Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
305iz8bs.exe

Overview

General Information

Sample name:305iz8bs.exe
Analysis ID:1577551
MD5:5fa4c8f61672a4cc9dd6a58e767d36fe
SHA1:ff0a211e3f6e7ad3abe3bdfb87daafa1c273def7
SHA256:fee35ed8a4d3b5a23b8fe7c153f3db5950a7d3f02b06bd0e2db149889717143f
Tags:18521511316185215113209bulletproofexeuser-abus3reports
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Potential time zone aware malware
Program does not show much activity (idle)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • 305iz8bs.exe (PID: 7612 cmdline: "C:\Users\user\Desktop\305iz8bs.exe" MD5: 5FA4C8F61672A4CC9DD6A58E767D36FE)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000002.3162877249.00000266A0CB6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.3164875436.00000266A8F50000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 1 entries
            SourceRuleDescriptionAuthorStrings
            0.2.305iz8bs.exe.266a0ad5308.5.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.305iz8bs.exe.266a0cb6150.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.305iz8bs.exe.266a8f50000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.305iz8bs.exe.266a0d56188.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    0.2.305iz8bs.exe.266a0afd340.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      Click to see the 1 entries
                      No Sigma rule has matched
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 305iz8bs.exeAvira: detected
                      Source: 305iz8bs.exeReversingLabs: Detection: 73%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Source: 305iz8bs.exeJoe Sandbox ML: detected
                      Source: 305iz8bs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.125.214
                      Source: 305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: 305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701

                      System Summary

                      barindex
                      Source: 305iz8bs.exe, ConnectionPageMapping.csLarge array initialization: ViewAlgo: array initializer size 672976
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC614CBC0_2_00007FFAAC614CBC
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC615AC30_2_00007FFAAC615AC3
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC6121620_2_00007FFAAC612162
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC614E780_2_00007FFAAC614E78
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC792F740_2_00007FFAAC792F74
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC79A4650_2_00007FFAAC79A465
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC6F31CC0_2_00007FFAAC6F31CC
                      Source: 305iz8bs.exeStatic PE information: No import functions for PE file found
                      Source: 305iz8bs.exe, 00000000.00000002.3164552792.00000266A8E40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe
                      Source: 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe
                      Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe
                      Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe
                      Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe
                      Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe
                      Source: 305iz8bs.exeBinary or memory string: OriginalFilenameEfjpmaesboh.exe" vs 305iz8bs.exe
                      Source: 305iz8bs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 305iz8bs.exe, ComparatorProducerFilter.csCryptographic APIs: 'CreateDecryptor'
                      Source: 305iz8bs.exe, ComparatorProducerFilter.csCryptographic APIs: 'CreateDecryptor'
                      Source: 305iz8bs.exe, ConnectionPageMapping.csCryptographic APIs: 'CreateDecryptor'
                      Source: classification engineClassification label: mal84.evad.winEXE@1/0@0/1
                      Source: C:\Users\user\Desktop\305iz8bs.exeMutant created: NULL
                      Source: C:\Users\user\Desktop\305iz8bs.exeMutant created: \Sessions\1\BaseNamedObjects\0dc246cb588177472226d5
                      Source: C:\Users\user\Desktop\305iz8bs.exeMutant created: \Sessions\1\BaseNamedObjects\02141e02ea78f4cc5f9de3f79c7ebf0b
                      Source: 305iz8bs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 305iz8bs.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 305iz8bs.exeReversingLabs: Detection: 73%
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxx.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: nvapi64.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSection loaded: atiadlxy.dllJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: 305iz8bs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: 305iz8bs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: 305iz8bs.exe, ComparatorProducerFilter.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 305iz8bs.exe, ConnectionPageMapping.cs.Net Code: ViewAlgo System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a0ad5308.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a0cb6150.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a8f50000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a0d56188.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a0afd340.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.305iz8bs.exe.266a0ad5308.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.3162877249.00000266A0CB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3164875436.00000266A8F50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 305iz8bs.exe PID: 7612, type: MEMORYSTR
                      Source: 305iz8bs.exeStatic PE information: 0x9410C053 [Sat Sep 19 10:56:19 2048 UTC]
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC61201A push eax; ret 0_2_00007FFAAC61206D
                      Source: C:\Users\user\Desktop\305iz8bs.exeCode function: 0_2_00007FFAAC612060 push eax; ret 0_2_00007FFAAC61206D
                      Source: 305iz8bs.exeStatic PE information: section name: .text entropy: 7.9606595760936045
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\Desktop\305iz8bs.exeMemory allocated: 2668ED30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeMemory allocated: 266A8780000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 180000Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 180000Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeWindow / User API: threadDelayed 1434Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7616Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7616Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 180000Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 180000Jump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeThread delayed: delay time: 60000Jump to behavior
                      Source: 305iz8bs.exe, 00000000.00000002.3165170294.00000266A903F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeProcess token adjusted: DebugJump to behavior
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Users\user\Desktop\305iz8bs.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeQueries volume information: C:\Users\user\Desktop\305iz8bs.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\305iz8bs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: 305iz8bs.exe, 00000000.00000002.3165170294.00000266A903F000.00000004.00000020.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3160723917.000002668EC05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\305iz8bs.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      OS Credential Dumping1
                      System Time Discovery
                      Remote Services11
                      Archive Collected Data
                      12
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts141
                      Virtualization/Sandbox Evasion
                      LSASS Memory131
                      Security Software Discovery
                      Remote Desktop ProtocolData from Removable Media1
                      Application Layer Protocol
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                      Deobfuscate/Decode Files or Information
                      Security Account Manager1
                      Process Discovery
                      SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                      Obfuscated Files or Information
                      NTDS141
                      Virtualization/Sandbox Evasion
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                      Software Packing
                      LSA Secrets1
                      Application Window Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Timestomp
                      Cached Domain Credentials123
                      System Information Discovery
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      305iz8bs.exe74%ReversingLabsByteCode-MSIL.Trojan.Leonem
