fa0895c4ed7c6a65071f367d28abc0cd81d0f6fb6127
                                      • Opcode Fuzzy Hash: 31915688b9c059135171bda5687bea70493d6ef0682eaa299f7ca84b13dde517
                                      • Instruction Fuzzy Hash: 232135713005118FCB58EB38D5A8A2C77E2AF8971672604A9E40ACF3B2DA35DD42CB81
                                      Function 00C2153A Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8aq
                                      • API String ID: 0-538729646
                                      • Opcode ID: cb9bef59c9d7558c97e8fec85ad83a29dbd437a43032164bb67ddf5e3c59af71
                                      • Instruction ID: 621857a301b73c5899000de2d1df85bb207493e2512fec96d0a421c2ec89b4fe
                                      • Opcode Fuzzy Hash: cb9bef59c9d7558c97e8fec85ad83a29dbd437a43032164bb67ddf5e3c59af71
                                      • Instruction Fuzzy Hash: DFE02075600A110FCB25F6B4B4107AD77E957D4744F4445FEE807876CDDA744E074B82
                                      Function 00C20E30 Relevance: .4, Instructions: 436COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ccd19ca0fe39355134a02604b8efedd180e65d6cbb5ac436eeb686594d9aa199
                                      • Instruction ID: 5dd8d920da10692287f127f75ecde46e7b241f1f06328d1a91b071e37aea705a
                                      • Opcode Fuzzy Hash: ccd19ca0fe39355134a02604b8efedd180e65d6cbb5ac436eeb686594d9aa199
                                      • Instruction Fuzzy Hash: 3402C470700615CFCB15DF68D880A6EB7F2FF84300B288969E9499B795DB30ED42CB91
                                      Function 00C209B0 Relevance: .3, Instructions: 309COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 05b0905b5d4620bd8ec9a6ee4ffc86efb53f91fe4aa9e7d9c1ee39a85d76a11c
                                      • Instruction ID: 9068a0d152ce1e3803923a571d58d48cc6623709fd95148b4d2e911d55cc5803
                                      • Opcode Fuzzy Hash: 05b0905b5d4620bd8ec9a6ee4ffc86efb53f91fe4aa9e7d9c1ee39a85d76a11c
                                      • Instruction Fuzzy Hash: 84C19034201606CFD719DF28E454B25BBF6FF88304F2488A9E9568B766DB70ED85CB81
                                      Function 00C21498 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7eb9af2735213281072715ef48755d848e9691963fd665545786124946b7a1f
                                      • Instruction ID: 024e6cac7d9bdcf658d90904ea1096d729776ca1565f89cf7dad32aca7fe9355
                                      • Opcode Fuzzy Hash: d7eb9af2735213281072715ef48755d848e9691963fd665545786124946b7a1f
                                      • Instruction Fuzzy Hash: 17019631F041189FC714ABB9E4257AEBFB6DF45700F1040EAD5499B395DE749D01C752
                                      Function 00C21348 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c4cd65dc002e90234e73b775b91413f00bace00aca9b65c6203c57aaf19cc48d
                                      • Instruction ID: 16061e52a959092ec26f749ee9553f3cb1eebeb674f56341a1e73c07d77fe7ae
                                      • Opcode Fuzzy Hash: c4cd65dc002e90234e73b775b91413f00bace00aca9b65c6203c57aaf19cc48d
                                      • Instruction Fuzzy Hash: CC01D677701A209FC325DB25F858E1A7BE6FBD8B603154595EC468B738DA30DD0187A1
                                      Function 00C21421 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e32ee7076e69cb58b37c24ffe9dfcb5464103380f6563d3c15596387f864f5fd
                                      • Instruction ID: 7b508d3f9be73cebd64edeb5a7c663ec99b090fa38b9d59383b975ce99b143b4
                                      • Opcode Fuzzy Hash: e32ee7076e69cb58b37c24ffe9dfcb5464103380f6563d3c15596387f864f5fd
                                      • Instruction Fuzzy Hash: CEF0BE727092255FC3195A785C60AAF7BFAEFC961071444AEE00AD7351EE384D0683A5
                                      Function 00C20868 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b00cd395c762b57529e803c2f892f04384e27d7edb1073221682a2dd1ecc407f
                                      • Instruction ID: 8c9842d35f5027db54277044bb4e9176542027972b2ef89b5f84ae6ec246c4de
