Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IoIB9gQ6OQ.exe

Overview

General Information

Sample name:IoIB9gQ6OQ.exe
renamed because original name is a hash value
Original sample name:82bbc8ed33542833c4876bf83168aacc.exe
Analysis ID:1580439
MD5:82bbc8ed33542833c4876bf83168aacc
SHA1:5808179691279740b9eb8adb80c128d4eac63982
SHA256:6dd49051e89930b88df26f0114262a5c8daf4b6aea23dd4cb83ede30a96693bd
Tags:AsyncRATexeRATuser-abuse_ch
Infos:

Detection

AsyncRAT, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected PureLog Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • IoIB9gQ6OQ.exe (PID: 6500 cmdline: "C:\Users\user\Desktop\IoIB9gQ6OQ.exe" MD5: 82BBC8ED33542833C4876BF83168AACC)
    • aspnet_compiler.exe (PID: 6504 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
  • wscript.exe (PID: 6780 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • ParamName.exe (PID: 6756 cmdline: "C:\Users\user\AppData\Roaming\ParamName.exe" MD5: 82BBC8ED33542833C4876BF83168AACC)
      • aspnet_compiler.exe (PID: 1888 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AsyncRATAsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2133928402.0000000004E40000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
              0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                6.2.aspnet_compiler.exe.406d60.0.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                  6.2.aspnet_compiler.exe.406d60.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.IoIB9gQ6OQ.exe.4e40000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      Click to see the 16 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: WScript or CScript Dropper
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , ProcessId: 6780, ProcessName: wscript.exe
                      Sigma detected: AspNetCompiler Execution
                      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\IoIB9gQ6OQ.exe", ParentImage: C:\Users\user\Desktop\IoIB9gQ6OQ.exe, ParentProcessId: 6500, ParentProcessName: IoIB9gQ6OQ.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 6504, ProcessName: aspnet_compiler.exe
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs" , ProcessId: 6780, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\IoIB9gQ6OQ.exe, ProcessId: 6500, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-24T15:12:14.899190+010020355951Domain Observed Used for C2 Detected176.126.114.681025192.168.2.549704TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-24T15:12:14.899190+010020356071Domain Observed Used for C2 Detected176.126.114.681025192.168.2.549704TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-24T15:12:14.899190+010028424781Malware Command and Control Activity Detected176.126.114.681025192.168.2.549704TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: IoIB9gQ6OQ.exeAvira: detected
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeAvira: detection malicious, Label: TR/Dropper.Gen
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeReversingLabs: Detection: 73%
                      Multi AV Scanner detection for submitted file
                      Source: IoIB9gQ6OQ.exeReversingLabs: Detection: 73%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: IoIB9gQ6OQ.exeJoe Sandbox ML: detected
                      Source: IoIB9gQ6OQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: IoIB9gQ6OQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.0000000003677000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IoIB9gQ6OQ.exe, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.0000000003677000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_023A10B5
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_023A10C0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then mov eax, dword ptr [ebp-28h]0_2_04B90829
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F67049h0_2_04F66C78
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F67049h0_2_04F66C69
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6744Eh0_2_04F675C8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6DCC2h0_2_04F6DE30
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6DCC2h0_2_04F6DAA0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6DCC2h0_2_04F6DA90
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6744Eh0_2_04F673E8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F6744Eh0_2_04F673D8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F8FA08h0_2_04F8F950
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 4x nop then jmp 04F8FA08h0_2_04F8F948
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_015C10C0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594744Eh5_2_059475C8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 05947049h5_2_05946C78
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 05947049h5_2_05946C69
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594DCC2h5_2_0594DE30
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594744Eh5_2_059473D8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594744Eh5_2_059473E8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594DCC2h5_2_0594DA90
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0594DCC2h5_2_0594DAA0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0596E0B0h5_2_0596DFF0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 4x nop then jmp 0596E0B0h5_2_0596DFF8

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 176.126.114.68:1025 -> 192.168.2.5:49704
                      Source: Network trafficSuricata IDS: 2030673 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 176.126.114.68:1025 -> 192.168.2.5:49704
                      Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 176.126.114.68:1025 -> 192.168.2.5:49704
                      Source: Network trafficSuricata IDS: 2035607 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 176.126.114.68:1025 -> 192.168.2.5:49704
                      Source: global trafficTCP traffic: 192.168.2.5:49704 -> 176.126.114.68:1025
                      Source: Joe Sandbox ViewASN Name: SAARGATE-ASVSENETGmbHDE SAARGATE-ASVSENETGmbHDE
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficDNS traffic detected: DNS query: canalinopedro.gotdns.ch
                      Source: aspnet_compiler.exe, 00000002.00000002.3268239980.0000000004E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: aspnet_compiler.exe, 00000002.00000002.3268239980.0000000004E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab-
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Yara detected AsyncRAT
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1888, type: MEMORYSTR

                      System Summary

                      barindex
                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_05033AB8 NtResumeThread,0_2_05033AB8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_050315D0 NtProtectVirtualMemory,0_2_050315D0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596F938 NtProtectVirtualMemory,5_2_0596F938
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596F930 NtProtectVirtualMemory,5_2_0596F930
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05A12148 NtResumeThread,5_2_05A12148
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05A12143 NtResumeThread,5_2_05A12143
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_050313480_2_05031348
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04FE6E5B0_2_04FE6E5B
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_023A0D200_2_023A0D20
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_023A16BF0_2_023A16BF
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_023A8F6C0_2_023A8F6C
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_023A0D100_2_023A0D10
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B966EF0_2_04B966EF
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B9807B0_2_04B9807B
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B941780_2_04B94178
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B9EBE00_2_04B9EBE0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B9C5200_2_04B9C520
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B9C5050_2_04B9C505
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B908680_2_04B90868
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B908580_2_04B90858
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04B941690_2_04B94169
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED77B00_2_04ED77B0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED74E10_2_04ED74E1
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED64A80_2_04ED64A8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED64B80_2_04ED64B8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED7C420_2_04ED7C42
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED77A00_2_04ED77A0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED00400_2_04ED0040
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04ED001F0_2_04ED001F
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F334710_2_04F33471
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F36E080_2_04F36E08
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F337A70_2_04F337A7
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F3003F0_2_04F3003F
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F34A880_2_04F34A88
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F6C0A80_2_04F6C0A8
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F633780_2_04F63378
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F6C0980_2_04F6C098
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F6DAA00_2_04F6DAA0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F6DA900_2_04F6DA90
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F6B34F0_2_04F6B34F
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F8DD900_2_04F8DD90
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F858000_2_04F85800
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F88AE00_2_04F88AE0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F857F00_2_04F857F0
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F827280_2_04F82728
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F88C2E0_2_04F88C2E
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F8DD700_2_04F8DD70
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F88AD10_2_04F88AD1
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_051D00060_2_051D0006
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_051D00400_2_051D0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D876C82_2_00D876C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D86DF82_2_00D86DF8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D834482_2_00D83448
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D834382_2_00D83438
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D86AB02_2_00D86AB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D8BCAB2_2_00D8BCAB
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_015C0D205_2_015C0D20
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_015C0D105_2_015C0D10
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_015C8F6C5_2_015C8F6C
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_015C16B05_2_015C16B0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056C66EF5_2_056C66EF
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056C41785_2_056C4178
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056C807B5_2_056C807B
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056CEBE05_2_056CEBE0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056CC5205_2_056CC520
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056CC4EF5_2_056CC4EF
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056C08685_2_056C0868
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_056C08585_2_056C0858
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B77B05_2_058B77B0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B64A85_2_058B64A8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B64B85_2_058B64B8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B00135_2_058B0013
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B64275_2_058B6427
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B7C435_2_058B7C43
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B00405_2_058B0040
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B64705_2_058B6470
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_058B77A05_2_058B77A0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_059134735_2_05913473
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_059137A75_2_059137A7
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_059100065_2_05910006
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05914A885_2_05914A88
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0594C0A85_2_0594C0A8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_059435B85_2_059435B8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0594C0985_2_0594C098
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0594B34F5_2_0594B34F
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0594DA905_2_0594DA90
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0594DAA05_2_0594DAA0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596F6B05_2_0596F6B0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596C0305_2_0596C030
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05966CB85_2_05966CB8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_059627285_2_05962728
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596F6A05_2_0596F6A0
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596C0235_2_0596C023
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05966CA85_2_05966CA8
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05966E065_2_05966E06
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05A12CFD5_2_05A12CFD
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05CB00405_2_05CB0040
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05CB00235_2_05CB0023
                      Source: IoIB9gQ6OQ.exeBinary or memory string: OriginalFilename vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.0000000003677000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000000.2013363201.000000000024C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFlghsxrxd.exe^ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.0000000002A7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2132779091.0000000004A60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLqigd.dll" vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFlghsxrxd.exe^ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2125797373.000000000084E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exeBinary or memory string: OriginalFilenameFlghsxrxd.exe^ vs IoIB9gQ6OQ.exe
                      Source: IoIB9gQ6OQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: IoIB9gQ6OQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: ParamName.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: IoIB9gQ6OQ.exe, Ghjtwqbcjcy.csCryptographic APIs: 'TransformFinalBlock'
                      Source: ParamName.exe.0.dr, Ghjtwqbcjcy.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@8/6@1/1
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: NULL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: \Sessions\1\BaseNamedObjects\Mutextempo
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs"
                      Source: IoIB9gQ6OQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: IoIB9gQ6OQ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: IoIB9gQ6OQ.exeReversingLabs: Detection: 73%
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile read: C:\Users\user\Desktop\IoIB9gQ6OQ.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\IoIB9gQ6OQ.exe "C:\Users\user\Desktop\IoIB9gQ6OQ.exe"
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ParamName.exe "C:\Users\user\AppData\Roaming\ParamName.exe"
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ParamName.exe "C:\Users\user\AppData\Roaming\ParamName.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptnet.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: IoIB9gQ6OQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: IoIB9gQ6OQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.0000000003677000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IoIB9gQ6OQ.exe, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.0000000003677000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000036EF000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: IoIB9gQ6OQ.exe, Vdscrwfv.cs.Net Code: Rsmcnwb System.AppDomain.Load(byte[])
                      Source: ParamName.exe.0.dr, Vdscrwfv.cs.Net Code: Rsmcnwb System.AppDomain.Load(byte[])
                      Source: 0.2.IoIB9gQ6OQ.exe.35dd590.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.IoIB9gQ6OQ.exe.35dd590.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.IoIB9gQ6OQ.exe.35dd590.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.IoIB9gQ6OQ.exe.35dd590.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.IoIB9gQ6OQ.exe.35dd590.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.IoIB9gQ6OQ.exe.4fe0000.13.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.IoIB9gQ6OQ.exe.36ef810.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.4e40000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2133928402.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_023A553D push cs; ret 0_2_023A5540
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F3A221 pushfd ; iretd 0_2_04F3A231
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F8C720 push ebp; ret 0_2_04F8C72D
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_04F8EE13 push esi; retf 0_2_04F8EE14
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeCode function: 0_2_051D68F8 pushad ; retf 0_2_051D68FD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D804CF push ecx; retn 0000h2_2_00D804E2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D81A59 push esi; retn 0000h2_2_00D81A5A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D81A62 push esi; retn 0000h2_2_00D81A6A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 2_2_00D89D87 push esp; retn 5500h2_2_00D89D96
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_015C553D push cs; ret 5_2_015C5540
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0591A160 pushad ; iretd 5_2_0591A1F9
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0591A210 pushad ; iretd 5_2_0591A1F9
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0591A230 pushfd ; iretd 5_2_0591A231
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_0596D4BB push esi; retf 5_2_0596D4BC
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05968088 pushad ; retf 5_2_05968089
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05CB50FB push ecx; retf 5_2_05CB510E
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeCode function: 5_2_05CB68F8 pushad ; retf 5_2_05CB68FD
                      Source: IoIB9gQ6OQ.exeStatic PE information: section name: .text entropy: 7.999387408566976
                      Source: ParamName.exe.0.drStatic PE information: section name: .text entropy: 7.999387408566976
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile created: C:\Users\user\AppData\Roaming\ParamName.exeJump to dropped file

                      Boot Survival

                      barindex
                      Yara detected AsyncRAT
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1888, type: MEMORYSTR
                      Drops VBS files to the startup folder
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbsJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbsJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Yara detected AsyncRAT
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1888, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory allocated: 2360000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory allocated: 25B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory allocated: 23F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: D80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 26A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 46A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory allocated: 50B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 3100000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 51A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 648Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 9195Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1576Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6444Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6512Thread sleep count: 648 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6512Thread sleep count: 9195 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: aspnet_compiler.exe, 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: aspnet_compiler.exe, 00000002.00000002.3261508282.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3260803687.0000000000A0B000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3261439202.0000000000A64000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 416000Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 418000Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 727008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 416000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 418000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: F28008Jump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ParamName.exe "C:\Users\user\AppData\Roaming\ParamName.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002704000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesqtOp
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002727000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002704000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3268239980.0000000004E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002727000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesqh
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002727000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002704000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.000000000270B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesq
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002727000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002704000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.000000000270B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\sq
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.00000000026F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesqxMo
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.00000000026F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesqXOo
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002727000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.0000000002704000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.000000000270B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\sq%
                      Source: aspnet_compiler.exe, 00000002.00000002.3262894666.000000000270B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTesqx
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeQueries volume information: C:\Users\user\Desktop\IoIB9gQ6OQ.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeQueries volume information: C:\Users\user\AppData\Roaming\ParamName.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ParamName.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IoIB9gQ6OQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Yara detected AsyncRAT
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: IoIB9gQ6OQ.exe PID: 6500, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ParamName.exe PID: 6756, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1888, type: MEMORYSTR
                      Source: aspnet_compiler.exe, 00000002.00000002.3267589500.0000000004D96000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3268239980.0000000004E76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.406d60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b3320.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.344e4c0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.29fe71c.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ParamName.exe.31b8280.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26b86d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IoIB9gQ6OQ.exe.26bd638.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting                      		Valid Accounts1
                      Windows Management Instrumentation                      		111
                      Scripting                      		212
                      Process Injection                      		1
                      Masquerading                      		OS Credential Dumping221
                      Security Software Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts11
                      Scheduled Task/Job                      		11
                      Scheduled Task/Job                      		11
                      Scheduled Task/Job                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop ProtocolData from Removable Media1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder                      		2
                      Registry Run Keys / Startup Folder                      		31
                      Virtualization/Sandbox Evasion                      		Security Account Manager31
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		212
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture1
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
                      Obfuscated Files or Information                      		Cached Domain Credentials13
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                      Software Packing                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580439 Sample: IoIB9gQ6OQ.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 28 canalinopedro.gotdns.ch 2->28 30 bg.microsoft.map.fastly.net 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 9 other signatures 2->48 8 IoIB9gQ6OQ.exe 5 2->8         started        12 wscript.exe 1 2->12         started        signatures3 process4 file5 22 C:\Users\user\AppData\Roaming\ParamName.exe, PE32 8->22 dropped 24 C:\Users\...\ParamName.exe:Zone.Identifier, ASCII 8->24 dropped 26 C:\Users\user\AppData\...\ParamName.vbs, ASCII 8->26 dropped 50 Drops VBS files to the startup folder 8->50 52 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->52 54 Writes to foreign memory regions 8->54 56 Injects a PE file into a foreign processes 8->56 14 aspnet_compiler.exe 2 8->14         started        58 Windows Scripting host queries suspicious COM object (likely to drop second stage) 12->58 17 ParamName.exe 2 12->17         started        signatures6 process7 dnsIp8 32 canalinopedro.gotdns.ch 176.126.114.68, 1025, 49704 SAARGATE-ASVSENETGmbHDE Ukraine 14->32 34 Antivirus detection for dropped file 17->34 36 Multi AV Scanner detection for dropped file 17->36 38 Machine Learning detection for dropped file 17->38 40 2 other signatures 17->40 20 aspnet_compiler.exe 3 17->20         started        signatures9 process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      IoIB9gQ6OQ.exe74%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
                      IoIB9gQ6OQ.exe100%AviraTR/Dropper.Gen
                      IoIB9gQ6OQ.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\ParamName.exe100%AviraTR/Dropper.Gen
                      C:\Users\user\AppData\Roaming\ParamName.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\ParamName.exe74%ReversingLabsWin32.Ransomware.Generic

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      canalinopedro.gotdns.ch
                      		176.126.114.68
                      		truetrue
                        		unknown
                        bg.microsoft.map.fastly.net
                        		199.232.210.172
                        		truefalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mgravell/protobuf-netIoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netiIoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/14436606/23354IoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/mgravell/protobuf-netJIoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameIoIB9gQ6OQ.exe, 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, ParamName.exe, 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/11564914/23354;IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/2152978/23354IoIB9gQ6OQ.exe, 00000000.00000002.2134311438.0000000004EE0000.00000004.08000000.00040000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.000000000362D000.00000004.00000800.00020000.00000000.sdmp, IoIB9gQ6OQ.exe, 00000000.00000002.2131963617.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        176.126.114.68
                                        		canalinopedro.gotdns.chUkraine
                                        		9063SAARGATE-ASVSENETGmbHDEtrue

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1580439
                                        Start date and time:2024-12-24 15:11:09 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 7m 3s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:IoIB9gQ6OQ.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:82bbc8ed33542833c4876bf83168aacc.exe
                                        Detection:MAL
                                        Classification:mal100.troj.expl.evad.winEXE@8/6@1/1
                                        EGA Information:
                                        • Successful, ratio: 50%
                                        HCA Information:
                                        • Successful, ratio: 89%
                                        • Number of executed functions: 408
                                        • Number of non-executed functions: 33
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                        • Excluded IPs from analysis (whitelisted): 199.232.210.172, 4.175.87.197, 13.107.246.63
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                        • Execution Graph export aborted for target aspnet_compiler.exe, PID 1888 because it is empty
                                        • Execution Graph export aborted for target aspnet_compiler.exe, PID 6504 because it is empty
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: IoIB9gQ6OQ.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        09:12:16API Interceptor1x Sleep call for process: aspnet_compiler.exe modified
                                        15:12:11AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        bg.microsoft.map.fastly.neteCompleted_419z.pdfGet hashmaliciousHTMLPhisherBrowse
                                        • 199.232.214.172
                                        3FG4bsfkEwmxFYY.exeGet hashmaliciousFormBookBrowse
                                        • 199.232.214.172
                                        #U5b89#U88c5#U52a9#U624b1.0.3.exeGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        eCompleted_419z.pdfGet hashmaliciousUnknownBrowse
                                        • 199.232.210.172
                                        Onboard Training Checklist v1.1 - Wyatt Young (1).xlsxGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        94e.exeGet hashmaliciousRemcosBrowse
                                        • 199.232.214.172
                                        https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                        • 199.232.210.172
                                        7q551ugrWe.exeGet hashmaliciousUltraVNCBrowse
                                        • 199.232.210.172
                                        T8xrZb7nBL.exeGet hashmaliciousUltraVNCBrowse
                                        • 199.232.210.172
                                        Olz7TmvkEW.exeGet hashmaliciousUltraVNCBrowse
                                        • 199.232.214.172

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        SAARGATE-ASVSENETGmbHDEnshmpsl.elfGet hashmaliciousMiraiBrowse
                                        • 213.185.75.253
                                        la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                        • 37.230.14.226
                                        main_mips.elfGet hashmaliciousMiraiBrowse
                                        • 213.185.75.214
                                        la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                        • 176.126.79.142
                                        Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                        • 176.126.113.166
                                        Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                        • 176.126.113.166
                                        sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                        • 195.66.5.164
                                        arm6.elfGet hashmaliciousUnknownBrowse
                                        • 185.168.9.126
                                        8LNER6Tma8.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                        • 176.126.114.74
                                        81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        • 176.126.113.11

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                        Download File
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                        Category:dropped
                                        Size (bytes):71954
                                        Entropy (8bit):7.996617769952133
                                        Encrypted:true
                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                        Download File
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):328
                                        Entropy (8bit):3.2539954282295116
                                        Encrypted:false
                                        SSDEEP:6:kKnklL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:lDImsLNkPlE99SNxAhUe/3
                                        MD5:105B969F1F8A121EE4E956D1FEBA4662
                                        SHA1:6DF2E0577A00B2B4B0D79EEADDAA48DB399FCC57
                                        SHA-256:4F90EC1A4149FAA7D1C86413C4E054F62740F87570940F82082C24F78AC11D0E
                                        SHA-512:8A3F342843A80C403301442A28D1AE58185D0D513FD3B8397E878C50215ED0425AA8B435AD3290A0640F09EC6B0FB4BA4BEAB4BD72A35FD72BCEE780B62EFCF6
                                        Malicious:false
                                        Reputation:low
                                        Preview:p...... .........[...V..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log

                                        Download File
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                        File Type:CSV text
                                        Category:dropped
                                        Size (bytes):425
                                        Entropy (8bit):5.353683843266035
                                        Encrypted:false
                                        SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                        MD5:859802284B12C59DDBB85B0AC64C08F0
                                        SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                        SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                        SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs

                                        Download File
                                        Process:C:\Users\user\Desktop\IoIB9gQ6OQ.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):85
                                        Entropy (8bit):4.7606972245210235
                                        Encrypted:false
                                        SSDEEP:3:FER/n0eFHHoUkh4EaKC54EWBdiHHn:FER/lFHI9aZ549rin
                                        MD5:6F58C3BF2AAB0F333727FBACDF176FBD
                                        SHA1:B31CD2D17E26C46DC2C3E187249349DE9B2F62B4
                                        SHA-256:7D84B553D0376FA1FEA96DA5CE4887647A5ED206A3077071294B153D0DA9F1EB
                                        SHA-512:A1BB8DF2420AB94F69CE69C40A41B278A325EE18A229A24891D8DDA0115210234536CC45C9543B0C12BDBEBE194A6D9F68A3BB6C858AB9AC3D43DD00E831B512
                                        Malicious:true
                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\ParamName.exe"""

                                        C:\Users\user\AppData\Roaming\ParamName.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\IoIB9gQ6OQ.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):956928
                                        Entropy (8bit):7.997932045417076
                                        Encrypted:true
                                        SSDEEP:24576:JCTlk6vdiGrxBoXD4aM3fmM4sVK/hgyxGA:kedmBoXD4NPlVVK/uyxv
                                        MD5:82BBC8ED33542833C4876BF83168AACC
                                        SHA1:5808179691279740B9EB8ADB80C128D4EAC63982
                                        SHA-256:6DD49051E89930B88DF26F0114262A5C8DAF4B6AEA23DD4CB83EDE30A96693BD
                                        SHA-512:DE12C6AA77DA491447C4C0BDDB5A003B9EABD981272B8771B3EA2727BA748446F18C3F0D4E9FA8EF51466E790470B37ED386A826EDD76D9F25419597850A4D66
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 74%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....pdg................................. ........@.. ....................................`....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......p...\............!...|...........................................(....*..(....*.~....:....r...p.....(....o....s.........~....*.~....*.......*j(....r;..p~....o....t....*V.rQ..p .......o....&*j(....(....re..po....(....*2(.....o....*...0..g.........8.....(..........&......,.s......r...p(....o.....r...p(....o.....o .......io!..........9.....o".....*...................".6X.......|.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, Pu

                                        C:\Users\user\AppData\Roaming\ParamName.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Desktop\IoIB9gQ6OQ.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.997932045417076
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:IoIB9gQ6OQ.exe
                                        File size:956'928 bytes
                                        MD5:82bbc8ed33542833c4876bf83168aacc
                                        SHA1:5808179691279740b9eb8adb80c128d4eac63982
                                        SHA256:6dd49051e89930b88df26f0114262a5c8daf4b6aea23dd4cb83ede30a96693bd
                                        SHA512:de12c6aa77da491447c4c0bddb5a003b9eabd981272b8771b3ea2727ba748446f18c3f0d4e9fa8ef51466e790470b37ed386a826edd76d9f25419597850a4d66
                                        SSDEEP:24576:JCTlk6vdiGrxBoXD4aM3fmM4sVK/hgyxGA:kedmBoXD4NPlVVK/uyxv
                                        TLSH:C6153356FBB1E528F9364DBA039111054BEC5BF4E528DA9D1A88BC295DC30FC3B2C987
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....pdg................................. ........@.. ....................................`................................

                                        File Icon

                                        Icon Hash:00928e8e8686b000

                                        Static PE Info

                                        General

                                        Entrypoint:0x4eac1e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x67647014 [Thu Dec 19 19:12:20 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xeabcc0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xec0000x692.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xe9a000x0.text
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xe8c240xe8e00db144f89ea8ed23ec8662aaf709a5cbdFalse0.9984410644793345data7.999387408566976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xec0000x6920x8005f52eb49245e1221b8bf39fcc9128b36False0.33837890625data3.6464128649347938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xee0000xc0x20057e6a21beec3817279ef8112b48c93daFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0xec0a00x406data0.3737864077669903
                                        RT_MANIFEST0xec4a80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-12-24T15:12:14.899190+01002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)1176.126.114.681025192.168.2.549704TCP
                                        2024-12-24T15:12:14.899190+01002030673ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)1176.126.114.681025192.168.2.549704TCP
                                        2024-12-24T15:12:14.899190+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1176.126.114.681025192.168.2.549704TCP
                                        2024-12-24T15:12:14.899190+01002035607ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)1176.126.114.681025192.168.2.549704TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 24, 2024 15:12:13.228244066 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:13.347733974 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:13.347829103 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:13.373442888 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:13.493005037 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:14.773936987 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:14.773983002 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:14.774034023 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:14.779459953 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:14.899189949 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:15.253257990 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:15.297918081 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:17.791582108 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:17.911175013 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:17.911235094 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:18.030817032 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:32.400274038 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:32.519830942 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:32.519897938 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:32.639468908 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:33.084182978 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:33.133572102 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:33.296036005 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:33.302097082 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:33.421576023 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:33.421631098 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:33.542237997 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:39.882457018 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:39.930478096 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:40.097496986 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:40.149224043 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:47.009658098 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:47.129172087 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:47.129224062 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:47.248820066 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:47.692214012 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:47.742980003 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:47.909516096 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:47.911150932 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:48.030719995 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:12:48.030849934 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:12:48.150579929 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:01.648822069 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:01.768415928 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:01.768497944 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:01.888160944 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:02.332501888 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:02.375515938 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:02.530625105 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:02.533607960 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:02.653285980 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:02.653362036 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:02.772934914 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:09.881548882 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:09.930522919 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:10.096936941 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:10.149276018 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:16.243653059 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:16.364247084 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:16.364433050 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:16.484755993 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:16.930919886 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:16.977605104 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:17.154978037 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:17.156770945 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:17.279198885 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:17.279278994 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:17.398910046 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:30.852929115 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:30.972425938 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:30.972503901 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:31.092046022 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:31.534240961 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:31.586826086 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:31.734092951 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:31.735536098 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:31.855180025 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:31.855247021 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:31.975002050 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:39.880162001 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:39.930565119 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:40.078218937 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:40.133686066 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:45.503756046 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:45.623296976 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:45.623353004 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:45.744218111 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:46.177814960 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:46.227552891 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:46.375097990 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:46.376657009 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:46.496207952 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:13:46.496289968 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:13:46.615808010 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:00.104336023 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:00.224189043 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:00.224378109 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:00.343961000 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:00.784213066 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:00.836848021 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:00.985404015 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:00.987185001 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:01.106817007 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:01.106914043 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:01.231369972 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:03.071607113 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:03.191430092 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:03.192008018 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:03.311649084 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:03.754281044 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:03.805592060 CET497041025192.168.2.5176.126.114.68
                                        Dec 24, 2024 15:14:03.953731060 CET102549704176.126.114.68192.168.2.5
                                        Dec 24, 2024 15:14:04.008719921 CET497041025192.168.2.5176.126.114.68

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 24, 2024 15:12:12.890636921 CET4960553192.168.2.51.1.1.1
                                        Dec 24, 2024 15:12:13.225164890 CET53496051.1.1.1192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Dec 24, 2024 15:12:12.890636921 CET192.168.2.51.1.1.10x9857Standard query (0)canalinopedro.gotdns.chA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Dec 24, 2024 15:12:13.225164890 CET1.1.1.1192.168.2.50x9857No error (0)canalinopedro.gotdns.ch176.126.114.68A (IP address)IN (0x0001)false
                                        Dec 24, 2024 15:12:14.903158903 CET1.1.1.1192.168.2.50xbaa2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                        Dec 24, 2024 15:12:14.903158903 CET1.1.1.1192.168.2.50xbaa2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:09:11:56
                                        Start date:24/12/2024
                                        Path:C:\Users\user\Desktop\IoIB9gQ6OQ.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\IoIB9gQ6OQ.exe"
                                        Imagebase:0x160000
                                        File size:956'928 bytes
                                        MD5 hash:82BBC8ED33542833C4876BF83168AACC
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2133928402.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2126188493.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2126188493.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:09:12:07
                                        Start date:24/12/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                        Imagebase:0x440000
                                        File size:56'368 bytes
                                        MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000002.00000002.3262894666.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:false

                                        General

                                        Target ID:4
                                        Start time:09:12:19
                                        Start date:24/12/2024
                                        Path:C:\Windows\System32\wscript.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ParamName.vbs"
                                        Imagebase:0x7ff7f3c10000
                                        File size:170'496 bytes
                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:5
                                        Start time:09:12:20
                                        Start date:24/12/2024
                                        Path:C:\Users\user\AppData\Roaming\ParamName.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\ParamName.exe"
                                        Imagebase:0xc40000
                                        File size:956'928 bytes
                                        MD5 hash:82BBC8ED33542833C4876BF83168AACC
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000002.2365988878.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000002.2365988878.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 74%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:09:12:31
                                        Start date:24/12/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                        Imagebase:0xd80000
                                        File size:56'368 bytes
                                        MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.2406374929.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:9.3%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:8%
                                          Total number of Nodes:199
                                          Total number of Limit Nodes:9
                                          execution_graph 56355 4f87c58 56356 4f87c6d 56355->56356 56357 4f87c83 56356->56357 56359 4f87d0b 56356->56359 56360 4f87d15 56359->56360 56364 4f89610 56360->56364 56368 4f89600 56360->56368 56361 4f87cf5 56365 4f89625 56364->56365 56372 4f89934 56365->56372 56369 4f89611 56368->56369 56371 4f89934 5 API calls 56369->56371 56370 4f89647 56370->56361 56371->56370 56373 4f8994c 56372->56373 56377 4f89ee8 56373->56377 56391 4f89ed8 56373->56391 56374 4f89647 56374->56361 56378 4f89efd 56377->56378 56405 4f8b53b 56378->56405 56409 4f8b36a 56378->56409 56413 4f8adea 56378->56413 56418 4f8a7a9 56378->56418 56422 4f8b438 56378->56422 56427 4f8b225 56378->56427 56431 4f8ae9f 56378->56431 56435 4f8ab9d 56378->56435 56439 4f8aa7d 56378->56439 56443 4f8acac 56378->56443 56447 4f8ab2b 56378->56447 56379 4f89f1f 56379->56374 56392 4f89efd 56391->56392 56394 4f8b438 CreateProcessA 56392->56394 56395 4f8a7a9 NtResumeThread 56392->56395 56396 4f8adea NtResumeThread 56392->56396 56397 4f8b36a WriteProcessMemory 56392->56397 56398 4f8b53b WriteProcessMemory 56392->56398 56399 4f8ab2b Wow64SetThreadContext 56392->56399 56400 4f8acac Wow64SetThreadContext 56392->56400 56401 4f8aa7d VirtualAllocEx 56392->56401 56402 4f8ab9d WriteProcessMemory 56392->56402 56403 4f8ae9f VirtualAllocEx 56392->56403 56404 4f8b225 VirtualAllocEx 56392->56404 56393 4f89f1f 56393->56374 56394->56393 56395->56393 56396->56393 56397->56393 56398->56393 56399->56393 56400->56393 56401->56393 56402->56393 56403->56393 56404->56393 56406 4f8b54a 56405->56406 56451 50333d0 56406->56451 56410 4f8b379 56409->56410 56412 50333d0 WriteProcessMemory 56410->56412 56411 4f8a45f 56412->56411 56415 4f8a45f 56413->56415 56416 4f8a7a9 56413->56416 56414 4f8ae6d 56416->56414 56455 5033ab8 56416->56455 56419 4f8a7b3 56418->56419 56421 5033ab8 NtResumeThread 56419->56421 56420 4f8a45f 56421->56420 56423 4f8b450 56422->56423 56459 4f8bbb8 56423->56459 56465 4f8bba8 56423->56465 56424 4f8a45f 56428 4f8a45f 56427->56428 56429 4f8ae9f 56427->56429 56487 50330d0 56429->56487 56432 4f8aea9 56431->56432 56434 50330d0 VirtualAllocEx 56432->56434 56433 4f8a45f 56434->56433 56436 4f8ab9f 56435->56436 56438 50333d0 WriteProcessMemory 56436->56438 56437 4f8a45f 56437->56379 56438->56437 56440 4f8aa99 56439->56440 56441 4f8a45f 56440->56441 56442 50330d0 VirtualAllocEx 56440->56442 56442->56441 56444 4f8acb4 56443->56444 56491 5032a30 56444->56491 56448 4f8ab3a 56447->56448 56450 5032a30 Wow64SetThreadContext 56448->56450 56449 4f8ab66 56450->56449 56452 503341c WriteProcessMemory 56451->56452 56454 4f8aa64 56452->56454 56454->56379 56456 5033b01 NtResumeThread 56455->56456 56458 5033b58 56456->56458 56458->56415 56460 4f8bbcf 56459->56460 56461 4f8bbf1 56460->56461 56471 4f8bd2e 56460->56471 56475 4f8be5c 56460->56475 56479 4f8bdaa 56460->56479 56461->56424 56466 4f8bbcf 56465->56466 56467 4f8bdaa CreateProcessA 56466->56467 56468 4f8be5c CreateProcessA 56466->56468 56469 4f8bd2e CreateProcessA 56466->56469 56470 4f8bbf1 56466->56470 56467->56470 56468->56470 56469->56470 56470->56424 56472 4f8bd3d 56471->56472 56483 5032180 56472->56483 56476 4f8bde4 56475->56476 56478 5032180 CreateProcessA 56476->56478 56477 4f8c608 56478->56477 56480 4f8bdcf 56479->56480 56482 5032180 CreateProcessA 56480->56482 56481 4f8c608 56481->56481 56482->56481 56486 5032200 CreateProcessA 56483->56486 56485 50323fc 56486->56485 56488 5033114 VirtualAllocEx 56487->56488 56490 503318c 56488->56490 56490->56428 56492 5032a79 Wow64SetThreadContext 56491->56492 56494 4f8aceb 56492->56494 56495 23a0bd8 56496 23a0bf5 56495->56496 56497 23a0c05 56496->56497 56500 23a530b 56496->56500 56504 23a7f02 56496->56504 56501 23a532a 56500->56501 56508 23af048 56501->56508 56516 4b90588 56504->56516 56520 4b9057a 56504->56520 56505 23a1851 56510 23af06f 56508->56510 56512 23af548 56510->56512 56513 23af591 VirtualProtect 56512->56513 56515 23a5351 56513->56515 56517 4b9059d 56516->56517 56525 4b905ca 56517->56525 56521 4b90508 56520->56521 56522 4b90587 56520->56522 56521->56505 56524 4b905ca 3 API calls 56522->56524 56523 4b905b5 56523->56505 56524->56523 56526 4b905d2 56525->56526 56531 4b906d9 56526->56531 56535 4b906e0 56526->56535 56539 4b907e8 56526->56539 56527 4b905b5 56527->56505 56532 4b90724 VirtualAlloc 56531->56532 56534 4b90791 56532->56534 56534->56527 56536 4b90724 VirtualAlloc 56535->56536 56538 4b90791 56536->56538 56538->56527 56540 4b90778 VirtualAlloc 56539->56540 56542 4b907f7 56539->56542 56541 4b90791 56540->56541 56541->56527 56542->56527 56328 50315d0 56329 503161f NtProtectVirtualMemory 56328->56329 56331 5031697 56329->56331 56297 4edeb28 56298 4edeb4a 56297->56298 56301 4f6c068 56298->56301 56307 4f6c058 56298->56307 56302 4f6c07d 56301->56302 56313 4f6c314 56302->56313 56318 4f6c098 56302->56318 56323 4f6c0a8 56302->56323 56303 4f6c093 56303->56298 56308 4f6c07d 56307->56308 56310 4f6c314 2 API calls 56308->56310 56311 4f6c0a8 2 API calls 56308->56311 56312 4f6c098 2 API calls 56308->56312 56309 4f6c093 56309->56298 56310->56309 56311->56309 56312->56309 56315 4f6c31a 56313->56315 56314 4f6c201 56314->56303 56315->56314 56316 4f6ced0 VirtualProtect 56315->56316 56317 4f6ced8 VirtualProtect 56315->56317 56316->56315 56317->56315 56320 4f6c0d2 56318->56320 56319 4f6c201 56319->56303 56320->56319 56321 4f6ced0 VirtualProtect 56320->56321 56322 4f6ced8 VirtualProtect 56320->56322 56321->56320 56322->56320 56325 4f6c0d2 56323->56325 56324 4f6c201 56324->56303 56325->56324 56326 4f6ced0 VirtualProtect 56325->56326 56327 4f6ced8 VirtualProtect 56325->56327 56326->56325 56327->56325 56543 4f816d0 56544 4f816e5 56543->56544 56545 4f816fb 56544->56545 56548 4f83e5a 56544->56548 56554 4f82922 56544->56554 56549 4f83e64 56548->56549 56550 4f82921 56548->56550 56559 4f87068 56550->56559 56563 4f8705e 56550->56563 56555 4f82931 56554->56555 56557 4f87068 CopyFileA 56555->56557 56558 4f8705e CopyFileA 56555->56558 56556 4f829b2 56557->56556 56558->56556 56561 4f870c4 CopyFileA 56559->56561 56562 4f871f5 56561->56562 56564 4f870c4 CopyFileA 56563->56564 56566 4f871f5 56564->56566 56332 4f67ee8 56333 4f67efd 56332->56333 56337 4f68321 56333->56337 56342 4f68330 56333->56342 56334 4f67f13 56339 4f6835a 56337->56339 56338 4f683c0 56338->56334 56339->56338 56347 4f6bd90 56339->56347 56351 4f6bd89 56339->56351 56344 4f6835a 56342->56344 56343 4f683c0 56343->56334 56344->56343 56345 4f6bd90 SleepEx 56344->56345 56346 4f6bd89 SleepEx 56344->56346 56345->56344 56346->56344 56348 4f6bdd4 SleepEx 56347->56348 56350 4f6be34 56348->56350 56350->56339 56352 4f6bdd4 SleepEx 56351->56352 56354 4f6be34 56352->56354 56354->56339