                      305iz8bs.exe100%AviraHEUR/AGEN.1358722
                      305iz8bs.exe100%Joe Sandbox ML
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      No contacted domains info
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-net305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://github.com/mgravell/protobuf-neti305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://stackoverflow.com/q/14436606/23354305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://github.com/mgravell/protobuf-netJ305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://stackoverflow.com/q/11564914/23354;305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://stackoverflow.com/q/2152978/23354305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    87.120.125.214
                                    unknownBulgaria
                                    25206UNACS-AS-BG8000BurgasBGfalse
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1577551
                                    Start date and time:2024-12-18 15:30:59 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 6m 0s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Run name:Run with higher sleep bypass
                                    Number of analysed new started processes analysed:8
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:305iz8bs.exe
                                    Detection:MAL
                                    Classification:mal84.evad.winEXE@1/0@0/1
                                    EGA Information:Failed
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53, 172.202.163.200
                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target 305iz8bs.exe, PID 7612 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • VT rate limit hit for: 305iz8bs.exe
                                    No simulations
                                    No context
                                    No context
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    UNACS-AS-BG8000BurgasBGhttps://www.google.gr/url?url=https://pniuvlpkjqhdwff&exox=rvhqtix&eaydny=ysf&gzfds=lqrwiz&nci=qtwmzch&iccvb=yhwtsp&vtqs=avtajyu&oagvzgp=irlq&mvdoc=embwrj&yylmwei=tmn&mntt=qqcvuhkd&lkydbjfiod=izjcgyubqc&q=amp/anre6g6.j%c2%adh%c2%adhn%c2%adt%c2%addd%c2%adsm%c2%ado%c2%admcw%c2%adw%c2%adgu%c2%adno.com%e2%80%8b/99twfh3p8&gcyx=ncgobia&yfevoul=wtloixvv&hukl=qfkmtky&nlhwnbr=bwkoiopy&eqfw=bmcpntp&vlvegw=zdbpajeyq&ghrv=kcdfwrl&kyddme=myxsnvtxf&asco=mgumegd&dvvibf=hzfexefeg&osme=bdyguyp&njtjvd=bkelfwmxg&bxrb=ltpyjsv&girpat=lswjchrwc&qapj=wwwowde&vahefc=ghseyzgyf&ahaj=zfqmkuo&pfsfeu=ttucmtamu&sffs=oxaajjo&hbwhgy=mgfzglmmo&bdwl=oifsufx&befsmv=jskhtmnps&sfjy=powmsnr&zixjqp=jyttdwbmu&fzkp=hztiqjm&jmzuvc=ufyoeqgfi&zujr=jxtbdtg&plvxoh=fxumxxddw&nkin=ykbzrdh&lghzli=agvbttfta&suag=ioudcjc&zpptpx=dxacgdnox&hmfz=yueoymp&fnshpz=wgayslegy&gjtg=qcjjozv&rymask=thcxzfpca&zcgn=ywtonnx&kqrpog=kgfvcqswk&imwa=wlvocxf&ggqznt=budaflbgp&zjhr=zscgach&esrhmq=qjdngljnl&ppoz=nhwzlik&zejsqg=vnvpaymyl&dnqb=kjswpyt&kunwbg=pzauoqliz&bqlz=qabnsnu&dlfnsr=dakxdfzen&uffg=uwnswdr&ywjevz=bnvkfavcb&rrob=celdmvn&czdusr=sjfjazfqw&ipgr=exylggn&fltcvh=sdfsricvf&byfs=apntxot&javhwh=nyphchiee&owbh=haflpez&mbyvqw=pdzpxeedx&ejov=taakkyw&oylsfz=qnzuplrnz&hxrq=ovegslq&duqjcc=pjwdpyvec&uoec=pjouxrb&eiezwk=okbkttiao&knji=kcmfaqe&qmathj=vymnqrvxa&gajs=riewukz&czxhiu=uysriqpma&avwe=gssbenk&jnwgpb=iqkroelwx&sjyt=zhxfzpx&liqoqs=bbajxgpxm&dqqu=ztzooam&haagcu=gkijlwgjy&mnsq=uervedi&yckhpb=ngqrbrqpc&pkne=nwisdfz&eqsiqu=mlrhvpuavGet hashmaliciousUnknownBrowse
                                    • 87.120.114.172
                                    17.12.2024 ________.exeGet hashmaliciousRedLineBrowse
                                    • 87.120.120.86
                                    #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeGet hashmaliciousRedLineBrowse
                                    • 87.120.120.86
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                    • 87.120.127.228
                                    file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                    • 87.120.127.228
                                    9coH9ASP3h.exeGet hashmaliciousAveMaria, UACMeBrowse
                                    • 87.120.121.160
                                    Estado.de.cuenta.xlsGet hashmaliciousAveMaria, UACMeBrowse
                                    • 87.120.121.160
                                    https://0388net.ccGet hashmaliciousUnknownBrowse
                                    • 87.120.125.144
                                    https://0388net.ccGet hashmaliciousUnknownBrowse
                                    • 87.120.125.144
                                    No context
                                    No context
                                    No created / dropped files found
                                    File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):7.956610214240376
                                    TrID:
                                    • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                    • Win64 Executable GUI (202006/5) 46.43%
                                    • Win64 Executable (generic) (12005/4) 2.76%
                                    • Generic Win/DOS Executable (2004/3) 0.46%
                                    • DOS Executable Generic (2002/1) 0.46%
                                    File name:305iz8bs.exe
                                    File size:731'136 bytes
                                    MD5:5fa4c8f61672a4cc9dd6a58e767d36fe
                                    SHA1:ff0a211e3f6e7ad3abe3bdfb87daafa1c273def7
                                    SHA256:fee35ed8a4d3b5a23b8fe7c153f3db5950a7d3f02b06bd0e2db149889717143f
                                    SHA512:c0dd84684fba2a40e68193dbd1f0f7f57ff52cab092ca01cadd2f68c2fc53de8905278e8c2c3ec00ee68e5e6624c563d7f194f1403a4ec6e7bc7e94068a27ac9
                                    SSDEEP:12288:2DwJcxGJshukSy2mmqPA61ALUYFm8pYjP7Pca2VJTTQL7HhOBOYV82WYeNv:y8cxksAkSALACAYY48pYjbca2HqrcBO2
                                    TLSH:C7F423D2B7EB671AD6191A3580AB141102F6935B0B73E60A3EC457FD1E62F898CC1FD2
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...S.................0.. ............... ....@...... .......................`............`...@......@............... .....
                                    Icon Hash:00928e8e8686b000
                                    Entrypoint:0x400000
                                    Entrypoint Section:
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x9410C053 [Sat Sep 19 10:56:19 2048 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:
                                    Instruction
                                    dec ebp
                                    pop edx
                                    nop
                                    add byte ptr [ebx], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax+eax], al
                                    add byte ptr [eax], al
                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x570.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xb1fb00xb2000514781d6b01aeabae94b2726c044eeaaFalse0.9621458589360955data7.9606595760936045IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0xb40000x5700x600cb3f3214ba9ea469f8260453e4b96ee4False0.4049479166666667data3.96017844875821IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_VERSION0xb40a00x2e4data0.43108108108108106
                                    RT_MANIFEST0xb43840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 18, 2024 15:31:59.275131941 CET49701443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:31:59.275182009 CET4434970187.120.125.214192.168.2.7
                                    Dec 18, 2024 15:31:59.275268078 CET49701443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:31:59.953439951 CET49701443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:31:59.953519106 CET4434970187.120.125.214192.168.2.7
                                    Dec 18, 2024 15:31:59.953592062 CET49701443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:31:59.953608036 CET4434970187.120.125.214192.168.2.7
                                    Dec 18, 2024 15:31:59.953660011 CET4434970187.120.125.214192.168.2.7
                                    Dec 18, 2024 15:34:59.964545965 CET49975443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:34:59.964585066 CET4434997587.120.125.214192.168.2.7
                                    Dec 18, 2024 15:34:59.964656115 CET49975443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:35:00.002430916 CET49975443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:35:00.002460957 CET4434997587.120.125.214192.168.2.7
                                    Dec 18, 2024 15:35:00.002515078 CET49975443192.168.2.787.120.125.214