                                      • Opcode Fuzzy Hash: b00cd395c762b57529e803c2f892f04384e27d7edb1073221682a2dd1ecc407f
                                      • Instruction Fuzzy Hash: 07E0E576605119BF8708DFE5A8585DABBEDFA481627104067E109D3210FF7155414750
                                      Function 00C20857 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc990ce6d506a7aa18402ee71a9d2f077337f918e86c195c25bb12ad2a3f5824
                                      • Instruction ID: 888027ef724a9f7dcdef152d539e632cf95b1c5a1d6485c36512e80df11a6733
                                      • Opcode Fuzzy Hash: cc990ce6d506a7aa18402ee71a9d2f077337f918e86c195c25bb12ad2a3f5824
                                      • Instruction Fuzzy Hash: 86E06D75A04249ABCB04DFBA99587CABFE9EF48111F5480AAE008E3211FA3055008714
                                      Function 00C21489 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a34e749cdcf033086389b6f04adaa45ce8b51cc9c4194e49c3a4c72d064ae65a
                                      • Instruction ID: c2c5e90e619994387c38640c7da2664c715139912932c8278f0045e59e5e848f
                                      • Opcode Fuzzy Hash: a34e749cdcf033086389b6f04adaa45ce8b51cc9c4194e49c3a4c72d064ae65a
                                      • Instruction Fuzzy Hash: 92D0A732A0DA505BC72162B17C1638C7F74CA13250F0800FBD848D71A1F7088B1483D3
                                      Function 00C213E0 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91745db46e3b4c0600f84effda110f2b245aba5a8b99a214c2fe67affc72ff98
                                      • Instruction ID: a1a1e7443f525f9638f3077de3c587ea2667ce9ae8ba1aea73f9f0ef5221a096
                                      • Opcode Fuzzy Hash: 91745db46e3b4c0600f84effda110f2b245aba5a8b99a214c2fe67affc72ff98
                                      • Instruction Fuzzy Hash: 87E0C2341096C48FC706AF20EA346603FA59745305B4404EBD8458B37AE6708844CB50
                                      Function 00C21590 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.3261128578.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_c20000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 32aa3d5e16791af172f63fd6f659ad1907fa8fa3655b5e1f940722deceabc06e
                                      • Instruction ID: 2bc63acf267cbe9abbd80a7d8072a5295504d92d76b6256aced959bbd58fb855
                                      • Opcode Fuzzy Hash: 32aa3d5e16791af172f63fd6f659ad1907fa8fa3655b5e1f940722deceabc06e
                                      • Instruction Fuzzy Hash: 6BB0126A49C75D07E21176547C7530577802774A0DFC04479CE85432D3F148380D85C7

                                      Executed Functions

                                      Function 029A0E30 Relevance: 6.7, Strings: 5, Instructions: 440COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: <Q$D@$D@$D@$D@
                                      • API String ID: 0-3199645294
                                      • Opcode ID: ce17e4e7ae4499a67910be8be22be02746c243cbfc9e456f73743aca6c8f15f7
                                      • Instruction ID: ce1577fa76bea65e75c6179da697e58d98e8b15107fae5c26e19132d23870cd7
                                      • Opcode Fuzzy Hash: ce17e4e7ae4499a67910be8be22be02746c243cbfc9e456f73743aca6c8f15f7
                                      • Instruction Fuzzy Hash: 0802D3706006169FCB15DF78C894AAEBBF6FF84304F248968D409AB395DB31ED42CB91
                                      Function 029A1498 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: D@$D@
                                      • API String ID: 0-3862852415
                                      • Opcode ID: 0733e505bfb1c993c390e2a8530daffb54d55734a4060d5ee76ec76bc4ce8b0b
                                      • Instruction ID: 9d5932af80e2056503078cb79f135fa532693c524a0750c343e6f09074c29f5b
                                      • Opcode Fuzzy Hash: 0733e505bfb1c993c390e2a8530daffb54d55734a4060d5ee76ec76bc4ce8b0b
                                      • Instruction Fuzzy Hash: 58019631B045149FC704EBB9D826B9D7FB6DF85300F1040BAD509AB7D1CA35AD42C796
                                      Function 029A08B0 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: tP]q