                                          Executed Functions

                                          Function 04F33471 Relevance: 16.1, Strings: 12, Instructions: 1133COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq$4$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                                          • API String ID: 0-142878317
                                          • Opcode ID: d84c78f217da41af3962cbf9bbe2e5390b822bd45ca5888790a963181c84331d
                                          • Instruction ID: f6b2539f9448d49f5e85c81222441ad216bbbb120c5f2e0103b3b65b22778b17
                                          • Opcode Fuzzy Hash: d84c78f217da41af3962cbf9bbe2e5390b822bd45ca5888790a963181c84331d
                                          • Instruction Fuzzy Hash: 99B20774A00218CFDB14DFA4C994BADB7B6FB88301F158599E905AB3A5DB70EC86CF50
                                          Function 04F337A7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq$4$$sq$$sq$$sq$$sq
                                          • API String ID: 0-3730739033
                                          • Opcode ID: de65b12e44de289c420376a507d712a8f4304b588cea286a4665ac0f2bf9bc83
                                          • Instruction ID: 3e6894629b81f410c6ab2d16c5092811c0e28b944241006be75f8c587fd06fcc
                                          • Opcode Fuzzy Hash: de65b12e44de289c420376a507d712a8f4304b588cea286a4665ac0f2bf9bc83
                                          • Instruction Fuzzy Hash: A322E934A00219CFDB24DFA4C994BADB7B2FF48305F148195D909AB3A5DB31AD86CF50
                                          Function 04B94178 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 724 4b94178-4b94199 725 4b9419b 724->725 726 4b941a0-4b94287 724->726 725->726 728 4b94989-4b949b1 726->728 729 4b9428d-4b943ce 726->729 732 4b950b7-4b950c0 728->732 773 4b94952-4b9497c 729->773 774 4b943d4-4b9442f 729->774 733 4b949bf-4b949c9 732->733 734 4b950c6-4b950dd 732->734 736 4b949cb 733->736 737 4b949d0-4b94ac4 733->737 736->737 755 4b94aee 737->755 756 4b94ac6-4b94ad2 737->756 760 4b94af4-4b94b14 755->760 758 4b94adc-4b94ae2 756->758 759 4b94ad4-4b94ada 756->759 762 4b94aec 758->762 759->762 765 4b94b74-4b94bf4 760->765 766 4b94b16-4b94b6f 760->766 762->760 787 4b94c4b-4b94c8e 765->787 788 4b94bf6-4b94c49 765->788 777 4b950b4 766->777 784 4b9497e 773->784 785 4b94986 773->785 781 4b94431 774->781 782 4b94434-4b9443f 774->782 777->732 781->782 786 4b94867-4b9486d 782->786 784->785 785->728 789 4b94873-4b948ef 786->789 790 4b94444-4b94462 786->790 815 4b94c99-4b94ca2 787->815 788->815 831 4b9493c-4b94942 789->831 792 4b944b9-4b944ce 790->792 793 4b94464-4b94468 790->793 796 4b944d0 792->796 797 4b944d5-4b944eb 792->797 793->792 798 4b9446a-4b94475 793->798 796->797 801 4b944ed 797->801 802 4b944f2-4b94509 797->802 803 4b944ab-4b944b1 798->803 801->802 807 4b9450b 802->807 808 4b94510-4b94526 802->808 805 4b944b3-4b944b4 803->805 806 4b94477-4b9447b 803->806 814 4b94537-4b945a2 805->814 809 4b9447d 806->809 810 4b94481-4b94499 806->810 807->808 811 4b94528 808->811 812 4b9452d-4b94534 808->812 809->810 816 4b9449b 810->816 817 4b944a0-4b944a8 810->817 811->812 812->814 818 4b945a4-4b945b0 814->818 819 4b945b6-4b9476b 814->819 821 4b94d02-4b94d11 815->821 816->817 817->803 818->819 829 4b9476d-4b94771 819->829 830 4b947cf-4b947e4 819->830 822 4b94d13-4b94d9b 821->822 823 4b94ca4-4b94ccc 821->823 859 4b94f14-4b94f20 822->859 826 4b94cce 823->826 827 4b94cd3-4b94cfc 823->827 826->827 827->821 829->830 837 4b94773-4b94782 829->837 835 4b947eb-4b9480c 830->835 836 4b947e6 830->836 833 4b948f1-4b94939 831->833 834 4b94944-4b9494a 831->834 833->831 834->773 838 4b9480e 835->838 839 4b94813-4b94832 835->839 836->835 841 4b947c1-4b947c7 837->841 838->839 845 4b94839-4b94859 839->845 846 4b94834 839->846 843 4b947c9-4b947ca 841->843 844 4b94784-4b94788 841->844 848 4b94864 843->848 850 4b9478a-4b9478e 844->850 851 4b94792-4b947b3 844->851 852 4b9485b 845->852 853 4b94860 845->853 846->845 848->786 850->851 854 4b947ba-4b947be 851->854 855 4b947b5 851->855 852->853 853->848 854->841 855->854 860 4b94da0-4b94da9 859->860 861 4b94f26-4b94f81 859->861 862 4b94dab 860->862 863 4b94db2-4b94f08 860->863 876 4b94fb8-4b94fe2 861->876 877 4b94f83-4b94fb6 861->877 862->863 866 4b94db8-4b94df8 862->866 867 4b94dfd-4b94e3d 862->867 868 4b94e42-4b94e82 862->868 869 4b94e87-4b94ec7 862->869 880 4b94f0e 863->880 866->880 867->880 868->880 869->880 885 4b94feb-4b9507e 876->885 877->885 880->859 889 4b95085-4b950a5 885->889 889->777
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJxq$Tesq$pwq$xbvq
                                          • API String ID: 0-2278277230
                                          • Opcode ID: 2a28af5e6e87f621b91e92529af66e8194a98a7ed27a9f864126c09f8650be16
                                          • Instruction ID: b4066cb06da5bd9f2d6bd06f58b2999f689f0e1cfa962f64ce8838a0138c0ebd
                                          • Opcode Fuzzy Hash: 2a28af5e6e87f621b91e92529af66e8194a98a7ed27a9f864126c09f8650be16
                                          • Instruction Fuzzy Hash: 76A2D975A04618CFDB64CF69C984A99BBF2FF89304F1581E9D509AB361DB31AE81CF40
                                          Function 04ED77A0 Relevance: 4.0, Strings: 3, Instructions: 228COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1666 4ed77a0-4ed77d8 1667 4ed77df-4ed7812 1666->1667 1668 4ed77da 1666->1668 1671 4ed7815-4ed781b 1667->1671 1668->1667 1672 4ed781d 1671->1672 1673 4ed7824-4ed7825 1671->1673 1674 4ed782a-4ed7832 1672->1674 1675 4ed7a54-4ed7a74 1672->1675 1676 4ed792c-4ed792f 1672->1676 1677 4ed7a48 1672->1677 1678 4ed784b-4ed788c 1672->1678 1679 4ed7a45-4ed7a46 1672->1679 1680 4ed78e7-4ed7910 1672->1680 1681 4ed79c1 1672->1681 1682 4ed791c-4ed792a 1672->1682 1683 4ed795c-4ed7976 1672->1683 1684 4ed7abf-4ed7b04 1672->1684 1685 4ed7a7f-4ed7aac 1672->1685 1686 4ed7a1b-4ed7a3b 1672->1686 1687 4ed7994-4ed7995 1672->1687 1688 4ed7997-4ed79b7 1672->1688 1673->1674 1673->1675 1695 4ed7838-4ed7849 1674->1695 1692 4ed7938-4ed794f 1676->1692 1677->1675 1717 4ed788e-4ed7894 1678->1717 1718 4ed7896-4ed789b 1678->1718 1679->1677 1689 4ed78d5-4ed78db 1680->1689 1704 4ed7912-4ed791a 1680->1704 1698 4ed7a09-4ed7a0f 1681->1698 1682->1689 1683->1688 1694 4ed7978-4ed7980 1683->1694 1684->1675 1716 4ed7b0a-4ed7b12 1684->1716 1685->1671 1705 4ed7ab2-4ed7aba 1685->1705 1686->1698 1711 4ed7a3d-4ed7a43 1686->1711 1687->1681 1707 4ed7982-4ed7988 1688->1707 1708 4ed79b9-4ed79bf 1688->1708 1700 4ed78dd 1689->1700 1701 4ed78e4-4ed78e5 1689->1701 1692->1689 1706 4ed7951-4ed7957 1692->1706 1694->1707 1695->1671 1709 4ed7a18-4ed7a19 1698->1709 1710 4ed7a11 1698->1710 1700->1676 1700->1677 1700->1679 1700->1680 1700->1681 1700->1682 1700->1683 1700->1686 1700->1687 1700->1688 1701->1680 1704->1689 1705->1671 1706->1689 1713 4ed798a 1707->1713 1714 4ed7991-4ed7992 1707->1714 1708->1707 1709->1677 1709->1686 1710->1677 1710->1679 1710->1686 1711->1698 1713->1677 1713->1679 1713->1681 1713->1686 1713->1687 1713->1688 1714->1681 1714->1687 1716->1671 1717->1718 1719 4ed789d-4ed789e 1718->1719 1720 4ed78a0-4ed78d2 1718->1720 1719->1720 1720->1689
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq$U$d
                                          • API String ID: 0-3671353298
                                          • Opcode ID: eb765f146416ddb41472ae4358fc74a6f99fb04a464b8d05d5716df7fc882d60
                                          • Instruction ID: 14f4d3edf972c3759e733a1f695b7b0a5fef159fc8087d546d80baceb4c713d9
                                          • Opcode Fuzzy Hash: eb765f146416ddb41472ae4358fc74a6f99fb04a464b8d05d5716df7fc882d60
                                          • Instruction Fuzzy Hash: D3A1D774E05218CFDB54CFA9D584BDDBBF2BF89304F20A469D409AB255EB74A986CF00
                                          Function 04B966EF Relevance: 3.9, Strings: 2, Instructions: 1362COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1798 4b966ef-4b966f9 1799 4b966fb-4b96746 1798->1799 1800 4b966ce-4b966e8 1798->1800 1801 4b96748 1799->1801 1802 4b9674d-4b9686f 1799->1802 1800->1798 1801->1802 1806 4b96871-4b9687d 1802->1806 1807 4b96893-4b9689f 1802->1807 1812 4b96887 1806->1812 1808 4b968a1 1807->1808 1809 4b968a6-4b968ab 1807->1809 1808->1809 1810 4b968ad-4b968b9 1809->1810 1811 4b968e3-4b9692c 1809->1811 1813 4b968bb 1810->1813 1814 4b968c0-4b968de 1810->1814 1821 4b9692e 1811->1821 1822 4b96933-4b96bf8 1811->1822 2084 4b9688d call 4b99299 1812->2084 2085 4b9688d call 4b992a8 1812->2085 1813->1814 1815 4b98047-4b9804d 1814->1815 1817 4b98078 1815->1817 1818 4b9804f-4b9806f 1815->1818 1818->1817 1821->1822 1847 4b97628-4b97634 1822->1847 1848 4b9763a-4b97672 1847->1848 1849 4b96bfd-4b96c09 1847->1849 1857 4b9774c-4b97752 1848->1857 1850 4b96c0b 1849->1850 1851 4b96c10-4b96d35 1849->1851 1850->1851 1886 4b96d75-4b96dfe 1851->1886 1887 4b96d37-4b96d6f 1851->1887 1859 4b97758-4b97790 1857->1859 1860 4b97677-4b976f4 1857->1860 1870 4b97aee-4b97af4 1859->1870 1876 4b97727-4b97749 1860->1876 1877 4b976f6-4b976fa 1860->1877 1872 4b97afa-4b97b42 1870->1872 1873 4b97795-4b97997 1870->1873 1883 4b97bbd-4b97bc9 1872->1883 1884 4b97b44-4b97bb7 1872->1884 1967 4b9799d-4b97a31 1873->1967 1968 4b97a36-4b97a3a 1873->1968 1876->1857 1877->1876 1878 4b976fc-4b97724 1877->1878 1878->1876 1888 4b97bd0-4b97c08 1883->1888 1884->1883 1912 4b96e0d-4b96e91 1886->1912 1913 4b96e00-4b96e08 1886->1913 1887->1886 1906 4b98011-4b98017 1888->1906 1908 4b97c0d-4b97c8f 1906->1908 1909 4b9801d-4b98045 1906->1909 1927 4b97c91-4b97cac 1908->1927 1928 4b97cb7-4b97cc3 1908->1928 1909->1815 1948 4b96ea0-4b96f24 1912->1948 1949 4b96e93-4b96e9b 1912->1949 1916 4b97619-4b97625 1913->1916 1916->1847 1927->1928 1929 4b97cca-4b97cd6 1928->1929 1930 4b97cc5 1928->1930 1934 4b97ce9-4b97cf8 1929->1934 1935 4b97cd8-4b97ce4 1929->1935 1930->1929 1937 4b97cfa 1934->1937 1938 4b97d01-4b97fd9 1934->1938 1936 4b97ff8-4b9800e 1935->1936 1936->1906 1937->1938 1940 4b97ece-4b97f36 1937->1940 1941 4b97e60-4b97ec9 1937->1941 1942 4b97df2-4b97e5b 1937->1942 1943 4b97d75-4b97ded 1937->1943 1944 4b97d07-4b97d70 1937->1944 1971 4b97fe4-4b97ff0 1938->1971 1978 4b97faa-4b97fb0 1940->1978 1941->1971 1942->1971 1943->1971 1944->1971 1992 4b96f33-4b96fb7 1948->1992 1993 4b96f26-4b96f2e 1948->1993 1949->1916 1990 4b97ad5-4b97aeb 1967->1990 1974 4b97a3c-4b97a95 1968->1974 1975 4b97a97-4b97ad4 1968->1975 1971->1936 1974->1990 1975->1990 1983 4b97f38-4b97f96 1978->1983 1984 4b97fb2-4b97fbc 1978->1984 1997 4b97f98 1983->1997 1998 4b97f9d-4b97fa7 1983->1998 1984->1971 1990->1870 2005 4b96fb9-4b96fc1 1992->2005 2006 4b96fc6-4b9704a 1992->2006 1993->1916 1997->1998 1998->1978 2005->1916 2012 4b97059-4b970dd 2006->2012 2013 4b9704c-4b97054 2006->2013 2019 4b970ec-4b97170 2012->2019 2020 4b970df-4b970e7 2012->2020 2013->1916 2026 4b9717f-4b97203 2019->2026 2027 4b97172-4b9717a 2019->2027 2020->1916 2033 4b97212-4b97296 2026->2033 2034 4b97205-4b9720d 2026->2034 2027->1916 2040 4b97298-4b972a0 2033->2040 2041 4b972a5-4b97329 2033->2041 2034->1916 2040->1916 2047 4b97338-4b973bc 2041->2047 2048 4b9732b-4b97333 2041->2048 2054 4b973cb-4b9744f 2047->2054 2055 4b973be-4b973c6 2047->2055 2048->1916 2061 4b9745e-4b974e2 2054->2061 2062 4b97451-4b97459 2054->2062 2055->1916 2068 4b974f1-4b97575 2061->2068 2069 4b974e4-4b974ec 2061->2069 2062->1916 2075 4b97584-4b97608 2068->2075 2076 4b97577-4b9757f 2068->2076 2069->1916 2082 4b9760a-4b97612 2075->2082 2083 4b97614-4b97616 2075->2083 2076->1916 2082->1916 2083->1916 2084->1807 2085->1807
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$$sq
                                          • API String ID: 0-535933840
                                          • Opcode ID: 9d60a77319d70b89f57922a72c63cb5d820635d1c5f620788dd969683d8508e0
                                          • Instruction ID: eece6c7c328bcb123dd740ea86b00bc7b4c3642a40b45375972ec39f690632a1
                                          • Opcode Fuzzy Hash: 9d60a77319d70b89f57922a72c63cb5d820635d1c5f620788dd969683d8508e0
                                          • Instruction Fuzzy Hash: C1E2A274A056288FCB64DF68DC84A9ABBF5FF89301F1081E9D509A7395EB309E85CF41
                                          Function 04F8DD90 Relevance: 3.1, Strings: 2, Instructions: 616COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2102 4f8dd90-4f8ddb1 2103 4f8ddb8-4f8de8b call 4f8e8e2 2102->2103 2104 4f8ddb3 2102->2104 2111 4f8de9a 2103->2111 2112 4f8de8d-4f8de98 2103->2112 2104->2103 2113 4f8dea4-4f8dfbf 2111->2113 2112->2113 2124 4f8dfd1-4f8dffc 2113->2124 2125 4f8dfc1-4f8dfc7 2113->2125 2126 4f8e7c3-4f8e7df 2124->2126 2125->2124 2127 4f8e001-4f8e030 2126->2127 2128 4f8e7e5-4f8e800 2126->2128 2131 4f8e03a-4f8e164 call 4f8c808 2127->2131 2139 4f8e176-4f8e306 call 4f89d90 call 4f86878 2131->2139 2140 4f8e166-4f8e16c 2131->2140 2152 4f8e308-4f8e30c 2139->2152 2153 4f8e36b-4f8e375 2139->2153 2140->2139 2154 4f8e30e-4f8e30f 2152->2154 2155 4f8e314-4f8e366 2152->2155 2156 4f8e59c-4f8e5bb 2153->2156 2157 4f8e641-4f8e6ac 2154->2157 2155->2157 2158 4f8e37a-4f8e4c0 call 4f8c808 2156->2158 2159 4f8e5c1-4f8e5eb 2156->2159 2176 4f8e6be-4f8e709 2157->2176 2177 4f8e6ae-4f8e6b4 2157->2177 2188 4f8e595-4f8e596 2158->2188 2189 4f8e4c6-4f8e592 call 4f8c808 2158->2189 2165 4f8e5ed-4f8e63b 2159->2165 2166 4f8e63e-4f8e63f 2159->2166 2165->2166 2166->2157 2179 4f8e7a8-4f8e7c0 2176->2179 2180 4f8e70f-4f8e7a7 2176->2180 2177->2176 2179->2126 2180->2179 2188->2156 2189->2188
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fxq$8
                                          • API String ID: 0-2186212692
                                          • Opcode ID: 1914e7c6f2c10797ebca3db034f00f2fd3d54093a5c41ed0352061d90e69576e
                                          • Instruction ID: 5007d7295b08d4817f6e5f33ecbc983ac03b92126cb0b5ebf3791b6a92365e81
                                          • Opcode Fuzzy Hash: 1914e7c6f2c10797ebca3db034f00f2fd3d54093a5c41ed0352061d90e69576e
                                          • Instruction Fuzzy Hash: 6552D675E006298FDB64DF68C850AD9B7B5FF89300F1482AAD909B7354EB30AE85CF50
                                          Function 04F36E08 Relevance: 3.1, Strings: 2, Instructions: 557COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2197 4f36e08-4f36e22 2198 4f36e24-4f36e2b 2197->2198 2199 4f36e2e-4f36e3a 2197->2199 2201 4f36e96-4f36e99 2199->2201 2202 4f36e3c-4f36e49 2199->2202 2203 4f36e9b-4f36e9d 2201->2203 2204 4f36eac-4f36eaf 2201->2204 2211 4f37067-4f3709f 2202->2211 2212 4f36e4f-4f36e7f 2202->2212 2210 4f36ea5 2203->2210 2205 4f36eb1-4f36ecf 2204->2205 2206 4f36ed5-4f36ed8 2204->2206 2205->2206 2216 4f370a6-4f370f1 2205->2216 2208 4f36ede-4f36ee4 2206->2208 2209 4f3705d-4f37064 2206->2209 2208->2209 2214 4f36eea-4f36ef3 2208->2214 2210->2204 2211->2216 2239 4f36e81-4f36e8a 2212->2239 2240 4f36e8c-4f36e8f 2212->2240 2221 4f36ef5-4f36f04 2214->2221 2222 4f36f2b-4f36f31 2214->2222 2245 4f370f3-4f37100 2216->2245 2246 4f3712a-4f3712c 2216->2246 2221->2222 2232 4f36f06-4f36f1f 2221->2232 2224 4f36f37-4f36f40 2222->2224 2225 4f3703c-4f37042 2222->2225 2224->2225 2234 4f36f46-4f36f52 2224->2234 2225->2209 2230 4f37044-4f37054 2225->2230 2230->2209 2238 4f37056-4f3705b 2230->2238 2232->2222 2244 4f36f21-4f36f24 2232->2244 2247 4f36ff0-4f37034 2234->2247 2248 4f36f58-4f36f80 2234->2248 2238->2209 2239->2201 2240->2201 2244->2222 2245->2246 2253 4f37102-4f37128 2245->2253 2249 4f37577-4f3757e 2246->2249 2247->2225 2248->2247 2260 4f36f82-4f36fbf 2248->2260 2253->2246 2265 4f37131-4f37165 2253->2265 2260->2247 2272 4f36fc1-4f36fee 2260->2272 2273 4f3716b-4f37174 2265->2273 2274 4f37208-4f37217 2265->2274 2272->2225 2275 4f3717a-4f3718d 2273->2275 2276 4f3757f 2273->2276 2279 4f37256 2274->2279 2280 4f37219-4f3722f 2274->2280 2285 4f371f6-4f37202 2275->2285 2286 4f3718f-4f371a8 2275->2286 2283 4f37582-4f37585 2276->2283 2284 4f37258-4f3725d 2279->2284 2293 4f37231-4f3724d 2280->2293 2294 4f3724f-4f37254 2280->2294 2287 4f37586-4f3758d 2283->2287 2289 4f372a0-4f372bc 2284->2289 2290 4f3725f-4f37280 2284->2290 2285->2273 2285->2274 2286->2285 2304 4f371aa-4f371b8 2286->2304 2287->2283 2292 4f3758f-4f37591 2287->2292 2301 4f372c2-4f372cb 2289->2301 2302 4f37384-4f3738d 2289->2302 2290->2289 2309 4f37282 2290->2309 2292->2287 2296 4f37593-4f37599 2292->2296 2293->2284 2294->2284 2301->2276 2307 4f372d1-4f372ee 2301->2307 2305 4f37393 2302->2305 2306 4f37575 2302->2306 2304->2285 2319 4f371ba-4f371be 2304->2319 2310 4f373a1-4f373af call 4f344b0 2305->2310 2311 4f3739a-4f3739c 2305->2311 2312 4f373fe-4f3740c call 4f344b0 2305->2312 2306->2249 2331 4f37372-4f3737e 2307->2331 2332 4f372f4-4f3730a 2307->2332 2314 4f37285-4f3729e 2309->2314 2325 4f373b1-4f373b9 2310->2325 2326 4f373c7-4f373ce 2310->2326 2311->2249 2321 4f37424-4f3743b call 4f344b0 2312->2321 2322 4f3740e-4f37416 2312->2322 2314->2289 2319->2276 2324 4f371c4-4f371dd 2319->2324 2338 4f37453-4f37466 call 4f344b0 2321->2338 2339 4f3743d-4f37445 2321->2339 2322->2321 2324->2285 2343 4f371df-4f371f3 call 4f332e0 2324->2343 2325->2326 2326->2249 2331->2301 2331->2302 2332->2331 2345 4f3730c-4f3731a 2332->2345 2349 4f37468-4f37470 2338->2349 2350 4f3747e-4f3749b call 4f344b0 2338->2350 2339->2338 2343->2285 2345->2331 2354 4f3731c-4f37320 2345->2354 2349->2350 2361 4f374b3 2350->2361 2362 4f3749d-4f374a5 2350->2362 2354->2276 2357 4f37326-4f3734f 2354->2357 2357->2331 2366 4f37351-4f3736f call 4f332e0 2357->2366 2361->2249 2362->2361 2366->2331
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Plsq$$sq
                                          • API String ID: 0-3423461073
                                          • Opcode ID: 16340101bfaa074740d107fe9914f5159b8e4c5c56631b8a79d33723a431b6d4
                                          • Instruction ID: 5b1d9cc37dbb6b1faf98f90b6864c881a5e22c248511fce2b60bf814cf6b2fb8
                                          • Opcode Fuzzy Hash: 16340101bfaa074740d107fe9914f5159b8e4c5c56631b8a79d33723a431b6d4
                                          • Instruction Fuzzy Hash: 2522F6B4B00204CFDB14EF68C984A6ABBF2FF89715B1584A9E905DB361DB35EC42CB51
                                          Function 04B9EBE0 Relevance: 2.9, Strings: 2, Instructions: 434COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2530 4b9ebe0-4b9ec0b 2531 4b9ec0d 2530->2531 2532 4b9ec12-4b9ec68 2530->2532 2531->2532 2535 4b9ec6a 2532->2535 2536 4b9ec71-4b9ecb5 2532->2536 2535->2536 2540 4b9ecc1-4b9ecc7 2536->2540 2541 4b9ecb7-4b9ecbf 2536->2541 2542 4b9ecc9 2540->2542 2543 4b9ecd0-4b9ecd1 2540->2543 2541->2540 2542->2543 2544 4b9ef39-4b9ef7e 2542->2544 2545 4b9f04a-4b9f09d 2542->2545 2546 4b9ee9f-4b9ef20 2542->2546 2547 4b9ed6e-4b9ee35 2542->2547 2548 4b9ee46-4b9ee8c 2542->2548 2549 4b9ecd6-4b9ed69 2542->2549 2543->2548 2563 4b9ef88-4b9ef8d 2544->2563 2564 4b9ef80-4b9ef86 2544->2564 2565 4b9f038-4b9f03e 2545->2565 2566 4b9f09f-4b9f0a7 2545->2566 2602 4b9ef2c-4b9ef34 2546->2602 2547->2540 2628 4b9ee3b-4b9ee41 2547->2628 2548->2540 2562 4b9ee92-4b9ee9a 2548->2562 2549->2540 2562->2540 2567 4b9ef8f-4b9ef90 2563->2567 2568 4b9ef92-4b9efdd 2563->2568 2564->2563 2570 4b9f040 2565->2570 2571 4b9f047-4b9f048 2565->2571 2566->2565 2567->2568 2618 4b9efdf-4b9efe5 2568->2618 2619 4b9efe7-4b9efec 2568->2619 2570->2545 2570->2571 2574 4b9f139-4b9f17c 2570->2574 2575 4b9f31a 2570->2575 2576 4b9f0df-4b9f0fc 2570->2576 2577 4b9f2be-4b9f2bf 2570->2577 2578 4b9f1f5-4b9f240 2570->2578 2579 4b9f0a9-4b9f0cc 2570->2579 2580 4b9f38b-4b9f3d7 2570->2580 2581 4b9f24f-4b9f250 2570->2581 2582 4b9f2c1-4b9f30d 2570->2582 2583 4b9f3e4-4b9f3e5 2570->2583 2584 4b9f186 2570->2584 2571->2545 2605 4b9f127-4b9f12d 2574->2605 2625 4b9f17e-4b9f184 2574->2625 2587 4b9f31b 2575->2587 2592 4b9f187 2576->2592 2596 4b9f102-4b9f11b 2576->2596 2577->2587 2599 4b9f1e0-4b9f1e9 2578->2599 2622 4b9f242-4b9f24d 2578->2622 2579->2565 2588 4b9f0d2-4b9f0da 2579->2588 2606 4b9f376-4b9f37f 2580->2606 2621 4b9f3d9-4b9f3e2 2580->2621 2594 4b9f2a9-4b9f2b2 2581->2594 2582->2594 2623 4b9f30f-4b9f318 2582->2623 2584->2592 2587->2606 2588->2565 2592->2599 2600 4b9f2bb-4b9f2bc 2594->2600 2601 4b9f2b4 2594->2601 2604 4b9f11d-4b9f125 2596->2604 2596->2605 2609 4b9f1eb 2599->2609 2610 4b9f1f2-4b9f1f3 2599->2610 2600->2575 2601->2575 2601->2577 2601->2580 2601->2582 2601->2583 2601->2600 2602->2540 2604->2605 2613 4b9f12f 2605->2613 2614 4b9f136-4b9f137 2605->2614 2615 4b9f388-4b9f389 2606->2615 2616 4b9f381 2606->2616 2609->2575 2609->2577 2609->2578 2609->2580 2609->2581 2609->2582 2609->2583 2609->2610 2610->2578 2613->2574 2613->2575 2613->2577 2613->2578 2613->2580 2613->2581 2613->2582 2613->2583 2613->2584 2613->2614 2614->2584 2615->2583 2616->2580 2616->2583 2616->2615 2618->2619 2626 4b9efee-4b9efef 2619->2626 2627 4b9eff1-4b9f02e 2619->2627 2621->2606 2622->2599 2623->2594 2625->2605 2626->2627 2627->2565 2631 4b9f030-4b9f036 2627->2631 2628->2540 2631->2565
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq$Tesq
                                          • API String ID: 0-1365298620
                                          • Opcode ID: 2bcc80428b9bc749e87c02303090601f0e8b27d8dd349ff45a66774eddc443f7
                                          • Instruction ID: fcbeec732026b2f0ee3ba89ef64eae89ad548903c9612e0f27379992bf1bfcfb
                                          • Opcode Fuzzy Hash: 2bcc80428b9bc749e87c02303090601f0e8b27d8dd349ff45a66774eddc443f7
                                          • Instruction Fuzzy Hash: 1612F374A05228CFDB64DF69C844BA9B7F2FB89300F1080A9D509E7395EB74AE85CF51
                                          Function 023A0D10 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 264a6f9a197036fa3f5624b830a02e71a378d3e3e0dd7b270cd9d767c776016a
                                          • Instruction ID: 2825fe7fb122855a2280b47fd227ed96ab38c66062a3a32718da11490001d773
                                          • Opcode Fuzzy Hash: 264a6f9a197036fa3f5624b830a02e71a378d3e3e0dd7b270cd9d767c776016a
                                          • Instruction Fuzzy Hash: 09A13FB4E016088FD748DF6AE854B9EBBF6FF88300F14C179D005AB265EB71594ACB91
                                          Function 04F8DD70 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fxq$h
                                          • API String ID: 0-3911558304
                                          • Opcode ID: 0b75d4e8c42e70087ec76edf0ff65a1894e35e88feb2ad2b7029bb8becc67528
                                          • Instruction ID: 2fcc5d7fc8cfd643b11d9acbe143e181cd5b07ab91b9a8b381c9d8d79b7790b6
                                          • Opcode Fuzzy Hash: 0b75d4e8c42e70087ec76edf0ff65a1894e35e88feb2ad2b7029bb8becc67528
                                          • Instruction Fuzzy Hash: 65711875E016289FEB64DF69C850AC9B7B2FF89300F1082AAD509B7254EB306E85CF51
                                          Function 023A0D20 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: c1cf2d0f5df18cb04e31d0279d45acf0721d29cbbc9abb50c0430a1824bf8711
                                          • Instruction ID: 8b04caa4bb6ef60cfe9d5ad6b66a3e090163629b1ed754f8272f00945dc5b905
                                          • Opcode Fuzzy Hash: c1cf2d0f5df18cb04e31d0279d45acf0721d29cbbc9abb50c0430a1824bf8711
                                          • Instruction Fuzzy Hash: B3710EB4E006058FD788EF6AE881A99BBF6FFC4300F14C529D005A7275FB71594A9B81
                                          Function 04F63378 Relevance: 2.0, Strings: 1, Instructions: 800COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq
                                          • API String ID: 0-1062398946
                                          • Opcode ID: 3e22ab648a64daee9a134101f2d9905481458608f1d3f54710760770cde01187
                                          • Instruction ID: c8a18405e4d807f714526373c7bd91603ab93cc408c3a3cc5b3306c7c291a733
                                          • Opcode Fuzzy Hash: 3e22ab648a64daee9a134101f2d9905481458608f1d3f54710760770cde01187
                                          • Instruction Fuzzy Hash: 02627A75B006158FDB18DFA9C5946AEFBF2FF88300F148929E956D7391DB34A902CB81
                                          Function 050315D0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05031685
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: b7f6e16ac3e5a07ae26bb35d11d07f27b402169b2207fa63869bfeb91bcd8ca4
                                          • Instruction ID: 07429fe657683e50cb83b7df3a23881caab924fcaa0d3ca2e1e2c6c96b49be6b
                                          • Opcode Fuzzy Hash: b7f6e16ac3e5a07ae26bb35d11d07f27b402169b2207fa63869bfeb91bcd8ca4
                                          • Instruction Fuzzy Hash: CA4199B4D002589FCF10CFAAD981ADEFBB5BB59320F14A02AE819B7310D735A945CF54
                                          Function 04F6C098 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 1483
                                          • API String ID: 0-3808350329
                                          • Opcode ID: 1671e14060effd7f9143a9b8d52fbc5b0ce238f1c068150a790178ce93678e0b
                                          • Instruction ID: ca4ca5e2af4d59deb6ae8276588b8c3f919ec2f701165dd768d4abb7a87b16f6
                                          • Opcode Fuzzy Hash: 1671e14060effd7f9143a9b8d52fbc5b0ce238f1c068150a790178ce93678e0b
                                          • Instruction Fuzzy Hash: E4F11774E01258CFDB64DFA9D844B9DB7F2FF48304F1080A9D44AAB295DB74A98ACF11
                                          Function 04F6C0A8 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 1483
                                          • API String ID: 0-3808350329
                                          • Opcode ID: 7186781399f1330a1aa85c6ea6367ce738876e62ce900226ea8527aa138ba950
                                          • Instruction ID: 94ce32594134ef5ca44d8f52772c55c624e214ee8666b84b4fc94d15caad1786
                                          • Opcode Fuzzy Hash: 7186781399f1330a1aa85c6ea6367ce738876e62ce900226ea8527aa138ba950
                                          • Instruction Fuzzy Hash: 39F11874E01258CFDB64DFA9D844B9DB7F2FF48304F1080A9D44AAB295DB74A98ACF11
                                          Function 05033AB8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 05033B46
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: db7519e57138e8803b560a9478c481d191d0ad662d3a61b2caa93c297bb8b65b
                                          • Instruction ID: 09a7f332f9be5a287a65afdd97973d2b99adfc8dedb3b2a2d961c3459c35bf0b
                                          • Opcode Fuzzy Hash: db7519e57138e8803b560a9478c481d191d0ad662d3a61b2caa93c297bb8b65b
                                          • Instruction Fuzzy Hash: DF31A9B4D012189FCB10CFAAD985ADEFBF5BB49320F20942AE919B7300C775A945CF94
                                          Function 04ED74E1 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p
                                          • API String ID: 0-2181537457
                                          • Opcode ID: 26b7c698073b19951ed431d635a0ccf45f4e969c6354eb2f2798b44ffd913443
                                          • Instruction ID: d618e41e220d0fd3db6ca02665a2a2211008781729aa001f8e2e89aad9335cef
                                          • Opcode Fuzzy Hash: 26b7c698073b19951ed431d635a0ccf45f4e969c6354eb2f2798b44ffd913443
                                          • Instruction Fuzzy Hash: 71B1E3B4E01209CFDB14DFA9D594AEDBBF2FF48304F20906AE415AB264DB35A946CF50
                                          Function 04ED77B0 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: fbebf1db9e38233c8477bd50f8fcc030043af64a0ad23d99b9b5321a2a3e8843
                                          • Instruction ID: fc33d50f39ddb1a6b2a223f18a790b2473638e73cc80a045a7bb8243474e03ff
                                          • Opcode Fuzzy Hash: fbebf1db9e38233c8477bd50f8fcc030043af64a0ad23d99b9b5321a2a3e8843
                                          • Instruction Fuzzy Hash: 59A1E774E05218CFDB54CFA9D584BEDBBF6BF49304F20A069D409AB255EB70A986CF00
                                          Function 04B9807B Relevance: .5, Instructions: 539COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60218d8534e8641a7768bef16c961a39bbd090a74ec53162bd80873c062059d8
                                          • Instruction ID: 8c21323219d52584a557228d49948fbfdca871e1bb0cf798a1338ca276d3a508
                                          • Opcode Fuzzy Hash: 60218d8534e8641a7768bef16c961a39bbd090a74ec53162bd80873c062059d8
                                          • Instruction Fuzzy Hash: 955290B4A006288FCB64DF28C984B9AB7B6FF89301F1091E9D54DA7355DB30AE85CF51
                                          Function 04F88AD1 Relevance: .3, Instructions: 285COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f60eaf8d1ebb673eab7ca18884c90c41db78ba503e3848af222d6c9859a98df
                                          • Instruction ID: 395ec146fdd2a3178172c5177eebc3bcc0522ab9ac692db3cdaa73c84bee377e
                                          • Opcode Fuzzy Hash: 7f60eaf8d1ebb673eab7ca18884c90c41db78ba503e3848af222d6c9859a98df
                                          • Instruction Fuzzy Hash: 8CC1E674E06218CFDB54EFA9D884B9DBBB2FB89344F109069D409AB255EB306D86DF01
                                          Function 04F88AE0 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bbdbbf9e4cf481ed2de08712a138f40ff8fd5b7a41bd7c3a25acf5bcff6637e
                                          • Instruction ID: 20f3be661b1b55cf70e02a19f802f77c1b2d1b3879514b4a02311fa1bb2e15ab
                                          • Opcode Fuzzy Hash: 6bbdbbf9e4cf481ed2de08712a138f40ff8fd5b7a41bd7c3a25acf5bcff6637e
                                          • Instruction Fuzzy Hash: F3C1F674E05218CFDB54EFA9D880B9DBBF2FB89344F5090A9D409AB255EB306D86CF01
                                          Function 04F88C2E Relevance: .3, Instructions: 271COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d4ce94adeab0ad5e88782028fac098e17f5c744edbf2ab32628f523148d093e
                                          • Instruction ID: a8b38f77175bfa8d0587c2bedd9bc9cd3bcb9dade05f665b506eb4d34ab0622b
                                          • Opcode Fuzzy Hash: 0d4ce94adeab0ad5e88782028fac098e17f5c744edbf2ab32628f523148d093e
                                          • Instruction Fuzzy Hash: E9C1E674E06218CFDB54EFA9D880B9DB7F2FB89344F5090A9D409AB255EB306D86DF01
                                          Function 04F857F0 Relevance: .3, Instructions: 268COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d8965572927447ce28cdd22c2d581a748e87c9f03e50047a7a36c9a81874c7e
                                          • Instruction ID: c68464c3f5d8980827c0f9bcc9f5180eaee0453338ac116c5b91019279113027
                                          • Opcode Fuzzy Hash: 1d8965572927447ce28cdd22c2d581a748e87c9f03e50047a7a36c9a81874c7e
                                          • Instruction Fuzzy Hash: 64C1C474E0521CDFDB54DFA9D884B9DBBF6FB89300F10906AE409AB265EB346946CF01
                                          Function 04F85800 Relevance: .3, Instructions: 268COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 661ac9d4e22b482afe406d577ee19ffbef5edc5f5ca6d13fba1b730d69325072
                                          • Instruction ID: 8ba498e8254415630000161c9f11c0b91a3638e9ef505a98b6bd41582f93ab6a
                                          • Opcode Fuzzy Hash: 661ac9d4e22b482afe406d577ee19ffbef5edc5f5ca6d13fba1b730d69325072
                                          • Instruction Fuzzy Hash: 9BC1C574E0521CDFDB54DFA9D884B9DBBF6FB89300F10906AE409AB265EB346946CF01
                                          Function 05031348 Relevance: .2, Instructions: 178COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 158e396c385ec4d9470b62003dc6f0c0ac2643ebefe3b63a45cc67b2806092b8
                                          • Instruction ID: 752237f75a0cc54f01b3593ad997d72ac49f485cdbc76413ec9a93402e78ef14
                                          • Opcode Fuzzy Hash: 158e396c385ec4d9470b62003dc6f0c0ac2643ebefe3b63a45cc67b2806092b8
                                          • Instruction Fuzzy Hash: 2671D674E05208DFDB44DFA9D481AAEBBF6FF89310F108029E509AB365DB34A946CF51
                                          Function 04F6B34F Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: edf5b897d47f542fc16a71134b351d9a95e23fffbd0bff951bff799d194aab8a
                                          • Instruction ID: 0940b4f37205e42543280a690a17068cc194e4642d9383a68a006ac35292db2a
                                          • Opcode Fuzzy Hash: edf5b897d47f542fc16a71134b351d9a95e23fffbd0bff951bff799d194aab8a
                                          • Instruction Fuzzy Hash: CA21D671E05618CBEB18CF9AC95079DFBFAFF89300F14C1AAD809AA255D7356A468F10
                                          Function 04F3A870 Relevance: 7.9, Strings: 6, Instructions: 409COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 630 4f3a870-4f3a8bc 634 4f3a8c2-4f3a8d4 630->634 635 4f3aa3a-4f3aa46 630->635 639 4f3a8d6-4f3a922 634->639 640 4f3a924-4f3a96d 634->640 638 4f3aa49-4f3aa75 635->638 650 4f3aa77-4f3aaa6 638->650 666 4f3a970-4f3a984 639->666 640->666 651 4f3acf5-4f3acfc 650->651 652 4f3aaac-4f3aab5 650->652 655 4f3aab7-4f3aabb 652->655 656 4f3ab2b-4f3ab44 652->656 658 4f3aad4-4f3aae0 655->658 659 4f3aabd-4f3aad2 655->659 669 4f3ac71-4f3ac81 656->669 670 4f3ab4a 656->670 663 4f3aae9-4f3ab26 658->663 659->663 663->651 671 4f3a98f-4f3a9b0 666->671 679 4f3ac83-4f3ac98 669->679 680 4f3ac9a-4f3aca6 669->680 672 4f3ab51-4f3ab94 670->672 673 4f3abe1-4f3ac24 670->673 674 4f3ab99-4f3abdc 670->674 675 4f3ac29-4f3ac6c 670->675 688 4f3a9b2-4f3a9b8 671->688 689 4f3a9ba-4f3a9c4 671->689 672->651 673->651 674->651 675->651 684 4f3acaf-4f3acf0 679->684 680->684 684->651 690 4f3a9c7-4f3aa0a 688->690 689->690 697 4f3aa30-4f3aa37 690->697 698 4f3aa0c-4f3aa28 690->698 698->697
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$4'sq$4'sq$4'sq$4'sq$pwq
                                          • API String ID: 0-1920987972
                                          • Opcode ID: e384cd166fcc2e9d5cd836b72a454bdced4aaa7a20240550c5ae709b796e28d2
                                          • Instruction ID: f89b6188c313e464f53427ef8d5ba2e03bfb1be240eecca356e9437f1b9ac26a
                                          • Opcode Fuzzy Hash: e384cd166fcc2e9d5cd836b72a454bdced4aaa7a20240550c5ae709b796e28d2
                                          • Instruction Fuzzy Hash: EBD17E72A00114DFCF49DFA4C950D99BBB2FF88310F064498E649AB272DB32ED56DB90
                                          Function 04F395A8 Relevance: 5.4, Strings: 4, Instructions: 450COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 891 4f395a8-4f395d0 893 4f395d2-4f39619 891->893 894 4f3961e-4f3962c 891->894 942 4f39a75-4f39a7c 893->942 895 4f3963b 894->895 896 4f3962e-4f39639 call 4f370c8 894->896 898 4f3963d-4f39644 895->898 896->898 901 4f3964a-4f3964e 898->901 902 4f3972d-4f39731 898->902 905 4f39654-4f39658 901->905 906 4f39a7d-4f39aa5 901->906 903 4f39733-4f39742 call 4f352d8 902->903 904 4f39787-4f39791 902->904 920 4f39746-4f3974b 903->920 911 4f39793-4f397a2 call 4f34a88 904->911 912 4f397ca-4f397f0 904->912 909 4f3966a-4f396c8 call 4f36e08 call 4f37870 905->909 910 4f3965a-4f39664 905->910 915 4f39aac-4f39ad6 906->915 951 4f39b3b-4f39b50 909->951 952 4f396ce-4f39728 909->952 910->909 910->915 925 4f397a8-4f397c5 911->925 926 4f39ade-4f39af4 911->926 938 4f397f2-4f397fb 912->938 939 4f397fd 912->939 915->926 927 4f39744 920->927 928 4f3974d-4f39782 call 4f39070 920->928 925->942 953 4f39afc-4f39b14 926->953 927->920 928->942 944 4f397ff-4f39827 938->944 939->944 956 4f398f8-4f398fc 944->956 957 4f3982d-4f39846 944->957 961 4f39b52 951->961 962 4f39b1c-4f39b3a 951->962 952->942 953->962 963 4f39976-4f39980 956->963 964 4f398fe-4f39917 956->964 957->956 981 4f3984c-4f3985b call 4f344b0 957->981 962->951 967 4f39982-4f3998c 963->967 968 4f399dd-4f399e6 963->968 964->963 985 4f39919-4f39928 call 4f344b0 964->985 982 4f39992-4f399a4 967->982 983 4f3998e-4f39990 967->983 972 4f399e8-4f39a16 call 4f36600 call 4f36620 968->972 973 4f39a1e-4f39a6b 968->973 972->973 989 4f39a73 973->989 997 4f39873-4f39888 981->997 998 4f3985d-4f39863 981->998 987 4f399a6-4f399a8 982->987 983->987 1004 4f39940-4f3994b 985->1004 1005 4f3992a-4f39930 985->1005 994 4f399d6-4f399db 987->994 995 4f399aa-4f399ae 987->995 989->942 994->967 994->968 1000 4f399b0-4f399c9 995->1000 1001 4f399cc-4f399d1 call 4f332b0 995->1001 1010 4f3988a-4f398b6 call 4f35750 997->1010 1011 4f398bc-4f398c5 997->1011 1006 4f39867-4f39869 998->1006 1007 4f39865 998->1007 1000->1001 1001->994 1004->951 1017 4f39951-4f39974 1004->1017 1015 4f39932 1005->1015 1016 4f39934-4f39936 1005->1016 1006->997 1007->997 1010->953 1010->1011 1011->951 1014 4f398cb-4f398f2 1011->1014 1014->956 1014->981 1015->1004 1016->1004 1017->963 1017->985
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: F$Hwq$Hwq$Hwq
                                          • API String ID: 0-1595777152
                                          • Opcode ID: 26c6f9afcb16ae9ac22a66852ccca34cca8b1444899d9620c40265064eaa678d
                                          • Instruction ID: 90a8e90bca59b02a08fa801579f9b2e309fa7e55f3b72504ba268498c14fa882
                                          • Opcode Fuzzy Hash: 26c6f9afcb16ae9ac22a66852ccca34cca8b1444899d9620c40265064eaa678d
                                          • Instruction Fuzzy Hash: D7028E70A006048FDB25DFA8C994AAEB7F2FF88305F14852DD406AB395DBB5EC46CB51
                                          Function 04ED1FED Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1028 4ed1fed-4ed1ffb 1030 4ed2001-4ed2026 1028->1030 1031 4ed2703-4ed271e 1028->1031 1034 4ed202c-4ed2034 1030->1034 1035 4ed011f-4ed0127 1030->1035 1036 4ed2726-4ed272d 1031->1036 1034->1035 1037 4ed0129-4ed050e 1035->1037 1038 4ed0130-4ed1aed 1035->1038 1039 4ed0186-4ed018c 1036->1039 1040 4ed2733-4ed274c 1036->1040 1037->1035 1053 4ed0514-4ed051c 1037->1053 1038->1035 1048 4ed1af3-4ed1afb 1038->1048 1042 4ed0f69-4ed0f93 1039->1042 1043 4ed0192-4ed01b7 1039->1043 1040->1035 1047 4ed2752-4ed275a 1040->1047 1042->1035 1054 4ed0f99-4ed0fa1 1042->1054 1043->1035 1052 4ed01bd-4ed01c5 1043->1052 1047->1035 1048->1035 1052->1035 1053->1035 1054->1035
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 3$N$Z$_
                                          • API String ID: 0-996081525
                                          • Opcode ID: dce4f2ba747da58c20ff1e0d21ed3a6f92e645b7962b754981d2a43d70f66312
                                          • Instruction ID: ce43fefd389d161b6c7a050e073b8690262388ba63b10f47b1b91246d84b95b0
                                          • Opcode Fuzzy Hash: dce4f2ba747da58c20ff1e0d21ed3a6f92e645b7962b754981d2a43d70f66312
                                          • Instruction Fuzzy Hash: F5213B70D0422CDFEB609FA5D848B9DBBF4FF09309F0452A9E509A7281D7746985CF11
                                          Function 04F3B268 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1055 4f3b268-4f3b2a5 1057 4f3b2c7-4f3b2dd call 4f3b070 1055->1057 1058 4f3b2a7-4f3b2ac call 4f3bbd8 1055->1058 1064 4f3b653-4f3b667 1057->1064 1065 4f3b2e3-4f3b2ef 1057->1065 1060 4f3b2b2-4f3b2b4 1058->1060 1060->1057 1062 4f3b2b6-4f3b2be 1060->1062 1062->1057 1076 4f3b6a7-4f3b6b0 1064->1076 1066 4f3b420-4f3b427 1065->1066 1067 4f3b2f5-4f3b2f8 1065->1067 1069 4f3b556-4f3b593 call 4f3aa78 call 4f3da10 1066->1069 1070 4f3b42d-4f3b436 1066->1070 1068 4f3b2fb-4f3b304 1067->1068 1073 4f3b30a-4f3b31e 1068->1073 1074 4f3b748 1068->1074 1114 4f3b599-4f3b64a call 4f3aa78 1069->1114 1070->1069 1075 4f3b43c-4f3b548 call 4f3aa78 call 4f3b008 call 4f3aa78 1070->1075 1090 4f3b410-4f3b41a 1073->1090 1091 4f3b324-4f3b3b9 call 4f3b070 * 2 call 4f3aa78 call 4f3b008 call 4f3b0b0 call 4f3b158 call 4f3b1c0 1073->1091 1078 4f3b74d-4f3b751 1074->1078 1166 4f3b553 1075->1166 1167 4f3b54a 1075->1167 1079 4f3b6b2-4f3b6b9 1076->1079 1080 4f3b675-4f3b67e 1076->1080 1081 4f3b753 1078->1081 1082 4f3b75c 1078->1082 1086 4f3b707-4f3b70e 1079->1086 1087 4f3b6bb-4f3b6fe call 4f3aa78 1079->1087 1080->1074 1084 4f3b684-4f3b696 1080->1084 1081->1082 1095 4f3b75d 1082->1095 1101 4f3b6a6 1084->1101 1102 4f3b698-4f3b6a0 call 4f3e1b0 1084->1102 1092 4f3b733-4f3b746 1086->1092 1093 4f3b710-4f3b720 1086->1093 1087->1086 1090->1066 1090->1068 1147 4f3b3bb-4f3b3d3 call 4f3b158 call 4f3aa78 call 4f3ad28 1091->1147 1148 4f3b3d8-4f3b40b call 4f3b1c0 1091->1148 1092->1078 1093->1092 1107 4f3b722-4f3b72a 1093->1107 1095->1095 1101->1076 1102->1101 1107->1092 1114->1064 1147->1148 1148->1090 1166->1069 1167->1166