                                    Dec 18, 2024 15:35:00.002517939 CET4434997587.120.125.214192.168.2.7
                                    Dec 18, 2024 15:35:00.002532959 CET4434997587.120.125.214192.168.2.7

                                    Click to jump to process

                                    Click to jump to process

                                    Click to dive into process behavior distribution

                                    Target ID:0
                                    Start time:09:31:56
                                    Start date:18/12/2024
                                    Path:C:\Users\user\Desktop\305iz8bs.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\305iz8bs.exe"
                                    Imagebase:0x2668e940000
                                    File size:731'136 bytes
                                    MD5 hash:5FA4C8F61672A4CC9DD6A58E767D36FE
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3162877249.00000266A0CB6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3164875436.00000266A8F50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    Reset < >
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fd75b003d3eab694ffa1beafded78b6664c8134c4cf7ba0c46a20c50530b757c
                                      • Instruction ID: cafc1cb299f2e974f8870824c971ba5c91729df720601c7903aaa0d7fc5049d0
                                      • Opcode Fuzzy Hash: fd75b003d3eab694ffa1beafded78b6664c8134c4cf7ba0c46a20c50530b757c
                                      • Instruction Fuzzy Hash: 74E16E01B2EB868BF79BE76C04663792A929F57300F58A0BAD14DC72D3DD4CD80E42D2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: H$d
                                      • API String ID: 0-989806989
                                      • Opcode ID: cae00e838b419ee3ee6b812cc6e884c93c05c8784cb9e94a9cf90f37dcedd1e3
                                      • Instruction ID: e0ea254a7c133adf8bf4debb1b87811f268a363e80329fda776959b79ebf129e
                                      • Opcode Fuzzy Hash: cae00e838b419ee3ee6b812cc6e884c93c05c8784cb9e94a9cf90f37dcedd1e3
                                      • Instruction Fuzzy Hash: DD12E530628B498FE7A8DB58C485675B7E1FF99310F14857ED08EC7692CA39F846C781
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Z6_H
                                      • API String ID: 0-3761643969
                                      • Opcode ID: 5fb32f4a2371e3f37faf2659e6527b6bf01bc15267057d21715623011d1f28bd
                                      • Instruction ID: 886722862589655458b5b7573b6ea2c2a88dc1da9f4f90fb4106d68cdfc29dff
                                      • Opcode Fuzzy Hash: 5fb32f4a2371e3f37faf2659e6527b6bf01bc15267057d21715623011d1f28bd
                                      • Instruction Fuzzy Hash: 1DF11761B1EA4A4FFB99D72C94552B57BE1FF9A210B0481BAD00EC7297DD1DDC0A83C1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %L_H
                                      • API String ID: 0-2316074125
                                      • Opcode ID: 94ba14106f20d8a7051d16fa1890dfea4424aa028027bc69376bb79cd7f51744
                                      • Instruction ID: f677456ede63288283527608b8f3bf348412a8606b6dc8c33ae53d7ed68c1273
                                      • Opcode Fuzzy Hash: 94ba14106f20d8a7051d16fa1890dfea4424aa028027bc69376bb79cd7f51744
                                      • Instruction Fuzzy Hash: 7D917CB191E6865FE746E7B8C4566B97FE0EF4B310B1445FEC08ECB2A3D924A406C781
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: ac76ade56cd89453b8d0d3707ded22f8181f9465767043eba747c619c6156375
                                      • Instruction ID: ba356c1ad9a94357aa85ea9d7dda06d733d069173f7b2dfde30ed57c87d749ec
                                      • Opcode Fuzzy Hash: ac76ade56cd89453b8d0d3707ded22f8181f9465767043eba747c619c6156375
                                      • Instruction Fuzzy Hash: 9611272A60D156CBE751B73DA459CF43B70DF5326170882BAC24DC61A3CD1DD48A8390
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 84
                                      • API String ID: 0-3104705713
                                      • Opcode ID: dca6ab53dc8338f9dd07e41d7987b23ad180ced7f64b2e4109c75ab7570af3fd
                                      • Instruction ID: 7da2d0e3f171c93c8c6e5a028b55ea565d995fea98dd628cda900ea5c1aa2539
                                      • Opcode Fuzzy Hash: dca6ab53dc8338f9dd07e41d7987b23ad180ced7f64b2e4109c75ab7570af3fd
                                      • Instruction Fuzzy Hash: 89410761F1D94A8FF7D9E76C84652FC67E1EF9A261F48A179D00EC3292CD28980643C0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %L_H
                                      • API String ID: 0-2316074125
                                      • Opcode ID: 5cd5d188f90fa0e6f5bfd7cf23f94cac45ede0ce67539dac491132cf6e762f53
                                      • Instruction ID: fd6c0371971cf96b581a5bb2f75293a9fdb238b433cf01421f97125a500dc116
                                      • Opcode Fuzzy Hash: 5cd5d188f90fa0e6f5bfd7cf23f94cac45ede0ce67539dac491132cf6e762f53
                                      • Instruction Fuzzy Hash: E0518DA291D6C21FD745E77C946A6FABFE0EF4A260B0845FED0CDC72A3D914940683C1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: eef79a47be93640245d2fd799c17ccc55a8491908e1b51276a16e1d1b709d9f2
                                      • Instruction ID: 41fd947bdbfb935703a37baa96538a593a200a392176fbd5e9917889ac5eabc9
                                      • Opcode Fuzzy Hash: eef79a47be93640245d2fd799c17ccc55a8491908e1b51276a16e1d1b709d9f2
                                      • Instruction Fuzzy Hash: BA21C06180E7C48FE756D738486A0A87FB0EF17201B0982EFC09ACB0E3DA1D98498781
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 9f2faffb153877cd80d6dccad69a7fa65f6e322617b1617ee3bcfc8062c8478f
                                      • Instruction ID: 985f302180cdb9ab5fae7ab674a2cb19d1dccf77605d2491e4c60f39e3b596e4
                                      • Opcode Fuzzy Hash: 9f2faffb153877cd80d6dccad69a7fa65f6e322617b1617ee3bcfc8062c8478f
                                      • Instruction Fuzzy Hash: C4113262A0E7D54FEB95C7288864550BFB1FF57220B4A81FBC04CCB0A3D52FD88A8381
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 9ebb22f02a0870acd73bf37a050d17e28af8b9960c4aabeaa61738b0b7e0a947
                                      • Instruction ID: d85ef7ec9b82ce89cfd100226d2e3ba6c4cda3fdf2c98f204f03d30d13d11c45
                                      • Opcode Fuzzy Hash: 9ebb22f02a0870acd73bf37a050d17e28af8b9960c4aabeaa61738b0b7e0a947
                                      • Instruction Fuzzy Hash: 8B01C875C0F7988FEB85D778445A4A87FB0EF16200F4582EAD40DC70A2D92DD94D8781
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: e1423a4905cc0ec5a3c06c339446adc00f8d442dc86bbc8714f00f51e26f5a01
                                      • Instruction ID: 7a917bab3857c62a7ea90beb33a3b243cb31082b829419ec99d4a1aa4a8cb600
                                      • Opcode Fuzzy Hash: e1423a4905cc0ec5a3c06c339446adc00f8d442dc86bbc8714f00f51e26f5a01
                                      • Instruction Fuzzy Hash: 6D019B7580E788CFEB85D774486A8A87FB0EF56200F4541FAD45DCB1A2D92DD84CC781
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 7ebbe70d9306599c56be083077463d5981ee5eb9c3164025ce8394a82be4ad74
                                      • Instruction ID: 897ca427f3f38d4baf971aa2c10b2dbab246248f6673e23edec57da55e2fad5c
                                      • Opcode Fuzzy Hash: 7ebbe70d9306599c56be083077463d5981ee5eb9c3164025ce8394a82be4ad74
                                      • Instruction Fuzzy Hash: 52F06D7050D7818FCB1AAA3588588607FA0EF6725174A02DBC481CF1E3DA2CC8C9CB21
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: d0c6eb65bf9dfa66a499f3632cb6d3b5477c62a10e77a042f2814865b58cf335
                                      • Instruction ID: 273d640ba4c908f5d2a97055fd114060deb57af08ae762960a9a7a2f5c2659a9
                                      • Opcode Fuzzy Hash: d0c6eb65bf9dfa66a499f3632cb6d3b5477c62a10e77a042f2814865b58cf335
                                      • Instruction Fuzzy Hash: 2DE06D3050D7818FCB1AAA7488684507F60EF6721179A02DEC045CF1A3DA2DC8C5CB02
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 827262c1cfe07f62f481f40ecef446eae6d6397d24c1ef9cbcccb539036b559e
                                      • Instruction ID: 3e8c9d1236cbd0eab8570bbd200562247e6fbb5b136c5680b7d24210c000da08
                                      • Opcode Fuzzy Hash: 827262c1cfe07f62f481f40ecef446eae6d6397d24c1ef9cbcccb539036b559e
                                      • Instruction Fuzzy Hash: 6BE0E57154E7C44FD71AA63448294007FA0EF2721034941EFC049CF1A3DA1DCC84C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 582d45073aaec40a4f5f02ea46d256060ef52058b91e6f2b4e69b57fc40e8e05
                                      • Instruction ID: 72360aa5c553eb75a95a2ee1ae494403d3ab42112eace519805db5e7137c319d