                                      • API String ID: 0-2175968468
                                      • Opcode ID: 85ec463d6de1bff527e8eaa27df633a221341f218ba33ac157ee80a7dcf512bc
                                      • Instruction ID: b17c7fef196a64512351539bc33e66adbf59c7b6a0e94870069fa504e201f682
                                      • Opcode Fuzzy Hash: 85ec463d6de1bff527e8eaa27df633a221341f218ba33ac157ee80a7dcf512bc
                                      • Instruction Fuzzy Hash: 90213D713046118FCB59AB38D46892D7BF6AF8A71532505A8E40ACF3B2DB35DC02CB91
                                      Function 029A153A Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8aq
                                      • API String ID: 0-538729646
                                      • Opcode ID: f8a6d2f4e65e6b86e38577ac90bb76d3af782f878742627b5e30f8fdc0f9cdea
                                      • Instruction ID: e2b80b174230b41f8230060aeb5ce184dfca7270d7f0de047b6d5582cb413236
                                      • Opcode Fuzzy Hash: f8a6d2f4e65e6b86e38577ac90bb76d3af782f878742627b5e30f8fdc0f9cdea
                                      • Instruction Fuzzy Hash: D3E09B20609B410FC702A67865216597BB55BC7244B1409BED44A9B9C6C5294A0747D3
                                      Function 029A09B0 Relevance: .3, Instructions: 314COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4059667e29e2bbb1b30c83b5d0de02b13229eb7ffc6863e599cc38d49389d27
                                      • Instruction ID: bf52781d67135ed126eca53bc01bff16b53f57f10f653579561c7b2ed8342287
                                      • Opcode Fuzzy Hash: e4059667e29e2bbb1b30c83b5d0de02b13229eb7ffc6863e599cc38d49389d27
                                      • Instruction Fuzzy Hash: 0FD17C34200701CFD709DF24C954B297BF6BF89308F648868E9069B7A4DB76ED96CB80
                                      Function 029A1348 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: baf4aa8993f205d8a81e4e04563514edbf2641f84f5ccdb297831a542668bf85
                                      • Instruction ID: b5f2b27344ebfcfbb8692df59e74873465e42b541ec8fec55d389f9d8ce45cf0
                                      • Opcode Fuzzy Hash: baf4aa8993f205d8a81e4e04563514edbf2641f84f5ccdb297831a542668bf85
                                      • Instruction Fuzzy Hash: ED012B77700B109FC7259F29E869D1F3BE5EF89A547114A68E84A8F714CE32D806C7D1
                                      Function 029A1421 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4948cde15f8212cbf8cb68aa4aa575b62c409fb260c44f218230caa46e344d15
                                      • Instruction ID: 15e87d7a509c9fdce31ce67f30bb5a8f1c431ed423ffbc0783d38871899f511a
                                      • Opcode Fuzzy Hash: 4948cde15f8212cbf8cb68aa4aa575b62c409fb260c44f218230caa46e344d15
                                      • Instruction Fuzzy Hash: ADF02E72B0A3241FC3081A391C50AAF3FAEEFC6220704057EE00AC3342DD794C0B87A0
                                      Function 029A0857 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 725b8ea2b6a9529236c89a14927df6271b743294fbcfb03ddf7a4f93743ebbb1
                                      • Instruction ID: d0d1d14b620745bb11f760709f70dd535e64c89245706577c7982245e3900a79
                                      • Opcode Fuzzy Hash: 725b8ea2b6a9529236c89a14927df6271b743294fbcfb03ddf7a4f93743ebbb1
                                      • Instruction Fuzzy Hash: 19F0E5B1A0C248AFCB01CFB958689DE7FF8EE45110B0041EFE009E7251E23144068B11
                                      Function 029A0868 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6fdea73abec7517c44633eedd7a68364fbc214f2300e07ee1dfe9324fde984ab
                                      • Instruction ID: ce34eb5b244a5464a35134854d8dacc95e571ec15040d322d2e1d8e6170b195a
                                      • Opcode Fuzzy Hash: 6fdea73abec7517c44633eedd7a68364fbc214f2300e07ee1dfe9324fde984ab
                                      • Instruction Fuzzy Hash: 2AE09BB3604109AF8704DFFAE8589DE7FEDFB441617014076F00DE3250EB7254414790
                                      Function 029A13E0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91cca5c788472e4eba7bb9bfd4435ceca2afae5729e7df8e12c955bfd2cbf9fb