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq$4'sq
                                          • API String ID: 0-1334358483
                                          • Opcode ID: fea297d357c8d808e4d391e14e041b854cb3fcf52c048d64804952275b2a085e
                                          • Instruction ID: 014c74b02eac7284da15151d71e7e7748e60b9548ca19a8200c04ab7245c1a44
                                          • Opcode Fuzzy Hash: fea297d357c8d808e4d391e14e041b854cb3fcf52c048d64804952275b2a085e
                                          • Instruction Fuzzy Hash: 26F1B834A00518DFDB18DFA4D9A8A9DB7B2FF88305F158159E806AB366DB71FC42CB50
                                          Function 04F3F82F Relevance: 4.1, Strings: 3, Instructions: 368COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1171 4f3f82f-4f3f850 1172 4f3f856-4f3f85a 1171->1172 1173 4f3f969-4f3f98e 1171->1173 1174 4f3f860-4f3f869 1172->1174 1175 4f3f995-4f3f9ba 1172->1175 1173->1175 1176 4f3f9c1-4f3f9f7 1174->1176 1177 4f3f86f-4f3f896 1174->1177 1175->1176 1194 4f3f9fe-4f3fa54 1176->1194 1187 4f3f95e-4f3f968 1177->1187 1188 4f3f89c-4f3f89e 1177->1188 1191 4f3f8a0-4f3f8a3 1188->1191 1192 4f3f8bf-4f3f8c1 1188->1192 1193 4f3f8a9-4f3f8b3 1191->1193 1191->1194 1195 4f3f8c4-4f3f8c8 1192->1195 1193->1194 1197 4f3f8b9-4f3f8bd 1193->1197 1210 4f3fa56-4f3fa6d call 4b9fdf0 1194->1210 1211 4f3fa78-4f3fa8f 1194->1211 1198 4f3f8ca-4f3f8d9 1195->1198 1199 4f3f929-4f3f935 1195->1199 1197->1192 1197->1195 1198->1194 1206 4f3f8df-4f3f926 call 4f332e0 1198->1206 1199->1194 1200 4f3f93b-4f3f958 call 4f332e0 1199->1200 1200->1187 1200->1188 1206->1199 1216 4f3fa73 1210->1216 1221 4f3fb80-4f3fb90 1211->1221 1222 4f3fa95-4f3fb7b call 4f3b070 call 4f3aa78 * 2 call 4f3b0b0 call 4f3e878 call 4f3aa78 call 4f3da10 call 4f3b918 1211->1222 1219 4f3fca3-4f3fcae 1216->1219 1230 4f3fcb0-4f3fcc0 1219->1230 1231 4f3fcdd-4f3fcfe call 4f3b1c0 1219->1231 1228 4f3fb96-4f3fc70 call 4f3b070 * 2 call 4f3b828 call 4f3aa78 * 2 call 4f3ad28 call 4f3b1c0 call 4f3aa78 1221->1228 1229 4f3fc7e-4f3fc9a call 4f3aa78 1221->1229 1222->1221 1284 4f3fc72 1228->1284 1285 4f3fc7b 1228->1285 1229->1219 1241 4f3fcc2-4f3fcc8 1230->1241 1242 4f3fcd0-4f3fcd8 call 4f3b918 1230->1242 1241->1242 1242->1231 1284->1285 1285->1229
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$(wq$Hwq
                                          • API String ID: 0-3835230346
                                          • Opcode ID: 551cc562913ca93d17ad9b15b54c642d93161bb078364e6506521a5d96c3682d
                                          • Instruction ID: a7b426d2dbaa80c1fe5cee2418d6461cbecf5a4042c2a2f709ec242fbf94da90
                                          • Opcode Fuzzy Hash: 551cc562913ca93d17ad9b15b54c642d93161bb078364e6506521a5d96c3682d
                                          • Instruction Fuzzy Hash: 8CE16034A01209DFDB04EFA4D99499DBBB2FF89305F108569E806AB365DB30FD42CB91
                                          Function 04BB13F0 Relevance: 4.0, Strings: 2, Instructions: 1508COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133351410.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4bb0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 47b7de6f003aa7a6d4b75fc7b84d6248216303f7871f8683d8cf26339c6334f0
                                          • Instruction ID: 246f7288953f7369d093df5cee1d210c6853a661d30372942e83eead8f247a78
                                          • Opcode Fuzzy Hash: 47b7de6f003aa7a6d4b75fc7b84d6248216303f7871f8683d8cf26339c6334f0
                                          • Instruction Fuzzy Hash: 28D29470A09348CFDB16CBA8C968BED7F75FF06304F1441D6E541AB2A2C7B8A945CB61
                                          Function 04F3A869 Relevance: 3.9, Strings: 3, Instructions: 120COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1724 4f3a869-4f3a86d 1725 4f3a841-4f3a84f 1724->1725 1726 4f3a86f-4f3a8bc 1724->1726 1725->1724 1731 4f3a8c2-4f3a8d4 1726->1731 1732 4f3aa3a-4f3aa46 1726->1732 1736 4f3a8d6-4f3a922 1731->1736 1737 4f3a924-4f3a96d 1731->1737 1735 4f3aa49-4f3aa75 1732->1735 1747 4f3aa77-4f3aaa6 1735->1747 1763 4f3a970-4f3a984 1736->1763 1737->1763 1748 4f3acf5-4f3acfc 1747->1748 1749 4f3aaac-4f3aab5 1747->1749 1752 4f3aab7-4f3aabb 1749->1752 1753 4f3ab2b-4f3ab44 1749->1753 1755 4f3aad4-4f3aae0 1752->1755 1756 4f3aabd-4f3aad2 1752->1756 1766 4f3ac71-4f3ac81 1753->1766 1767 4f3ab4a 1753->1767 1760 4f3aae9-4f3ab26 1755->1760 1756->1760 1760->1748 1768 4f3a98f-4f3a9b0 1763->1768 1776 4f3ac83-4f3ac98 1766->1776 1777 4f3ac9a-4f3aca6 1766->1777 1769 4f3ab51-4f3ab94 1767->1769 1770 4f3abe1-4f3ac24 1767->1770 1771 4f3ab99-4f3abdc 1767->1771 1772 4f3ac29-4f3ac6c 1767->1772 1785 4f3a9b2-4f3a9b8 1768->1785 1786 4f3a9ba-4f3a9c4 1768->1786 1769->1748 1770->1748 1771->1748 1772->1748 1781 4f3acaf-4f3acf0 1776->1781 1777->1781 1781->1748 1787 4f3a9c7-4f3aa0a 1785->1787 1786->1787 1794 4f3aa30-4f3aa37 1787->1794 1795 4f3aa0c-4f3aa28 1787->1795 1795->1794
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $4'sq$pwq
                                          • API String ID: 0-1852079757
                                          • Opcode ID: 7092c68602a7e51f46ba12540815a1b996f4b70812e855a516d74d76877feaef
                                          • Instruction ID: a66d62041cbc67fb32ffda61849cb280b29056af5f7cdd8f760397fea6997e35
                                          • Opcode Fuzzy Hash: 7092c68602a7e51f46ba12540815a1b996f4b70812e855a516d74d76877feaef
                                          • Instruction Fuzzy Hash: 4941F471A002059FCB58DFB9C8807AEBBB6FFC8304F148928D049A7755EF71A906D7A1
                                          Function 04F35AA9 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2371 4f35aa9-4f35ace 2372 4f35ad0-4f35add 2371->2372 2373 4f35adf-4f35ae8 2371->2373 2372->2373 2374 4f35aeb-4f35af8 2372->2374 2375 4f35b03 2374->2375 2376 4f35afa-4f35b01 2374->2376 2377 4f35b0a-4f35b34 2375->2377 2376->2377 2378 4f35b36 2377->2378 2379 4f35b3d-4f35b42 call 4f35788 2377->2379 2378->2379 2381 4f35b47-4f35b50 2379->2381 2382 4f35b56-4f35b69 2381->2382 2383 4f35c94-4f35c9b 2381->2383 2393 4f35b77-4f35b91 2382->2393 2394 4f35b6b-4f35b72 2382->2394 2384 4f35ca1-4f35cb6 2383->2384 2385 4f35f35-4f35f3c 2383->2385 2399 4f35cd6-4f35cdc 2384->2399 2400 4f35cb8-4f35cba 2384->2400 2386 4f35fab-4f35fb2 2385->2386 2387 4f35f3e-4f35f47 2385->2387 2389 4f35fb8-4f35fc1 2386->2389 2390 4f3604e-4f36055 2386->2390 2387->2386 2392 4f35f49-4f35f5c 2387->2392 2389->2390 2396 4f35fc7-4f35fda 2389->2396 2397 4f36071-4f36077 2390->2397 2398 4f36057-4f36068 2390->2398 2392->2386 2416 4f35f5e-4f35fa3 call 4f32ce0 2392->2416 2411 4f35b93-4f35b96 2393->2411 2412 4f35b98-4f35ba5 2393->2412 2395 4f35c8d 2394->2395 2395->2383 2419 4f35fed-4f35ff1 2396->2419 2420 4f35fdc-4f35feb 2396->2420 2406 4f36089-4f36092 2397->2406 2407 4f36079-4f3607f 2397->2407 2398->2397 2421 4f3606a 2398->2421 2401 4f35ce2-4f35ce4 2399->2401 2402 4f35da4-4f35da8 2399->2402 2400->2399 2404 4f35cbc-4f35cd3 2400->2404 2401->2402 2410 4f35cea-4f35d6b call 4f32ce0 * 4 2401->2410 2402->2385 2413 4f35dae-4f35db0 2402->2413 2404->2399 2408 4f36081-4f36087 2407->2408 2409 4f36095-4f3610a 2407->2409 2408->2406 2408->2409 2490 4f36118 2409->2490 2491 4f3610c-4f36116 2409->2491 2482 4f35d82-4f35da1 call 4f32ce0 2410->2482 2483 4f35d6d-4f35d7f call 4f32ce0 2410->2483 2417 4f35ba7-4f35bbb 2411->2417 2412->2417 2413->2385 2418 4f35db6-4f35dbf 2413->2418 2416->2386 2452 4f35fa5-4f35fa8 2416->2452 2417->2395 2451 4f35bc1-4f35c15 2417->2451 2426 4f35f12-4f35f18 2418->2426 2427 4f35ff3-4f35ff5 2419->2427 2428 4f36011-4f36013 2419->2428 2420->2419 2421->2397 2431 4f35f2b 2426->2431 2432 4f35f1a-4f35f29 2426->2432 2427->2428 2435 4f35ff7-4f3600e 2427->2435 2428->2390 2430 4f36015-4f3601b 2428->2430 2430->2390 2437 4f3601d-4f3604b 2430->2437 2440 4f35f2d-4f35f2f 2431->2440 2432->2440 2435->2428 2437->2390 2440->2385 2444 4f35dc4-4f35dd2 call 4f344b0 2440->2444 2458 4f35dd4-4f35dda 2444->2458 2459 4f35dea-4f35e04 2444->2459 2493 4f35c23-4f35c27 2451->2493 2494 4f35c17-4f35c19 2451->2494 2452->2386 2462 4f35dde-4f35de0 2458->2462 2463 4f35ddc 2458->2463 2459->2426 2468 4f35e0a-4f35e0e 2459->2468 2462->2459 2463->2459 2470 4f35e10-4f35e19 2468->2470 2471 4f35e2f 2468->2471 2474 4f35e20-4f35e23 2470->2474 2475 4f35e1b-4f35e1e 2470->2475 2476 4f35e32-4f35e4c 2471->2476 2480 4f35e2d 2474->2480 2475->2480 2476->2426 2498 4f35e52-4f35ed3 call 4f32ce0 * 4 2476->2498 2480->2476 2482->2402 2483->2482 2496 4f3611d-4f3611f 2490->2496 2491->2496 2493->2395 2497 4f35c29-4f35c41 2493->2497 2494->2493 2499 4f36121-4f36124 2496->2499 2500 4f36126-4f3612b 2496->2500 2497->2395 2504 4f35c43-4f35c4f 2497->2504 2524 4f35ed5-4f35ee7 call 4f32ce0 2498->2524 2525 4f35eea-4f35f10 call 4f32ce0 2498->2525 2502 4f36131-4f3615e 2499->2502 2500->2502 2507 4f35c51-4f35c54 2504->2507 2508 4f35c5e-4f35c64 2504->2508 2507->2508 2509 4f35c66-4f35c69 2508->2509 2510 4f35c6c-4f35c75 2508->2510 2509->2510 2512 4f35c77-4f35c7a 2510->2512 2513 4f35c84-4f35c8a 2510->2513 2512->2513 2513->2395 2524->2525 2525->2385 2525->2426
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $sq$$sq
                                          • API String ID: 0-1184984226
                                          • Opcode ID: 91b59251d9a27f2277bb0898cb5daf72e43558600cf6f87b10ce06349818c646
                                          • Instruction ID: 923355d109302e030173ef7e08474db25953f7f4ee4d11c91959925804f44e72
                                          • Opcode Fuzzy Hash: 91b59251d9a27f2277bb0898cb5daf72e43558600cf6f87b10ce06349818c646
                                          • Instruction Fuzzy Hash: AA229F30E001199FDB15DFA4C954AAEBBB1FF88706F148455E801AB394EB39AD46DFA0
                                          Function 04BB29D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133351410.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4bb0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 2cf7a6043485e41f91dacd0c452e018521998fd5dc55d75d8974de457cb9f491
                                          • Instruction ID: abe7ad54613700043e5f2c3e72986a58ee232337d699a4c7ae2f2ea2860cab1f
                                          • Opcode Fuzzy Hash: 2cf7a6043485e41f91dacd0c452e018521998fd5dc55d75d8974de457cb9f491
                                          • Instruction Fuzzy Hash: 92F1F434E01218DFCB28DFA5D5986ECBBB2FF49315F2081A9E846A7351DB756982CF40
                                          Function 04BB26A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133351410.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4bb0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 5c7464b9aea7d8a53d0cb0fc1635a16cae854e2ab7ef0d9825fd05d522e7988d
                                          • Instruction ID: 8a8c4b0a3e29c8bf9534905c9165cb7311f07b085dde1f29138edd1278b1616b
                                          • Opcode Fuzzy Hash: 5c7464b9aea7d8a53d0cb0fc1635a16cae854e2ab7ef0d9825fd05d522e7988d
                                          • Instruction Fuzzy Hash: 33A1E134E01209CFDB18DFA5D5586EEB7B2FF49305F1080A9D892A7350CB796986CF91
                                          Function 04F350D8 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$Hwq
                                          • API String ID: 0-584953801
                                          • Opcode ID: 9b4ac84cb8dd519d86f82eb8c8478a9f450b6a5c83381428385395a631da3de5
                                          • Instruction ID: add2b36c8da77d12f662fb8682d02ad98c8482707074d1c3258ae11607380284
                                          • Opcode Fuzzy Hash: 9b4ac84cb8dd519d86f82eb8c8478a9f450b6a5c83381428385395a631da3de5
                                          • Instruction Fuzzy Hash: C25187307006158FDB69AF68C86456EBBB6EFD9304B50846CD906DB3A1CF39ED06CB91
                                          Function 04F37699 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$(wq
                                          • API String ID: 0-707371155
                                          • Opcode ID: b33cd242658abb10de221d2b62967997248e47fe2cfbd299f9b75fe455d7dc3c
                                          • Instruction ID: dc5fd9ba968a2a04810c5d26ac2eb8a983fe57859945a5ad6ee27559767b8a8c
                                          • Opcode Fuzzy Hash: b33cd242658abb10de221d2b62967997248e47fe2cfbd299f9b75fe455d7dc3c
                                          • Instruction Fuzzy Hash: 3E418B317042159FEB59AF69D854AAE7BE6FF88305F108069E805CB391CF39ED42CB91
                                          Function 04ED0A98 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: O$c
                                          • API String ID: 0-2715075243
                                          • Opcode ID: d8b53c1db372819800ec214eb8986153c013e488a1d7efc6b6d8b1a0ba16ca3b
                                          • Instruction ID: 33a91ff8bdb7458fb50e0d3cc92c143c79d7af4d9b6e8383f0101472b5ac3261
                                          • Opcode Fuzzy Hash: d8b53c1db372819800ec214eb8986153c013e488a1d7efc6b6d8b1a0ba16ca3b
                                          • Instruction Fuzzy Hash: C241E374A04228DFDB61EF20D884B9DB7B1FB48304F0096EAD50AA7290DB706E86DF41
                                          Function 04BB13A5 Relevance: 2.3, Strings: 1, Instructions: 1021COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133351410.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4bb0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 4caabede11becb637ac889c444b8ab6f833d7fb0d9fcc28e7be1d27422be6e1b
                                          • Instruction ID: cc08b05f540b0bb9c3f7cb63c33aa3f408915dffeb7c56c4be9edbb7917f7370
                                          • Opcode Fuzzy Hash: 4caabede11becb637ac889c444b8ab6f833d7fb0d9fcc28e7be1d27422be6e1b
                                          • Instruction Fuzzy Hash: D5924EB154A3849FD7178BB8CD68B993F75AF02340F1941DBE280DB2E3C6B85949C762
                                          Function 04F3C140 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq
                                          • API String ID: 0-2764286452
                                          • Opcode ID: abb3650f60edb72e39fafebff6fa5f8a42b77a94e484c76d55385322b8c97a71
                                          • Instruction ID: ab0a8a9e55e5cb8977550dcd4961b53a399143d0826038d3a6518232c1e662c5
                                          • Opcode Fuzzy Hash: abb3650f60edb72e39fafebff6fa5f8a42b77a94e484c76d55385322b8c97a71
                                          • Instruction Fuzzy Hash: 1852F975A002288FDB64DF68C991BDDBBF6FB88300F1581D9E549A7351DA30AE81CF61
                                          Function 04F36680 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_sq
                                          • API String ID: 0-3300063
                                          • Opcode ID: 02e6b6e1c86e329a3fa2ecc8a9afc3cb4bb8328122a534f6856fe6b8628c4e67
                                          • Instruction ID: a8594a8f57214875a3de1478279a747c12be3e3c2708412fcbb748917ced2fbd
                                          • Opcode Fuzzy Hash: 02e6b6e1c86e329a3fa2ecc8a9afc3cb4bb8328122a534f6856fe6b8628c4e67
                                          • Instruction Fuzzy Hash: E1226E75B00204AFEB24DF68D890A6DB7B2FF88315F148059E905EB3A5DB75ED42CB50
                                          Function 05032180 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 050323E7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 6a0f3a2f6068b9eb0062b80806b05f81d939b91cd9f7744ee3350dd1ba989d6e
                                          • Instruction ID: 891474bd635d650e9f1ed7c62435183b4363310c1b8e2591048dc2d54c43d06b
                                          • Opcode Fuzzy Hash: 6a0f3a2f6068b9eb0062b80806b05f81d939b91cd9f7744ee3350dd1ba989d6e
                                          • Instruction Fuzzy Hash: 62A102B4D00219DFDF20CFA9D886BEEBBF5BB09300F109169E859A7240DB748985CF45
                                          Function 04F3CFA1 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $sq
                                          • API String ID: 0-923501781
                                          • Opcode ID: 9323ed0be04ec09250ce522709c1861b1ad1422595b72c40e1ee66c0516718e1
                                          • Instruction ID: d930c315c9a4b06371c3ebaf825aaf89a796b1fc884c445bf211dd57833dc932
                                          • Opcode Fuzzy Hash: 9323ed0be04ec09250ce522709c1861b1ad1422595b72c40e1ee66c0516718e1
                                          • Instruction Fuzzy Hash: C4F10271B046428FE715AF68C85166E7BB2EF84311F248439E592DB3D2EA38ED47C712
                                          Function 04F8705E Relevance: 1.7, APIs: 1, Instructions: 174fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 04F871E3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: ff196eb092155d92c951c70b6c1ce941fd04babebc39948be844118a17bcdcfd
                                          • Instruction ID: fd6f84b097dfa284aae8250a62db6ed74fef9e5cc0ca50597603bb0fd6e2d8d6
                                          • Opcode Fuzzy Hash: ff196eb092155d92c951c70b6c1ce941fd04babebc39948be844118a17bcdcfd
                                          • Instruction Fuzzy Hash: A46104B0D002199FDF10EFA9C8857EEBBF1BB49314F249129E815AB290DB749986CF41
                                          Function 04F87068 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 04F871E3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 1e18c43c4665a8b053eef50abf75d0dbcbb4180d8a563fbfb055272b104b05ac
                                          • Instruction ID: f1c9dee2318b65c004c7e805dd10224087f536528d60f95b817e612a068d8e1d
                                          • Opcode Fuzzy Hash: 1e18c43c4665a8b053eef50abf75d0dbcbb4180d8a563fbfb055272b104b05ac
                                          • Instruction Fuzzy Hash: F5611570D003599FDF20EFA9CC857AEBBF1BB49314F249129E815AB290DB749986CF41
                                          Function 050333D0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 050334A3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 9a59a0a895e4edb73d55713de810aac2c420ab01b22205d34c7fda88a45d1271
                                          • Instruction ID: bca3148c4c67d733c474770e0641f09f5ac9c436e4dcd7236be808212385fb71
                                          • Opcode Fuzzy Hash: 9a59a0a895e4edb73d55713de810aac2c420ab01b22205d34c7fda88a45d1271
                                          • Instruction Fuzzy Hash: 8641BAB4D012589FCF00CFA9D985ADEFBF5BB49310F24942AE819B7210D738AA45CF64
                                          Function 04F6CED0 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04F6CF7C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 3e6a7f8ebd7bac0a7d9abe89a2caa344b319a1df1b0619bfad891e1686147afc
                                          • Instruction ID: 994d171619d609c840c8e6f7b34604a92431f402537267066636fc1679cc6346
                                          • Opcode Fuzzy Hash: 3e6a7f8ebd7bac0a7d9abe89a2caa344b319a1df1b0619bfad891e1686147afc
                                          • Instruction Fuzzy Hash: A431EEB5D012589FCF10CFAAD880ADEFBB1BF09320F24902AE855B7210D735A946CF54
                                          Function 050330D0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0503317A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 342eb868729dde0463bef6d10071f522f85fb487e7a5b3bfde47a7428bdc1380
                                          • Instruction ID: b3f22ec1ab63e2294d4c157447478c0535fe3bcbe538085d383ac6bb4e88e7ec
                                          • Opcode Fuzzy Hash: 342eb868729dde0463bef6d10071f522f85fb487e7a5b3bfde47a7428bdc1380
                                          • Instruction Fuzzy Hash: D631A8B8D002589FCF10CFA9D981ADEFBB5BB49320F14A42AE815B7310D735A901CF54
                                          Function 04F6CED8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04F6CF7C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 1165eaac8220d0bf75817c6baf2377cbb1dd10a7e13bfef950e2c241ed3c89a3
                                          • Instruction ID: ea12719cd092b89741e71b5b419b1447fe6e45a17cfc230543903fb30025772e
                                          • Opcode Fuzzy Hash: 1165eaac8220d0bf75817c6baf2377cbb1dd10a7e13bfef950e2c241ed3c89a3
                                          • Instruction Fuzzy Hash: 0F31CAB5D002589FCF10CFAAD984AEEFBB1AB49320F24902AE855B7210D735A945CF64
                                          Function 023AF548 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 023AF5EC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 7e899fb999bff5f60ae89dad509311aa14b9c9bc36e7c5f4f21b90b8b34be520
                                          • Instruction ID: 8520c88484a1bef23aade399d9457ecfd7f35def3bca1fb0c940804a2deace22
                                          • Opcode Fuzzy Hash: 7e899fb999bff5f60ae89dad509311aa14b9c9bc36e7c5f4f21b90b8b34be520
                                          • Instruction Fuzzy Hash: 2B3198B8D012489FCF10CFA9D984A9EFBB5FB49310F24942AE815B7310D775A945CF54
                                          Function 05032A30 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05032ADF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 36986a2ffa0a819049b482210f1b1c89110eff1d767366422466a266062b3979
                                          • Instruction ID: b174ddbb341c6c88c789de541f8e8a08b0beaa1a8c613260ce181f0d713fba24
                                          • Opcode Fuzzy Hash: 36986a2ffa0a819049b482210f1b1c89110eff1d767366422466a266062b3979
                                          • Instruction Fuzzy Hash: 2C31CBB4D002599FCB10CFAAD985AEEFBF5BF48310F24802AE419B7240C778A945CF54
                                          Function 04F6BD89 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 0dcc655910bfd9f5e69b339caf3dab8d9de3cd1a0c830ba4c3173a6a833fd4e2
                                          • Instruction ID: 9303b43d33141c476f953951332cb9aaa4821193ac48e7c186507eaed1578185
                                          • Opcode Fuzzy Hash: 0dcc655910bfd9f5e69b339caf3dab8d9de3cd1a0c830ba4c3173a6a833fd4e2
                                          • Instruction Fuzzy Hash: 5631DBB5D012189FCF10CFA9D980ADEFBF1AB59320F10942AE815B7300D739A946CF54
                                          Function 04F6BD90 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: e31e7d1a1d680dfd0e447595cd0822adf4e7fb9385fa8c0e49f3dbffa06bb29a
                                          • Instruction ID: 6c1b77d79717336dac68b4608063116866e04a0e8bb0befea76b084935956f51
                                          • Opcode Fuzzy Hash: e31e7d1a1d680dfd0e447595cd0822adf4e7fb9385fa8c0e49f3dbffa06bb29a
                                          • Instruction Fuzzy Hash: F431CAB5D012189FCF10CFAAD980AAEFBF5AB59310F24942AE815B7340D735A945CF94
                                          Function 04F3C139 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq
                                          • API String ID: 0-2764286452
                                          • Opcode ID: d5f9045da78bc55b5f644215d3c14de005585729f242d5e0d9fa1078554492ca
                                          • Instruction ID: cc176dd50acd657562b4862aa5a1b050a2d427d96f5e650086859e2f8e94ba96
                                          • Opcode Fuzzy Hash: d5f9045da78bc55b5f644215d3c14de005585729f242d5e0d9fa1078554492ca
                                          • Instruction Fuzzy Hash: 43C13FB5A101188FDB14DB68C995BDDBBF6FF88700F158099E609A7391CA31ED81CF61
                                          Function 04F3EA61 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: c056a9fc283f8d257223e04a6382f08f2f4ed668c80ffc49301f4bf181fc6087
                                          • Instruction ID: 9b6665898787c500a6d4899352579e1fcd3b3e5d0a3651f7aae6819ace767b22
                                          • Opcode Fuzzy Hash: c056a9fc283f8d257223e04a6382f08f2f4ed668c80ffc49301f4bf181fc6087
                                          • Instruction Fuzzy Hash: 2D714D30B002149FEB15DBA4C894BAE77B2FF88705F108458E506AB395DF71EC42CB91
                                          Function 04F3EEF8 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: e74616a93046cd184d583e730f6b351b0df778c59db856847b9a55dc0b962515
                                          • Instruction ID: 6de4b9832e488d974a42a0c4cbebad556e08120f1f8b945ae4483714cd90c468
                                          • Opcode Fuzzy Hash: e74616a93046cd184d583e730f6b351b0df778c59db856847b9a55dc0b962515
                                          • Instruction Fuzzy Hash: F541B230F106148FDB14EB68C8A4A6EB7B6EFC8705F104129D406AB3A5DF75BC078B92
                                          Function 04F3D630 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq
                                          • API String ID: 0-1062398946
                                          • Opcode ID: 039262b958ce6d144dd544aed5410ec2f5f1b18d9e1004e0e2b35ef2762f9f69
                                          • Instruction ID: a2b7804149ea5bebc9ee449acf4a88374d0a216f8753a349902c1c185372d878
                                          • Opcode Fuzzy Hash: 039262b958ce6d144dd544aed5410ec2f5f1b18d9e1004e0e2b35ef2762f9f69
                                          • Instruction Fuzzy Hash: 1D41BF317041548FDB58AF39C864A6E3BE6BFC9711B158069E51ACB3A1CE34ED02CBA1
                                          Function 04F30F40 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: pwq
                                          • API String ID: 0-3750715768
                                          • Opcode ID: 434532bae7e6c7981311beae225e688b400f253c916b27010e857c9297413a7c
                                          • Instruction ID: 35ada31f8d614ca0c2b934fae045c00f19e1802a7565b60cc53ebb5dd74b6c82
                                          • Opcode Fuzzy Hash: 434532bae7e6c7981311beae225e688b400f253c916b27010e857c9297413a7c
                                          • Instruction Fuzzy Hash: 4E41C776600110AFCB4A9FA8D954D59BFB7FF8C31471A8094E2099B372DB32DC22EB51
                                          Function 04F31EF1 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq
                                          • API String ID: 0-1062398946
                                          • Opcode ID: bceb2f51e9f7b7d6848f776d9e3b151d5643fd98b73419c121402f6485715add
                                          • Instruction ID: f45e9a2af4811cc2b589296224289e58dbbb0001359a7444ec5977370cf1e293
                                          • Opcode Fuzzy Hash: bceb2f51e9f7b7d6848f776d9e3b151d5643fd98b73419c121402f6485715add
                                          • Instruction Fuzzy Hash: C141B235A00616CFCB10CF68C58496AFBB1FF49325B198695E5699B392C730FD52CBC1
                                          Function 04F3E910 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: b318cc433f5bfac5d975a406b769d9967b44acc2b22dbbd9ab10e78020bb8e8f
                                          • Instruction ID: 350488811dcdef78776a6dc54d8be898029a78858c0b3a1b92403a039a7db47a
                                          • Opcode Fuzzy Hash: b318cc433f5bfac5d975a406b769d9967b44acc2b22dbbd9ab10e78020bb8e8f
                                          • Instruction Fuzzy Hash: 0F314D717006109FD318DB69C9A5F2B77E6AFCC715F104468E60A8B3A6DE71EC42CB91
                                          Function 04F3A2D0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 6ead8eb305b9d973daf11d644aba875aa8ec3f38cb0dbdfa7e18e7bf34713a3a
                                          • Instruction ID: 106ede3b366fa49c5c1a21bf008b484f016ba4e519c41cf457462eb0204f3d6c
                                          • Opcode Fuzzy Hash: 6ead8eb305b9d973daf11d644aba875aa8ec3f38cb0dbdfa7e18e7bf34713a3a
                                          • Instruction Fuzzy Hash: B831D532B005049FDF159F95D994999BBB2FF9C311B1444A9EA099B372DB32EC06CB50
                                          Function 04B906D9 Relevance: 1.3, APIs: 1, Instructions: 95memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04B9077F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 63dbdde3494fd8b39c677c5440c934db22055e88bbf90c7fe785109c180ddaf4
                                          • Instruction ID: 5bba1c0a3e1381f123e25cd7905859226875475cf50129675a35332aba5fd081
                                          • Opcode Fuzzy Hash: 63dbdde3494fd8b39c677c5440c934db22055e88bbf90c7fe785109c180ddaf4
                                          • Instruction Fuzzy Hash: F331A8B9D052489FCF10CFA9D880A9EFBF1AF59320F24942AE825B7310C775A945CF54
                                          Function 04B906E0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04B9077F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: c2c82648aaecfb57956b8eba74c94f14b0e20b12d227bdab29c9c13d26befbad
                                          • Instruction ID: cd4bdd3a2aefa0bb5f69a854df25a592361bdb606c71ed56182bbb1be99b9275
                                          • Opcode Fuzzy Hash: c2c82648aaecfb57956b8eba74c94f14b0e20b12d227bdab29c9c13d26befbad
                                          • Instruction Fuzzy Hash: C731A7B9D002489FCF10CFA9D880A9EFBF5AB59320F20942AE824B7310D735A945CF94
                                          Function 04F359E0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<sq
                                          • API String ID: 0-1142556907
                                          • Opcode ID: 7353fdd505b836b26cf8eb7a620f6a9b8d9624c3e66cfb6a6b7597769f5f7c13
                                          • Instruction ID: 8cfb7ace9cbbda2a849c36370da5b86366df572c1647a095f6f31b0ba9a8f93e
                                          • Opcode Fuzzy Hash: 7353fdd505b836b26cf8eb7a620f6a9b8d9624c3e66cfb6a6b7597769f5f7c13
                                          • Instruction Fuzzy Hash: 98213A71304154AFCF11CF2AC880AAA7BE9AF89312B058095FC45CB361DA35EC52DB61
                                          Function 04B907E8 Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04B9077F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 89ce1712a16dc80d2261817d6faff44f2d8e9f25f3f566fcc493e0ca5b6e5f9e
                                          • Instruction ID: 2f90c7ca5df30e29a715b4c294b4aaba64217fab4de65c3179d42e3b6606c645
                                          • Opcode Fuzzy Hash: 89ce1712a16dc80d2261817d6faff44f2d8e9f25f3f566fcc493e0ca5b6e5f9e
                                          • Instruction Fuzzy Hash: 1B113276D062089FCF10DFA8E580BDDFFF0AF49320F2480AAE415B3221C6356984CB40
                                          Function 04ED1D1D Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6
                                          • API String ID: 0-498629140
                                          • Opcode ID: bc43329a67e0cc9d84449b100ca12ba1dd5a0b4aedce25ccb0657d07e05f025d
                                          • Instruction ID: c85b3389e74a3ff9c1318f2cf6dbbd89901fe9995584034c29c97675118ff98e
                                          • Opcode Fuzzy Hash: bc43329a67e0cc9d84449b100ca12ba1dd5a0b4aedce25ccb0657d07e05f025d
                                          • Instruction Fuzzy Hash: EFF07470D12228DFEB15DF95E484A8DBBF4FF48304F405699E505B3290D7346942CF01
                                          Function 051D0A97 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ?
                                          • API String ID: 0-1684325040
                                          • Opcode ID: 5924a3c1cd2cb0d77ea321f447f424c7caef04f35cb063063a967860f48ecc6e
                                          • Instruction ID: 9ea29d8d9c91f8147ceb9b4c904e524840af08cbc74b9d28f4c09c2490038fa1
                                          • Opcode Fuzzy Hash: 5924a3c1cd2cb0d77ea321f447f424c7caef04f35cb063063a967860f48ecc6e
                                          • Instruction Fuzzy Hash: BDE0CD71A401258FD7A5EA54C51CB57B375EF4A301F1100954515972D0EEB84D45CBA2
                                          Function 04ED03D7 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ?
                                          • API String ID: 0-1684325040
                                          • Opcode ID: 2a075161d6297f0ff5f7d8430f95635c4ee37b348351e578392f65e9bcae604d
                                          • Instruction ID: bbce1148e5b39993e1ac234c09e6fa411689d08d11a80f96321708d128c5ffaf
                                          • Opcode Fuzzy Hash: 2a075161d6297f0ff5f7d8430f95635c4ee37b348351e578392f65e9bcae604d
                                          • Instruction Fuzzy Hash: 7AD04274E02229DFCB26DF60D640AADB7B6BF45204F102199E40576251D7715E45DF01
                                          Function 04F3F148 Relevance: .4, Instructions: 437COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91bdc4b22e83cbb8a5c4ff46ad57faa6616df993fc33e707ea4264ff59b6483c
                                          • Instruction ID: 39cd60e10cd527c02c6d06f476f6fa882ae231f5bc8704dcc7491eb98bdb0b4b
                                          • Opcode Fuzzy Hash: 91bdc4b22e83cbb8a5c4ff46ad57faa6616df993fc33e707ea4264ff59b6483c
                                          • Instruction Fuzzy Hash: B412E634A002198FDB14EF64C994B9DB7B2BF89305F5085A8D44AAB366DF31ED86CF50
                                          Function 04F32208 Relevance: .2, Instructions: 240COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1b5e0c84f4c0d28bda850599f997bb7e00060a2f651cb97472e4e0b11642e37
                                          • Instruction ID: 9acacf33f986d8710e12f2e32e9d77b425035b74565d44a25f0c10a9a46cf1e7
                                          • Opcode Fuzzy Hash: d1b5e0c84f4c0d28bda850599f997bb7e00060a2f651cb97472e4e0b11642e37
                                          • Instruction Fuzzy Hash: 81919D35B012059FDB14CFA8D954AADBBF2FF88302F1584A9E9019B391CB36ED42CB50
                                          Function 04F37B68 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6661c9e02873aa6b2add10a65c04781b21a2a3494f0f2c3b9e3a5e3a5a5eaa31
                                          • Instruction ID: 1e027017d1820a77682e55df0b9ed6b265be73d38d827a0e2e6b75b1b6f94745
                                          • Opcode Fuzzy Hash: 6661c9e02873aa6b2add10a65c04781b21a2a3494f0f2c3b9e3a5e3a5a5eaa31
                                          • Instruction Fuzzy Hash: A18118B5A00218CFCB14EF68C58499EBBF5FF48751B1585AAE8169B361DB30FD42CB90
                                          Function 051E9B78 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5fd188619f01384b367464bb1bfec15503a01deca039f18a2475c08b93acc626
                                          • Instruction ID: 991b4f53c35534eb7945647abb420dcee298c7d00f7ec093ddf18068394d165d
                                          • Opcode Fuzzy Hash: 5fd188619f01384b367464bb1bfec15503a01deca039f18a2475c08b93acc626
                                          • Instruction Fuzzy Hash: 7D61B1B4E01618CFDB58DFA9D884AEEBBF6FF89301F10842AD419A7254DB745945CF80
                                          Function 04F3AE38 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d7f9c7976688f841ec28b990c3c747a13b892ae7c63844be27839862a49d5b7
                                          • Instruction ID: 5f202a933e2526e53b5c55dec80aa0eb8a196ca240a27a37c30d798a0d04a771
                                          • Opcode Fuzzy Hash: 7d7f9c7976688f841ec28b990c3c747a13b892ae7c63844be27839862a49d5b7
                                          • Instruction Fuzzy Hash: BB517F34B005099FDB14DF64E4A8AAEBBB6FF88702F008119E50697360DF35AD46CF91
                                          Function 04ED74F0 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 843340869c2f9f88a48639c9323e3660aca58e24d3bd1d421b0c4755417418b2
                                          • Instruction ID: a739596968d225c3a5502f17a28fa5d13f3e008c0f68523a1683e7a0ee46f4d0
                                          • Opcode Fuzzy Hash: 843340869c2f9f88a48639c9323e3660aca58e24d3bd1d421b0c4755417418b2
                                          • Instruction Fuzzy Hash: D251C4B0E01208DFDB18DFB9D954ADDBBB2BF88304F20942AE415AB365DB359942CF40
                                          Function 04F3DA10 Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96a3da6d6b15653c7566ba07bd2ac4bbaa95ef8c9a9b51c35cdf705896535fe6
                                          • Instruction ID: 7a19375a37b8fac227e3ee2512bacec647b51bc5eaec36239f46b19c1cec2637
                                          • Opcode Fuzzy Hash: 96a3da6d6b15653c7566ba07bd2ac4bbaa95ef8c9a9b51c35cdf705896535fe6
                                          • Instruction Fuzzy Hash: C3310636A00108DFCB05DF68D998E99BBB2FF88321F1640A8E5099B372D731ED56DB40
                                          Function 04F32AB9 Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e0069db9511113f02cab5e89dd4d35db82357f515530b3322f319ae9fcf5f03
                                          • Instruction ID: 576f378068e4f459ecd80fd13a6fc25310d2e74d257dd5c72091b7def19ce528
                                          • Opcode Fuzzy Hash: 7e0069db9511113f02cab5e89dd4d35db82357f515530b3322f319ae9fcf5f03
                                          • Instruction Fuzzy Hash: 39419F31E002158FDB54DF65C944AAFBBB1FF88302F0184AAD415E7265E735E946CBA0
                                          Function 04EDF970 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e2fc8c3531f106d181d9ad22dea9f59d45d006a9a960d1a6fa48d0108ec1e67
                                          • Instruction ID: 78437276c959621e351aca386efb51cff99f6a670e5aa5806eb8c5fd3178594f
                                          • Opcode Fuzzy Hash: 1e2fc8c3531f106d181d9ad22dea9f59d45d006a9a960d1a6fa48d0108ec1e67
                                          • Instruction Fuzzy Hash: CD41E474E04208DBDB44DFAAD844AEEBBF6FB88304F10D065D416A7358E774A946CF91
                                          Function 04EDDF69 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ff6740a0b6339fd43c4ecbb732c1e6b322117e2dcc4385d6290966165c1f652
                                          • Instruction ID: a1a5ac31921f6c8967a7cabf8f96258f62fcd79c380d3fd8a9796e4d42a363e5
                                          • Opcode Fuzzy Hash: 8ff6740a0b6339fd43c4ecbb732c1e6b322117e2dcc4385d6290966165c1f652
                                          • Instruction Fuzzy Hash: 94312CB1E012089FCB05DFA9D850AEEBBB6FF88310F14806AE545B7360EB315946CF91
                                          Function 04F3BBD8 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8235da1f0cb9588e6cde6b6001be6bd5d1025910c69ce8567e965061d94d5076
                                          • Instruction ID: 48bba4796276b9c90531a18898d9f31641c98e3a56ee3e1e17e36be1147faad0
                                          • Opcode Fuzzy Hash: 8235da1f0cb9588e6cde6b6001be6bd5d1025910c69ce8567e965061d94d5076
                                          • Instruction Fuzzy Hash: DA21F5313096048FE7348B69E890A66BBA5EB81755B05847AE05DC7652CF31FC46C750
                                          Function 04F34F40 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc26880ddd1aa5f93246e14425ca8e959280f4892e48816097fc089e59c20ab2