                                      • Opcode Fuzzy Hash: 582d45073aaec40a4f5f02ea46d256060ef52058b91e6f2b4e69b57fc40e8e05
                                      • Instruction Fuzzy Hash: A3E0306150E7C44FD71AA63448694547FA0EF6721174952EEC045CB1A7DA1D8885C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 4d496cbef59107326eb0db89c96e54f256694fb06e430d0f56b8bd80fb332902
                                      • Instruction ID: f3be25bcc4947842019feda5af1888e2d04bc57c36f1d6413d671dc2d51d8dab
                                      • Opcode Fuzzy Hash: 4d496cbef59107326eb0db89c96e54f256694fb06e430d0f56b8bd80fb332902
                                      • Instruction Fuzzy Hash: 57E0657150E7C44FD71ADA3448694557FB0EF6720174A41EEC045CF1A3DA1DC889C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: M
                                      • API String ID: 0-3664761504
                                      • Opcode ID: 9173004981cfb3af89bd66cc6952113546a409b3c2d894a44389f86aa31bf347
                                      • Instruction ID: e4034434501fc9f8fef652a6f2f351a192a5164ad95252769cceb3196eefe63e
                                      • Opcode Fuzzy Hash: 9173004981cfb3af89bd66cc6952113546a409b3c2d894a44389f86aa31bf347
                                      • Instruction Fuzzy Hash: 38E0923050D7818FC71AAA3488584507F70EF6721174A02DFC045CF1A3DB2DC8C5CB01
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 66eff2e8d7ba297b7dc8b71bf6e1210b48ecdc98978d8ae0258aa38d768be96d
                                      • Instruction ID: a228085574e7777c3270be8a04f097d85b0b09bf483379c41db94ce7310b2427
                                      • Opcode Fuzzy Hash: 66eff2e8d7ba297b7dc8b71bf6e1210b48ecdc98978d8ae0258aa38d768be96d
                                      • Instruction Fuzzy Hash: AEF0307194E3C48FDB56EB7484798497FB0EE6721074A80EEC089CB0A3E61D9849C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 397b6a6e8c2de298bad0c7f162ad3c979d757c9d601c814a8451ff0505af2b33
                                      • Instruction ID: 8a20389a7881d88ed72a2ede4a6ff5b4efd3aa8c02051a6ca2b51b27a45ae106
                                      • Opcode Fuzzy Hash: 397b6a6e8c2de298bad0c7f162ad3c979d757c9d601c814a8451ff0505af2b33
                                      • Instruction Fuzzy Hash: 1BE01A7194E7C48FCB5AEB7488698447FB0EE6B21078A41EEC159CF1B7E62E8949C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 85be41be3fbe58f87a4ffc5bfbcbc34ca223be1f7d5c0e4cd470a049014a90fa
                                      • Instruction ID: 42466597bb887d263cfe39f73f3bc44974e420caf72cd9fddd59796023033256
                                      • Opcode Fuzzy Hash: 85be41be3fbe58f87a4ffc5bfbcbc34ca223be1f7d5c0e4cd470a049014a90fa
                                      • Instruction Fuzzy Hash: E2E0127154F7D04FCB5ADB7488698447FA0EE6721074A41DEC149CF1B3D62EC849C701
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: I
                                      • API String ID: 0-3707901625
                                      • Opcode ID: 604760e97e116bdf39caf340d0568b22c9bb6f9d766eac39fe42735eee3fb4fc
                                      • Instruction ID: 0ea72ac5d93b52f500d3674add60ef47ee5c92bf792d0be9c6d4c788fcf0f387
                                      • Opcode Fuzzy Hash: 604760e97e116bdf39caf340d0568b22c9bb6f9d766eac39fe42735eee3fb4fc
                                      • Instruction Fuzzy Hash: 6BE01A7154E3C04FCB06EB348869A447FA0EF6B211B8B41EEC14ACB1B3E66D8849C701
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a72a5cc067cc5382e23d800fc02285bd58f4ab4336e88ff0e2ac9e3d69f5082
                                      • Instruction ID: 888c863077b6d4b2714db22f32dd8acfb6e59c495376d8b55253d3959951a519
                                      • Opcode Fuzzy Hash: 7a72a5cc067cc5382e23d800fc02285bd58f4ab4336e88ff0e2ac9e3d69f5082
                                      • Instruction Fuzzy Hash: DC42E352B1EF8A8BF796D32C446523526D2EFDA350B58B57AD01EC32D7ED18EC0A42C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c645d5100ae85bf10bac32f4aee5e05553e32b52161dab6f4b8288da7e49cad
                                      • Instruction ID: 2f5204a3e02b563449890f5b774a60bf40e53b23cb79c14b20630356180c363c
                                      • Opcode Fuzzy Hash: 6c645d5100ae85bf10bac32f4aee5e05553e32b52161dab6f4b8288da7e49cad
                                      • Instruction Fuzzy Hash: 8A224962A0DA4A8FF799D73C84556B57BE1FF96310B1481BAD04ECB2D3DD1DE80A8381
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2a114dc67ad87592cb245256381338d1aecc38cc43029cf1d212a34082f3761
                                      • Instruction ID: 1d25ab1a6471107ad1319721436198f2b0a16858ff3e0e76f0058dd1798a8f9c
                                      • Opcode Fuzzy Hash: b2a114dc67ad87592cb245256381338d1aecc38cc43029cf1d212a34082f3761
                                      • Instruction Fuzzy Hash: F9F18551B1EF5A8AF5ABE32C01652B912C2DFD63A0B54B57AD01EC72C6ED1CE80A42C5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e8d1c5c51e2821cf954d2eb6c4bbfd0ce1530b46a1d145f6fae882e283b73755
                                      • Instruction ID: ba358e87eb94c33fbfec0d13ecf0efe3ac6b7d16b7da21f44b9008f6944e2217
                                      • Opcode Fuzzy Hash: e8d1c5c51e2821cf954d2eb6c4bbfd0ce1530b46a1d145f6fae882e283b73755
                                      • Instruction Fuzzy Hash: 0ED1086A90D6958FF712E73C98A65FA7BA0EF43325F0891B6C18DC7193ED18D44A83C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c7cfe50383d2d05f739fd47afd03a66a075a781ca343fd0adb5aa34b863f0b4
                                      • Instruction ID: 99653661c654e7666c179ba2c4d1a6d0100fca29d7cf218d8ecaaf401622ee1a
                                      • Opcode Fuzzy Hash: 9c7cfe50383d2d05f739fd47afd03a66a075a781ca343fd0adb5aa34b863f0b4
                                      • Instruction Fuzzy Hash: E7918AB191D6864FE705EB7CC4656B9BFE0EF5A310B1445FED08EC72A3CA24A44A8341
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a678287820088ecffcea439869b5d26d09a80d2c7f15ecbf05ee32de27a356fa
                                      • Instruction ID: 9c788fb0b160933dd0b31cb68e398b6425b8c0032c78715c7d9e724200514f7e
                                      • Opcode Fuzzy Hash: a678287820088ecffcea439869b5d26d09a80d2c7f15ecbf05ee32de27a356fa
                                      • Instruction Fuzzy Hash: B35157B1A0D5864FD745EB3C94656FA7FE0EF86320B1845FED0CDCB1A3C928A44A8391
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46848d064c7988de2468127e80600c402351d12d0c9b7d10499b124e9469dd4d
                                      • Instruction ID: f1e194c987e74da1e4e0b18037e30139c8b537a351c6fc1bb6dfdd4f09f1c655
                                      • Opcode Fuzzy Hash: 46848d064c7988de2468127e80600c402351d12d0c9b7d10499b124e9469dd4d
                                      • Instruction Fuzzy Hash: 5151376290EB858FF765876C98096B97FF0FF62310F0441BFD0AE87197D629E8098791
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9920326db27b230429e23e5aaf08106485c2e8e28aefa74b26a96d1d312adc1e
                                      • Instruction ID: 85c93d668dafa35d8b732c6de2563097ef7372da344637e38d413f77498c9888
                                      • Opcode Fuzzy Hash: 9920326db27b230429e23e5aaf08106485c2e8e28aefa74b26a96d1d312adc1e
                                      • Instruction Fuzzy Hash: C25117B090E6865FD745DB3884656A67FE1EF5A310B1845FED08DCB2A3CA28E44AC351
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c6d06d4b68bf74d70e718838d526f38afebf55c96ed8b1d74f0c6987e5bc9df3
                                      • Instruction ID: 2c42cba9d6c3e31c5dc35c296f9d7b5aacc4781ce73c7a9fd4f039b2b33d5251
                                      • Opcode Fuzzy Hash: c6d06d4b68bf74d70e718838d526f38afebf55c96ed8b1d74f0c6987e5bc9df3
                                      • Instruction Fuzzy Hash: D431BF11B2AF4A8BF6DAD32C455523961C3EFDA350B58B57AD01EC32D6ED28DC0A42C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b85df3aba0fe5ea4ec9d6a93b208887a9a3cc94e0dcedbcb80936d2cc1ca9af
                                      • Instruction ID: 948718cfd8c36107d3e8c1b1ac54fa54c531874f4c9c0f19acaa7e30ac48fde9
                                      • Opcode Fuzzy Hash: 0b85df3aba0fe5ea4ec9d6a93b208887a9a3cc94e0dcedbcb80936d2cc1ca9af
                                      • Instruction Fuzzy Hash: 7D31E67080C7888FDB16DB68C855AE9BFF0FF56310F0442AFC089D71A3D624A849CB52
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 35965e39719e36fca044e7ee8b579e5d1c8000b24265a2e0fbdceee317a09dfb
                                      • Instruction ID: ccdf9203fac5ff5732d73907bfcab1d1db4b98ef61db6b0c9d3672f670339238
                                      • Opcode Fuzzy Hash: 35965e39719e36fca044e7ee8b579e5d1c8000b24265a2e0fbdceee317a09dfb
                                      • Instruction Fuzzy Hash: 313148A080E6C61FE745E73884696BA7FE1DF57310F1844FED08DCB1A3D928E84A8311