                                      • Instruction ID: 641c0cfa7276b98ea3351822956fa9bb39229829e121cc7cbdea152d7b9ee6d5
                                      • Opcode Fuzzy Hash: 91cca5c788472e4eba7bb9bfd4435ceca2afae5729e7df8e12c955bfd2cbf9fb
                                      • Instruction Fuzzy Hash: B2E0863910DEC04FD70A9B75EA24E543FF0AB07104B4505ADD445DBA66C6655846CB41
                                      Function 029A1489 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba36a91dba36e7a20e93981509ec28509e98a840649a72ca578f082e68169dbf
                                      • Instruction ID: cb00379db153787e594118a38ccf1877a5eae66b26e6901307fd7a56d9227943
                                      • Opcode Fuzzy Hash: ba36a91dba36e7a20e93981509ec28509e98a840649a72ca578f082e68169dbf
                                      • Instruction Fuzzy Hash: 65D0A733A1DE905BD70152B5AC1E78C3F68CB12150F0840BAD448E7191E615995D83D2
                                      Function 029A1590 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.4288484817.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_14_2_29a0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a5036586c268c3ab006f0c6058a9325907024ff60b533d78a9d10d2504872303
                                      • Instruction ID: f599413d8fd475582d6a593d3b6b21b9f47da57f23af644b0c3d95d4ec1557be
                                      • Opcode Fuzzy Hash: a5036586c268c3ab006f0c6058a9325907024ff60b533d78a9d10d2504872303
                                      • Instruction Fuzzy Hash: 0AC0012418E7C10FEB13A7BA0D38A986F34185302438A46EBC082DB9B7E54E090B8777

                                      Executed Functions

                                      Function 013B09B0 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: edf80f4fed3c0cdd88e8e7a02c4fe00c90543007c9c32921ef05a2af15bd93e5
                                      • Instruction ID: 2400468c163318e61dd6fdf9d4301d0cc5d774ff8e6dab76a135f2d6f88fb5c4
                                      • Opcode Fuzzy Hash: edf80f4fed3c0cdd88e8e7a02c4fe00c90543007c9c32921ef05a2af15bd93e5
                                      • Instruction Fuzzy Hash: 86D18134200305DFEB19EF24C594A6A7BF6FF89304F148468EA568B794EB75ED41CB40
                                      Function 013B08B0 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: tP]q
                                      • API String ID: 0-2175968468
                                      • Opcode ID: 0d47ffdb49aee21a6342c2c1a1f1b93590c9b470858f3ed6453efd577b70cb05
                                      • Instruction ID: 8e7a253d19ab6e18981fec866cf92235af8b4b5d69d5b14e06aeee18a9b84104
                                      • Opcode Fuzzy Hash: 0d47ffdb49aee21a6342c2c1a1f1b93590c9b470858f3ed6453efd577b70cb05
                                      • Instruction Fuzzy Hash: C821FA753406118FCB49AB38D49892D7BF2AF8A72932505A8E50ACF371DA35DC42CB91
                                      Function 013B1541 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8aq
                                      • API String ID: 0-538729646
                                      • Opcode ID: 4da2a67dbbf18c49049c508f0312bd8d09486172238ce88ed512fdf7c5e77d3e
                                      • Instruction ID: 43a12cb2a69138f4ded78fffede33215d410504eec5b63fb24e0770d9ac04a7c
                                      • Opcode Fuzzy Hash: 4da2a67dbbf18c49049c508f0312bd8d09486172238ce88ed512fdf7c5e77d3e
                                      • Instruction Fuzzy Hash: 81E0263425030A5BC602F6B8B020669B7DAABCA698F048879D54A8724ADA6899064FC2
                                      Function 013B0E30 Relevance: .4, Instructions: 440COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6600a58d9e5fc4fe649889c8df2efef12ae43751b81c19dc2e798c2a0f2984c4
                                      • Instruction ID: 6237de1d61e1966029edb2a4389f0ac3baae5da2bfcb280e3579e574736884f4
                                      • Opcode Fuzzy Hash: 6600a58d9e5fc4fe649889c8df2efef12ae43751b81c19dc2e798c2a0f2984c4