                                          • Instruction ID: 8513d2e1f943ae91e58d5e6dfdb7592d49c0bafc0ce334a6efbb8e8bfc940614
                                          • Opcode Fuzzy Hash: cc26880ddd1aa5f93246e14425ca8e959280f4892e48816097fc089e59c20ab2
                                          • Instruction Fuzzy Hash: AC217C72E00209DFDB10DFB8C504BAEBBF4AF48341F148066E919DB290E734EA56DB91
                                          Function 0081D01C Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2125702182.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_81d000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 359327693349b46808c52456034aa0a8acb9083fc74d286dc21b8c8ec52533b2
                                          • Instruction ID: 1a9a5f5d0f343b25a696876a86f843e314329e57fd81bf5a97a7e53c8a5ef5f2
                                          • Opcode Fuzzy Hash: 359327693349b46808c52456034aa0a8acb9083fc74d286dc21b8c8ec52533b2
                                          • Instruction Fuzzy Hash: C62103B2504B44DFCB14DF14D9C4B66BB69FF88314F24C569E9098B242C33AD886DAA2
                                          Function 04F39070 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcbcc1e125cbe18d1a491509780936da298de3d6f09c462dfdd77cacb9ab9204
                                          • Instruction ID: 57da0af9daa6b81b79e66a245dd164c76fd1b1c8d15aa4b2152179ba124ab3b9
                                          • Opcode Fuzzy Hash: dcbcc1e125cbe18d1a491509780936da298de3d6f09c462dfdd77cacb9ab9204
                                          • Instruction Fuzzy Hash: 1C21E871A001098FDB14DF54C994ADDB7F2FF88305F1145A5E405BB3A1DBB6AD45CBA0
                                          Function 04ED7B70 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2446230207241cd8a76dae4fdf2503e6be788fa1236a565c8e22ad0732e49d46
                                          • Instruction ID: 898fb96c7d2e695bddd7e472e14280244d625d3457baf0a94b1c81717667c422
                                          • Opcode Fuzzy Hash: 2446230207241cd8a76dae4fdf2503e6be788fa1236a565c8e22ad0732e49d46
                                          • Instruction Fuzzy Hash: DC213DB4E04209DFCB04DFA9D4446AEBBB6FF89300F10E5A5D815A7250E734AA82DF90
                                          Function 04F3128F Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b54438289819d5e9c2be3136ee59b27086df2fd3b4ef2fef0eea94edaea3236
                                          • Instruction ID: ebf0ea60a55c4a9ce9d14b0aba56da0ecd5abb77cf317eff4dbd9d8c699d6a0d
                                          • Opcode Fuzzy Hash: 6b54438289819d5e9c2be3136ee59b27086df2fd3b4ef2fef0eea94edaea3236
                                          • Instruction Fuzzy Hash: B0217F31A00219DFCB14DFA8C5A49DEBBB2EF8C320F148169E415A7390DA369C82CF90
                                          Function 04F32AB8 Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01a2c24043ffa722cff64fc4a7af56b81162ac62ac1ab7bb7f79de5beb1ad8ad
                                          • Instruction ID: 18f1d221211a9991f4e2892be8ce0cff30d6a8fd4decac8ac4c13ac2cbe0e8f7
                                          • Opcode Fuzzy Hash: 01a2c24043ffa722cff64fc4a7af56b81162ac62ac1ab7bb7f79de5beb1ad8ad
                                          • Instruction Fuzzy Hash: 3E215E70A002158FCB14DF65C984AAFB7F1FF88351F0189A9D90697325E731A846CBA0
                                          Function 051D6DDE Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f917632a28954b950288b0d9483aa009e98a62f793c7d8f906b898fea6bf4ba1
                                          • Instruction ID: 2e9219e7d5cdfa8a2778ad9fdfb85f83953b1a6db24d6ae3155a9c4e8a911a5a
                                          • Opcode Fuzzy Hash: f917632a28954b950288b0d9483aa009e98a62f793c7d8f906b898fea6bf4ba1
                                          • Instruction Fuzzy Hash: 20316D78A01629CFCB64CF68D9849D9B7F1FB89305F1140E5E81AAB390D734AE81DF50
                                          Function 04F32030 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6c3cea04fa829c0802fd498f39a8bdb943ffbc5c73a7f323a9bf88c317504cc
                                          • Instruction ID: 48c187006f11e067eb186477d142264df3602ca8ae2982f06b8d6f57ffe18e41
                                          • Opcode Fuzzy Hash: a6c3cea04fa829c0802fd498f39a8bdb943ffbc5c73a7f323a9bf88c317504cc
                                          • Instruction Fuzzy Hash: AB1103B1B003509FDB25AF7889146AE7FB2FB88712F0440A9E555D7390EB35E847CB60
                                          Function 04F30C19 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b4bce801bd6e5216cb0c14f3feb3c0a9138708ca30e31a864d7878de7994643
                                          • Instruction ID: 58647e2ecfd4841181352c96bb877702cf9e8e901c0ab7358f18ab822b5102e9
                                          • Opcode Fuzzy Hash: 9b4bce801bd6e5216cb0c14f3feb3c0a9138708ca30e31a864d7878de7994643
                                          • Instruction Fuzzy Hash: 0C1105307002059FD764EB28D85476E7BE6EB88300F408928E009D7785DFB6AD068BD1
                                          Function 04F38FC0 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 105c238363ab4a0a5518fa8a9a89cb430b889fcaf5e5541ee7bcf6ffbfdc6431
                                          • Instruction ID: 846e4e256957342eb98215d78705ec437dbca80eae7d08fab79140b90f7a2eaa
                                          • Opcode Fuzzy Hash: 105c238363ab4a0a5518fa8a9a89cb430b889fcaf5e5541ee7bcf6ffbfdc6431
                                          • Instruction Fuzzy Hash: 39118E357005108FDB266B34D418A6E77A6FBC82567048069E90ACB361DF39EC03CB50
                                          Function 0081D017 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2125702182.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_81d000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 444e3866f6aeee16226a039b6bc61962e04e458db3c225edf028d02b98684cce
                                          • Instruction ID: 24e6398523c369b66da509361ada5648df113b3df0472389534393174b4e94ff
                                          • Opcode Fuzzy Hash: 444e3866f6aeee16226a039b6bc61962e04e458db3c225edf028d02b98684cce
                                          • Instruction Fuzzy Hash: 4411B176504680CFCB11CF14D5C4B56BF76FB88314F24C5A9D8094B656C33AD85ACBA2
                                          Function 04F32040 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a8493a23743f5f6f36d6a965336999632d5f0d12f44e8b596b630ef682b2d8e
                                          • Instruction ID: 5e0c3a3fc262806b1b76953cd2adafdf1d05ce3cbdbcf1b79d749f26999484d9
                                          • Opcode Fuzzy Hash: 9a8493a23743f5f6f36d6a965336999632d5f0d12f44e8b596b630ef682b2d8e
                                          • Instruction Fuzzy Hash: 81118271B002159FDB24AF7888157AE7BF2EF88711F114069E506DB380EA76D946CBA0
                                          Function 04F31DA9 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38986627f83d7678983d8f89ffa95b4e9197a3b1567d9194a74b0f664b9265ad
                                          • Instruction ID: 71e3270ef6580af4700e4b38965416b752b712e3bd9cb42b9645a0665064fdc3
                                          • Opcode Fuzzy Hash: 38986627f83d7678983d8f89ffa95b4e9197a3b1567d9194a74b0f664b9265ad
                                          • Instruction Fuzzy Hash: 72215E79A02219AFCB04CFA8D694EADB7F2FF4A701F204058E801AB361CB34BD41CB50
                                          Function 04F31D05 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1d46c7813630141d74411ec8ce3f8d7c196f996fbfd8586b7541a707be587fe
                                          • Instruction ID: 848732198c60b97969b9f78b5b53b03c4c9db43e284a93332f93ec23af890912
                                          • Opcode Fuzzy Hash: e1d46c7813630141d74411ec8ce3f8d7c196f996fbfd8586b7541a707be587fe
                                          • Instruction Fuzzy Hash: FC111975A01209EFCB14DF98D694ADEBBB2EF89311F144529E405A7390DB31AD45CB50
                                          Function 04EDEB28 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47c24628376aa3a94272d03f5ffac7bf167d3aa9e891a42ab25b32bc357fb090
                                          • Instruction ID: 04fff937f02e8c41cb527da1f2d4b1425b42764ee080a921b2b4e8f2291e3941
                                          • Opcode Fuzzy Hash: 47c24628376aa3a94272d03f5ffac7bf167d3aa9e891a42ab25b32bc357fb090
                                          • Instruction Fuzzy Hash: 15113A70A04618CFE760DF69E858BE9B7F5FF49304F0091A8D40AAB391DB346985CF41
                                          Function 051D6429 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abd0e88ab3bbaccc3d2cd04a2449c865ef010373bc40a5136f5769958027f787
                                          • Instruction ID: 879865b9e6088f87749ffce31ccd6188d4aa5b64bd08b7882390bec932179d7e
                                          • Opcode Fuzzy Hash: abd0e88ab3bbaccc3d2cd04a2449c865ef010373bc40a5136f5769958027f787
                                          • Instruction Fuzzy Hash: 6F21DA74A00628CFDB64DFA8CC54B9AB7B5FF49301F0041E69549A7394EB34AE85CF61
                                          Function 04F31C88 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13c2dc979ba85aa9d7cb98205038164928f26fdd797b730a6942024ef8a28b1d
                                          • Instruction ID: 33c025215e517b77e96024d45e84b79765355f1f65ed1f233cd824a38f20bd91
                                          • Opcode Fuzzy Hash: 13c2dc979ba85aa9d7cb98205038164928f26fdd797b730a6942024ef8a28b1d
                                          • Instruction Fuzzy Hash: 89014436340215AFDB108F59EC94F9BB7A9FB99B21F108066FA15CB390CAB2DC118750
                                          Function 04F37B61 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 616e17a437abca07e1abfaa3af0385b2f0a495188260ee3a04aba28f347e0f0e
                                          • Instruction ID: 68b164fd7b30b43912f8bccc4bd76e3c962c2e1fbfc41cfcde80e6c5366284ff
                                          • Opcode Fuzzy Hash: 616e17a437abca07e1abfaa3af0385b2f0a495188260ee3a04aba28f347e0f0e
                                          • Instruction Fuzzy Hash: 40119CB6A0011CDBDB15DF99D9808DEB7F9EF88250B058166E515E7250E630AE15CBA0
                                          Function 051EF4C8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1cf1c9a657e11838bf177e5b9d3624269df913f906605be069879a9bb909c6e2
                                          • Instruction ID: 1633b5a1e0825cb82c7f53be06e304271f570bec4dd86e59104c62f9064bf500
                                          • Opcode Fuzzy Hash: 1cf1c9a657e11838bf177e5b9d3624269df913f906605be069879a9bb909c6e2
                                          • Instruction Fuzzy Hash: DB11F3B0E002099FCB44DFE9C8466AFFBF5FF88300F20806A9519A7350DB309A418B91
                                          Function 04F31C69 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cadc7bf064f5dab79b91fb91f1a00e2111cbffbdd1fa80e0297a771fa298f332
                                          • Instruction ID: 8e0140894f51291ca9fd1d8ce60b64c5f89e43f33d24109f4020317bac69923b
                                          • Opcode Fuzzy Hash: cadc7bf064f5dab79b91fb91f1a00e2111cbffbdd1fa80e0297a771fa298f332
                                          • Instruction Fuzzy Hash: 6F01D1363043409FD3058F69E98598ABBB9FFCA66031580BBE905CB361CA75E80AC760
                                          Function 04ED7B60 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cad2ef1d19b625ab89bb8059dc2b513ce3e50ba39167546761503ce50abf0ca2
                                          • Instruction ID: 3aedab021f09e06ae50fb552c502721e994578a4d18c783dd511cea0580095d0
                                          • Opcode Fuzzy Hash: cad2ef1d19b625ab89bb8059dc2b513ce3e50ba39167546761503ce50abf0ca2
                                          • Instruction Fuzzy Hash: DE0129B0D04309DFCB44DFA9D4456AEBFFABF89304F14D5ADD448A2251E7315682CB91
                                          Function 04F3E450 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e01a666418a88e07c9d5bb2c5604be7bb35a45938a169a9194d30a1c7569c7e
                                          • Instruction ID: 95d502b500c09b43de0598191bcfb85b1df0f734479e4f90a68983af22a12fd7
                                          • Opcode Fuzzy Hash: 7e01a666418a88e07c9d5bb2c5604be7bb35a45938a169a9194d30a1c7569c7e
                                          • Instruction Fuzzy Hash: 7C0119353006209BD7199B25D564D1ABBA6EFC8716B208529E90A8B391DF36EC03CB95
                                          Function 04F33370 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee4604626bed2e4fa4435559c2b13eb091dcac308b468942024ede48ee645e89
                                          • Instruction ID: e9bb3a655e83fee2894de9f442c37bbb4e36d6dc561543053b3751e9fa5e1d80
                                          • Opcode Fuzzy Hash: ee4604626bed2e4fa4435559c2b13eb091dcac308b468942024ede48ee645e89
                                          • Instruction Fuzzy Hash: 8A01C872F046549FDB26CB98E4986DCBFB2EB84315F0880EAD449D7391DB351A4ACB41
                                          Function 04F31118 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0de9c4d23ffc6fb6952c030b286967ade9d758c7bfeed582c9570743da4472b8
                                          • Instruction ID: 91b0e213b0c143f5af290385f3a32ef600294ad5d1f218ca2ae717dab67642ba
                                          • Opcode Fuzzy Hash: 0de9c4d23ffc6fb6952c030b286967ade9d758c7bfeed582c9570743da4472b8
                                          • Instruction Fuzzy Hash: FAF0F0A2B0D2E04FE32207691D20329ABA09B96205F0844DBC1858F3A2E997A803C350
                                          Function 04F310C0 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc75448a91480e4fb5e1c4bb11164db55e9a740563822bf07c9c164877c7b89e
                                          • Instruction ID: 64f32dc8cccb8a955d37fea8f8391667024fc77c73ceaf3a4d874add99a170b5
                                          • Opcode Fuzzy Hash: bc75448a91480e4fb5e1c4bb11164db55e9a740563822bf07c9c164877c7b89e
                                          • Instruction Fuzzy Hash: A6F0E972F086615FE71987599850B6FF7E9EBCC710F14442AE5099B390DAB2FC42C390
                                          Function 04ED719D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 523ada28f42b0a9cfe0826d9974dc45d2d3695f7c3dcc9ba0dc8b763bfefb74c
                                          • Instruction ID: 16fa1d3d2f172ff0d08416ddc969dc894f3695e8a32d7284cb0b96a7b0d2b5a7
                                          • Opcode Fuzzy Hash: 523ada28f42b0a9cfe0826d9974dc45d2d3695f7c3dcc9ba0dc8b763bfefb74c
                                          • Instruction Fuzzy Hash: 61110874E01218CFDB54CFA9E484B9DB7F2FF08305F5091A5E008A3264EB38A986DF01
                                          Function 04EDAA16 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f86d0456d1c4a52f9af85e168fc2ab62538006ff5584628f8d45ac6b4b91f28e
                                          • Instruction ID: f4b8c7496d83e675033066e5d24fd1ca1e34b56436706787de1b536b6a7cd37a
                                          • Opcode Fuzzy Hash: f86d0456d1c4a52f9af85e168fc2ab62538006ff5584628f8d45ac6b4b91f28e
                                          • Instruction Fuzzy Hash: E311A8B4A11618CFCB50DF24CD54A99B7B6FF89301F1080EA9A09A7352EB31AE84CF55
                                          Function 04F31E90 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0571d0581dd735f5fbf53b28b4291b0f35edfd63d5c01512cbe229d2ba6e967
                                          • Instruction ID: 92e4cc6aec7d14885aa22eda48c4711ae9dd879c3d175daf7059d5b467d893ce
                                          • Opcode Fuzzy Hash: c0571d0581dd735f5fbf53b28b4291b0f35edfd63d5c01512cbe229d2ba6e967
                                          • Instruction Fuzzy Hash: 01F0273670061A4BC311DBADE84498BB3A6EFD2310B168536FA0497200DF31F8D282D4
                                          Function 04F3AE37 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 918a04e40fba31504ea3d501dc19226721dede8901a7f874770bce023b235d78
                                          • Instruction ID: 13159f76ac340583d26921d1347e959a24426766a045f344c26e42e7e15ff009
                                          • Opcode Fuzzy Hash: 918a04e40fba31504ea3d501dc19226721dede8901a7f874770bce023b235d78
                                          • Instruction Fuzzy Hash: FBF0AE36B100085BDB189B19D4549BEF76AEFC4321F048076FD19D7361DE709D178791
                                          Function 04ED7731 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a29f5d488db4ffad46211426d9f14077791ae55b7429321dfee7ce7b10dba56d
                                          • Instruction ID: 5c1a55204880f0d52c4a288a358c298a78b89d667709a6c0ae1dd41d820cda87
                                          • Opcode Fuzzy Hash: a29f5d488db4ffad46211426d9f14077791ae55b7429321dfee7ce7b10dba56d
                                          • Instruction Fuzzy Hash: 32018170D09209CFCB54DFA8D8446EDBBF5FF09319F2086ADD418A2291D7355A42DB41
                                          Function 04F3D5C9 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7eff4cd93292a503f7b076f934e01af1f16a103c68db53ef4395f15b8a3065b
                                          • Instruction ID: f709e4cc0b1d0d0587b2efad007297fd05f74d67b155e3065f73a25efb66f6cb
                                          • Opcode Fuzzy Hash: c7eff4cd93292a503f7b076f934e01af1f16a103c68db53ef4395f15b8a3065b
                                          • Instruction Fuzzy Hash: 4EF030713003059BC724DF19D8C0E8AB7AAEFC4310B009E2EF51A8B655DAB1AD4997A0
                                          Function 04F3E1D8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2d506770cfcc7e77743ee2ef06a189fc611ec48febf9c7830610f6e4963584f
                                          • Instruction ID: 95cfe72e429c34c3e7726152a4937ff97254a36a3ccb7413abea0cf78f30a796
                                          • Opcode Fuzzy Hash: e2d506770cfcc7e77743ee2ef06a189fc611ec48febf9c7830610f6e4963584f
                                          • Instruction Fuzzy Hash: D9F0FE353506009FC714DB59D854D6BB7AAEFC9722B158069F94A8B3B0CA72EC42DB90
                                          Function 04F3E1C8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dd05bbcd96784503d605ffd4888cd8afff05e442aa33f80187ad4d0a6a6209
                                          • Instruction ID: 25b333b2a9e03359a33161ffe654bb8de421dc2fc9f103082ae5b37feea19a1b
                                          • Opcode Fuzzy Hash: 61dd05bbcd96784503d605ffd4888cd8afff05e442aa33f80187ad4d0a6a6209
                                          • Instruction Fuzzy Hash: 5BF062393042008FC715DB24D46493A7BA6EF89312B1440AAE94ACB7B1CA35DC02CB40
                                          Function 04ED3189 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20a5c369067801071abefd66dca2c3bb76d5c3b7fd0f64c91a2228c982a75078
                                          • Instruction ID: e22c2b28c81e35c92d09119f663f45dfcb9a59f92a5195505486f5a89ab6accd
                                          • Opcode Fuzzy Hash: 20a5c369067801071abefd66dca2c3bb76d5c3b7fd0f64c91a2228c982a75078
                                          • Instruction Fuzzy Hash: 74F09AB0E04208EFCB80CFA8D840AADBBF8EB4D310F00C19AAD18D3341E2358A12DB51
                                          Function 04F3A281 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 447d16e2ce9a32f910024135a2c91704fd1ef22356fc60184d08bb5b5261110a
                                          • Instruction ID: 0659007ba33178757621c09fca4defcb42671e315aa66f4a58dd7575daf08809
                                          • Opcode Fuzzy Hash: 447d16e2ce9a32f910024135a2c91704fd1ef22356fc60184d08bb5b5261110a
                                          • Instruction Fuzzy Hash: 06F020712046014BC3118A2AE8C588ABFA6EFE0210300CA3EE00A8B216DD348D0B83D0
                                          Function 04F3BCE0 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed086ed77d7e347d97c211e408c9fced80fe0e0ad77db0f9303e65141bdd6cb2
                                          • Instruction ID: acc789a1b79a51ac8a0d57a78306d8e146f1fab3835f7fdab96a442419766004
                                          • Opcode Fuzzy Hash: ed086ed77d7e347d97c211e408c9fced80fe0e0ad77db0f9303e65141bdd6cb2
                                          • Instruction Fuzzy Hash: A3F0EC76F097810FD7165635F8540CE3BE1DBA15443159597D481CB212FE24EE0B8B81
                                          Function 051D2823 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83942bb973d9e44e9f28659e83f9ef694dacbcc93b65db6d878bfb488c51cec5
                                          • Instruction ID: da408366942e90bd31624fd8c85bf6a6f5fb2e91ceab0ab681280491e87a9b89
                                          • Opcode Fuzzy Hash: 83942bb973d9e44e9f28659e83f9ef694dacbcc93b65db6d878bfb488c51cec5
                                          • Instruction Fuzzy Hash: BA015678B051288FC750EF68C8989CAB3B6FF49340F1084A4A40AE7398E7345E85CF92
                                          Function 051D28BC Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 545fb630322f7041040ee4b60ccfa6b6b8e8876a1a6a75dbac93dcd18955a22c
                                          • Instruction ID: f2b44e725a9a61988f8f0cac02f68223fdbd3571aad395691d43040a651ec896
                                          • Opcode Fuzzy Hash: 545fb630322f7041040ee4b60ccfa6b6b8e8876a1a6a75dbac93dcd18955a22c
                                          • Instruction Fuzzy Hash: 2001C874A00529CFCB64DF59D989AD9B7B1FB48305F0040E8D50AAB390DB749EC4CF11
                                          Function 04ED8905 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a97b8b50b99986cb7ea83a4360cf4636f9a554dbdc40fdb826dc7ff46dcd10c
                                          • Instruction ID: 7c8bb84582b758b8deaa0fca764a73a8e0d629362c5fcd76320cd0feaa3305cc
                                          • Opcode Fuzzy Hash: 3a97b8b50b99986cb7ea83a4360cf4636f9a554dbdc40fdb826dc7ff46dcd10c
                                          • Instruction Fuzzy Hash: 9D014B7494162ACFDBA4DF55DD84BAABBB4FB09312F5094EAD419E2250DB385EC0CF01
                                          Function 04ED3198 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78fb9e680bb11d04746b3b6079ca68613b7bd3a21847377de78d9a1b96514fcc
                                          • Instruction ID: debe3ef101bdcb04d040f24f70e1e2b519c7c538de0b543c5f3184ef3b9d4eab
                                          • Opcode Fuzzy Hash: 78fb9e680bb11d04746b3b6079ca68613b7bd3a21847377de78d9a1b96514fcc
                                          • Instruction Fuzzy Hash: A3F0F874904208EFCB80DFA8C840AADBBF8BB49310F14C19AAC58D3241D6359A55DF51
                                          Function 04F33380 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3914688e3449b2403ae5a7250bc8a9b31ee1f5733023ea2cfee22941e8b531ba
                                          • Instruction ID: 24aa18736513ee400c46791e95948eb344a1db9add17950b1e5fe7db211f2046
                                          • Opcode Fuzzy Hash: 3914688e3449b2403ae5a7250bc8a9b31ee1f5733023ea2cfee22941e8b531ba
                                          • Instruction Fuzzy Hash: 62F06D31E04218AFCB29CB98D158BDDBFB6EB84222F04C099D40693394DB751A89CB85
                                          Function 04F3A290 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82653d820efcd01456cdaae13349d726b9633e496416d71fe37ee84eb1129b8d
                                          • Instruction ID: a48f3e074b31661923cf8769a796b5c79dc7884764af364d68fd468d2ac40c45
                                          • Opcode Fuzzy Hash: 82653d820efcd01456cdaae13349d726b9633e496416d71fe37ee84eb1129b8d
                                          • Instruction Fuzzy Hash: 35E01A713002059BC7259A2AE88485BFB9AEFD02647109A3AE10A9B625DE75AD4686D0
                                          Function 04F3A241 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97c76d4dcb1a44a6b61d07cffbb4145cbb8ef572217f897785cae3b21b53a0ea
                                          • Instruction ID: 8a4c437494b837062a25c504a6df208fc7be5fc4037821553ac0c7ddf2f8cda7
                                          • Opcode Fuzzy Hash: 97c76d4dcb1a44a6b61d07cffbb4145cbb8ef572217f897785cae3b21b53a0ea
                                          • Instruction Fuzzy Hash: D2E0C272F061318BFB24495E2C5062ED59AFFCAA69750063DF859D7304D952DC464391
                                          Function 04EDDE4A Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c83211dfa44e1a5fcb4dc8e3cfaf56ba2e4c649f5f8a0e035d8a19b93b3dc78
                                          • Instruction ID: a4b0fe24d1e58b9df027e7c1bb2273a70b5322867331059dcfaa012421caabd0
                                          • Opcode Fuzzy Hash: 2c83211dfa44e1a5fcb4dc8e3cfaf56ba2e4c649f5f8a0e035d8a19b93b3dc78
                                          • Instruction Fuzzy Hash: 72F015B0D05208EBCBA4DBA894516ECBBB1EB45310F1081A9CD0892350E6355A458F81
                                          Function 04ED3CF8 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0132b9aa5fcb70e5783550e2c394536ea05cfa2afb0c9e477ab347376a0753e8
                                          • Instruction ID: b45ac515ef43960d0b9581971eabc5471a70e92041acc78b00bed497dbf9fd21
                                          • Opcode Fuzzy Hash: 0132b9aa5fcb70e5783550e2c394536ea05cfa2afb0c9e477ab347376a0753e8
                                          • Instruction Fuzzy Hash: 2AE0DFB290A108ABD700EBB4941068DBBF4EB45300F1145F6CE05C7271FA704A509B82
                                          Function 04EDA786 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cd25df403e1c547365423ff1b1d625c2d80ce24d10c607b44a41639ef26c2fa
                                          • Instruction ID: dfa8030c043e496e5eabe5ec4c1ad450092af1ceeba11e3d5569c1be09205565
                                          • Opcode Fuzzy Hash: 7cd25df403e1c547365423ff1b1d625c2d80ce24d10c607b44a41639ef26c2fa
                                          • Instruction Fuzzy Hash: 2EF0F974904728CFDBA09F28CC8839ABBB0FF06316F1095EAD859A6241DB355AC58F46
                                          Function 04F352D8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e2eef311d49597f69e163f8d64a8be0c142a9c16f133a1ac5712f15a606278d
                                          • Instruction ID: 3b69273584d0ec1630e3d171b8aedf719746e64af4fa6a1e1c1ddb8614acaad0
                                          • Opcode Fuzzy Hash: 3e2eef311d49597f69e163f8d64a8be0c142a9c16f133a1ac5712f15a606278d
                                          • Instruction Fuzzy Hash: 38E08631710314ABEB1066B55D0175772A69B8571EF501465EA055F380D9A5F8438352
                                          Function 04ED91D6 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4384ab1472d5da16ccf95ca9c67cdfd2731fda4c9390246e0a081648e1f71c09
                                          • Instruction ID: 1b4adb58a1fae3fa96850bb268565a20b818b9f8a38c8e64284d40b49d6ce33e
                                          • Opcode Fuzzy Hash: 4384ab1472d5da16ccf95ca9c67cdfd2731fda4c9390246e0a081648e1f71c09
                                          • Instruction Fuzzy Hash: 82F017B4A00328CFDB60AF24D888799B7B0FB06304F1099D5D059A3251DB309EC58F41
                                          Function 04EDDEF2 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 758ec45b52f7f9de213e8e8a844895438c61cdcfca66cad5eaa2561911c567ca
                                          • Instruction ID: 1112812e90bfec4387b649440178bd55f48bcb13b4498fd331b5c8cae1f595f8
                                          • Opcode Fuzzy Hash: 758ec45b52f7f9de213e8e8a844895438c61cdcfca66cad5eaa2561911c567ca
                                          • Instruction Fuzzy Hash: 43E09AB0C05208AFCB04DBA8D945BDCBFB1EB06301F1041E8DE0493380E2710A898A41
                                          Function 051E5D18 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61be8fe646dbc367e1a026b0a3bca61c3fe47f43b4288b74774fe43b0e2ba9d1
                                          • Instruction ID: bf3264be7cf719afe0dea19307d6c1062c882c908740540bb03f3f828d7f8f92
                                          • Opcode Fuzzy Hash: 61be8fe646dbc367e1a026b0a3bca61c3fe47f43b4288b74774fe43b0e2ba9d1
                                          • Instruction Fuzzy Hash: 22E0C278E04208EFCB44DFA8D944AACBBF5FB88314F10C5AA9809A3351D7369A51DF80
                                          Function 051EBE60 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61be8fe646dbc367e1a026b0a3bca61c3fe47f43b4288b74774fe43b0e2ba9d1
                                          • Instruction ID: c7f5352171b3addbc03f95828fe0c36e8ffa8c9b99fc09554452e5123c98650f
                                          • Opcode Fuzzy Hash: 61be8fe646dbc367e1a026b0a3bca61c3fe47f43b4288b74774fe43b0e2ba9d1
                                          • Instruction Fuzzy Hash: 35E0A574D08208EFCB44DFA8D540A9DBBB5FB48310F10C1A9985893351D7359A51DB80
                                          Function 04EDFED0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adaee93f26ded580c19ad13249fd9be608620288d8b43a2f3b2b274a43e6fb09
                                          • Instruction ID: 196ec77f4fef1b1e07b3d6ff94a3dc37b0e3264cb2e3df95506e653291492471
                                          • Opcode Fuzzy Hash: adaee93f26ded580c19ad13249fd9be608620288d8b43a2f3b2b274a43e6fb09
                                          • Instruction Fuzzy Hash: CFE0C274E04208EFCB84DFA8D5406ACBBF4FB88314F10C1A9981993341D735AA42DB40
                                          Function 051E9B28 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0934f7fded6ada0f4c81094cb306944fdbe2ea82e9bcb1145c94580b05dd336
                                          • Instruction ID: 62802626000ec015dbf4a998c76be644ec938900eaa27f0596cb1aabe6f1825f
                                          • Opcode Fuzzy Hash: e0934f7fded6ada0f4c81094cb306944fdbe2ea82e9bcb1145c94580b05dd336
                                          • Instruction Fuzzy Hash: B1E0C274E04208EFCB44DFA8D581AACFBF8FB89300F10C1A9980893341E7359A42DB40
                                          Function 04EDDE58 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baae9477b3e89c2429137d90e97a7aa24eef503466ba64d1d2523fccc2426fde
                                          • Instruction ID: dce4d8c472ba9d02a7767cd3470ceb1d4d2b3a9274d77ccf2dd682bacf6dc461
                                          • Opcode Fuzzy Hash: baae9477b3e89c2429137d90e97a7aa24eef503466ba64d1d2523fccc2426fde
                                          • Instruction Fuzzy Hash: ADE0E570D05208EBCB94EFA8D4106DCBBB5FB44310F1081A9D80892350D7355A41DF80
                                          Function 04EDF858 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6905f9d536a5589d2cba010c0e7438743aec1911d1765270e45e71829229dd2f
                                          • Instruction ID: da156644309656dd6299776b9fa357946bfa6dbf59857aeb7879b24f05fed545
                                          • Opcode Fuzzy Hash: 6905f9d536a5589d2cba010c0e7438743aec1911d1765270e45e71829229dd2f
                                          • Instruction Fuzzy Hash: 20E0B674E05208EFC784DFA8D945BACBBF8EB49314F2081A9980993351E772AA42DB41
                                          Function 04ED712D Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7ea374c33e20fd22ae655c8753fb8911f6e1989ebcaaff1ed9ba4b2793f2333
                                          • Instruction ID: cca61ee4754d248d3daa221fda229841931f4b6cc6abff88fe6952fe913fa684
                                          • Opcode Fuzzy Hash: e7ea374c33e20fd22ae655c8753fb8911f6e1989ebcaaff1ed9ba4b2793f2333
                                          • Instruction Fuzzy Hash: 07F09278E05218CFDB50CFA9E484B9DB7B2FB09305F5051A5E408A3364EB35A946DF05
                                          Function 051E8A50 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3adb534b117873b6190620dd114896939a5bcc8e624956bc3c3d1fc48a8e6977
                                          • Instruction ID: e74cf1a06aa7c5b2a81623d82a065936c09c7b58410e94e1eb401f8b57df67f9
                                          • Opcode Fuzzy Hash: 3adb534b117873b6190620dd114896939a5bcc8e624956bc3c3d1fc48a8e6977
                                          • Instruction Fuzzy Hash: 0AE01235D08208EFCB04DFA8D5416ACBBB8FB89304F10C1AAD81853342C736AA42EB80
                                          Function 04ED3D08 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce86cae89b78578efb9fb6b70efb6e55108acd4cb6ebde2d90d79433a96a7a7e
                                          • Instruction ID: 03153fe71b9b139a4d62a42f332add326e0127084ba24e019f452b5c0fec1490
                                          • Opcode Fuzzy Hash: ce86cae89b78578efb9fb6b70efb6e55108acd4cb6ebde2d90d79433a96a7a7e
                                          • Instruction Fuzzy Hash: 04E0C272401108DBCB00EFF8C40058E7BF8EB45304F0045F5C90593130EE715A109B92
                                          Function 04EDDF00 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9f6f473aa3afd7b1e4db474ed78f50e763df923fa10201b38877b498bd82019
                                          • Instruction ID: c10b4ea71cfd5567c0ce7587689c2c4995633deedca03158e957d0eb64e2030d
                                          • Opcode Fuzzy Hash: b9f6f473aa3afd7b1e4db474ed78f50e763df923fa10201b38877b498bd82019
                                          • Instruction Fuzzy Hash: BDE0E274905208EFCB44EFA8D949AADBBF9FB09301F5091A9D808A3390E7316A84DB51
                                          Function 051E99B8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bf2dab5f57eb5b23b55b452ebc3dc7fde35adc4a4546e9ea4ce0c56cadb86c0
                                          • Instruction ID: 99c21ecc6befa19e7cd0d38a065efae5d33b231b597e06453fdd6dc823d36d8d
                                          • Opcode Fuzzy Hash: 6bf2dab5f57eb5b23b55b452ebc3dc7fde35adc4a4546e9ea4ce0c56cadb86c0
                                          • Instruction Fuzzy Hash: 80E0177180620CEBDB00EFF8D904A9E7BF9EB45304F1185A6D50993220EF719A50AB92
                                          Function 051EE458 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f43aa4c61bd8eeb08434c817264bf08bddda55225f0289fdba884172b4213275
                                          • Instruction ID: 19734feb60045b47aeb1bd36c4c35477244f2caa9753fc911120b7b9d7eec895
                                          • Opcode Fuzzy Hash: f43aa4c61bd8eeb08434c817264bf08bddda55225f0289fdba884172b4213275
                                          • Instruction Fuzzy Hash: 9CE0C274948208EBC704DF94D9409ACBBBCFB85300F10C29CC84857351CB329E42CB80
                                          Function 04F307A8 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fce78c1f8d942ceb2ffd48bc74d7bd354e9153366627a3724e226a702661b497
                                          • Instruction ID: b5ed9baa0c1d7dd49cfa488e836edaa023dd9a637fce6a9f7cc6eaa0db6ca523
                                          • Opcode Fuzzy Hash: fce78c1f8d942ceb2ffd48bc74d7bd354e9153366627a3724e226a702661b497
                                          • Instruction Fuzzy Hash: 30E0C270A0020CEFDB14DFB8EA40AADB7FAEB48204F508499E404E7340E9326F04A781
                                          Function 04F30760 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b87dfa6e321acbaeaa930c66527eac6e2e2d7d76814aa5cb4747990be6dc41c8
                                          • Instruction ID: a4750ca237f909d74bf75079455cb2337a7af52dea715741cc2ea9efbcf75a7b
                                          • Opcode Fuzzy Hash: b87dfa6e321acbaeaa930c66527eac6e2e2d7d76814aa5cb4747990be6dc41c8
                                          • Instruction Fuzzy Hash: 6AE01270A0120CEFDB44DFA8DA5165DB7B9EB45304F1045A8D408E3341E9716F459792
                                          Function 04F39C41 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e8cf39a23788b449502b7508baa137af9ab2085149ed3123634c55a43caa418
                                          • Instruction ID: 989d57e8ae5421f85608a9ee42229bdb7b27787845fe656e49b15c66547451d6
                                          • Opcode Fuzzy Hash: 2e8cf39a23788b449502b7508baa137af9ab2085149ed3123634c55a43caa418
                                          • Instruction Fuzzy Hash: 7FC01270B08A134B9B299A2EF85055A62D29BC4614304C928E45AC7318EEA0EC834784
                                          Function 04ED7E1D Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a16367aa7712486d060a013e771c209f977ee92f58640842761faa6e5000b4c
                                          • Instruction ID: c4087d2887f3b82b8fe55735da7c82082c35008435718e63c508c7a7b568902b
                                          • Opcode Fuzzy Hash: 3a16367aa7712486d060a013e771c209f977ee92f58640842761faa6e5000b4c
                                          • Instruction Fuzzy Hash: 0BD092B0A00219CFDB90DF24DC84AD97BB2FB45304F10AAD5900AA7210EBB06AC9DF45
                                          Function 04ED76E0 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fcdc4414d11680eca995af47e897c9c630385e13de56e8f9e3732753ed73b15
                                          • Instruction ID: b5c15887a11ec446fbb4c473b9025cfb6d817581c93fcf737e9dc99e0283d28f
                                          • Opcode Fuzzy Hash: 1fcdc4414d11680eca995af47e897c9c630385e13de56e8f9e3732753ed73b15
                                          • Instruction Fuzzy Hash: DAC04C76E1011E9BCF40DBD9E4409DCF774EF95361F004036D214BB104D6345926CF50
                                          Function 04F3E1B0 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Function 04ED6E88 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47d83287d3092d11a9b6ce7060c9fdf7c0c4292c53e076363bb77d85e9c73122
                                          • Instruction ID: 35824e9f91fcb3dc43701975084e157d4401514f8728b5c98c2b679bc7e06cd2
                                          • Opcode Fuzzy Hash: 47d83287d3092d11a9b6ce7060c9fdf7c0c4292c53e076363bb77d85e9c73122
                                          • Instruction Fuzzy Hash: DDD0EA74E06229CFEB64CF65ED94B99BBF1BB19300F0051E99559A32A0DA341A80DF05
                                          Function 04F3D7D0 Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 343f852540d5ecab504a5316d481c8b9cfeb00c9a6b91cd795c652f55864efbb
                                          • Instruction ID: 8ba282322fab23d2a292aa39ce5039989957b5a7d5afa7394c6d2565df1c76e5
                                          • Opcode Fuzzy Hash: 343f852540d5ecab504a5316d481c8b9cfeb00c9a6b91cd795c652f55864efbb
                                          • Instruction Fuzzy Hash: 4DA012300003088781405744E805450775DA6445153008054900D425224B12B802CE85
                                          Function 04F3A201 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e7c540fa3eb6c64f0e0ab7244ea9645b80e179f12c35de47a47777ef93a6e61
                                          • Instruction ID: 5eb0393eae9ff71161f8c3a5e959498bb944070298b2a453d89888770adbe652
                                          • Opcode Fuzzy Hash: 4e7c540fa3eb6c64f0e0ab7244ea9645b80e179f12c35de47a47777ef93a6e61
                                          • Instruction Fuzzy Hash: 55A02230000208CBC200ABC0F80A0A03F28FB8822A300C0A8E80E028238B23EC03CFC0
                                          Function 04F34F22 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf0424d552bf78f803b76ac0ed9508035aeadcbf17023a46718d553709976a1e
                                          • Instruction ID: 741d6015149e27902d78fbd3ef5d246edd576e8fab7829f979bb8cdd359d4d10
                                          • Opcode Fuzzy Hash: bf0424d552bf78f803b76ac0ed9508035aeadcbf17023a46718d553709976a1e
                                          • Instruction Fuzzy Hash: CAA00272404200EFDE119B10DB1980ABA71EBB0701B01C466F1464062497378C30EA15