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 648679cfe88c3eeea94e6a82cf8983e7594cb7a9f95acd9ac304f57439e5d320
                                      • Instruction ID: 3dca19284b67057423ae832076c4b3f771b7571f9a07b4dfeb34281f065405b1
                                      • Opcode Fuzzy Hash: 648679cfe88c3eeea94e6a82cf8983e7594cb7a9f95acd9ac304f57439e5d320
                                      • Instruction Fuzzy Hash: 0E214B7181D7848FE7259BBD9806BE5BFF0EB17320F04426ED099C3192D6696409C792
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7ae19912b3249a051f86d744eaaa3a5a198c5ec0d3f326f9ad0345449cb0ce11
                                      • Instruction ID: 9e1a81286eb7f7162e8b595acce3502955a8e4c6b092fe566237b9bc841ea5e8
                                      • Opcode Fuzzy Hash: 7ae19912b3249a051f86d744eaaa3a5a198c5ec0d3f326f9ad0345449cb0ce11
                                      • Instruction Fuzzy Hash: 9D21E26181EBC64FE7D6977848691B4BFF0EF26211B0806FFD489C71B3D91D98498352
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 356c77382f8549b7d9ba71cd11b6f962b32f272a8f5138e1c541212a5eb17c99
                                      • Instruction ID: 2858bbfb1bd7f54d859189327ecf68658e868907ad0497746c9f3afec58e7406
                                      • Opcode Fuzzy Hash: 356c77382f8549b7d9ba71cd11b6f962b32f272a8f5138e1c541212a5eb17c99
                                      • Instruction Fuzzy Hash: 3D11B411B1EB0A8AF697E72C10612B852C2DF9A3A0B54757AD40EC3286ED1DE80A42C4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 941b22224bdbd2bc2303ee64f1b09dd1465fafcaa8b7295f35b08a5ca8c13c01
                                      • Instruction ID: b979c4c8d41834367bea6ee82cc4e6e0e49f722f73d82078409b23a12ff17beb
                                      • Opcode Fuzzy Hash: 941b22224bdbd2bc2303ee64f1b09dd1465fafcaa8b7295f35b08a5ca8c13c01
                                      • Instruction Fuzzy Hash: D311D631A1EB5C9FEB59E71CAC155A97BE1EF9A62070412BBE00DC3293CD159C0683C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e847c07ae8d081b234b1be3a08cb9e5c4d490c78a5c92a0bc88d04daacd4d07d
                                      • Instruction ID: 467854b99e4a8d8c5d0fbf9fd8a63a3b5928de1c3b47c7fd483396da24446ca3
                                      • Opcode Fuzzy Hash: e847c07ae8d081b234b1be3a08cb9e5c4d490c78a5c92a0bc88d04daacd4d07d
                                      • Instruction Fuzzy Hash: BD21267141D7C44FD7259B7D9809AE57FF0EB17220F04426FE0DAC7593C668A409CB92
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 832459e1e377be83370f420600e26ded2da85eb719db11c070b679833deeeff4
                                      • Instruction ID: 0cc2975726caf73797b18161843a5b58cee41294f57178a423a2383442d3ae1c
                                      • Opcode Fuzzy Hash: 832459e1e377be83370f420600e26ded2da85eb719db11c070b679833deeeff4
                                      • Instruction Fuzzy Hash: 6221C21A92DB828FD756533C68290A57FA0FF43225B0843F7C0998A5E3DA15D84A82D1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f92a1982a24312af1f559b2e105b9a94e7e215832f891b3f7494dfaeb7135ae1
                                      • Instruction ID: 7c8c416dc7afc2c29d46770945625dee9741de918f11c4442ed338177f2712ba
                                      • Opcode Fuzzy Hash: f92a1982a24312af1f559b2e105b9a94e7e215832f891b3f7494dfaeb7135ae1
                                      • Instruction Fuzzy Hash: 5401162275AD09CFEA99E72C60137BC7AD1EF4B211B817179E14EC32D2DD59AC1443C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d39f9a0781027b1f6cf6bb5c9ab0ab15f4fc4e8614627e0c956f323b74ec6591
                                      • Instruction ID: 8b125aed48e4a9913a5fb7cb53fb713bead5622345a559982b976212c7363b00
                                      • Opcode Fuzzy Hash: d39f9a0781027b1f6cf6bb5c9ab0ab15f4fc4e8614627e0c956f323b74ec6591
                                      • Instruction Fuzzy Hash: DA11066191EAC68FE79997B844651B57BA1EF0B300B1842F9C48ECB1A7D81C984A83C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c50004b53e9d33ce87a0a334a40804cd7d1eae7a789f76d7212c6b133ae2e8c9
                                      • Instruction ID: 4871c4cab68e35509ba7ab23f2b2735cd2fa2f7d7728918ed35528166eae435c
                                      • Opcode Fuzzy Hash: c50004b53e9d33ce87a0a334a40804cd7d1eae7a789f76d7212c6b133ae2e8c9
                                      • Instruction Fuzzy Hash: D2117030A19A48CFEF88EF98C4D49BD7BF1EF59301F144169D40DEB296DA74A846CB40
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a7827a0169d44128dc3396f6ddad92c40c6d1e679909bc93ba602d997301a21
                                      • Instruction ID: 83a08d2e891d8513ae7d69a6646985f5a3ca417b84b23c6418578625d41d1ff1
                                      • Opcode Fuzzy Hash: 4a7827a0169d44128dc3396f6ddad92c40c6d1e679909bc93ba602d997301a21
                                      • Instruction Fuzzy Hash: 03F0629584F7C24FE79313795C2A4A57FA4AD531217CD81FBC0C9CB593D84E584E8352
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 776847138d2d66a33ea136da64b3f08ea02423e549f9d5261eb9b64854294559
                                      • Instruction ID: 53f5077433a85c3cf125a52bbdd41225a80a2cb79a20a59acc251e0e1256993d
                                      • Opcode Fuzzy Hash: 776847138d2d66a33ea136da64b3f08ea02423e549f9d5261eb9b64854294559
                                      • Instruction Fuzzy Hash: 35012B61D0E68A8FF796D7A444555FC7BE1EF0A320B0865FEC00DC7193DD18680A87C0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b6638e14e8aa4a44250ef7aa0c3e5b2feb499f7b0c45a9b83d44ea8b291fa30
                                      • Instruction ID: b1ba9230de32dcc7c0760b050dc01c450f91381790bd7ce62cb800bb16560cc8
                                      • Opcode Fuzzy Hash: 0b6638e14e8aa4a44250ef7aa0c3e5b2feb499f7b0c45a9b83d44ea8b291fa30
                                      • Instruction Fuzzy Hash: 7E01FA34A0882C9FDF84EB6CC898E9877F2FF6D30170504A4E409EB261DA68EC41CB50
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2e4901ff28bddd42b98ba954404d2c1287cf7d39a1a90bf1c5266de82d678d5
                                      • Instruction ID: be384c2102eaf222032cccd8d37b56b9e50fe4736daa889d16f4470b9a0316a4
                                      • Opcode Fuzzy Hash: d2e4901ff28bddd42b98ba954404d2c1287cf7d39a1a90bf1c5266de82d678d5
                                      • Instruction Fuzzy Hash: D6015E30618B448FE758DF48C88456AB7F2FB9C320F10462EE04E93396DB38F8458B81
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba6764df2513b592eea08290eca06529ce3add939e75d44b28d9e99821bb9757
                                      • Instruction ID: cdffcc274d47b29b2b2031986903b8a50e769566da45d86c2c71cdae3080a557
                                      • Opcode Fuzzy Hash: ba6764df2513b592eea08290eca06529ce3add939e75d44b28d9e99821bb9757
                                      • Instruction Fuzzy Hash: 3601B56180E7C68FE3138774882579A7FB0AF13311F0A51EBC085CB0A3E619A549C7A2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 684d416e240f1c42d31236bfe00487fd13452adea67d09e732aa954c113da4f2
                                      • Instruction ID: 6c9f34647bb262e9be33c05625afba026c1f98f869df9c17f0515cabec34b65f
                                      • Opcode Fuzzy Hash: 684d416e240f1c42d31236bfe00487fd13452adea67d09e732aa954c113da4f2
                                      • Instruction Fuzzy Hash: ED01A230A5E90A8FEB95DBA48491AB977F3DF46310B50C17AC02EC72D2DD2DA8498781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7143e30e207ac9e0cc5fd82be6771f1839a63d012d46a3d2035de5bbb620d114
                                      • Instruction ID: 6b3e7e740a6390422ac99e152532bc27bda2f07fc6e85d7d0e8448736c9df9a4
                                      • Opcode Fuzzy Hash: 7143e30e207ac9e0cc5fd82be6771f1839a63d012d46a3d2035de5bbb620d114
                                      • Instruction Fuzzy Hash: D4F026B2C0B6469FFBA4D73848470B83BA1EF56331F5441B9D00F97151DB3ED89A8280
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 127f73acd7487c9fef73b29aef38994a6f4ef2eb2d8f1627f419a4f13987f29a
                                      • Instruction ID: 8456e179df7a93eac05e5daf7267da20bbff26abd253f62eea341f4baf4d9c88
                                      • Opcode Fuzzy Hash: 127f73acd7487c9fef73b29aef38994a6f4ef2eb2d8f1627f419a4f13987f29a
                                      • Instruction Fuzzy Hash: 6FF0F035D18A0DCFE791EB28884E1E9BBB0FF19201F8096B6D00DC7152EE39D9998781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c483388740ec300b4cdd7c919904355c40bdf3535934c91c43d3e5f6249ecfd
                                      • Instruction ID: 4577855f94adf4c8c3fd47e723dae581e939c97a9b04c96a51c9fb3a41097874
                                      • Opcode Fuzzy Hash: 4c483388740ec300b4cdd7c919904355c40bdf3535934c91c43d3e5f6249ecfd
                                      • Instruction Fuzzy Hash: FEF02B3BA255118AD714BABDF4574E97730DF852317444277C2C48A193DD2DB48D8391