                                      • Instruction Fuzzy Hash: AB02C27070021A9FCB15EF68D8909AEBBF2FF84314F248968D5099B785DB31ED46CB91
                                      Function 013B1498 Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2de0e8ccab57eeaa4566a8d77006a1107a983b13aae73c6bec60641e2c9f8316
                                      • Instruction ID: fb47ce312b0c8cac02ca8f569e6d8b30ed7f75b463558b9ad2f1651a141ad4cb
                                      • Opcode Fuzzy Hash: 2de0e8ccab57eeaa4566a8d77006a1107a983b13aae73c6bec60641e2c9f8316
                                      • Instruction Fuzzy Hash: B611C431B041189FC714FBB9E4256AE7FBAEF4A704F1080E9D6099B395DA39AD01C791
                                      Function 013B1421 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46167e84f349197009b9387bb3760c7532df76b749acff801df73eec88d5d4dd
                                      • Instruction ID: 390726749f19e0f8d23ec4e951c109c4476ecb655f8ceb76c31dea92756c2c9c
                                      • Opcode Fuzzy Hash: 46167e84f349197009b9387bb3760c7532df76b749acff801df73eec88d5d4dd
                                      • Instruction Fuzzy Hash: 53F0B4727043155FD7185A7958505BB7BEAEFC6720714447EE009C7341DD799C0287E0
                                      Function 013B0857 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d53892136428eb5363eb2f22241b33bdbc7710bdd83b7b0504bab2dd49d2800f
                                      • Instruction ID: 613431dacfbddc48f0e44176cd59fac8536905468c6b8e1c5ecced3812c9d78c
                                      • Opcode Fuzzy Hash: d53892136428eb5363eb2f22241b33bdbc7710bdd83b7b0504bab2dd49d2800f
                                      • Instruction Fuzzy Hash: 1AF0E531A0C389AFC715DFF988445CABFFDDE4A214B0080EEE008C3101F63058018761
                                      Function 013B0868 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d02c9b6cb1425f3939dcdf0d03b5a6ca80636fc6b8497780f654869cd06ccad0
                                      • Instruction ID: e608585f0ff92724ab1a7d09ce2fb89a33b98af4536c9507046540f3d7d626b2
                                      • Opcode Fuzzy Hash: d02c9b6cb1425f3939dcdf0d03b5a6ca80636fc6b8497780f654869cd06ccad0
                                      • Instruction Fuzzy Hash: A3E06D32A08109AFDB24EFA9A8485DABFEDEA48262B00806AE00DD2204FA7059408790
                                      Function 013B13E0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e3246b2c99e9521f38a51f44f1467ae19cc170b28bf127105b847aa0c45b9813
                                      • Instruction ID: 4df8b063d1c2911d00c4ce79416d470a3ae5ee8ce5fb64c88324f817d92c0d16
                                      • Opcode Fuzzy Hash: e3246b2c99e9521f38a51f44f1467ae19cc170b28bf127105b847aa0c45b9813
                                      • Instruction Fuzzy Hash: 9EE08C342583885FCB1AAF74BA38A953FB8AB0A304B5404E9E4818B2ABC6746940C754
                                      Function 013B1489 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a66897c413126099581c09b180d006fb6cfbec2231dd375d20197033201fb57c
                                      • Instruction ID: 23481285126b6660ec98fc3646a0771f5f406b9ecee0c582856546b05e87a59f
                                      • Opcode Fuzzy Hash: a66897c413126099581c09b180d006fb6cfbec2231dd375d20197033201fb57c
                                      • Instruction Fuzzy Hash: 3ED0A732E447144BDB207DA5A9051CD3B74DB12350F0440AAD504D7141E62CDB1487D2
                                      Function 013B1590 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000014.00000002.4452126861.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_20_2_13b0000_RegAsm.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a03342135af544cb792f5821a94d350b1480cd7473d60d6898b4f82b251ef429
                                      • Instruction ID: 1acab977560323c812eafa53a800b7f4a86de0fe57c81b5be24828acaf4162ea
                                      • Opcode Fuzzy Hash: a03342135af544cb792f5821a94d350b1480cd7473d60d6898b4f82b251ef429
                                      • Instruction Fuzzy Hash: 8DD0126454C3C26DEB235B3444653D13FB11F0330CF6C24CEC0C04A0A3C15A4099E357