                                          Non-executed Functions

                                          Function 04B94169 Relevance: 4.0, Strings: 3, Instructions: 244COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJxq$Tesq$xbvq
                                          • API String ID: 0-371669003
                                          • Opcode ID: 21ad876c447a75d8ef7b2e594fad652a1045bbe1352938b448e7bd52b26e3370
                                          • Instruction ID: d73b356bacf6871d7279bf84faaf261a787e5bafdabf3bf9cb82a03fa20c2c83
                                          • Opcode Fuzzy Hash: 21ad876c447a75d8ef7b2e594fad652a1045bbe1352938b448e7bd52b26e3370
                                          • Instruction Fuzzy Hash: D2C16475E016588FDB58CF6AC944ADDBBF2AF89300F14C1AAD909AB365DB305E81CF50
                                          Function 04F34A88 Relevance: 2.8, Strings: 2, Instructions: 321COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$,wq
                                          • API String ID: 0-2981683845
                                          • Opcode ID: 6ece5db66561fdf125be3d8ebe3301019668f5497416fa244762569173f69af8
                                          • Instruction ID: 28b93904a01c2550c934386be2e0a03b2779517c800cc59b9c2a239fe15cbb20
                                          • Opcode Fuzzy Hash: 6ece5db66561fdf125be3d8ebe3301019668f5497416fa244762569173f69af8
                                          • Instruction Fuzzy Hash: 41D11675A005089FDB14DF69C584AA9B7F2FF88306F25C5A8E815AB361DB30EC82CB50
                                          Function 04FE6E5B Relevance: 1.6, Instructions: 1600COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135305545.0000000004FE0000.00000004.08000000.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: true
                                          • Associated: 00000000.00000002.2135524742.0000000005030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4fe0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                          • Instruction ID: 3d3b10faa67f6557709b10ae0c5973b43a162660fddef74cb045a80af71a9691
                                          • Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                          • Instruction Fuzzy Hash: 32C2776240E3C29FD7135B749DB66E2BFF1AE6321471E08DBD4C08B063E218695BD762
                                          Function 04F3003F Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134489440.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f30000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 0dc4062b4ab47a7f0b18ef3106e8309e0093ecf094702bc9996d4e72f8a69d13
                                          • Instruction ID: effbbc378b5b0209e70b380c1592412f4c36be6f260b844148bbe63899ded819
                                          • Opcode Fuzzy Hash: 0dc4062b4ab47a7f0b18ef3106e8309e0093ecf094702bc9996d4e72f8a69d13
                                          • Instruction Fuzzy Hash: E0B1E774E01218CFDB54DFA9D844B9DB7F2FB49305F2080AAD409A7359DB74A986CF11
                                          Function 04F66C69 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: dwq
                                          • API String ID: 0-1204298229
                                          • Opcode ID: 65cd5942b55f33e03a9dbe8bc78688fa1a4a6371278433e2ef5dc0fa8bb5059d
                                          • Instruction ID: c4cd99a73ea77b7201f187b240d6f7254773b7b3681e8177aec0db6cea796fbb
                                          • Opcode Fuzzy Hash: 65cd5942b55f33e03a9dbe8bc78688fa1a4a6371278433e2ef5dc0fa8bb5059d
                                          • Instruction Fuzzy Hash: 97811774E00218CFEB54EFA9D944B9DBBB1FF49305F108069D40AA73A4EB74598ACF15
                                          Function 04F66C78 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: dwq
                                          • API String ID: 0-1204298229
                                          • Opcode ID: 120eee197620f7d16f7679ee1e35617b25cd9eefe7249560075107bd76a42607
                                          • Instruction ID: e929a4f663a26de5e11b3da72a846d47821555d22a90a78f4b46826e53cf7091
                                          • Opcode Fuzzy Hash: 120eee197620f7d16f7679ee1e35617b25cd9eefe7249560075107bd76a42607
                                          • Instruction Fuzzy Hash: F2814874E00218CFEB50EFA9D944BADBBB1FF49300F108069D40AA7364EB74698ADF11
                                          Function 04ED7C42 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 9
                                          • API String ID: 0-2366072709
                                          • Opcode ID: a9ba89baacc4106bd6eeda4019e6650547c7dcd0ff745f238c5db5e394921c86
                                          • Instruction ID: 74f1478e40071117718b6d01f61f39f74544122ec2329bbb646436f128d89b40
                                          • Opcode Fuzzy Hash: a9ba89baacc4106bd6eeda4019e6650547c7dcd0ff745f238c5db5e394921c86
                                          • Instruction Fuzzy Hash: BE415E71E05A188BEB5CCF6B8D4169EFAF7AFC9301F14D1B9880CAA215EB3055868F01
                                          Function 04ED64B8 Relevance: .4, Instructions: 431COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecc5a9ca314b6146482258ac0a0efa7be933e505cef20b57f81b71088df5d616
                                          • Instruction ID: a602884bc559682451ba7daa30fc6f5dfba9f457230bfc1f96a190b1889d33cf
                                          • Opcode Fuzzy Hash: ecc5a9ca314b6146482258ac0a0efa7be933e505cef20b57f81b71088df5d616
                                          • Instruction Fuzzy Hash: 6412A271E046188FDB14CFAAC98069EFBF2BF88304F24D569D459EB219D734A986CF50
                                          Function 04F82728 Relevance: .3, Instructions: 284COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 423113c19bdc51533c44dee301c5c6f099e3b586116050e555e8e9a00bef3f5c
                                          • Instruction ID: 3466364e5edad1c2c9db8fa296a286bcc8e8a5d5048dc7def6b2349dd86f988c
                                          • Opcode Fuzzy Hash: 423113c19bdc51533c44dee301c5c6f099e3b586116050e555e8e9a00bef3f5c
                                          • Instruction Fuzzy Hash: 42D10B74A01228CFDB64EF29C844B99B7F5FB48300F1081E9D809AB355EB74AE86CF41
                                          Function 04F6DA90 Relevance: .2, Instructions: 221COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba0a95359758e0a7c8379efe4fbb2e958cc2f0ff166a3ff32b32d45abeec91a3
                                          • Instruction ID: 51697fade3ad52069642392a7bb1ce1ba9330d40e9593c86909cce67d4e2181e
                                          • Opcode Fuzzy Hash: ba0a95359758e0a7c8379efe4fbb2e958cc2f0ff166a3ff32b32d45abeec91a3
                                          • Instruction Fuzzy Hash: 6B91E574E05218CFDB54DFA9D884BADB7F6FF89300F109069D00AA7295EB74A986DF01
                                          Function 04F6DAA0 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0929e99b7b25fc57b64ab04b92410a8927d9a0da5676a606bc0df6a6dfe8c74
                                          • Instruction ID: b39e574e1298031d9b68f2ca913c5f1026e5e0d84225f9c9f5074de58df98e15
                                          • Opcode Fuzzy Hash: b0929e99b7b25fc57b64ab04b92410a8927d9a0da5676a606bc0df6a6dfe8c74
                                          • Instruction Fuzzy Hash: 2D91F374E0521CCFDB54DFA9D844BADB7F6FB89300F109069D00AA7295EB74A986DF01
                                          Function 04F6DE30 Relevance: .2, Instructions: 192COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af3b3b956e73673d5b3c789dda945fe687b67f475076142d9794287a8ff1618a
                                          • Instruction ID: 8536fd4dacbb9f97798eba8af3a4807f8e167e04064e0b51cd5a0a0b4c0ea16f
                                          • Opcode Fuzzy Hash: af3b3b956e73673d5b3c789dda945fe687b67f475076142d9794287a8ff1618a
                                          • Instruction Fuzzy Hash: D581C574E05218CFDB54DFA9D884BADB7F5FF49300F1090A9D00AA7295EB74A986DF01
                                          Function 04F673D8 Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf47f18ee312e92c3f0f7d05ce0dc01486d0971c22de75239acfaba9326ff370
                                          • Instruction ID: 41b2f458ceb4e73e07180885b7539969c021fa57aefe08fb570a44df9bf557f0
                                          • Opcode Fuzzy Hash: bf47f18ee312e92c3f0f7d05ce0dc01486d0971c22de75239acfaba9326ff370
                                          • Instruction Fuzzy Hash: A3511575E05218CFDB14EFA9D4486EDBBF2FB49318F109129D40AA7254EB74A986CF01
                                          Function 04F673E8 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6b4b86ac1a2964ee5f188daa5c07edc186a80fb28167a6ea93a918b91313d99
                                          • Instruction ID: 356be9cd7a99abeae78fcb3e98df30b588a29f4583900296888aec1cdc2a249b
                                          • Opcode Fuzzy Hash: a6b4b86ac1a2964ee5f188daa5c07edc186a80fb28167a6ea93a918b91313d99
                                          • Instruction Fuzzy Hash: D3511775E05218CFDB00EFA9D448BEEBBF6FF49314F109029D40AA7254EB74A986DB05
                                          Function 023A8F6C Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70397357d330b3024f6bbb758f2d2c3cb5c2d5ed0c9a828848deb7ef2c0b5abe
                                          • Instruction ID: 810b6dc48f54d9304abe6a6b7fb24663a9fa68e3d5ce6772a8e327e6b9b824aa
                                          • Opcode Fuzzy Hash: 70397357d330b3024f6bbb758f2d2c3cb5c2d5ed0c9a828848deb7ef2c0b5abe
                                          • Instruction Fuzzy Hash: 7551A07490422ACFDB74CF25C854BE9B7B5AB49300F1081F9D40EA2A54DB355AC6EF40
                                          Function 023A16BF Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 289af1f54c679c8fb360a7b7f9bf8e380d69facaee369204308e7b1cbbff03c3
                                          • Instruction ID: 48df52ba136c131b339dff4d211e1f2084185583868f9fc3a8d9813e74bc1a1e
                                          • Opcode Fuzzy Hash: 289af1f54c679c8fb360a7b7f9bf8e380d69facaee369204308e7b1cbbff03c3
                                          • Instruction Fuzzy Hash: 53512971D056588BEB6CCF6B8D446CAFAF7AFC9300F14C1FA954DA6254DB700AC58E41
                                          Function 04ED64A8 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb13c4db165f09da2c719c7495becc0281c74afeb729fc541ec7173f9c7b2fbc
                                          • Instruction ID: b2086a02aab26d1bd8aa05463da3e93e9446dc1d5d46a78bd51f4724ddaf8b20
                                          • Opcode Fuzzy Hash: bb13c4db165f09da2c719c7495becc0281c74afeb729fc541ec7173f9c7b2fbc
                                          • Instruction Fuzzy Hash: C34157B5E016199BDB18CFABC94069EFBF3BFC8300F14C16AD958AB254EB3059468F54
                                          Function 023A10B5 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45cbd1ee10d8764b7f730b025c8ee1161a7dec4645118cf047c4b5762d03dd10
                                          • Instruction ID: 00b1ac940d16952d5b4797e47d74285a489ca1db834af158abfbb74db6ff8ce2
                                          • Opcode Fuzzy Hash: 45cbd1ee10d8764b7f730b025c8ee1161a7dec4645118cf047c4b5762d03dd10
                                          • Instruction Fuzzy Hash: 0E4100B0E043488FDB20CFA9C895AAEBBF1FB09304F209129E819BB751D7759845CF85
                                          Function 023A10C0 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2126059143.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_23a0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbe175aec2bfc515c5bb80d61af82f62186c45074d5a7fab702a0258ce377b79
                                          • Instruction ID: 3b4ac5727551375f700a0a72afa2725f8e56fe33b463e164e455251ea630d32e
                                          • Opcode Fuzzy Hash: dbe175aec2bfc515c5bb80d61af82f62186c45074d5a7fab702a0258ce377b79
                                          • Instruction Fuzzy Hash: 6D41E0B0E043488FDB24CFA9D895AAEBBF1FB09304F209129E815B7751D7759885CF45
                                          Function 04F675C8 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134867066.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f60000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 721f52d1ac01e6ae83350789e7e5bdf904c0755eafd449ddde4aa1189c0e6ce0
                                          • Instruction ID: d06f6334dbd434d222a3865e9f47942e9a1cb7a6876ff07a589bacf5064a5ffd
                                          • Opcode Fuzzy Hash: 721f52d1ac01e6ae83350789e7e5bdf904c0755eafd449ddde4aa1189c0e6ce0
                                          • Instruction Fuzzy Hash: 01412775E05208CFDB40EFA9D448AADBBF2FF49314F109025E40AB7294E734A986DF05
                                          Function 051D0040 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f7fde244dd74839cd342685b6555e1b37675664a27952e6b1385906cac42edd
                                          • Instruction ID: 1a4f7c174b1c07bc089ace4fb9be89570242fc2b52194c7ccbda33bc786434a7
                                          • Opcode Fuzzy Hash: 9f7fde244dd74839cd342685b6555e1b37675664a27952e6b1385906cac42edd
                                          • Instruction Fuzzy Hash: 4C411970E08628DBDB28CF6AD948699BAF6FF89300F14C1EAD409A7254E7744AC5CF01
                                          Function 04B90868 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e13e354e31ba20fba7a34e0a32b2fcbbc480da419824b1f71ac5ceb1764776d7
                                          • Instruction ID: 2ec82d0cdf5d291b72a4ec5df3b63c2d4fc19084276586f5da1b894138f0c8dd
                                          • Opcode Fuzzy Hash: e13e354e31ba20fba7a34e0a32b2fcbbc480da419824b1f71ac5ceb1764776d7
                                          • Instruction Fuzzy Hash: 8C4195B1D056188BEB58DF6AC99878DFBF6BF88304F04C1A9D40CA7264EB741A85CF40
                                          Function 04ED0040 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8baac6c60e39f459ea90badbee84afab907cacfd6ee80204e9545f92811fd477
                                          • Instruction ID: 7448d8439dbe83491cb3310d715823f5581a1f63f2010c293e9a5c909c843071
                                          • Opcode Fuzzy Hash: 8baac6c60e39f459ea90badbee84afab907cacfd6ee80204e9545f92811fd477
                                          • Instruction Fuzzy Hash: E4318B71E056188BEB1DCF6B9840699FAFBBFC9304F04D1FA954CA6254DB741A828F00
                                          Function 04ED001F Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2134244729.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4ed0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe7a062e67321715e0e834faa0db42611f2d75189bcd095e3a9f536e0cef5c58
                                          • Instruction ID: ec6ae857bdba3c00a648e3b34fb542a9e7c1985cbeed778b63dceb5721666c68
                                          • Opcode Fuzzy Hash: fe7a062e67321715e0e834faa0db42611f2d75189bcd095e3a9f536e0cef5c58
                                          • Instruction Fuzzy Hash: 6A31BCB1E056148FEB1DCF6B9940699FBF7AFC9204F08D1FA994CA6255EB740A428F00
                                          Function 051D0006 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c72553022a33d406d4dd7b98369f00bf6d6c184d8d48b16cb6de1f073fc87540
                                          • Instruction ID: e9b7d71a3e13467d5ceddd54ae6c89d5f50e68af06a74c7d6a599ac4ff696ed4
                                          • Opcode Fuzzy Hash: c72553022a33d406d4dd7b98369f00bf6d6c184d8d48b16cb6de1f073fc87540
                                          • Instruction Fuzzy Hash: B8315E71D097549BE719CF6ACD58689FFF7AFC9300F08C0EAD408A6266E77409858F21
                                          Function 04F8F948 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5fe7d982a2fff6a7ce36d72654bcd19562af678ce2fcf979d690a193e8fbd3ea
                                          • Instruction ID: f8484c0a3d88acccb6d122fb4241e2e54da6010b0b55b021a6e9b47ad33faddd
                                          • Opcode Fuzzy Hash: 5fe7d982a2fff6a7ce36d72654bcd19562af678ce2fcf979d690a193e8fbd3ea
                                          • Instruction Fuzzy Hash: 3121DEB5D102189FDB10DFAAD981ADEBBF5BB49320F24901AE815B7310C735A905CFA5
                                          Function 04F8F950 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135019504.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4f80000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ee8179c2efc5f65a8b8c36674c1657a2597c22eb0925e0901afea178fe47ea6
                                          • Instruction ID: fda185b6914f1a93f91161faa22a5fa62d350e06c40cfa091a404047208bc879
                                          • Opcode Fuzzy Hash: 1ee8179c2efc5f65a8b8c36674c1657a2597c22eb0925e0901afea178fe47ea6
                                          • Instruction Fuzzy Hash: AF21DEB5D102089FCB10DFA9D981ADEBBF4AB49320F20901AE815B7210C735A905CFA5
                                          Function 04B90858 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8ce551b2a68293923c109b41c4b8587a62e394798a0e69b147c8cdf6a5cd7b4
                                          • Instruction ID: 1524d40cf5a439e86bfe5330fc41d90f4e51ac3634edcec5982b92448453f453
                                          • Opcode Fuzzy Hash: f8ce551b2a68293923c109b41c4b8587a62e394798a0e69b147c8cdf6a5cd7b4
                                          • Instruction Fuzzy Hash: 9B3145B1D016189BEB58CF6BC95938EFAF7BFC9304F14C1A9C40CAA264EB7519858F50
                                          Function 04B9C505 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1480784d93dde184820d16e5486d0d64e640c8a54e68b13beb005f3d056ee3b
                                          • Instruction ID: 1d100293b0759dbd8f9ce78e147931e199b9e37074774fb582646546ff82c681
                                          • Opcode Fuzzy Hash: a1480784d93dde184820d16e5486d0d64e640c8a54e68b13beb005f3d056ee3b
                                          • Instruction Fuzzy Hash: C321C9B1E046588BEB58CF6BCD042CEBAF7AFC9300F54C0BAD809AA224DB3119458F51
                                          Function 04B9C520 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8152a8f9054a293d158db366ef505773d1445f4e1179d742723df5faf509a8f
                                          • Instruction ID: ad3544abfe85fca14f3c690253e597c0030a2c7d76131784fc0fea426eaff1e0
                                          • Opcode Fuzzy Hash: a8152a8f9054a293d158db366ef505773d1445f4e1179d742723df5faf509a8f
                                          • Instruction Fuzzy Hash: 9D21C771E046588BEB58CF6BCC446DEFAF7AFC9300F44C1BA9809AA214EB3419858F50
                                          Function 04B90829 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2133282036.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4b90000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 294c28072e88b7f195be47367bdc80a72d02c69d0dd2312d375865a0b472194c
                                          • Instruction ID: 66bb474a53467802cfa854234367bd5b0df2f01f671cc386c0e5e8b26b32c44d
                                          • Opcode Fuzzy Hash: 294c28072e88b7f195be47367bdc80a72d02c69d0dd2312d375865a0b472194c
                                          • Instruction Fuzzy Hash: 19F05E7AD0A25C9FCB10DBE8E450ADDFBF0EF56324F18549AD45563221C271A809CF14
                                          Function 051EA9B8 Relevance: 5.1, Strings: 4, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2135776231.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_51d0000_IoIB9gQ6OQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "$&$+$\ssq
                                          • API String ID: 0-3733090263
                                          • Opcode ID: 0b2f78cfbe1d00ed773868c4e581af7c0156f6c4b5032d44e844db80b8ba5615
                                          • Instruction ID: 8e894dfdf3f051da9b6dd5cc46c1ef1393d707566124744e03eba075f81451ea
                                          • Opcode Fuzzy Hash: 0b2f78cfbe1d00ed773868c4e581af7c0156f6c4b5032d44e844db80b8ba5615
                                          • Instruction Fuzzy Hash: 6061D4B4D05628DFDB64DF65D988BEDBBB2BF89300F0085AAD40AB7250DB745A84DF40