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70d0645685f8da4f8e4b061beb9d2e52e76bd4f4744ce5d05ddae07d1371482a
                                      • Instruction ID: 44482205c2b85c93724c8228527ad7181146960f65c5fd94675a7c8bd8329f2a
                                      • Opcode Fuzzy Hash: 70d0645685f8da4f8e4b061beb9d2e52e76bd4f4744ce5d05ddae07d1371482a
                                      • Instruction Fuzzy Hash: 00014F70A199498FDB45EB6CC499AE97BF2FF19300B4454E8D05EDB2A2DA28E845CB10
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8c4ae8c49c5cece1bb76d4721777babc62632010d777130ad302a2f413435317
                                      • Instruction ID: 5b9439a2b95f4d81b9ec6d2c87f6477a794deafb62a90efaa1d902805bccba6d
                                      • Opcode Fuzzy Hash: 8c4ae8c49c5cece1bb76d4721777babc62632010d777130ad302a2f413435317
                                      • Instruction Fuzzy Hash: 40F05432715A4947D749A63CD4A94F8B7D0FF9311634842B7D049C7253DC16D8C98381
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3804ad685b551c4d4e1a599ed9131cde77cfd7e8291d533c5121c6378c837c19
                                      • Instruction ID: 75e0217fd717f4fa4aa62e465248bd0622826806434be651fe3bf3701b32e736
                                      • Opcode Fuzzy Hash: 3804ad685b551c4d4e1a599ed9131cde77cfd7e8291d533c5121c6378c837c19
                                      • Instruction Fuzzy Hash: 3D01A25180F2C59FFB13D77448562B97FE09F07215F48A6FAC08D4B093D508B01E9392
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6fb513ec4b17247a329dec8b30bb1a0cc4810eb5daaa75008cca3abdab3e09af
                                      • Instruction ID: f8da4110eadfdbc22afd49e39c0dd07dcff35471acc4dfe08820777550604098
                                      • Opcode Fuzzy Hash: 6fb513ec4b17247a329dec8b30bb1a0cc4810eb5daaa75008cca3abdab3e09af
                                      • Instruction Fuzzy Hash: 0CF0124408F7C24FC75343B868A45823FB19E4B120B0E42DBC5C0CE0A3C18E485AD323
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb07151dbe3b2419428bce7658bc2e884a7522adabb59a174f960ddbf493bf11
                                      • Instruction ID: 5971d262ad341f53858328c02f6d5e799a95295d16410ad73b142c1b80580d79
                                      • Opcode Fuzzy Hash: eb07151dbe3b2419428bce7658bc2e884a7522adabb59a174f960ddbf493bf11
                                      • Instruction Fuzzy Hash: 3AE0CA2080F3C08FD707073149280503F70AC1324534E41DBD884CE2A3D52E899ED773
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3f447c740b47587749919d3d5388d3ec662af99b756b747e2f4a8af1211fe1f
                                      • Instruction ID: 14feee85b1e8fd467caa674d05ad3bc313683e6a0081a90db0935a5873266a0f
                                      • Opcode Fuzzy Hash: c3f447c740b47587749919d3d5388d3ec662af99b756b747e2f4a8af1211fe1f
                                      • Instruction Fuzzy Hash: CDF08130D4A24ADFFF11DB6484402AEFBE0EF01322F60A5B6C01987250EA38A7588BC1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 522d4e7e9f93b96fd0854bc37cf75fc996f4f315459ef4915ad8336912719cb4
                                      • Instruction ID: a87f33b62ec5f566360f69bc522144823d0cf13df43377f1fb6a7f6f49c802fd
                                      • Opcode Fuzzy Hash: 522d4e7e9f93b96fd0854bc37cf75fc996f4f315459ef4915ad8336912719cb4
                                      • Instruction Fuzzy Hash: 30F0A03155E7C44FC70AD62888664507FA0EE6B21574940EEC189CF593D51EDC0AC701
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1cc7d7310ad72d521645e90ed08c1f5133c02c4ca3ccde062d0a6d2c670b757
                                      • Instruction ID: 7903455f586700d1761d0985d6cffd3b096498a48063fad49c7a3c8a30fcbdb1
                                      • Opcode Fuzzy Hash: f1cc7d7310ad72d521645e90ed08c1f5133c02c4ca3ccde062d0a6d2c670b757
                                      • Instruction Fuzzy Hash: 7AF0A03151EBC44FC75AD62888254503FB0EE6B20574904EEC18ACF193D51FDC0AC701
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75eb46e01be60c829bf206a55a205ef3fa0db0030b9793507cb8b4be4fefd51c
                                      • Instruction ID: 62dd152727da85638aaf736c5d4e2e0edcb867b38a575213b108dd317ca7f365
                                      • Opcode Fuzzy Hash: 75eb46e01be60c829bf206a55a205ef3fa0db0030b9793507cb8b4be4fefd51c
                                      • Instruction Fuzzy Hash: 97F06D3111A7C44FCB0ADB3888A58603FB0EE5B21975944EEC18ACF593D62ED80BC711
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91bb2fd0002fc78fe5a1d89bad87a0bc93b280f5e9dbc61aabb692f5438c5efa
                                      • Instruction ID: 312e553cf3915c6c880e6dfb49fab49229a9eed776f1cfc558456340efac0925
                                      • Opcode Fuzzy Hash: 91bb2fd0002fc78fe5a1d89bad87a0bc93b280f5e9dbc61aabb692f5438c5efa
                                      • Instruction Fuzzy Hash: D4F0EC31A1E1458FD356DB68D8516A437F6EB46330F1942BAC04ECB2D7E92CA9068340
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 515aa856aa2f457299b3c5e31bc5b2a0a10f0ea1e61ea5d8f5647de0fc777970
                                      • Instruction ID: 1026967b711c6a3db01e323afd880d2300f5408a2529f7e075a0e5c5e339870d
                                      • Opcode Fuzzy Hash: 515aa856aa2f457299b3c5e31bc5b2a0a10f0ea1e61ea5d8f5647de0fc777970
                                      • Instruction Fuzzy Hash: 54F06D74D1A249DFEB01DF64848429DBFF0EF06311F6095A6D005C7241EA38DA888BC0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adba0998f7697b364a20a8f4ce854644b52ca9518c293cd5f76bd268e6e978bf
                                      • Instruction ID: 10b73229cfe2c2c59e3361ab8635d2fe60b538ef9e21cec0c3d68287bfb76676
                                      • Opcode Fuzzy Hash: adba0998f7697b364a20a8f4ce854644b52ca9518c293cd5f76bd268e6e978bf
                                      • Instruction Fuzzy Hash: DDF0653551D7C18FCB19D63888554603FB0EF6B21975901EEC189CF1D3D62AD847C702
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07fc036093df909ebdf8b0deb1105b91df957fa4aeff34c68c4340fb34cb286c
                                      • Instruction ID: 04acf9ac8bb6cb20e105bfb0bccd52da1c9e5bd78afe1acb73f671344fbad096
                                      • Opcode Fuzzy Hash: 07fc036093df909ebdf8b0deb1105b91df957fa4aeff34c68c4340fb34cb286c
                                      • Instruction Fuzzy Hash: 4EE092259195508FE745A72CD8A58F837A0EF1221574841F3D489CE5A3DD0DD88DC392
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5c08b870422fa6142ba0cbd5770202cf5e51459b7d88cb5073403591cfa09a7
                                      • Instruction ID: 6a9dae35ed0e742acb4bae50f9110abc155e07c114e6e7e969b6266f0253d19b
                                      • Opcode Fuzzy Hash: f5c08b870422fa6142ba0cbd5770202cf5e51459b7d88cb5073403591cfa09a7
                                      • Instruction Fuzzy Hash: F8E04F9684F3D24FE74313B509220943F705E5722079951F7C088CA093E48F485F8392
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2ac6c655532a8b1fc64ea15d89758f21cb72b22638be8f91573ed90c7ef002a
                                      • Instruction ID: 3f8a46002cae9fd8feaf6efa630bb67dc77e5ae6690dd31a502c0d34f7a753f9
                                      • Opcode Fuzzy Hash: b2ac6c655532a8b1fc64ea15d89758f21cb72b22638be8f91573ed90c7ef002a
                                      • Instruction Fuzzy Hash: 85F0C22041E7C54FD74B973488A88507FB0AE2710078A01D7C089CB0B3D91D488DC762
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 734765b65f782e9206f772b36b812a6902e47f8529e0cf183447ef490ba1c410
                                      • Instruction ID: 5b25af74a58bab4130b2114780701590094fda3cb46997ffee1ab6c885c6146e
                                      • Opcode Fuzzy Hash: 734765b65f782e9206f772b36b812a6902e47f8529e0cf183447ef490ba1c410
                                      • Instruction Fuzzy Hash: 0AF06D34D0924EDFEB11EF64C0446ADF7B0AF05325F60A5B6C00D87280EAB8A6989BC1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d68145627ba8cde45f538b780a7905be6b9e340c92b00863ddc359bd1c9ef797
                                      • Instruction ID: 8adbfa415a87b247d0a668cccec4d176927ca6ad836aaff54b2770c443137560
                                      • Opcode Fuzzy Hash: d68145627ba8cde45f538b780a7905be6b9e340c92b00863ddc359bd1c9ef797
                                      • Instruction Fuzzy Hash: BFF0ED2245E3CA8FD313D7205922195BF74AF53110F4E96DBC098CF8A3E619951CC756
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c4752bc2639a5b9b2f7f21f10d04fd43b96752fb412b02f856227b6197246ad
                                      • Instruction ID: 3b20affd8848ae311d91db80b1f9e488c5bd53d54d7e295a498e07b31f79846d
                                      • Opcode Fuzzy Hash: 1c4752bc2639a5b9b2f7f21f10d04fd43b96752fb412b02f856227b6197246ad
                                      • Instruction Fuzzy Hash: 27E02B2486E6C38FDF1612783C4A5D0BF60DF5B2B0F8803A1C0A4C71D3DA5D649743A6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6dd9f465fc735188ab0cc455a62ec7802f5ba6fc1193c97bcc0c49c97533cc24