                                          Executed Functions

                                          Function 00D86DF8 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27419157ea4fd853373f8e76b0f8f1398577fb7069b2da0e0cbfa97c63036a36
                                          • Instruction ID: bc35e9e265b04dcc812968eff390f2f8b9b406dc6d57ef0cdbd10c992cbe3ddf
                                          • Opcode Fuzzy Hash: 27419157ea4fd853373f8e76b0f8f1398577fb7069b2da0e0cbfa97c63036a36
                                          • Instruction Fuzzy Hash: A3B15070E042098FDF10DFA9D9857EDBBF2AF88714F288129E415E7254EB74D845CBA1
                                          Function 00D876C8 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 976ed1d89e7de70e48d4f01ab112cc9b27be565fe3315ea95712dc2c17ea9236
                                          • Instruction ID: 7bb391845cf66bf33c8dfdf1978ebbf8f0547a108297186c6123073583cec6b9
                                          • Opcode Fuzzy Hash: 976ed1d89e7de70e48d4f01ab112cc9b27be565fe3315ea95712dc2c17ea9236
                                          • Instruction Fuzzy Hash: 64B17E70E042098FDF10EFA9C98579DBBF2AF88714F288129D415E7294EB74D845CFA1
                                          Function 00D82F88 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJxq
                                          • API String ID: 0-3636657579
                                          • Opcode ID: dbcb523fed34f8ca429383c5622824f50922c5f60fcae213626da8285a7bf883
                                          • Instruction ID: a56d887d0b9a48a54c7d4afedc73557f19374fd1dd67901cec04c961148b2c62
                                          • Opcode Fuzzy Hash: dbcb523fed34f8ca429383c5622824f50922c5f60fcae213626da8285a7bf883
                                          • Instruction Fuzzy Hash: B3D11B74B006158FCB54EFB8C598A6DBBF2AF89700F258168E40AEB365DB70ED45CB50
                                          Function 00D820AD Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: asq
                                          • API String ID: 0-3950230186
                                          • Opcode ID: b6201bf27b98b75375ee9cb356b4357d155ff7399aa563626bdd7dbe724fe181
                                          • Instruction ID: 6e3c54d206376e89938275824f4efe02c9e3db553199e8c85dbdec0d6d8fa556
                                          • Opcode Fuzzy Hash: b6201bf27b98b75375ee9cb356b4357d155ff7399aa563626bdd7dbe724fe181
                                          • Instruction Fuzzy Hash: 1851E3707042409FCB18FB68D49477D77E2FB96310F208A69D0428B3A9DF34DD469BA1
                                          Function 00D8A870 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 4f466f5915d835805a101f91617178256592f7df7d4a57433956c6e22b4643b3
                                          • Instruction ID: f105b89277c817c73b281dce33cee38338460c6c802df4cdc68d68d94f1a7190
                                          • Opcode Fuzzy Hash: 4f466f5915d835805a101f91617178256592f7df7d4a57433956c6e22b4643b3
                                          • Instruction Fuzzy Hash: 8C31C470B04105DFDB04EB68C455B6DBBB1EF88710F24405AE5029B3A2CE719D41DBB2
                                          Function 00D8B29C Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: xwq
                                          • API String ID: 0-870114069
                                          • Opcode ID: c516cb324b2378d3c839a45bd76e14737e7ae6f1271633b7fef96faecf51a480
                                          • Instruction ID: 54ac68b374bf29ea544635d10f64ef0a1e8abd2b2872e4718574e258d37df2f8
                                          • Opcode Fuzzy Hash: c516cb324b2378d3c839a45bd76e14737e7ae6f1271633b7fef96faecf51a480
                                          • Instruction Fuzzy Hash: AF319C742146008FD729FF58E85472A37A1BB89324F24956AD4828B765CB30EC42DFA1
                                          Function 00D8B371 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: xwq
                                          • API String ID: 0-870114069
                                          • Opcode ID: de5975b0e6b18caca4cec3cad8d7b624d227d59c2d56ea651d67d14b6b1d9a2f
                                          • Instruction ID: f40fda4538703f5edfc45f27ff7fce6d7e09d85b39d97b00ff22970b6b764618
                                          • Opcode Fuzzy Hash: de5975b0e6b18caca4cec3cad8d7b624d227d59c2d56ea651d67d14b6b1d9a2f
                                          • Instruction Fuzzy Hash: 9A31AD34214204DFDB28EF58E85872937A0FB4A324F24A56BD4818F775C771E886DFA1
                                          Function 00D81F68 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: asq
                                          • API String ID: 0-3950230186
                                          • Opcode ID: 1c678717116826e67cdc892745cefa052db2a0c533c39405ef339c526f7cb2f9
                                          • Instruction ID: 309b0b85bd599a8fb181b46c04d476f88ee06f233b6e09dc7445e6960857d815
                                          • Opcode Fuzzy Hash: 1c678717116826e67cdc892745cefa052db2a0c533c39405ef339c526f7cb2f9
                                          • Instruction Fuzzy Hash: FE21D3707002049FD704AB78C885B6E7AE7EF96700F208929E102DF3A5DFB4ED499B91
                                          Function 00D8A9C8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 82d88a80c0d82fc78d4ac13a33262ef86f44bead9ce0cb5e7a6660a07a977e22
                                          • Instruction ID: f704c3257d4f00e0de00179a1e7a760f8880ca96bd4192ff7dd0618a11cfef08
                                          • Opcode Fuzzy Hash: 82d88a80c0d82fc78d4ac13a33262ef86f44bead9ce0cb5e7a6660a07a977e22
                                          • Instruction Fuzzy Hash: 7231BC74604601CFE728EF6DD846B6A77B2EF05310F21815AE0529B3A5CBB1EC81DF62
                                          Function 00D811D4 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: dLyq
                                          • API String ID: 0-897534201
                                          • Opcode ID: 83f900197d7ea9e1ddcfe9ec50da79d2a23032bc6500a717d46e906034694119
                                          • Instruction ID: 953d1341f29374f917451dcec815a96ca80e6661822931badd8462123f939216
                                          • Opcode Fuzzy Hash: 83f900197d7ea9e1ddcfe9ec50da79d2a23032bc6500a717d46e906034694119
                                          • Instruction Fuzzy Hash: EE319F74A042049FCB14DF69D499B9DBBF2FF89304F2485A9E402EB3A1CB709D49CB91
                                          Function 00D8A2C8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: c8778919d17091ba7c97a7845da74ae8ba962faa091cc32ee48be837d91fe666
                                          • Instruction ID: 6a0a553d06afeca026f1829cea5fa0301a7bd054e90d2feba3dd644e08246b32
                                          • Opcode Fuzzy Hash: c8778919d17091ba7c97a7845da74ae8ba962faa091cc32ee48be837d91fe666
                                          • Instruction Fuzzy Hash: 5A217F307105148FEB14ABADC458B6DB7E6AF88711F24415AE502DB3A1CF71DC00DBA6
                                          Function 00D84428 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: |
                                          • API String ID: 0-2343686810
                                          • Opcode ID: 7391fb07894d2fcaefdc7acffa39b4dd1e774550a61369135ea0c3d371d8f395
                                          • Instruction ID: dc6f13f45cc4dc411dfd3cc840d86cee9a7d490fdb99c3879e0caa62e71e5bfc
                                          • Opcode Fuzzy Hash: 7391fb07894d2fcaefdc7acffa39b4dd1e774550a61369135ea0c3d371d8f395
                                          • Instruction Fuzzy Hash: DF11AF75B002159FCB44EB78D8057AE7BF1AF4C710F104469E506D7394DB74A900DB90
                                          Function 00D8A880 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: d284c7640a9c69ce244718bb5603adb6ee0dfee1feaf3f23f715882273cdbd59
                                          • Instruction ID: b46b99dee37729fefa6816da2018a91c3d1c34bcced1947205fa63e9392f2008
                                          • Opcode Fuzzy Hash: d284c7640a9c69ce244718bb5603adb6ee0dfee1feaf3f23f715882273cdbd59
                                          • Instruction Fuzzy Hash: 39115170B14105DFEB04BB6DC454B6EBBB6EF88710F65405AE503AB3A5CA719C41CBB2
                                          Function 00D82033 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: asq
                                          • API String ID: 0-3950230186
                                          • Opcode ID: 3c51692aa8836d1f8d98fd4fea59d5839ebb91519be09eb4b2a21feaba8a6f5e
                                          • Instruction ID: e0ed48876d79a7e0320e88a23b5c3ce037b122b9e2e86cf752946cf5992aec35
                                          • Opcode Fuzzy Hash: 3c51692aa8836d1f8d98fd4fea59d5839ebb91519be09eb4b2a21feaba8a6f5e
                                          • Instruction Fuzzy Hash: 1011BEB07002049FC704AF78D885B6E7BE2EF96300F208869E106DF3A6DE74DD499B91
                                          Function 00D8BA88 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 31b821f32ceddf7e0aba4a6c6b6cb499ea4334f1f457081307a4270984a46547
                                          • Instruction ID: 55be35647556b6e181daea066ae95c0ec2a7ba576fbe5c3a6fb8e3977633ef6f
                                          • Opcode Fuzzy Hash: 31b821f32ceddf7e0aba4a6c6b6cb499ea4334f1f457081307a4270984a46547
                                          • Instruction Fuzzy Hash: A711E2747141008FC715AB28C859BBEBBE2AF88720F2505AAE452D73A1CFB09D05CBA1
                                          Function 00D8A391 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 9c48963d25e02b9521b78df348f5473eb9ec8af2be8472f01cb07c7800319d3b
                                          • Instruction ID: 8a8130f80d20af3f5b29300a31db1567aee1be74c7bb11770f8d7d97e9cac95e
                                          • Opcode Fuzzy Hash: 9c48963d25e02b9521b78df348f5473eb9ec8af2be8472f01cb07c7800319d3b
                                          • Instruction Fuzzy Hash: 001134707505108FEB04ABACC858B6DBBA2BF88701F24805AE502DB3A1CB75CC00DB66
                                          Function 00D812EF Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 4de2ccc1f9f936269b5ac8d4374123c0bb7c2eeb87a684368f4fadf8539e225f
                                          • Instruction ID: 8bd2f8832733a2ae3e618b81a20b49b4e85351acd069167c097374585a7feccc
                                          • Opcode Fuzzy Hash: 4de2ccc1f9f936269b5ac8d4374123c0bb7c2eeb87a684368f4fadf8539e225f
                                          • Instruction Fuzzy Hash: 9A1165347240108FC748EB6DC058A6D7BF6AF89B10F2241A9E446DF775CB71DC069B90
                                          Function 00D8A974 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 30ad5c36aa26dfa6d504d076ec26a69ebf44f274b9936452736dda3e043c07a8
                                          • Instruction ID: 18f1b7b02bd6cb95b6f31b8a2163b55083aed2e27dcbfc664c0eb76cc20c682e
                                          • Opcode Fuzzy Hash: 30ad5c36aa26dfa6d504d076ec26a69ebf44f274b9936452736dda3e043c07a8
                                          • Instruction Fuzzy Hash: 09112A74744501CFEB04AB29C494B6DBBB2AF88710F65405AE5029B3A2CA71DD42CB72
                                          Function 00D89DD8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LRsq
                                          • API String ID: 0-3165563352
                                          • Opcode ID: d03bf3a5506fd76f12d034e36f1068cd64d19f2eecccffffd77294c3ca1647d6
                                          • Instruction ID: 35e22950bdf8862518662f257646e631c23146b5dfad38f53e83d1235cc6f6d1
                                          • Opcode Fuzzy Hash: d03bf3a5506fd76f12d034e36f1068cd64d19f2eecccffffd77294c3ca1647d6
                                          • Instruction Fuzzy Hash: 7901A771B001159FCB05FB6889126BDB7F5EB89700F184099F589DB255E6309E018BE0
                                          Function 00D8B3C2 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: xwq
                                          • API String ID: 0-870114069
                                          • Opcode ID: 830a6c4c557abbb1324f926d37a1335b51d44d64bd648f70e0cacf7d07e978da
                                          • Instruction ID: 8c508765d990b06065cb761efd2bc3e0bb2f59d67a6dadc570628519179da81f
                                          • Opcode Fuzzy Hash: 830a6c4c557abbb1324f926d37a1335b51d44d64bd648f70e0cacf7d07e978da
                                          • Instruction Fuzzy Hash: 1F11CB70214204CFDB18EF58E84072A3BA1FB8A328F24856ED0814B765DB71EC429FA1
                                          Function 00D8BB2A Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 53c50ba85bfb09ba76c4a1c648bebdaa32afd720e32682462f6c1268d331d0e7
                                          • Instruction ID: 51900a644fc090f2d5c5ce7d451560d00309856a26706de0a915e7fdc4300602
                                          • Opcode Fuzzy Hash: 53c50ba85bfb09ba76c4a1c648bebdaa32afd720e32682462f6c1268d331d0e7
                                          • Instruction Fuzzy Hash: 58017874750100CFCB04AF68C459B7DBAE2BB48721F31005AE012DB3A4CFB0AD01DBA1
                                          Function 00D89D87 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LRsq
                                          • API String ID: 0-3165563352
                                          • Opcode ID: 74c5109bd1b34b1d26e98e599009cc50e6113c0e88643f089d6e726701bb8fcb
                                          • Instruction ID: 5bfb93a8d2e20e0c5e158750d18fb3fde5b9bf4259c5b28e042f07b1ea0720d1
                                          • Opcode Fuzzy Hash: 74c5109bd1b34b1d26e98e599009cc50e6113c0e88643f089d6e726701bb8fcb
                                          • Instruction Fuzzy Hash: A5F027717000008BE706F624C833BBEB2A6EBC5700F6C0098F5CADB3A9EA11DD0297B0
                                          Function 00D8269B Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: xwq
                                          • API String ID: 0-870114069
                                          • Opcode ID: 373dcd08f38b785da7c931a4896188997d4a71589c28e63a2bba6ff76415813a
                                          • Instruction ID: c665ef823b96402cac26f9f897499e08938df763bd140359cae829c4b1bef87e
                                          • Opcode Fuzzy Hash: 373dcd08f38b785da7c931a4896188997d4a71589c28e63a2bba6ff76415813a
                                          • Instruction Fuzzy Hash: 2CF08275701104AFDB09EF58E981B59BBB6FF89318B258069E5049B325DB32FE06CF90
                                          Function 00D8B391 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: xwq
                                          • API String ID: 0-870114069
                                          • Opcode ID: a43019ad1000984a71d142c2c481588a35d8d9e7376c45deeaeda168e62c5525
                                          • Instruction ID: 9477d27a333c3c8620fa8dcfa888f93e16a5197b86a7fed44db14f095accb397
                                          • Opcode Fuzzy Hash: a43019ad1000984a71d142c2c481588a35d8d9e7376c45deeaeda168e62c5525
                                          • Instruction Fuzzy Hash: 39F09AB06042109FDB0ADF18D841B597BB1FF4A318B2580AAE0419F362CB32ED06CFA0
                                          Function 00D824FA Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: asq
                                          • API String ID: 0-3950230186
                                          • Opcode ID: 5003900755f5e7972eb2e2f977e9920e33fbc677d6da8ba6a1148a685fb0764f
                                          • Instruction ID: 5fff459f5f92c3cf8161129558cf5567edc2557383c8fd03ab312528134e6ff5
                                          • Opcode Fuzzy Hash: 5003900755f5e7972eb2e2f977e9920e33fbc677d6da8ba6a1148a685fb0764f
                                          • Instruction Fuzzy Hash: 9DF0AE74100700D7D315FB19D44175D76E2EB81700F14D929E102DF795CFB5AA499B91
                                          Function 00D80B7C Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: a937c8bbda930021bfd513f24a1b02bbf90326eeb28e0d70e02848f8598f11f3
                                          • Instruction ID: 80b4904d6941d9dd1266ab11331b4bd7866d1e9cb5e1a75666a38287751eaa39
                                          • Opcode Fuzzy Hash: a937c8bbda930021bfd513f24a1b02bbf90326eeb28e0d70e02848f8598f11f3
                                          • Instruction Fuzzy Hash: 56E04F70A09148EFCB58EFB4D5825ADBFF1BB81308B2049DDE04AE7651DA316E18AB41
                                          Function 00D80B80 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 9ea771a13124c3fe3ec03d737bed6b69ccf51e52438e549a314140904178e174
                                          • Instruction ID: 3b0cca3a6b00f0085095edef92750f422f530f9407caef36da310fa253f5359e
                                          • Opcode Fuzzy Hash: 9ea771a13124c3fe3ec03d737bed6b69ccf51e52438e549a314140904178e174
                                          • Instruction Fuzzy Hash: 9AE08C70A0514CEFCB48EFB4D9425ACBBF5FB41208B2048E8E009D7200EA31AF04BB91
                                          Function 00D86DEC Relevance: .3, Instructions: 276COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f89f49214307e3700434dbf23531314a22f3e50ef1d93b7f02bcce7d4be09415
                                          • Instruction ID: 487d74c1b84afaea418a4f4c3d1b9e3cb83f149f8bb215f9bbfd1610b8e3abfd
                                          • Opcode Fuzzy Hash: f89f49214307e3700434dbf23531314a22f3e50ef1d93b7f02bcce7d4be09415
                                          • Instruction Fuzzy Hash: CCB13C70E04209CFDF10DFA9D9857DEBBF2AF48714F288129E415AB294EB74D845CBA1
                                          Function 00D876BC Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f11a9a7ff5333a87d8b69bbdaa318d8f1a49083c0f639a2c046593a1af58434
                                          • Instruction ID: d6605e278495a0a60eb76c20244b94d2132d2e8e81f63e50daac31bfdacb5d82
                                          • Opcode Fuzzy Hash: 8f11a9a7ff5333a87d8b69bbdaa318d8f1a49083c0f639a2c046593a1af58434
                                          • Instruction Fuzzy Hash: 3AB16C70E082098FDB10EFA8C98579DBBF1BF48714F288129E815E7254EB74D845CFA1
                                          Function 00D83B52 Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9b9ab21f0da5453533d7793a9142f6ba36cc4e736ba1ee7d47a017b2990dbec
                                          • Instruction ID: 85a87b9fe4a21ef70e6c63e6e5f0f5d13803149393bdcfcd00ea3f2bf8c5a028
                                          • Opcode Fuzzy Hash: b9b9ab21f0da5453533d7793a9142f6ba36cc4e736ba1ee7d47a017b2990dbec
                                          • Instruction Fuzzy Hash: 5C911B347106118FCB19AF75E56962E3BF2FB893057205929E906877A8DF36AC52CF80
                                          Function 00D83B68 Relevance: .2, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1797575f289e5dd47dedfa367c85ac341db9fa56a14106b98313446771fe461
                                          • Instruction ID: 7cf6812403c380d97fc5771d86e11e547175afe3f9f10d2eeb00d826a1c2093b
                                          • Opcode Fuzzy Hash: b1797575f289e5dd47dedfa367c85ac341db9fa56a14106b98313446771fe461
                                          • Instruction Fuzzy Hash: A2910A347106118FCB19EF75E56962E3BF2FB893057205928D90A877A8DF35AC52DF80
                                          Function 00D80E65 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c84f6162edd48bb278209ed77b6d6c813b12d16c7956ead67cbf6152d143de93
                                          • Instruction ID: 13827aa71220d3d2113eb4afd5338e24e0ad6f3e3ca5b7afcd75a5c36a651f34
                                          • Opcode Fuzzy Hash: c84f6162edd48bb278209ed77b6d6c813b12d16c7956ead67cbf6152d143de93
                                          • Instruction Fuzzy Hash: 7D512D78A11901DFCB8AEF68E48466D7BB2FB843107645859E4419B329EB34BC8ADF41
                                          Function 00D8A5AC Relevance: .1, Instructions: 134COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4eba83eb7b01756645f4f5a404b1f9b43b2fa8c1e9505bcd9339d1a68aa1b41a
                                          • Instruction ID: 96ed8af36d63ed36fc782974c32148b658b9892ae3c02dd7e9697ab8b2cd35c6
                                          • Opcode Fuzzy Hash: 4eba83eb7b01756645f4f5a404b1f9b43b2fa8c1e9505bcd9339d1a68aa1b41a
                                          • Instruction Fuzzy Hash: 8A51E335600601DFDB04EF68C885A69BBB2FF44311F1984A6E452AF3A6DB35EC41DB61
                                          Function 00D84900 Relevance: .1, Instructions: 124COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bec728154e5d80af84e6b2c06497456400411d07d24465c6b5a2c1394368602
                                          • Instruction ID: 69ca8da12490e9adc5e56b9273d9c5c51f6a485f978a1d9b026ad902fa37238a
                                          • Opcode Fuzzy Hash: 7bec728154e5d80af84e6b2c06497456400411d07d24465c6b5a2c1394368602
                                          • Instruction Fuzzy Hash: ED41B271A042448FCB28EB79D4546AEBBE6EFC9314F14842DD11A97340CF349D029B95
                                          Function 00D80D4B Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0fb403b34f60623eff2fa73ddf74df6f4b1e5907f358fadeafe51c7729c8d06
                                          • Instruction ID: faa8a618bd2fcde992e4a53c6b3bf368fc40e486b9a8b79c10c8bfcc9701e561
                                          • Opcode Fuzzy Hash: a0fb403b34f60623eff2fa73ddf74df6f4b1e5907f358fadeafe51c7729c8d06
                                          • Instruction Fuzzy Hash: 79511E78A01505CFCB8AEF68E48466D7BF2FF883107645859E4419B329EB34BC8ADF41
                                          Function 00D8137E Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 860b420d117c9602ef3819359f58c1bb814a969b4d66db605f3d8d6ad36f9893
                                          • Instruction ID: e2ae5d1d9309957e39712bfe534e1720dd3d533c86ea7a14a99d280eabbc86d3
                                          • Opcode Fuzzy Hash: 860b420d117c9602ef3819359f58c1bb814a969b4d66db605f3d8d6ad36f9893
                                          • Instruction Fuzzy Hash: EB41F8386001049FD714EB68D598BADBBF6FF88710F258059E406EB3A1CB74DD46CBA1
                                          Function 00D83EDF Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 522d70d9e6687cb9e24a25a308e72a818af94f0442e2ae3c57e0ab554c5d1da0
                                          • Instruction ID: 3ca245e67eae4965a3dda25d0b1ebcf8f8e6a305eff2f9d50ee87b7b42d4a33f
                                          • Opcode Fuzzy Hash: 522d70d9e6687cb9e24a25a308e72a818af94f0442e2ae3c57e0ab554c5d1da0
                                          • Instruction Fuzzy Hash: FA31BA32B042058FCB11DF68E4846AEB7F2FF88315B1984B9E509D7611DB30EE02CBA0
                                          Function 00D817C7 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c1278cdf9e4018808d1eab4670aeeb80f16803ec8c9abb0bf904c1c265fdae9
                                          • Instruction ID: 6635573f907403050b0a7d9f347c4c4e0caa16aead0319be7876171b6acae7a9
                                          • Opcode Fuzzy Hash: 2c1278cdf9e4018808d1eab4670aeeb80f16803ec8c9abb0bf904c1c265fdae9
                                          • Instruction Fuzzy Hash: 4C31D078B00256CFCB05AB78C85067E77F6AB89300F24846DD0468B3A5DA34DC4ADBA0
                                          Function 00D82F87 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 172580a6f37eaa563ce8e544be7b7ccc22059d977b2e68d76cb95ff5da1fa87c
                                          • Instruction ID: cb7d9de4265289e8a34763452bb356a8b056315c99f1970485e2ba2a2f6fa9c3
                                          • Opcode Fuzzy Hash: 172580a6f37eaa563ce8e544be7b7ccc22059d977b2e68d76cb95ff5da1fa87c
                                          • Instruction Fuzzy Hash: 2F316F74A012548FCB05EFB8C558AAEBBF2AF89700F258469D40AEB365DB31ED05CB50
                                          Function 00D8530E Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a7dd82535853fac42fa8bf6fb6c22c34ac763b4767c154d2d98b50952c0385d
                                          • Instruction ID: 3b20c449ee3e493bca5e3a7f4d79dc62c3efd70b1b56308c2a0c53aeb2e4c328
                                          • Opcode Fuzzy Hash: 5a7dd82535853fac42fa8bf6fb6c22c34ac763b4767c154d2d98b50952c0385d
                                          • Instruction Fuzzy Hash: 11410FB0D0070DDFDB10DFA9C981ADEBFB5EF48310F248029E419AB254DB75A949CBA0
                                          Function 00D85318 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54269e095ba67e1af301309922d90c4c1164439ee9eadde923cb981ca8b62206
                                          • Instruction ID: 5a6b009b7f79aa3d3f133e058940027aaa2bd16b342af78fc8432e9e32438a00
                                          • Opcode Fuzzy Hash: 54269e095ba67e1af301309922d90c4c1164439ee9eadde923cb981ca8b62206
                                          • Instruction Fuzzy Hash: 6841EEB0D00749DFDB10DF99D984A9EBFB5EF48310F248029E419AB254DB75A945CB90
                                          Function 00D8A6E8 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6b34fafce91bd17a93066d2151a6666584f93ee858c4553780db2a5244a429c
                                          • Instruction ID: 0dc002bf0f3bd7ecd0adc3a2b21d9928eda390ce8a7052af663e57fc489103c3
                                          • Opcode Fuzzy Hash: c6b34fafce91bd17a93066d2151a6666584f93ee858c4553780db2a5244a429c
                                          • Instruction Fuzzy Hash: 1E315E39350500CFE714AF2CC898A2977A6FF89711B2680A6F5038F7B6DA35DC41EB51
                                          Function 00D82419 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea4bb8f4ddaee4838f54cfd98dd5a1489d040e9869a40058ea90db12d9681cdf
                                          • Instruction ID: b3b69ac12fb8a75c319738018d1605f0d3238d8e2fe81e041c66e1ae765a65b0
                                          • Opcode Fuzzy Hash: ea4bb8f4ddaee4838f54cfd98dd5a1489d040e9869a40058ea90db12d9681cdf
                                          • Instruction Fuzzy Hash: DD319174610200CFE718FB69D85472E36E2BF84304F24866CD5528F3A5DBB59886DBA1
                                          Function 00D80D08 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6f8759476e4e8068991c7319cd90d578f797dc558aab070b203b3f8f6523103
                                          • Instruction ID: 6a5d710e84959659b833760cdf97a565223cc7fc624e1b9e890c2ef90083c857
                                          • Opcode Fuzzy Hash: f6f8759476e4e8068991c7319cd90d578f797dc558aab070b203b3f8f6523103
                                          • Instruction Fuzzy Hash: 73313C74A105059FCB9AFF28E44495E7BF2FF883107605859E4059B329EF30AC869F81
                                          Function 00D80D07 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7673e6000eae027cba255234721e7eee01912f9d1c3cf92675bf362011e3c764
                                          • Instruction ID: 860944948771a3e84e327091c264c5c7605e1238b1b61df55fa03863deb3b9f2
                                          • Opcode Fuzzy Hash: 7673e6000eae027cba255234721e7eee01912f9d1c3cf92675bf362011e3c764
                                          • Instruction Fuzzy Hash: 87313C74A105059FCB9AFF38E44496E7BF2FF883107605959E445AB329EB30AC869F81
                                          Function 00D8A0F0 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6083aafc76b98d18be8bf8991de0c06f67a78069e41a80cee80e597ab1db0b7d
                                          • Instruction ID: ac5d693e1054ce636e819b620944a9aff104e93ae6ae0168ac1e189cdadcf4b6
                                          • Opcode Fuzzy Hash: 6083aafc76b98d18be8bf8991de0c06f67a78069e41a80cee80e597ab1db0b7d
                                          • Instruction Fuzzy Hash: BC21D330604214CBDB18FB78D8647AE7BF6EB88304F145429D442AB354DF359D82DBB2
                                          Function 00C1D1D8 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3261680875.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c1d000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13a69cacd6323195e8290e7af8b25ed2240aebcd27b13c28c08a6749be23ad52
                                          • Instruction ID: 28dd74ef74edda878f99d9d6ec30802aa6d64b37cc6485370f1ee1298a5f708b
                                          • Opcode Fuzzy Hash: 13a69cacd6323195e8290e7af8b25ed2240aebcd27b13c28c08a6749be23ad52
                                          • Instruction Fuzzy Hash: 9D2106B1504200DFCB05CF54D9C0B66BF65FB88314F24C569ED1A0B246C336D896EBA1
                                          Function 00D8B6AB Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 149c859942f85d6fa361914db6bf0ca5cbdca9ca5a0772de24f9d93f3080f11a
                                          • Instruction ID: d8ddbaf40c0d181dc807f0a3a300d55428c355cc56c2b786c17b938ca4bd4030
                                          • Opcode Fuzzy Hash: 149c859942f85d6fa361914db6bf0ca5cbdca9ca5a0772de24f9d93f3080f11a
                                          • Instruction Fuzzy Hash: AF21B370304600DFC719FB38E46673D77E2EBC6334B104A6AE4468B359EB3199469BB1
                                          Function 00C1D4A0 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3261680875.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c1d000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dba59906e93140bda99473eb846d5571b626112ce3665ac55dd108fb823e9eb9
                                          • Instruction ID: 9f98382d87e0458a3f691b0164a62a593a84a6c6428640d44d9d9840be74f54b
                                          • Opcode Fuzzy Hash: dba59906e93140bda99473eb846d5571b626112ce3665ac55dd108fb823e9eb9
                                          • Instruction Fuzzy Hash: AF2128B1504200DFDB15DF14D9C0B66BF66FB94318F24C569E90B0B256C336D896EBA2
                                          Function 00D823A5 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3354caf87bef901a042e288a9e85758071cf298b983d4390b978ca2e305a062
                                          • Instruction ID: 1f4e8d509407979dea72f5882de2c1cbd00b0dd8dcd0858552273c45204c2d54
                                          • Opcode Fuzzy Hash: a3354caf87bef901a042e288a9e85758071cf298b983d4390b978ca2e305a062
                                          • Instruction Fuzzy Hash: 9831DC78614200CFD728EF69E81872D7BE1FF85314F248269D0928B3A5CB75D886DF61
                                          Function 00D815F0 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b22cbaf7bc3b5f602a93f1d8d71f9afa00a02585e3ee716b8bdd67ac6d8ad05
                                          • Instruction ID: 0bd2640baf158c00b492318fa41d23ae88d4fe01134544f728ea1612e3c157fb
                                          • Opcode Fuzzy Hash: 6b22cbaf7bc3b5f602a93f1d8d71f9afa00a02585e3ee716b8bdd67ac6d8ad05
                                          • Instruction Fuzzy Hash: FF11D3B1B042059FCB04ABF9485536EBAEAEFC9320B20442DD14AD3741EE348D0257E1
                                          Function 00D815EF Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 578a86d017cd61f474c874504f5e1b6bee9e5992ca9299ed22f826315c881b4e
                                          • Instruction ID: a0144c27f6cbb5a2ce1a743112ae4c35220ba22eef01c4a1e7859b656032ec03
                                          • Opcode Fuzzy Hash: 578a86d017cd61f474c874504f5e1b6bee9e5992ca9299ed22f826315c881b4e
                                          • Instruction Fuzzy Hash: E711B6B1F042059FCB44ABF9485536EBEEAEFC9360B20443DD14AD7745EE348D0697A1
                                          Function 00D80BE4 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: daac33adc7b361833b65470f255cbc599272bd5b31bedf1435003a337c09b805
                                          • Instruction ID: 7e2ba638db2c8979f3747e5e32941209975f290f8c35c0ac1725d544cada2474
                                          • Opcode Fuzzy Hash: daac33adc7b361833b65470f255cbc599272bd5b31bedf1435003a337c09b805
                                          • Instruction Fuzzy Hash: 0A215870A18A01CBDBE87F79D45837E3EA1BB44301F248629D483C66A4DA74D84DEF72
                                          Function 00D8B070 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03c01c5c83941287c82ae21cf966a2d3148f50b58d4a022a1f1107500608624f
                                          • Instruction ID: 9e8d605e1a4dbed259c14fe6f883357648020e706bfe0b30ea062b8144fa5951
                                          • Opcode Fuzzy Hash: 03c01c5c83941287c82ae21cf966a2d3148f50b58d4a022a1f1107500608624f
                                          • Instruction Fuzzy Hash: 1511A7706042009BCB05FBB8D41156E7BE2EBC6360B508B79E01597386EF3199468BF5
                                          Function 00C1D1D3 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3261680875.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c1d000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                                          • Instruction ID: 22bedd2db0e78833f00670e5b9ffb2a5e4a11ebd20a5f22a4a7ccb60409ca778
                                          • Opcode Fuzzy Hash: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                                          • Instruction Fuzzy Hash: 7D21E176504240CFCB16CF40D9C4B56BF72FB84314F24C2AADC190B656C33AD9AADBA1
                                          Function 00D81848 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 873fede3d4cd2ced8063dde7c1f6473198ff08a9dde432ec7e8cf563b6a6baad
                                          • Instruction ID: 5e7204a55543234804e5401c760c30b84f128ea8c124e5e5ec2169ba35464524
                                          • Opcode Fuzzy Hash: 873fede3d4cd2ced8063dde7c1f6473198ff08a9dde432ec7e8cf563b6a6baad
                                          • Instruction Fuzzy Hash: FA117C74B00205AFCB58FBBA984566ABBFAFF882547240479D40AD7314DA31DC46CBA0
                                          Function 00C1D49B Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3261680875.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c1d000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                          • Instruction ID: f6c1f83119d767d959cd3b7a22a6118cf71122208042e7e157c1c88e674b2e6b
                                          • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                          • Instruction Fuzzy Hash: 101126B2404240CFCF12CF04D5C0B56BF72FB94324F24C2A9D90A0B256C33AD99ADBA2
                                          Function 00D8A54F Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc80d54e6bb347903cbfe4a5d27d5012a2b3301621a8b69e5ab6c7ae8767156c
                                          • Instruction ID: 7669615d17a2e259f8a17b91bad04f58435e9d103c9b6a4032e38a54a43b27b9
                                          • Opcode Fuzzy Hash: dc80d54e6bb347903cbfe4a5d27d5012a2b3301621a8b69e5ab6c7ae8767156c
                                          • Instruction Fuzzy Hash: 5811F1B0609398CFD312AF68A80A195BF70FF5B32171440EBE5419B5A6D7319C44EB76
                                          Function 00D81847 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8bd8a33e74aaf2eb1fbca853c979f7ebf7e405f6dd2fe04facb508c5b83df1dd
                                          • Instruction ID: 1e4d5930a61bb906376ab6aa93a9a5235119269a6399ab51dc1c996260248a1d
                                          • Opcode Fuzzy Hash: 8bd8a33e74aaf2eb1fbca853c979f7ebf7e405f6dd2fe04facb508c5b83df1dd
                                          • Instruction Fuzzy Hash: 20118B78A01201AFCB68EBB99845A6ABBF6EF882547240479D40AD7314DA31DC06CBA0
                                          Function 00D8B080 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4eb5def2cf47cfc1c159b69f07447094eca48ff7355174ffd9e8a60597e487cd
                                          • Instruction ID: 746cbd15a133d02aa91e77a387c6df63d09381f00de1a7578b2dde3288af9faa
                                          • Opcode Fuzzy Hash: 4eb5def2cf47cfc1c159b69f07447094eca48ff7355174ffd9e8a60597e487cd
                                          • Instruction Fuzzy Hash: 6F11A5707042048BCB05FB78D4516AE77E2EFC6350B508A79E00597385EF31AA469BF1
                                          Function 00D848F0 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49cc4d4fb42fc6c0ce0e6250b92cb922b4b1ed47c7c2b0467b4ae758766c1521
                                          • Instruction ID: a204ab2f9da4b29b94920d248fdc53029ee55fdb47d10e2d2ea7c0f203900364
                                          • Opcode Fuzzy Hash: 49cc4d4fb42fc6c0ce0e6250b92cb922b4b1ed47c7c2b0467b4ae758766c1521
                                          • Instruction Fuzzy Hash: 01017C313046008BCB29BA79D8912AE76D7EBC9755B14483DE00AD7745CE75DC42A7A2
                                          Function 00D80DC1 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62b75c3751bdc17279dced5a8b5aef1e2960361ce18d735c256904f8ede93a91
                                          • Instruction ID: f5aaa10dcc083ecd5ce474e6f0d18aaa65f03917e8394e1c1eed83cc99692385
                                          • Opcode Fuzzy Hash: 62b75c3751bdc17279dced5a8b5aef1e2960361ce18d735c256904f8ede93a91
                                          • Instruction Fuzzy Hash: AB015B74A017018FCB5AEB38C48475EBBE2AF88700B604D28E402AB355DF74AC4ADB51
                                          Function 00D8A6D2 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4dba70a7917ec7f6a4c51d93db726eaa8dad0d50b42e22acffb31cbe0adae739
                                          • Instruction ID: 93f75451de76e041362ea29488f2bfdcc549dcba9c92c701dfa9930436f8f042
                                          • Opcode Fuzzy Hash: 4dba70a7917ec7f6a4c51d93db726eaa8dad0d50b42e22acffb31cbe0adae739
                                          • Instruction Fuzzy Hash: F3014936309100DFE3006A1CCC45B247B66EB89721F2C80B7E0868B797D571CC01B322
                                          Function 00D89E60 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d9beb981c278996d0b4c32e8d61969d712a4f8be513cac70b0c822950706e43
                                          • Instruction ID: 9eaf6a4a9a10a48f6476f2d95cb0cdc397c7a00515dcba69350e8f4dfdb4eb32
                                          • Opcode Fuzzy Hash: 2d9beb981c278996d0b4c32e8d61969d712a4f8be513cac70b0c822950706e43
                                          • Instruction Fuzzy Hash: 741100B58002498FCB20DF9AC585BDEBFF4EB48324F248859E559A3740D379A944CFA5
                                          Function 00D89E68 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7a79851a44466811d2a33d6e9384ba6fb8e49b612957ebb8bc0f91675d82477
                                          • Instruction ID: 9dc59b3fe2981e13afeeea2c52d3b70de9a32999af98e3e48cd1681fcafe72bf
                                          • Opcode Fuzzy Hash: c7a79851a44466811d2a33d6e9384ba6fb8e49b612957ebb8bc0f91675d82477
                                          • Instruction Fuzzy Hash: F7110DB58002498FCB20DF9AC585B9EBBF8EB48324F24845AD569A3240C379A944CFA5
                                          Function 00D8B640 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51631bbbd5d2eca87cd929a87a19356b726a8dd3f729e41c5e5492842131e2a3
                                          • Instruction ID: 128eda1ed3365889f5bc0093862a555cceb6e1d29e81bac7454c888a74f361b0
                                          • Opcode Fuzzy Hash: 51631bbbd5d2eca87cd929a87a19356b726a8dd3f729e41c5e5492842131e2a3
                                          • Instruction Fuzzy Hash: 11F08170700114A7C704776CC88566ABBE6EBC9320B0189B9E4029F745EF70ED0657E2
                                          Function 00D81715 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1a63315c0cf92f94546f9513769cdcd0f71c9c13d510cf66ead2caecb136c30
                                          • Instruction ID: d9a25e9af4a01889670cf5b06e59ef89659db38357443597a1ccbcb7b4ebede6
                                          • Opcode Fuzzy Hash: f1a63315c0cf92f94546f9513769cdcd0f71c9c13d510cf66ead2caecb136c30
                                          • Instruction Fuzzy Hash: D1F05576F0211ACFCF156F74A8440AC7795EA8202632805BAC94AC7546EA31850E8790
                                          Function 00D8B650 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68745f88ae01d06bbca4da5ca744d3d921128df571d42e38176ebd787b6484a6
                                          • Instruction ID: 8221f8a8f878bb91d74456bf297f63715bf2fc2891cd5cbf3e5146f3e276177a
                                          • Opcode Fuzzy Hash: 68745f88ae01d06bbca4da5ca744d3d921128df571d42e38176ebd787b6484a6
                                          • Instruction Fuzzy Hash: 6CF02770700114A7CB08B66CC89566E7AEAEBCA320B0049BDA1039B749EE70AD0567E1
                                          Function 00D81F67 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 674ee4e372e08cea4aec4cbc21687dd60aa4b59ba9d51617869502564e035133
                                          • Instruction ID: e2cdc8040d7a47db42f4fa9325d7c98278b113bb79ff1be4926f7357280a8d7c
                                          • Opcode Fuzzy Hash: 674ee4e372e08cea4aec4cbc21687dd60aa4b59ba9d51617869502564e035133
                                          • Instruction Fuzzy Hash: 42F0A0707542645BEB146278CC56B7F2AEADB81741F208629E503AB7C4CEE59C0947A2
                                          Function 00D80CBC Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04e1bac32c41d44d09d6f3e21d782dca93ff8abb5868232ca7565f82f698af2a
                                          • Instruction ID: d22ffcc80cd2913f920ef3b04c0d135490b7c90b6471b11cfc4ac49bce7bb55f
                                          • Opcode Fuzzy Hash: 04e1bac32c41d44d09d6f3e21d782dca93ff8abb5868232ca7565f82f698af2a
                                          • Instruction Fuzzy Hash: D4F08230508205CBD7A97F6CC54877C3A71B744304F248656C0838A1A4CA74D84DEF32
                                          Function 00D80C5C Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d8c332e26408a9595a32fb68357fbc8c8a6db80f71049341b36c1e390d876c0
                                          • Instruction ID: d5610036e81c02ef126ff49873a2770e914015f7fa571bee43ba08fcbc6e3104
                                          • Opcode Fuzzy Hash: 9d8c332e26408a9595a32fb68357fbc8c8a6db80f71049341b36c1e390d876c0
                                          • Instruction Fuzzy Hash: 84F08230908205CBD7A57F6CC14837C3A71B744304F288A56C0438A1A4CA74D84DDF32
                                          Function 00D8B29F Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4d6d86685511213b485fd099b4ac44a25710c14bdb27e865cd3b2e5dbeae437
                                          • Instruction ID: bb9f4eba281481191beb192146de148e5f2ed262efcfd561f1deef678c9331be
                                          • Opcode Fuzzy Hash: f4d6d86685511213b485fd099b4ac44a25710c14bdb27e865cd3b2e5dbeae437
                                          • Instruction Fuzzy Hash: 7AF08C34114251CFD719FF58E8A9B2837A4FF09310B64516AE8818B62AC730E882EF61
                                          Function 00D809CA Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 142853392c7b34fd280825a8b8559b2b93506b1f3a082f46c4d3b0faba6992dd
                                          • Instruction ID: 1108dbe318b088c6ec1ae436c055381aafa532f96a9501b4c18a4b6349609000
                                          • Opcode Fuzzy Hash: 142853392c7b34fd280825a8b8559b2b93506b1f3a082f46c4d3b0faba6992dd
                                          • Instruction Fuzzy Hash: 64E04F7106478ADFDB49FF2CCCE1DA83BE0FB01304B186A55D5019B21EEAA07559EF61
                                          Function 00D82654 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99c172767e27316ed30a0008cce1ad1eb7d195c0797d9aa204644cced52957af
                                          • Instruction ID: e2bd6fe95dec752cd25336e5fef1134a58626261718dd9407da15e63fe1a0c0c
                                          • Opcode Fuzzy Hash: 99c172767e27316ed30a0008cce1ad1eb7d195c0797d9aa204644cced52957af
                                          • Instruction Fuzzy Hash: 1FE04F38106301CFD72EAB35C546A3D77A6AF51314B704068C94286368DB36EC81CF31
                                          Function 00D80981 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37042e92b39a3b4d9faabe0a4b58326c2406c011f163b142fe496b977a876e66
                                          • Instruction ID: d6f138e24afbcf2cf779dfeb0870e54379e79fb44439ee0d0572263ec5e915da
                                          • Opcode Fuzzy Hash: 37042e92b39a3b4d9faabe0a4b58326c2406c011f163b142fe496b977a876e66
                                          • Instruction Fuzzy Hash: 75E0CDF2454B05CFF341FB58D4915953F90F301300B186915D4418731EE594E44E9F62
                                          Function 00D80990 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93e131fd38c8538bd86a7c59f640a4cdc40584f8ae723988d8304232945c956c
                                          • Instruction ID: 7bc88167987f3bf4406d4244eeef37c5acdfd1556041603332820a48599d42cd
                                          • Opcode Fuzzy Hash: 93e131fd38c8538bd86a7c59f640a4cdc40584f8ae723988d8304232945c956c
                                          • Instruction Fuzzy Hash: D9E08CB0424709DFD384FB68D481A197FF0B700300B206925D4469321DE6B0A94DAFA2
                                          Function 00D8098F Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7aacf7978375422382712b102c4a6f45cc9fc596e51bd73050d2451a5279efbd
                                          • Instruction ID: 1800fef52e4c735b9ee79ddc583da4829ac1702f61975ab00ca0bb0cb22d07d6
                                          • Opcode Fuzzy Hash: 7aacf7978375422382712b102c4a6f45cc9fc596e51bd73050d2451a5279efbd
                                          • Instruction Fuzzy Hash: 5BE08CB0828609DFDB85FB78D4D1A5D7FF0F704300B206A29D446E322DE6B0A54DAF62
                                          Function 00D89D99 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18f5fd317421f08ea6532fc6e65393f21b9fad98ba8e885e5189f95ad4639f43
                                          • Instruction ID: d9028e9355ffbb53e9fcf55c0d710b9415c93d8cfce0dee9e1d282a52e655624
                                          • Opcode Fuzzy Hash: 18f5fd317421f08ea6532fc6e65393f21b9fad98ba8e885e5189f95ad4639f43
                                          • Instruction Fuzzy Hash: 02D0A9313000205BCA08A3F9E0544AD3ADAAFCE220B2000A9E009CB761CE25CD0013C0
                                          Function 00D8A423 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff75c3550b68c3365a661d21c21d2f1a1a98ee9cb41be341d54acb54688c6c54
                                          • Instruction ID: 5beac95a6b62163482556292e073a247bb8ea97fcc8e2c0c05501183cb5068e8
                                          • Opcode Fuzzy Hash: ff75c3550b68c3365a661d21c21d2f1a1a98ee9cb41be341d54acb54688c6c54
                                          • Instruction Fuzzy Hash: AAD0A779300505DBC6061B8EA414468FB63FFC431637C845AE00E52150CB32AC63DF52
                                          Function 00D80D5A Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b92ebea52324ba2562a0ae88afac1004512b2c6a677a9052c940a8cb8a165b5
                                          • Instruction ID: 6690b5fe8cfbf62ab97a3da0b5d6cedf04399dc319e7f73a492585f24b7c3335
                                          • Opcode Fuzzy Hash: 8b92ebea52324ba2562a0ae88afac1004512b2c6a677a9052c940a8cb8a165b5
                                          • Instruction Fuzzy Hash: EFB0923BB041249B4A209698BC081ECB328E2882B671051A2EA1AD7A10E6714A2A87A0
                                          Function 00D80841 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8bb31dcb4545a13534ddcd4ebe7fc8ed44ce27a3c95cbd63f33c839b11a1a22
                                          • Instruction ID: 2dc6aac6fafc424ef23ed99dabbc793785c2d8acbdf89f26010e115d67e5940d
                                          • Opcode Fuzzy Hash: a8bb31dcb4545a13534ddcd4ebe7fc8ed44ce27a3c95cbd63f33c839b11a1a22
                                          • Instruction Fuzzy Hash: 30C04C2556D7D04FCB1B43645DE91987F344C5311134D06EBF896C98A7C12E451ACB12
                                          Function 00D824E2 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d21e44f81b701d35cc430693986cdd7ddd4995713dc456f546bc5bf0d4a46302
                                          • Instruction ID: 7975cc426a8df8c9e035591ecc25d7f762b8364899290c4e39261637d4d130a5
                                          • Opcode Fuzzy Hash: d21e44f81b701d35cc430693986cdd7ddd4995713dc456f546bc5bf0d4a46302
                                          • Instruction Fuzzy Hash: 95C08CF6D053049FC302DF60C4890D97B32AE11340B72001AC44282221F5300A02DB58
                                          Function 00D82F5F Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b359cf67800eca63c05945132488674009e98ef65a010cb8b6dbc65f9564f9b4
                                          • Instruction ID: 2773fd13b612336ea9dee83cd0e9bc7da169e642f9e6d7df7412fb050857126b
                                          • Opcode Fuzzy Hash: b359cf67800eca63c05945132488674009e98ef65a010cb8b6dbc65f9564f9b4
                                          • Instruction Fuzzy Hash: FFC08C381444009FC304DB28E088C453F60BF28200310008DE002C7732C321E800CF10
                                          Function 00D82F60 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0562e296dfc7fe5e0b192435623bdda5606bd4cff34ddb64548ef3eb179892ad
                                          • Instruction ID: d77447078dc0894223808b82f4d503ef1b78a0e65819bcb7141a83187a3f6590
                                          • Opcode Fuzzy Hash: 0562e296dfc7fe5e0b192435623bdda5606bd4cff34ddb64548ef3eb179892ad
                                          • Instruction Fuzzy Hash: 11C048392606089F8348EA59E488C127BA8BF58A103511099E5018B726CB21F810DA61
                                          Function 00D8A521 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f02c44d255e7c3723e8ca6e92e5a0abdebba96d778e2b892f78f0b3712e26e7
                                          • Instruction ID: 765eabc645e653eec9b2517d0bf1a782a853bbc874053e01bbcf6a096c7cdd90
                                          • Opcode Fuzzy Hash: 4f02c44d255e7c3723e8ca6e92e5a0abdebba96d778e2b892f78f0b3712e26e7
                                          • Instruction Fuzzy Hash: CAA01122322828CA8A00228AB008AAC2320E2C022232080A3E20AE08008B208A8302A2
                                          Function 00D80970 Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2e101cd1ed06d8b20c288307a70c3e9b2f7e4a46f3cbd5a2ffe07a1822fc113
                                          • Instruction ID: 9388e243ba9973e6d29d27bf16421fe6d50916589e8f0b7d8feb41434b59ab4e
                                          • Opcode Fuzzy Hash: e2e101cd1ed06d8b20c288307a70c3e9b2f7e4a46f3cbd5a2ffe07a1822fc113
                                          • Instruction Fuzzy Hash: BAA02230088B0CCB008033E0380B30E3B2CC800203B800080F00C008020EB3A0200AF3
                                          Function 00D8096F Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fba97d242785cd8fbec1d39d97fb6451e221fc7a8db07682ffb81192b5a86fa
                                          • Instruction ID: 56af19ce696db45695eb17a5d21006e317fb611643eb3b2cc133cf1d7a42375a
                                          • Opcode Fuzzy Hash: 4fba97d242785cd8fbec1d39d97fb6451e221fc7a8db07682ffb81192b5a86fa
                                          • Instruction Fuzzy Hash: 51A0123408C344994B1073B0244668D3F2088001437000189E44A5085285B340154E22
                                          Function 00D8B5DA Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9826526d5262d74ce984b0d72408550778dace143d9dcb12cc5df4ccc6d69fb
                                          • Instruction ID: b6f8b17ec138d5d2342ebc650c1291fc4003d054e06188ce50b3d13f8f9f2ac6
                                          • Opcode Fuzzy Hash: a9826526d5262d74ce984b0d72408550778dace143d9dcb12cc5df4ccc6d69fb
                                          • Instruction Fuzzy Hash: 89A002F5053612CACFAA37B0D4061493524E9816293D455B944544AA10D57AC0469502
                                          Function 00D80850 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.3262676785.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_d80000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b236cd934e1ba99bb77451bed3f83886f277f681a1161a0a233f74fd786f27a4
                                          • Instruction ID: 446693b0c904d44516618f9b6ec8ae339339de08af5673801da29b4c2d0f3cdf
                                          • Opcode Fuzzy Hash: b236cd934e1ba99bb77451bed3f83886f277f681a1161a0a233f74fd786f27a4
                                          • Instruction Fuzzy Hash: 4190023105461C8F4954279579097597B5CD9459157800061B91D859115B6664118595

                                          Execution Graph

                                          Execution Coverage:9.8%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:216
                                          Total number of Limit Nodes:9
                                          execution_graph 54980 58beb28 54981 58beb4a 54980->54981 54984 594c058 54981->54984 54990 594c068 54981->54990 54985 594c07d 54984->54985 54996 594c314 54985->54996 55001 594c0a8 54985->55001 55006 594c098 54985->55006 54986 594c093 54986->54981 54991 594c07d 54990->54991 54993 594c314 2 API calls 54991->54993 54994 594c098 2 API calls 54991->54994 54995 594c0a8 2 API calls 54991->54995 54992 594c093 54992->54981 54993->54992 54994->54992 54995->54992 54998 594c31a 54996->54998 54997 594c201 54997->54986 54998->54997 54999 594ced0 VirtualProtect 54998->54999 55000 594ced8 VirtualProtect 54998->55000 54999->54998 55000->54998 55003 594c0d2 55001->55003 55002 594c201 55002->54986 55003->55002 55004 594ced0 VirtualProtect 55003->55004 55005 594ced8 VirtualProtect 55003->55005 55004->55003 55005->55003 55008 594c0d2 55006->55008 55007 594c201 55007->54986 55008->55007 55009 594ced0 VirtualProtect 55008->55009 55010 594ced8 VirtualProtect 55008->55010 55009->55008 55010->55008 54931 15c0bd8 54932 15c0bf5 54931->54932 54933 15c0c05 54932->54933 54937 15c53a9 54932->54937 54942 15c7f02 54932->54942 54946 15c530b 54932->54946 54938 15c53ad 54937->54938 54939 15c5338 54937->54939 54950 15cf048 54939->54950 54958 56c0588 54942->54958 54962 56c053a 54942->54962 54943 15c1851 54947 15c532a 54946->54947 54949 15cf048 VirtualProtect 54947->54949 54948 15c5351 54949->54948 54952 15cf06f 54950->54952 54954 15cf548 54952->54954 54955 15cf591 VirtualProtect 54954->54955 54957 15c5351 54955->54957 54959 56c059d 54958->54959 54967 56c05ca 54959->54967 54963 56c0547 54962->54963 54964 56c0576 54962->54964 54963->54943 54966 56c05ca 2 API calls 54964->54966 54965 56c05b5 54965->54943 54966->54965 54969 56c05ff 54967->54969 54968 56c05b5 54968->54943 54972 56c06d9 54969->54972 54976 56c06e0 54969->54976 54973 56c0724 VirtualAlloc 54972->54973 54975 56c0791 54973->54975 54975->54968 54977 56c0724 VirtualAlloc 54976->54977 54979 56c0791 54977->54979 54979->54968 55011 5965eb0 55012 5965ec5 55011->55012 55013 5965edb 55012->55013 55015 596636b 55012->55015 55016 5966375 55015->55016 55020 59677d8 55016->55020 55024 59677e8 55016->55024 55017 5966355 55021 59677e8 55020->55021 55028 5967f34 55021->55028 55025 59677fd 55024->55025 55027 5967f34 10 API calls 55025->55027 55026 596781f 55026->55017 55027->55026 55029 5967f4c 55028->55029 55033 5968590 55029->55033 55047 5968581 55029->55047 55030 596781f 55030->55017 55034 59685a5 55033->55034 55035 59685c7 55034->55035 55061 5968d1d 55034->55061 55066 5968e3d 55034->55066 55071 5968f4c 55034->55071 55076 596913f 55034->55076 55081 59694c5 55034->55081 55086 5968a49 55034->55086 55091 59696d8 55034->55091 55097 59697db 55034->55097 55102 5968dcb 55034->55102 55107 596908a 55034->55107 55113 596960a 55034->55113 55035->55030 55048 5968590 55047->55048 55049 59685c7 55048->55049 55050 59694c5 2 API calls 55048->55050 55051 596913f 2 API calls 55048->55051 55052 5968f4c 2 API calls 55048->55052 55053 5968e3d 2 API calls 55048->55053 55054 5968d1d 2 API calls 55048->55054 55055 596960a 2 API calls 55048->55055 55056 596908a 2 API calls 55048->55056 55057 5968dcb 2 API calls 55048->55057 55058 59697db 2 API calls 55048->55058 55059 59696d8 2 API calls 55048->55059 55060 5968a49 2 API calls 55048->55060 55049->55030 55050->55049 55051->55049 55052->55049 55053->55049 55054->55049 55055->55049 55056->55049 55057->55049 55058->55049 55059->55049 55060->55049 55062 59686ff 55061->55062 55063 5969165 55061->55063 55118 5a11760 55063->55118 55122 5a11759 55063->55122 55067 5968e3f 55066->55067 55126 5a11a60 55067->55126 55130 5a11a58 55067->55130 55068 59686ff 55068->55035 55072 5968f54 55071->55072 55134 5a10cb1 55072->55134 55138 5a10cb8 55072->55138 55073 5968f8b 55077 5969149 55076->55077 55079 5a11760 VirtualAllocEx 55077->55079 55080 5a11759 VirtualAllocEx 55077->55080 55078 59686ff 55079->55078 55080->55078 55082 596913f 55081->55082 55083 59686ff 55081->55083 55084 5a11760 VirtualAllocEx 55082->55084 55085 5a11759 VirtualAllocEx 55082->55085 55084->55083 55085->55083 55087 5968a53 55086->55087 55142 5a12143 55087->55142 55146 5a12148 55087->55146 55088 59686ff 55092 59696f0 55091->55092 55150 5969e00 55092->55150 55157 5969e48 55092->55157 55163 5969e58 55092->55163 55093 59686ff 55098 59697ea 55097->55098 55100 5a11a60 WriteProcessMemory 55098->55100 55101 5a11a58 WriteProcessMemory 55098->55101 55099 5968d04 55099->55035 55100->55099 55101->55099 55103 5968dda 55102->55103 55105 5a10cb1 Wow64SetThreadContext 55103->55105 55106 5a10cb8 Wow64SetThreadContext 55103->55106 55104 5968e06 55105->55104 55106->55104 55109 59686ff 55107->55109 55110 5968a49 55107->55110 55108 596910d 55110->55108 55111 5a12143 NtResumeThread 55110->55111 55112 5a12148 NtResumeThread 55110->55112 55111->55109 55112->55109 55114 5969619 55113->55114 55116 5a11a60 WriteProcessMemory 55114->55116 55117 5a11a58 WriteProcessMemory 55114->55117 55115 59686ff 55116->55115 55117->55115 55119 5a117a4 VirtualAllocEx 55118->55119 55121 5a1181c 55119->55121 55121->55062 55123 5a117a4 VirtualAllocEx 55122->55123 55125 5a1181c 55123->55125 55125->55062 55127 5a11aac WriteProcessMemory 55126->55127 55129 5a11b45 55127->55129 55129->55068 55131 5a11aac WriteProcessMemory 55130->55131 55133 5a11b45 55131->55133 55133->55068 55135 5a10d01 Wow64SetThreadContext 55134->55135 55137 5a10d79 55135->55137 55137->55073 55139 5a10d01 Wow64SetThreadContext 55138->55139 55141 5a10d79 55139->55141 55141->55073 55143 5a12148 NtResumeThread 55142->55143 55145 5a121e8 55143->55145 55145->55088 55147 5a12191 NtResumeThread 55146->55147 55149 5a121e8 55147->55149 55149->55088 55151 5969e6f 55150->55151 55152 5969e0a 55150->55152 55153 5969e91 55151->55153 55169 596a4fc 55151->55169 55174 596a44a 55151->55174 55179 596a3ce 55151->55179 55152->55093 55153->55093 55158 5969e6f 55157->55158 55159 5969e91 55158->55159 55160 596a4fc 2 API calls 55158->55160 55161 596a3ce 2 API calls 55158->55161 55162 596a44a 2 API calls 55158->55162 55159->55093 55160->55159 55161->55159 55162->55159 55164 5969e6f 55163->55164 55165 5969e91 55164->55165 55166 596a4fc 2 API calls 55164->55166 55167 596a3ce 2 API calls 55164->55167 55168 596a44a 2 API calls 55164->55168 55165->55093 55166->55165 55167->55165 55168->55165 55170 596a484 55169->55170 55184 5a10408 55170->55184 55188 5a103fd 55170->55188 55171 596aca8 55175 596a46f 55174->55175 55177 5a10408 CreateProcessA 55175->55177 55178 5a103fd CreateProcessA 55175->55178 55176 596aca8 55177->55176 55178->55176 55180 596a3dd 55179->55180 55182 5a10408 CreateProcessA 55180->55182 55183 5a103fd CreateProcessA 55180->55183 55181 596aca8 55182->55181 55183->55181 55186 5a10488 CreateProcessA 55184->55186 55187 5a10684 55186->55187 55187->55171 55190 5a10488 CreateProcessA 55188->55190 55191 5a10684 55190->55191 55191->55171 55196 5947ee8 55197 5947efd 55196->55197 55201 5948321 55197->55201 55206 5948330 55197->55206 55198 5947f13 55203 594832a 55201->55203 55202 59483c0 55202->55198 55203->55202 55211 594bd90 55203->55211 55215 594bd8a 55203->55215 55208 594835a 55206->55208 55207 59483c0 55207->55198 55208->55207 55209 594bd90 SleepEx 55208->55209 55210 594bd8a SleepEx 55208->55210 55209->55208 55210->55208 55212 594bdd4 SleepEx 55211->55212 55214 594be34 55212->55214 55214->55203 55216 594bd90 SleepEx 55215->55216 55218 594be34 55216->55218 55218->55203 55192 596f938 55193 596f987 NtProtectVirtualMemory 55192->55193 55195 596f9ff 55193->55195