                                      • Instruction ID: e011d35cce12041bd37e902a0ac52086f197af0d55468f1b2f9d58e014c9ee7d
                                      • Opcode Fuzzy Hash: 6dd9f465fc735188ab0cc455a62ec7802f5ba6fc1193c97bcc0c49c97533cc24
                                      • Instruction Fuzzy Hash: 96E09272C1D789CFE761DBB4841A39E7FB0BF25301F85156AC045D7192EB39E2548B82
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c47968067879ad5802cd14fb3142a5de58350be701a911428a968334202e381
                                      • Instruction ID: f91800739fba408dc8e984871511b7e58f8a6e9a08a481221265f75ca1cd6e91
                                      • Opcode Fuzzy Hash: 6c47968067879ad5802cd14fb3142a5de58350be701a911428a968334202e381
                                      • Instruction Fuzzy Hash: F0E017A280F7D11FE74653B9486E4587FA0ED2722038804EFC1CACF1B3E41E055A8312
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91337323f8a12ebbb42e41a5bd41adf2aed46a74c6c9d9f8a2e46cb47ac84796
                                      • Instruction ID: 999310e5da73b2b18ff87778a144b117f19dea8eba5fd47bd73cb906dca1b26b
                                      • Opcode Fuzzy Hash: 91337323f8a12ebbb42e41a5bd41adf2aed46a74c6c9d9f8a2e46cb47ac84796
                                      • Instruction Fuzzy Hash: 6AD05E20B11D0D4B9B4CA62D884D430B3D1E7A821279442AAD80AC62A5EC29E8C98B84
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 18d92aceeef1ff57c8e8fe0e175fe62e02f07b214faa9cd0ef5d3d4c6977bde4
                                      • Instruction ID: b2fedeeeebc129b993f10763e91266e865d769c7638afd7846cc0173f0b6693a
                                      • Opcode Fuzzy Hash: 18d92aceeef1ff57c8e8fe0e175fe62e02f07b214faa9cd0ef5d3d4c6977bde4
                                      • Instruction Fuzzy Hash: 4AD05E30B10E0D8B9B4CA62D885C530F3D1E7A92027E45269940AC2291ED2AECC9C780
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ce02369d7bd7a1a91dd38e639fbe5747298bd7d992a629518db80ea470487ca
                                      • Instruction ID: 83e135603927cfc398db4a57adcd0e9af2406ef21815fb89896aaff1d0b884f8
                                      • Opcode Fuzzy Hash: 9ce02369d7bd7a1a91dd38e639fbe5747298bd7d992a629518db80ea470487ca
                                      • Instruction Fuzzy Hash: 3FD05E30B20D0D4B9B4CA62D885C834F3D1F7AA2067949369940AC2291ED2AECC98784
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 83d95be3ffff5317c8761b7fb179963d06348d8f5623338186b6181007058311
                                      • Instruction ID: 37ce211f3e41ab059db88b406199c9d117f9bdc9a2e1497f7db602c4a212acd2
                                      • Opcode Fuzzy Hash: 83d95be3ffff5317c8761b7fb179963d06348d8f5623338186b6181007058311
                                      • Instruction Fuzzy Hash: CCD0C96184F3C14ED703437A0C681947F609CA351438E41EBC8D9CE5A3D45E445BC362
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2856a6cceab23b111046bbff137b9b507fd02fa2c16f1dd3590bab0d4ed68111
                                      • Instruction ID: 841b4ad2a919b99bff57582cb1341948ddc0805e36d9a43e4557530dd80a1313
                                      • Opcode Fuzzy Hash: 2856a6cceab23b111046bbff137b9b507fd02fa2c16f1dd3590bab0d4ed68111
                                      • Instruction Fuzzy Hash: 65D0672055EBC44FC70B973488648503FB0EA2B11574A01CBD485CB1B3D5599D8CC762
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7ab8cb47b22ed0754b31b1e7cbd85716f55e0f239ab2bcf568a3622b3508d55
                                      • Instruction ID: a06c678aa84226186337bebed9eb747eb47be76e20c2089207271d01a282eb05
                                      • Opcode Fuzzy Hash: a7ab8cb47b22ed0754b31b1e7cbd85716f55e0f239ab2bcf568a3622b3508d55
                                      • Instruction Fuzzy Hash: AFD05EB184F3C14FD7131772499A0C47F60DE2310078918EEC8C588653E42E459B8B52
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166091638.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac6f0000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f48902027cb648b2cfd384692881afe1a4ab8c50d340673791859e954aac7b02
                                      • Instruction ID: 747e1283dea36e97968da22a53bda2afd156a12440092d17a52982a4eebec32a
                                      • Opcode Fuzzy Hash: f48902027cb648b2cfd384692881afe1a4ab8c50d340673791859e954aac7b02
                                      • Instruction Fuzzy Hash: DDD0C95172E52683F605A38C68473B8B289CB89710F64B13AE10DC26C7C85EAD8A02C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a37f3e894db4c980b3d2ea641fbe7fa0a73839b587ff1244c1519cf762e59e08
                                      • Instruction ID: 66ae3b8b8c9bf7c3bdb38ee989aeb75efd801976be89e778aa35199413425cc2
                                      • Opcode Fuzzy Hash: a37f3e894db4c980b3d2ea641fbe7fa0a73839b587ff1244c1519cf762e59e08
                                      • Instruction Fuzzy Hash: 79D01230B61D088F8F5CF73C885997073E1EB6E2167D540A9D00EC72B1EA6ADC89C781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ab4df61f897efe66eb1eb677ef6282a116ac6514f67a6f1a736b7c9c709b256
                                      • Instruction ID: a140ac9674b94166d3abf086c81fd7293e521de4a1a14041253a68f97a105e20
                                      • Opcode Fuzzy Hash: 6ab4df61f897efe66eb1eb677ef6282a116ac6514f67a6f1a736b7c9c709b256
                                      • Instruction Fuzzy Hash: C7D0C930A619088F8B4CA72C889996072E1EB6A21679540A9D00EC72A1E96AD899C781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ec17fa8516caff29a5e7aa6035bd561e877a6b39f040db14d3018d921c11308
                                      • Instruction ID: 83c5d2dd9a4b817119a2def1b51fb6092cef4eb9e97de1e4276f2a67f54ddd67
                                      • Opcode Fuzzy Hash: 6ec17fa8516caff29a5e7aa6035bd561e877a6b39f040db14d3018d921c11308
                                      • Instruction Fuzzy Hash: 54D01234B61D088F8B8CF73C8859D7073E1FB6E21679541A9D00EC76B5E96ADC89CB81
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 152277f6255d34857a6b3260db9c6467a7ef9abfca5252ba8554b5f8c40cd78c
                                      • Instruction ID: ab5ff4c5c615731c7e0625069dc51192413e3fc3e8faec02c5fea251394c2fdc
                                      • Opcode Fuzzy Hash: 152277f6255d34857a6b3260db9c6467a7ef9abfca5252ba8554b5f8c40cd78c
                                      • Instruction Fuzzy Hash: 5BD0C930710D084B8F0CB63D885946073D1EBA920A7A4416D940EC6291ED67DC86C741
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24636a1f4d83fc9debfdeecd02c2b3d2cb8a245de9818b5a02cb65c63c712aa1
                                      • Instruction ID: 73896d8bfa52fab796b34b074add09a9b651552d1d5da47584ad614f3b164589
                                      • Opcode Fuzzy Hash: 24636a1f4d83fc9debfdeecd02c2b3d2cb8a245de9818b5a02cb65c63c712aa1
                                      • Instruction Fuzzy Hash: 2FE0EC3032C7488BE648E61CC491A2EB3F1FB85700F405528F14DD3291CE24FC408B82
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2531afe095bccf2417d04b11930a86f55b3d64e289e4ff09a34c37dceef054eb
                                      • Instruction ID: d21a9993893711eaf06e428a30990d359a102aa8179d98bd7ef267bd8fb97dad
                                      • Opcode Fuzzy Hash: 2531afe095bccf2417d04b11930a86f55b3d64e289e4ff09a34c37dceef054eb
                                      • Instruction Fuzzy Hash: 65E01270D1664A9FD749DB78D4516ACBBF1AF49300F5404FDE44EDB293DA386401C700
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c6913956ded1f7400fb5552b84c596c03b2629f81de4ba8227d98111957634d2
                                      • Instruction ID: 3fb4e819b404653e5cc622e9817166cc44c23e09d09d75f39ebc25bbc05f27d4
                                      • Opcode Fuzzy Hash: c6913956ded1f7400fb5552b84c596c03b2629f81de4ba8227d98111957634d2
                                      • Instruction Fuzzy Hash: 80E01234A49206DBFB01DB54C4846EDB7A1EB52326F10E275C009C7284DE38A6888BC0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2b17d386d900fcaa126cbf47725cd102da3ea1ffad9ff8640d795046e6007b1
                                      • Instruction ID: 30d86b5087de111246f656542435b4813496ff995c2c94a1698f984b90a9d51c
                                      • Opcode Fuzzy Hash: b2b17d386d900fcaa126cbf47725cd102da3ea1ffad9ff8640d795046e6007b1
                                      • Instruction Fuzzy Hash: A1C012305118188F978CE725C848C7032E0EB14205B800095940AC61B1D919D998C791
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a2dfa6e6d629786e0e59bef52f1e478f0e98eca8b4094ecfd6d97dc361ff21a
                                      • Instruction ID: 85e1a3a50ed849582c5c2b21049bbda50a31a891c402a723dff976be35980ed2
                                      • Opcode Fuzzy Hash: 5a2dfa6e6d629786e0e59bef52f1e478f0e98eca8b4094ecfd6d97dc361ff21a
                                      • Instruction Fuzzy Hash: 7DD09E3061854D8FDB48DB99C444A5DB7B1FB44700F504219D00A87245CA34E8818784
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 452e000cea6b90a2251f26819c42beb3e8bd5d3010471dd5cafcdc0b44d49bcd
                                      • Instruction ID: 31796143ffa70e40b98187033c5fe3b9c6840e9141f4c58c72721acf79bc7ec0
                                      • Opcode Fuzzy Hash: 452e000cea6b90a2251f26819c42beb3e8bd5d3010471dd5cafcdc0b44d49bcd
                                      • Instruction Fuzzy Hash: 12C08C3051180C8F8B4CEB28C898C70B3E0FB2A201BC100A9D00EC71B0EE5ADC88CBC1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77691fcd2be677cd4fa0107d1fd6318d388e53be8a6744a955bd97adb7c83832
                                      • Instruction ID: 244d275f2831212791b7f81a12726ff320dd5d412ae1d1cbdc92ea18258ab9f2
                                      • Opcode Fuzzy Hash: 77691fcd2be677cd4fa0107d1fd6318d388e53be8a6744a955bd97adb7c83832
                                      • Instruction Fuzzy Hash: 4CC08C305128098FCB4CFB38C8A9C6073E0FB2A211BC500A8D00FC71B0EA5ADCC8CB81
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 577e59e2abaae1c5756901cf933eea9b6736fccf0a7c6a9666679c0b4e4c613c
                                      • Instruction ID: 8a450776a606f57179f2bd5a5f2ad1e01529c9388fcfae428fc445e77c67a828
                                      • Opcode Fuzzy Hash: 577e59e2abaae1c5756901cf933eea9b6736fccf0a7c6a9666679c0b4e4c613c
                                      • Instruction Fuzzy Hash: C8C08C34551808CFC908FB2CC88880833B0FB0B301BC260A0E00DCB179D219DCC6C781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31439c12f291fd8365357affef9a05cf89a25b518554aa61611d8e96c9344fe7
                                      • Instruction ID: eaea7b491b1028b76321819f9108de1f4cd6232e62bf3d475afd3484615a2e21
                                      • Opcode Fuzzy Hash: 31439c12f291fd8365357affef9a05cf89a25b518554aa61611d8e96c9344fe7
                                      • Instruction Fuzzy Hash: 93D0A92092964A4FC38ADB7880A16A87BF2AF46200F1800E9E00ECB1A3CA2888008311
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c7e4efa1f1e6f4c77aae0a0a808cbd68a0086a5d85949f7b929503fede964b1
                                      • Instruction ID: 724762dc088498fb449568eced5f9755fb295d953479b130cd8078e649f32278
                                      • Opcode Fuzzy Hash: 4c7e4efa1f1e6f4c77aae0a0a808cbd68a0086a5d85949f7b929503fede964b1
                                      • Instruction Fuzzy Hash: 28B09220C6760A89E9B93335484246470A1AB46244FE055B5D80D40181A86F90A94282
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac5bece41474612e1ee68dae7734d41da7b746b9a4d0e411ef597e385e729ca9
                                      • Instruction ID: a4a36c6617c0a7aafbba2fc1f390185f7a819675429972162f1efb6e47fa5912
                                      • Opcode Fuzzy Hash: ac5bece41474612e1ee68dae7734d41da7b746b9a4d0e411ef597e385e729ca9
                                      • Instruction Fuzzy Hash: 6EB01224DA250547A4183775288909CB830E64A501FD00590D40D80040E98E00D8A2A3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d9be02fc65a69b74e9f4279b4e8be0c8f2eaea99dbe557219f1cb04ccc31fb5
                                      • Instruction ID: 6536b5468ff31f1c1202e6e27978bd2a8301f90cab22a722aa2795a17c64a7ba
                                      • Opcode Fuzzy Hash: 4d9be02fc65a69b74e9f4279b4e8be0c8f2eaea99dbe557219f1cb04ccc31fb5
                                      • Instruction Fuzzy Hash: ADB01230C4360E85D9183231084204030A05B06104FC001B4D40844141D47F80E942C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 702885a8a2b25cb7d95ea92ff6ff8d759bd46d2c06daee5454483246c5f7882b
                                      • Instruction ID: e2eb8e8d9b679674a35d41660b7b1d73ede50430111d9bfcc4d6be0baa46a204
                                      • Opcode Fuzzy Hash: 702885a8a2b25cb7d95ea92ff6ff8d759bd46d2c06daee5454483246c5f7882b
                                      • Instruction Fuzzy Hash: F4B01244C9740704A4183277088B06470125B86210FC00170E40C40081D85F64980282
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dd875141ec7ae8e9f3d3083623d12d0a5d183438c3e0cb862535726bf688ce6c
                                      • Instruction ID: c46b8802b47abdc0999f86d2f7e0455dfac8c980efd4c26461e48d156b9227f1
                                      • Opcode Fuzzy Hash: dd875141ec7ae8e9f3d3083623d12d0a5d183438c3e0cb862535726bf688ce6c
                                      • Instruction Fuzzy Hash: 83A00246CA780A01980C35BAADC78D574546B8B164FC55AA0E808D01C6E8CE55E91393
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09241c905017d80b1caec24196c8fbfabb567372d8859ac774ede8d526bd9ff4
                                      • Instruction ID: 932394e340d81525fa9e6de3875efa17d76b7733753c3c4f2e5b6dc9fd568ed0
                                      • Opcode Fuzzy Hash: 09241c905017d80b1caec24196c8fbfabb567372d8859ac774ede8d526bd9ff4
                                      • Instruction Fuzzy Hash: 0DB09228E0D62D8EFBA1DB3840143A890D0AF0A311F4064B5900DD3281DA38D9046A83
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf942d3cbb5e90527b7c6ef9460b36960787c75632b040b3ee1a34a3c5498021
                                      • Instruction ID: 34b34805f6b857a0d14ad79bb782a3c7e9c0d2edc688da37b757f1682d523e4a
                                      • Opcode Fuzzy Hash: bf942d3cbb5e90527b7c6ef9460b36960787c75632b040b3ee1a34a3c5498021
                                      • Instruction Fuzzy Hash: 4A22146251E7C14FE70B8B744D621B07FA1EF53206B1996FFC4CA8B097D919A81BC392
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f839927a4126a328144a1ae6098e017f98ba2ba19e872d05541425e63509e7a
                                      • Instruction ID: d7fdc7ab118ec82938d3d888d7d920256af0a40fff6f8b0ee304b07ad048b5a4
                                      • Opcode Fuzzy Hash: 4f839927a4126a328144a1ae6098e017f98ba2ba19e872d05541425e63509e7a
                                      • Instruction Fuzzy Hash: EAD1D6A191D6C98FE796D77C88697A8BFE0EF57211F0401FEC089CB1E3DA64245AC781
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 93a9bcb4c355b71ed672c00643b8f24aa1af6d52fe0e7a9d782be661a8e515b5
                                      • Instruction ID: a761eee6b13c37d27426ba141a7e857e70aaed74bcf7b4e35c51adfd2d25cd3b
                                      • Opcode Fuzzy Hash: 93a9bcb4c355b71ed672c00643b8f24aa1af6d52fe0e7a9d782be661a8e515b5
                                      • Instruction Fuzzy Hash: 08717771A2D74A4BA72E89584C83175B385EB83227B24B33DCEDFC3183DD15A81B41C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ec78448f31aadcca7218f55f1d237027886fb50690832d6675d762d0c433227
                                      • Instruction ID: 11c891b6cfc7834b5db54ac93540224247a24fbf9fbb6c003624f22fb1ec0dfe
                                      • Opcode Fuzzy Hash: 9ec78448f31aadcca7218f55f1d237027886fb50690832d6675d762d0c433227
                                      • Instruction Fuzzy Hash: 8981E47190F7858FE7929B7898A51F97FB0EF47220B1981FBD48DC7193D929940D8382
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a348cab4c1c6d7ecd60b540f84f9abf11259421084ee0523fd073cd83ee5d942
                                      • Instruction ID: 5980f4a19569b0a765aafbb84b8e8b34055357f9af42ebf7ef5aeca2c3f23e90
                                      • Opcode Fuzzy Hash: a348cab4c1c6d7ecd60b540f84f9abf11259421084ee0523fd073cd83ee5d942
                                      • Instruction Fuzzy Hash: 91510AA291DAC98FE746DB6CD8657A47FD0EFA7311F4401EEC089CB2D2DBA4245AC341
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3166476773.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac790000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d22d54e495f433bd72cf6ec957cd435b8e47fdbec98132361678f7f6da0575f
                                      • Instruction ID: 4f4f40393db1400d366a956e490eb9a84ec1ee24436edde4af266f8cb58336fc
                                      • Opcode Fuzzy Hash: 5d22d54e495f433bd72cf6ec957cd435b8e47fdbec98132361678f7f6da0575f
                                      • Instruction Fuzzy Hash: 6641E86B9192619BD74177BCF4A18EE3B70EF85279708C277D2C8CD0A38D18508E87D5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3165710129.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffaac610000_305iz8bs.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: >O_^$O_^z$O_^|$O_^|
                                      • API String ID: 0-2288712206
                                      • Opcode ID: 1a65ff09ed3d3a16e20ac93ebe760f1510109132b099152d8ef4a419ce710af5
                                      • Instruction ID: 8a6d52e24e1a6dfc73d1db2ecaae8ce412a7dbd26b4a14f1be540797d122cf47
                                      • Opcode Fuzzy Hash: 1a65ff09ed3d3a16e20ac93ebe760f1510109132b099152d8ef4a419ce710af5
                                      • Instruction Fuzzy Hash: 1731C45FB6952282A96172BEB4965FE1710DFC07B7B04D933E38DCE2A34C08A48D41E5