                                          Executed Functions

                                          Function 05913473 Relevance: 16.1, Strings: 12, Instructions: 1131COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq$4$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                                          • API String ID: 0-142878317
                                          • Opcode ID: 8868d34f0545b01b4afe77d7d456d27901fc037ee2308b5e227b86120b94e869
                                          • Instruction ID: 005d68367a0391e908d4b739ad4e9bced6c5ff5bab1ab416ab32cc897f81255e
                                          • Opcode Fuzzy Hash: 8868d34f0545b01b4afe77d7d456d27901fc037ee2308b5e227b86120b94e869
                                          • Instruction Fuzzy Hash: D3B2FA74A00228DFDB14CFA4C994BADB7B6FB48700F158599E906AB3A5DB70EC81CF54
                                          Function 059137A7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq$4$$sq$$sq$$sq$$sq
                                          • API String ID: 0-3730739033
                                          • Opcode ID: 4fa70bd91409abcf8126f82312c9e581ea9a26fd8b46b7342d0c157f7e08d59b
                                          • Instruction ID: 5897965f7625c252114a22f2df1cd6f0f006a5d13703af703176146853bcbbac
                                          • Opcode Fuzzy Hash: 4fa70bd91409abcf8126f82312c9e581ea9a26fd8b46b7342d0c157f7e08d59b
                                          • Instruction Fuzzy Hash: 8B220C34A00228CFDB14DFA4C984BADB7B6FF48300F1485A9E909AB395DB30AD85CF54
                                          Function 0596F930 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0596F9ED
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377656933.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5960000_ParamName.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: bdb87a6d42a6fb172c945a9af74049b7e367dbce0e718f5615b91976eaff1db1
                                          • Instruction ID: a36df66b9fb3ef4ff55e1b922d2a61f595183ef230b6dd6ea78dae93e44b4001
                                          • Opcode Fuzzy Hash: bdb87a6d42a6fb172c945a9af74049b7e367dbce0e718f5615b91976eaff1db1
                                          • Instruction Fuzzy Hash: 2441AAB5D042589FCF10CFAAD981ADEFBB5BB59310F10942AE819B7300D735A945CF54
                                          Function 0596F938 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0596F9ED
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377656933.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5960000_ParamName.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 59ebb4cc072d65fe3d083ff71489bd124d657a4377801c1da91a26038586e924
                                          • Instruction ID: 25bb74126a0cef296dda8eafd85741dfb99246367f622e5b0c3394e2a6861100
                                          • Opcode Fuzzy Hash: 59ebb4cc072d65fe3d083ff71489bd124d657a4377801c1da91a26038586e924
                                          • Instruction Fuzzy Hash: E24188B9D002589FCF10CFAAD981ADEFBB5BB49310F10942AE819B7310D735A945CF54
                                          Function 05A12143 Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 05A121D6
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 45a1d428e050b064fd5a9d9ecf3a3538f9238121d6468142b1ec50494512c36e
                                          • Instruction ID: 376f3f66f90df9271f797a12a4b5a0733d96115909f49796f45bfae3270629ae
                                          • Opcode Fuzzy Hash: 45a1d428e050b064fd5a9d9ecf3a3538f9238121d6468142b1ec50494512c36e
                                          • Instruction Fuzzy Hash: 9A3199B5D012189FCB10CFAAD985A9EFBF5BF49310F24942AE819B7300C775A945CF94
                                          Function 05A12148 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 05A121D6
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 13b6aff65a5a680c2cfc750f52af40956d2fd685ab77d17ac0436f38e60ffbc8
                                          • Instruction ID: 4ac9a4d64a637d76f3e5579fd72b966d4ff15fc101d04ea87e10884ea0a786e2
                                          • Opcode Fuzzy Hash: 13b6aff65a5a680c2cfc750f52af40956d2fd685ab77d17ac0436f38e60ffbc8
                                          • Instruction Fuzzy Hash: EC31AAB4D012189FCB10CFAAD984A9EFBF5BF49310F20942AE819B7300C775A945CF94
                                          Function 058B77B0 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: c5b81e68f1e9556bfdacf72da5a4710ef4af2f79e4f0cb146b0d89710f8ac899
                                          • Instruction ID: 9ac3d1ba6447f1c5313d75ec50d7f426ae6486e8bdbcc4f5fa7f2933aca9191d
                                          • Opcode Fuzzy Hash: c5b81e68f1e9556bfdacf72da5a4710ef4af2f79e4f0cb146b0d89710f8ac899
                                          • Instruction Fuzzy Hash: 0FA19E70E05218CBEB54CFA9D585AEDBBFAFB89304F209069D809E7351DB74A945CF04
                                          Function 058B77A0 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: 21d113b93bf170a4b5da5c99de46e09399976f5c546b83828031e46815911707
                                          • Instruction ID: d42247f9ba37c25bf126357cdbfe0f583caf0079f6414f85228805a5bc939caa
                                          • Opcode Fuzzy Hash: 21d113b93bf170a4b5da5c99de46e09399976f5c546b83828031e46815911707
                                          • Instruction Fuzzy Hash: 6EA19D70E05218CFEB14CFA9D585AADBBF6FB89304F209069D809EB351DB74A985CB44
                                          Function 0591A870 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 634 591a870-591a8bc 638 591a8c2-591a8d4 634->638 639 591aa3a-591aa73 634->639 642 591a924-591a96d 638->642 643 591a8d6-591a922 638->643 659 591a970-591a9b0 642->659 643->659 664 591a9b2-591a9b8 659->664 665 591a9ba-591a9c4 659->665 666 591a9c7-591aa0a 664->666 665->666 673 591aa30-591aa37 666->673 674 591aa0c-591aa28 666->674 674->673
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$4'sq$4'sq$4'sq$4'sq$pwq
                                          • API String ID: 0-1920987972
                                          • Opcode ID: 7f395920a6085e321180a572f7da31c3a56d4ceb61449ba8eae978a94e7f9a00
                                          • Instruction ID: 77a6f2e2a7a11fbcee57b5f113eeb19a682e11712d096ac247bb15237c77fd7e
                                          • Opcode Fuzzy Hash: 7f395920a6085e321180a572f7da31c3a56d4ceb61449ba8eae978a94e7f9a00
                                          • Instruction Fuzzy Hash: CD5193B1A042098FCB48DBB9C8907AEBAF7BFC8300F54882CD54A97385DF759D4587A1
                                          Function 058B1FED Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 870 58b1fed-58b1ffb 872 58b2703-58b271e 870->872 873 58b2001-58b2026 870->873 880 58b2726-58b272d 872->880 876 58b011f-58b0127 873->876 877 58b202c-58b2034 873->877 878 58b0129-58b05ae 876->878 879 58b0130-58b1aed 876->879 877->876 878->876 894 58b05b4-58b05bc 878->894 879->876 891 58b1af3-58b1afb 879->891 881 58b2733-58b274c 880->881 882 58b0186-58b018c 880->882 881->876 890 58b2752-58b275a 881->890 885 58b0f69-58b0f93 882->885 886 58b0192-58b01b7 882->886 885->876 896 58b0f99-58b0fa1 885->896 886->876 895 58b01bd-58b01c5 886->895 890->876 891->876 894->876 895->876 896->876
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 3$N$Z$_
                                          • API String ID: 0-996081525
                                          • Opcode ID: ad50c165742296b55f5b43d54ea29810945c75e10d50704c852dd532b6a29a96
                                          • Instruction ID: 777805ea40302dfcf3bc491616a9b8cc2de27148c40840f0d322c02b513ef65e
                                          • Opcode Fuzzy Hash: ad50c165742296b55f5b43d54ea29810945c75e10d50704c852dd532b6a29a96
                                          • Instruction Fuzzy Hash: FF21A570E14228DFEB54AFA5D888BEEBAB9BB09305F0041A9990AA7241C7B44985CF55
                                          Function 059195A8 Relevance: 4.2, Strings: 3, Instructions: 479COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 897 59195a8-59195d0 899 59195d2-5919619 897->899 900 591961e-591962c 897->900 948 5919a75-5919a7c 899->948 901 591963b 900->901 902 591962e-5919639 call 59170c8 900->902 905 591963d-5919644 901->905 902->905 907 591964a-591964e 905->907 908 591972d-5919731 905->908 909 5919654-5919658 907->909 910 5919a7d-5919aa5 907->910 911 5919733-5919742 call 59152d8 908->911 912 5919787-5919791 908->912 914 591966a-59196c8 call 5916e08 call 5917870 909->914 915 591965a-5919664 909->915 920 5919aac-5919ad6 910->920 927 5919746-591974b 911->927 916 5919793-59197a2 call 5914a88 912->916 917 59197ca-59197f0 912->917 959 5919b3b-5919b50 914->959 960 59196ce-5919728 914->960 915->914 915->920 932 59197a8-59197c5 916->932 933 5919ade-5919af4 916->933 938 59197f2-59197fb 917->938 939 59197fd 917->939 920->933 934 5919744 927->934 935 591974d-5919782 call 5919070 927->935 932->948 957 5919afc-5919b14 933->957 934->927 935->948 947 59197ff-5919827 938->947 939->947 963 59198f8-59198fc 947->963 964 591982d-5919846 947->964 970 5919b1c-5919b34 957->970 969 5919b52-5919b65 959->969 959->970 960->948 967 5919976-5919980 963->967 968 59198fe-5919917 963->968 964->963 993 591984c-591985b call 59144b0 964->993 974 5919982-591998c 967->974 975 59199dd-59199e6 967->975 968->967 995 5919919-5919928 call 59144b0 968->995 971 5919b67-5919b6d 969->971 972 5919b6f-5919b75 969->972 970->959 971->972 978 5919b76-5919bb3 971->978 991 5919992-59199a4 974->991 992 591998e-5919990 974->992 981 59199e8-5919a16 call 5916600 call 5916620 975->981 982 5919a1e-5919a6b 975->982 981->982 1003 5919a73 982->1003 996 59199a6-59199a8 991->996 992->996 1006 5919873-5919888 993->1006 1007 591985d-5919863 993->1007 1021 5919940-591994b 995->1021 1022 591992a-5919930 995->1022 1000 59199d6-59199db 996->1000 1001 59199aa-59199ae 996->1001 1000->974 1000->975 1010 59199b0-59199c9 1001->1010 1011 59199cc-59199d1 call 59132b0 1001->1011 1003->948 1017 591988a-59198b6 call 5915750 1006->1017 1018 59198bc-59198c5 1006->1018 1013 5919865 1007->1013 1014 5919867-5919869 1007->1014 1010->1011 1011->1000 1013->1006 1014->1006 1017->957 1017->1018 1018->959 1026 59198cb-59198f2 1018->1026 1021->959 1023 5919951-5919974 1021->1023 1027 5919932 1022->1027 1028 5919934-5919936 1022->1028 1023->967 1023->995 1026->963 1026->993 1027->1021 1028->1021
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hwq$Hwq$Hwq
                                          • API String ID: 0-3312440009
                                          • Opcode ID: 1bf0fadcb4777f00f41139fea8fb781e15b1652949851a0033276a7b682a92a2
                                          • Instruction ID: 627d15c9e67a9eb72e9d88098282cd75e3b7d3f791f80ec0648972cde89f07b5
                                          • Opcode Fuzzy Hash: 1bf0fadcb4777f00f41139fea8fb781e15b1652949851a0033276a7b682a92a2
                                          • Instruction Fuzzy Hash: 74125D30A002198FCB65DFA5C894AAEBBF6FF88300F54856DD9069B394DB35EC46CB54
                                          Function 0591B268 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1040 591b268-591b2a5 1042 591b2c7-591b2dd call 591b070 1040->1042 1043 591b2a7-591b2ac call 591bbd8 1040->1043 1049 591b653-591b667 1042->1049 1050 591b2e3-591b2ef 1042->1050 1045 591b2b2-591b2b4 1043->1045 1045->1042 1047 591b2b6-591b2be 1045->1047 1047->1042 1060 591b6a7-591b6b0 1049->1060 1051 591b420-591b427 1050->1051 1052 591b2f5-591b2f8 1050->1052 1055 591b556-591b593 call 591aa78 call 591da10 1051->1055 1056 591b42d-591b436 1051->1056 1053 591b2fb-591b304 1052->1053 1057 591b748 1053->1057 1058 591b30a-591b31e 1053->1058 1109 591b599-591b64a call 591aa78 1055->1109 1056->1055 1061 591b43c-591b548 call 591aa78 call 591b008 call 591aa78 1056->1061 1065 591b74d-591b751 1057->1065 1073 591b410-591b41a 1058->1073 1074 591b324-591b3b9 call 591b070 * 2 call 591aa78 call 591b008 call 591b0b0 call 591b158 call 591b1c0 1058->1074 1063 591b6b2-591b6b9 1060->1063 1064 591b675-591b67e 1060->1064 1167 591b553-591b554 1061->1167 1168 591b54a 1061->1168 1068 591b707-591b70e 1063->1068 1069 591b6bb-591b6fe call 591aa78 1063->1069 1064->1057 1067 591b684-591b696 1064->1067 1071 591b753 1065->1071 1072 591b75c-591b785 1065->1072 1088 591b6a6 1067->1088 1089 591b698-591b69d 1067->1089 1076 591b710-591b720 1068->1076 1077 591b733-591b746 1068->1077 1069->1068 1071->1072 1072->1068 1084 591b787-591b797 1072->1084 1073->1051 1073->1053 1147 591b3d8-591b40b call 591b1c0 1074->1147 1148 591b3bb-591b3d3 call 591b158 call 591aa78 call 591ad28 1074->1148 1076->1077 1093 591b722-591b72a 1076->1093 1077->1065 1090 591b7e7-591b80e 1084->1090 1091 591b799-591b79e 1084->1091 1088->1060 1172 591b6a0 call 591e1a1 1089->1172 1173 591b6a0 call 591e1b0 1089->1173 1098 591b7a0-591b7ac 1091->1098 1099 591b7af-591b7c7 call 591aa78 1091->1099 1093->1077 1099->1090 1119 591b7c9-591b7ce 1099->1119 1109->1049 1122 591b7d0-591b7db 1119->1122 1123 591b7dd-591b7df 1119->1123 1122->1090 1122->1123 1123->1090 1147->1073 1148->1147 1167->1055 1168->1167 1172->1088 1173->1088
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq$4'sq
                                          • API String ID: 0-1334358483
                                          • Opcode ID: adb8269458de850fa67a60ddd0324247a362915369ba46055270ddd8f273949b
                                          • Instruction ID: dcee1d57b91acd6725eebb83af948d5c7030e80d6288a85b480d07eb7ae5c161
                                          • Opcode Fuzzy Hash: adb8269458de850fa67a60ddd0324247a362915369ba46055270ddd8f273949b
                                          • Instruction Fuzzy Hash: DFF1D834B10118CFCB08DFA4D998A9EBBB6FF89300F558559E806AB365DB71EC42CB54
                                          Function 0591F82F Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1174 591f82f-591f850 1175 591f856-591f85a 1174->1175 1176 591f969-591f98e 1174->1176 1177 591f860-591f869 1175->1177 1178 591f995-591f9ba 1175->1178 1176->1178 1179 591f9c1-591f9f7 1177->1179 1180 591f86f-591f896 1177->1180 1178->1179 1197 591f9fe-591fa54 1179->1197 1191 591f89c-591f89e 1180->1191 1192 591f95e-591f968 1180->1192 1194 591f8a0-591f8a3 1191->1194 1195 591f8bf-591f8c1 1191->1195 1196 591f8a9-591f8b3 1194->1196 1194->1197 1198 591f8c4-591f8c8 1195->1198 1196->1197 1200 591f8b9-591f8bd 1196->1200 1213 591fa56-591fa6d call 56cfc80 1197->1213 1214 591fa78-591fa8f 1197->1214 1201 591f929-591f935 1198->1201 1202 591f8ca-591f8d9 1198->1202 1200->1195 1200->1198 1201->1197 1204 591f93b-591f958 call 59132e0 1201->1204 1202->1197 1209 591f8df-591f926 call 59132e0 1202->1209 1204->1191 1204->1192 1209->1201 1219 591fa73 1213->1219 1224 591fb80-591fb90 1214->1224 1225 591fa95-591fb7b call 591b070 call 591aa78 * 2 call 591b0b0 call 591e878 call 591aa78 call 591da10 call 591b918 1214->1225 1222 591fca3-591fcae 1219->1222 1234 591fcb0-591fcc0 1222->1234 1235 591fcdd-591fcfe call 591b1c0 1222->1235 1232 591fb96-591fc70 call 591b070 * 2 call 591b828 call 591aa78 * 2 call 591ad28 call 591b1c0 call 591aa78 1224->1232 1233 591fc7e-591fc9a call 591aa78 1224->1233 1225->1224 1286 591fc72 1232->1286 1287 591fc7b 1232->1287 1233->1222 1247 591fcd0-591fcd8 call 591b918 1234->1247 1248 591fcc2-591fcc8 1234->1248 1247->1235 1248->1247 1286->1287 1287->1233
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$(wq$Hwq
                                          • API String ID: 0-3835230346
                                          • Opcode ID: 1a264d32fd32a04a0143c1fdb9b8135e4b8f25721804c5716594660e6efc8759
                                          • Instruction ID: 49bec955c323b0baf36b7c2ea76ff7159026623ffb16e6873e735673f457cef0
                                          • Opcode Fuzzy Hash: 1a264d32fd32a04a0143c1fdb9b8135e4b8f25721804c5716594660e6efc8759
                                          • Instruction Fuzzy Hash: 41E13134B00519DFCB08EF64D5949AEBBB2FF89300F518569E806AB364DF34AC45CB95
                                          Function 056E1EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375630865.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56e0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 3d51b864522de6e395edb69c761a8cb8858278fe87d5979e6d8f4c785af4c04b
                                          • Instruction ID: 31f66c1f145ce2842dc9dc460df8425f93f057563500d237c02dea94724d3cd9
                                          • Opcode Fuzzy Hash: 3d51b864522de6e395edb69c761a8cb8858278fe87d5979e6d8f4c785af4c04b
                                          • Instruction Fuzzy Hash: 1342E678E06209CFCB55DFA4C8A8ABEBBB7BB49301F109115DA12A7790CB345D86CF50
                                          Function 056E29D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2018 56e29d0-56e29f8 2019 56e29ff-56e2a28 2018->2019 2020 56e29fa 2018->2020 2021 56e2a2a-56e2a33 2019->2021 2022 56e2a49 2019->2022 2020->2019 2024 56e2a3a-56e2a3d 2021->2024 2025 56e2a35-56e2a38 2021->2025 2023 56e2a4c-56e2a50 2022->2023 2026 56e2e07-56e2e1e 2023->2026 2027 56e2a47 2024->2027 2025->2027 2029 56e2e24-56e2e28 2026->2029 2030 56e2a55-56e2a59 2026->2030 2027->2023 2031 56e2e5d-56e2e61 2029->2031 2032 56e2e2a-56e2e5a 2029->2032 2033 56e2a5e-56e2a62 2030->2033 2034 56e2a5b-56e2ab8 2030->2034 2038 56e2e82 2031->2038 2039 56e2e63-56e2e6c 2031->2039 2032->2031 2036 56e2a8b-56e2aaf 2033->2036 2037 56e2a64-56e2a88 2033->2037 2041 56e2abd-56e2ac1 2034->2041 2042 56e2aba-56e2b2b 2034->2042 2036->2026 2037->2036 2045 56e2e85-56e2e8b 2038->2045 2043 56e2e6e-56e2e71 2039->2043 2044 56e2e73-56e2e76 2039->2044 2048 56e2aea-56e2afb 2041->2048 2049 56e2ac3-56e2ae7 2041->2049 2053 56e2b2d-56e2b8a 2042->2053 2054 56e2b30-56e2b34 2042->2054 2051 56e2e80 2043->2051 2044->2051 2066 56e2b04-56e2b11 2048->2066 2049->2048 2051->2045 2062 56e2b8f-56e2b93 2053->2062 2063 56e2b8c-56e2be8 2053->2063 2057 56e2b5d-56e2b81 2054->2057 2058 56e2b36-56e2b5a 2054->2058 2057->2026 2058->2057 2068 56e2bbc-56e2bdf 2062->2068 2069 56e2b95-56e2bb9 2062->2069 2075 56e2bed-56e2bf1 2063->2075 2076 56e2bea-56e2c4c 2063->2076 2073 56e2b13-56e2b19 2066->2073 2074 56e2b21-56e2b22 2066->2074 2068->2026 2069->2068 2073->2074 2074->2026 2080 56e2c1a-56e2c32 2075->2080 2081 56e2bf3-56e2c17 2075->2081 2085 56e2c4e-56e2cb0 2076->2085 2086 56e2c51-56e2c55 2076->2086 2095 56e2c34-56e2c3a 2080->2095 2096 56e2c42-56e2c43 2080->2096 2081->2080 2097 56e2cb5-56e2cb9 2085->2097 2098 56e2cb2-56e2d14 2085->2098 2089 56e2c7e-56e2c96 2086->2089 2090 56e2c57-56e2c7b 2086->2090 2106 56e2c98-56e2c9e 2089->2106 2107 56e2ca6-56e2ca7 2089->2107 2090->2089 2095->2096 2096->2026 2100 56e2cbb-56e2cdf 2097->2100 2101 56e2ce2-56e2cfa 2097->2101 2108 56e2d19-56e2d1d 2098->2108 2109 56e2d16-56e2d78 2098->2109 2100->2101 2117 56e2cfc-56e2d02 2101->2117 2118 56e2d0a-56e2d0b 2101->2118 2106->2107 2107->2026 2111 56e2d1f-56e2d43 2108->2111 2112 56e2d46-56e2d5e 2108->2112 2119 56e2d7d-56e2d81 2109->2119 2120 56e2d7a-56e2dd3 2109->2120 2111->2112 2128 56e2d6e-56e2d6f 2112->2128 2129 56e2d60-56e2d66 2112->2129 2117->2118 2118->2026 2122 56e2daa-56e2dcd 2119->2122 2123 56e2d83-56e2da7 2119->2123 2130 56e2dfc-56e2dff 2120->2130 2131 56e2dd5-56e2df9 2120->2131 2122->2026 2123->2122 2128->2026 2129->2128 2130->2026 2131->2130
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375630865.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56e0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: cf9e4a0254aa9fef2b444f961f71b417cb3c55ed939a1c0361bec39acd302fa6
                                          • Instruction ID: fc27bcbdda3779ae01d7676cd019f11a25b024961902d8f70e80ab2f6e17a867
                                          • Opcode Fuzzy Hash: cf9e4a0254aa9fef2b444f961f71b417cb3c55ed939a1c0361bec39acd302fa6
                                          • Instruction Fuzzy Hash: 5FF1B134E06219DFCF64DFA4E498AACBBB7BF49315F205169E906A7351DB306886CF40
                                          Function 05916E08 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Plsq$$sq
                                          • API String ID: 0-3423461073
                                          • Opcode ID: 46c83c58aac17de939d42c7709fd4d7cf7999700e8f7e573a69ee09449087663
                                          • Instruction ID: 35061dd91b7b33b0778535bce42a322bb507229381761018b5b6efe0da9ad3c8
                                          • Opcode Fuzzy Hash: 46c83c58aac17de939d42c7709fd4d7cf7999700e8f7e573a69ee09449087663
                                          • Instruction Fuzzy Hash: 61B10474B002198FDB14DF69C884A6E7BF6FF89710B1044A9E906DB3A1DB31EC41CBA5
                                          Function 056E26A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2375 56e26a8-56e26cd 2376 56e26cf 2375->2376 2377 56e26d4-56e26f1 2375->2377 2376->2377 2378 56e2712 2377->2378 2379 56e26f3-56e26fc 2377->2379 2382 56e2715-56e2719 2378->2382 2380 56e26fe-56e2701 2379->2380 2381 56e2703-56e2706 2379->2381 2383 56e2710 2380->2383 2381->2383 2384 56e2934-56e294b 2382->2384 2383->2382 2386 56e271e-56e2722 2384->2386 2387 56e2951-56e2955 2384->2387 2388 56e272a-56e272e 2386->2388 2389 56e2724-56e27c2 2386->2389 2390 56e297f-56e2983 2387->2390 2391 56e2957-56e297c 2387->2391 2395 56e2758-56e277d 2388->2395 2396 56e2730-56e2749 2388->2396 2400 56e27ca-56e27ce 2389->2400 2401 56e27c4-56e2862 2389->2401 2392 56e29a4 2390->2392 2393 56e2985-56e298e 2390->2393 2391->2390 2399 56e29a7-56e29ad 2392->2399 2397 56e2995-56e2998 2393->2397 2398 56e2990-56e2993 2393->2398 2421 56e279e 2395->2421 2422 56e277f-56e2788 2395->2422 2458 56e274c call 5943f30 2396->2458 2459 56e274c call 5943f40 2396->2459 2403 56e29a2 2397->2403 2398->2403 2406 56e27f8-56e281d 2400->2406 2407 56e27d0-56e27f5 2400->2407 2409 56e286a-56e286e 2401->2409 2410 56e2864-56e28ff 2401->2410 2403->2399 2435 56e283e 2406->2435 2436 56e281f-56e2828 2406->2436 2407->2406 2413 56e2898-56e28bd 2409->2413 2414 56e2870-56e2895 2409->2414 2419 56e2929-56e292c 2410->2419 2420 56e2901-56e2926 2410->2420 2444 56e28de 2413->2444 2445 56e28bf-56e28c8 2413->2445 2414->2413 2419->2384 2420->2419 2424 56e27a1-56e27a8 2421->2424 2430 56e278f-56e2792 2422->2430 2431 56e278a-56e278d 2422->2431 2433 56e27aa-56e27b0 2424->2433 2434 56e27b8-56e27b9 2424->2434 2427 56e2752-56e2755 2427->2395 2432 56e279c 2430->2432 2431->2432 2432->2424 2433->2434 2434->2384 2442 56e2841-56e2848 2435->2442 2440 56e282f-56e2832 2436->2440 2441 56e282a-56e282d 2436->2441 2446 56e283c 2440->2446 2441->2446 2447 56e284a-56e2850 2442->2447 2448 56e2858-56e2859 2442->2448 2452 56e28e1-56e28e8 2444->2452 2450 56e28cf-56e28d2 2445->2450 2451 56e28ca-56e28cd 2445->2451 2446->2442 2447->2448 2448->2384 2455 56e28dc 2450->2455 2451->2455 2456 56e28ea-56e28f0 2452->2456 2457 56e28f8-56e28f9 2452->2457 2455->2452 2456->2457 2457->2384 2458->2427 2459->2427
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375630865.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56e0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$4'sq
                                          • API String ID: 0-780347173
                                          • Opcode ID: 07c45d14174fe58c19df7434757972dedf36dac248fc6eb03b15fa80f82ec594
                                          • Instruction ID: fa7a75140824b4ff3e0b2d06f8275c5a8b121fb2c5062ad185ea447ccafa2c2d
                                          • Opcode Fuzzy Hash: 07c45d14174fe58c19df7434757972dedf36dac248fc6eb03b15fa80f82ec594
                                          • Instruction Fuzzy Hash: AFA1E578E02209CFCF58DFA5D4686AEBBB6FF49311F509129D912A7790CB345886CF50
                                          Function 05917689 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2460 5917689-59176c0 2462 59176c6-59176ca 2460->2462 2463 59177ac-59177d1 2460->2463 2464 59176cc-59176d8 2462->2464 2465 59176de-59176e2 2462->2465 2470 59177d8-59177fc 2463->2470 2464->2465 2464->2470 2466 5917803-5917828 2465->2466 2467 59176e8-59176ff 2465->2467 2485 591782f-5917882 2466->2485 2478 5917701-591770d 2467->2478 2479 5917713-5917717 2467->2479 2470->2466 2478->2479 2478->2485 2481 5917743-591775c call 59143e8 2479->2481 2482 5917719-5917732 2479->2482 2493 5917785-59177a9 2481->2493 2494 591775e-5917782 2481->2494 2482->2481 2495 5917734-5917737 2482->2495 2503 5917884-59178a4 2485->2503 2504 59178ba-59178df 2485->2504 2499 5917740 2495->2499 2499->2481 2511 59178e6-591793a 2503->2511 2512 59178a6-59178b7 2503->2512 2504->2511 2518 59179e1-5917a2f 2511->2518 2519 5917940-591794c 2511->2519 2532 5917a31-5917a55 2518->2532 2533 5917a5f-5917a65 2518->2533 2522 5917956-591796a call 5912bf0 2519->2522 2523 591794e-5917955 2519->2523 2528 59179d9-59179e0 2522->2528 2529 591796c-5917991 2522->2529 2539 5917993-59179ad 2529->2539 2540 59179d4-59179d7 2529->2540 2532->2533 2535 5917a57 2532->2535 2536 5917a77-5917a86 2533->2536 2537 5917a67-5917a74 2533->2537 2535->2533 2539->2540 2542 59179af-59179b8 2539->2542 2540->2528 2540->2529 2543 59179c7-59179d3 2542->2543 2544 59179ba-59179bd 2542->2544 2544->2543
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$(wq
                                          • API String ID: 0-707371155
                                          • Opcode ID: ee316cdcc2468d78e7a44877a5548cfbf94185b21bbb7ecf33ad1cc503a3bf65
                                          • Instruction ID: 01e675fc65bf8ee535a4dae1f38fc3797a7fa83abc8b79f3d2ce2799f53f8ac0
                                          • Opcode Fuzzy Hash: ee316cdcc2468d78e7a44877a5548cfbf94185b21bbb7ecf33ad1cc503a3bf65
                                          • Instruction Fuzzy Hash: 9551CE3130421A8FDB59DF68D884AAE7BA6FF84301F148569E806CB391DF39DC46CB91
                                          Function 059150D8 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq$Hwq
                                          • API String ID: 0-584953801
                                          • Opcode ID: 64722b88c99a0ec1379539e8ecdef16ee6ff5d72bcc5d2a306d2882809e640e8
                                          • Instruction ID: 509aef5d3161e5c0c12b09ad83d81c4ab5f104dd9f07c7633c0f33a66494f4ca
                                          • Opcode Fuzzy Hash: 64722b88c99a0ec1379539e8ecdef16ee6ff5d72bcc5d2a306d2882809e640e8
                                          • Instruction Fuzzy Hash: 6C5179307002158FCB99EF69C89856EBBB6AFC9310B51446DD906CB3A4DF35EC0ACB94
                                          Function 0591A860 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq$pwq
                                          • API String ID: 0-2732466833
                                          • Opcode ID: c5fe11278c5a09cbad6d258784714cf52e543d87952a83b6ccd584c7c60d7b37
                                          • Instruction ID: 4bb6c27264fdc1f4e88df50a344236e440b6fd247ae89d571da8ebdb5ff765b1
                                          • Opcode Fuzzy Hash: c5fe11278c5a09cbad6d258784714cf52e543d87952a83b6ccd584c7c60d7b37
                                          • Instruction Fuzzy Hash: 5941CF70A002099FCB54DB68C8807AEBBB6FFC8300F54892CD94A97241DF71AD458BA1
                                          Function 058B0A98 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: O$c
                                          • API String ID: 0-2715075243
                                          • Opcode ID: 89d81deb5de1d17f3ba5ef4d1ef20658afaac243f5d5cab38e01c82609581360
                                          • Instruction ID: acd27db424530f9baef469201e31088df702e82261401df01a13ab8b4a71c482
                                          • Opcode Fuzzy Hash: 89d81deb5de1d17f3ba5ef4d1ef20658afaac243f5d5cab38e01c82609581360
                                          • Instruction Fuzzy Hash: 8641B774A14268DFEB15DF20D888BAEBBB6FB48304F5085E9D90AA7240CB745E85CF44
                                          Function 0591C140 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq
                                          • API String ID: 0-2764286452
                                          • Opcode ID: ec37b0608a82414de16048296ede18cfcedbb7b9506d15260d0832f02b75fb69
                                          • Instruction ID: d76684c9864bc65266c5d43b1fbd9285795c9da03067c72945246ed33534760a
                                          • Opcode Fuzzy Hash: ec37b0608a82414de16048296ede18cfcedbb7b9506d15260d0832f02b75fb69
                                          • Instruction Fuzzy Hash: 55520975A102288FDB64CF68C985BEDBBF6BB88300F1540D9E949E7391DA309D85CF61
                                          Function 05916680 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_sq
                                          • API String ID: 0-3300063
                                          • Opcode ID: 5b563e185af13b0c82c7ccf07954bf7dad1d68a161b2d43dd4a75f026882bd73
                                          • Instruction ID: 3af3274062bd1e32f565ccc6528ad1a1e0cca6aee3969d315274c91751f3fcc0
                                          • Opcode Fuzzy Hash: 5b563e185af13b0c82c7ccf07954bf7dad1d68a161b2d43dd4a75f026882bd73
                                          • Instruction Fuzzy Hash: 62227C75A102189FCB04DF68D494AADBBF6FF88310F558069E906AB3A1CB75EC40CB94
                                          Function 05A103FD Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A1066F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 890d0acb7cb677e9446569c224dfea1ce226de01aa4f74850053bcf53d052c0f
                                          • Instruction ID: d038e1d3454015e5d55ec0a3e053fbeb8ce03f825125eb0e14b34147fc1bb2ba
                                          • Opcode Fuzzy Hash: 890d0acb7cb677e9446569c224dfea1ce226de01aa4f74850053bcf53d052c0f
                                          • Instruction Fuzzy Hash: 92A102B0D00219CFDF20CFA9C889BEDBBB1BF09310F149169E869A7240DB749985CF49
                                          Function 05A10408 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A1066F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 8cceda33907a583fcb176b4ef0c5ee004bfe74c8e747d5234594459dd6ae5799
                                          • Instruction ID: de6da87fade9c003182189fd1f6f25d582c20bfb6c03d003659afea810d6e656
                                          • Opcode Fuzzy Hash: 8cceda33907a583fcb176b4ef0c5ee004bfe74c8e747d5234594459dd6ae5799
                                          • Instruction Fuzzy Hash: 9FA1F3B0D00219CFDF20CFA9C889BEDBBB1BB49310F149169E869A7240DB749985CF49
                                          Function 0591CFA9 Relevance: 1.7, Strings: 1, Instructions: 421COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $sq
                                          • API String ID: 0-923501781
                                          • Opcode ID: 0e204274457b2f40e4233870255df6a9c7bc623b1ca0909f5c4cd47b2d8d3cef
                                          • Instruction ID: 15b0f0680b2f5715994d5e3ce068655b8ccdea5da315fe5d30c3fd8bd508504f
                                          • Opcode Fuzzy Hash: 0e204274457b2f40e4233870255df6a9c7bc623b1ca0909f5c4cd47b2d8d3cef
                                          • Instruction Fuzzy Hash: 02E1DC7171432A8FE724EF68C48867E7AE6BF84210F544429EE92CB3D1DA34EC45C759
                                          Function 05A11A60 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A11B33
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 66c7b9fbc737bafd2fcf889f21af4bb65c805e37c8d666c8dcbab6f08790a5b0
                                          • Instruction ID: 208dcd5b4143fe069f526ad0b655d9d739e7d6ca2d9773d6b93442a81b191ff5
                                          • Opcode Fuzzy Hash: 66c7b9fbc737bafd2fcf889f21af4bb65c805e37c8d666c8dcbab6f08790a5b0
                                          • Instruction Fuzzy Hash: 3641BAB4D012589FCF00CFA9D984ADEFBF1BB49310F20902AE819B7200D735AA45CF58
                                          Function 05A11A58 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A11B33
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: e71200027cb3b88112d16da454f746670ac6ae1b33b21167e7b802c2cfb935c0
                                          • Instruction ID: fada7f0e800f7e9f5f22a463d704cd191d3c6661fd506f899a2bbdd24fd4f03c
                                          • Opcode Fuzzy Hash: e71200027cb3b88112d16da454f746670ac6ae1b33b21167e7b802c2cfb935c0
                                          • Instruction Fuzzy Hash: 3C41BCB5D012589FCF00CFA9D984ADEFBF1BB49310F24942AE819B7240D334AA45CF54
                                          Function 0594CED0 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0594CF7C
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377465820.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5940000_ParamName.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: f3ec9860bd295f8f7ffdef4c94ed9e8d668765f7e264d298c7c90928a01049e9
                                          • Instruction ID: 997b7789c03916e85cc879fdd984822cfde6fa17d85e327a26f59877c87a26f0
                                          • Opcode Fuzzy Hash: f3ec9860bd295f8f7ffdef4c94ed9e8d668765f7e264d298c7c90928a01049e9
                                          • Instruction Fuzzy Hash: DA31DBB5D012589FCF10CFA9D880AEEFBF1BB49320F14942AE815B7210D739A945CF54
                                          Function 05A11760 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A1180A
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: b41e23bbbbaf5e8459f0ad01ecd9df613bac6f73d1efea8f1b3e9ecb4dc23cd7
                                          • Instruction ID: 0ea9bfe73b4aee1f9281c03e22117d0c127ab2794e8fb6c16c52ba88c5cddfef
                                          • Opcode Fuzzy Hash: b41e23bbbbaf5e8459f0ad01ecd9df613bac6f73d1efea8f1b3e9ecb4dc23cd7
                                          • Instruction Fuzzy Hash: 4831A8B9D002589FCF10CFA9D980A9EFBB5FB59320F10A42AE819B7310D735A905CF58
                                          Function 05A11759 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A1180A
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: cd26ddf285c82ce365e4339e1cdac287e192ab5d1fbbfe7ee10773c43edeeff3
                                          • Instruction ID: 2601086de800a9d33810e4f2ad5290f746f016dea4bdf5fa66f7a7da13b4b614
                                          • Opcode Fuzzy Hash: cd26ddf285c82ce365e4339e1cdac287e192ab5d1fbbfe7ee10773c43edeeff3
                                          • Instruction Fuzzy Hash: 363198B9D00258DFCF10CFA9D981A9EFBB1BB59320F10942AE915B7310D735A945CF58
                                          Function 0594CED8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0594CF7C
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377465820.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5940000_ParamName.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 4d7020b643bc9bfa6f5618de7688027c99f71606d48ccfa708291f4e87b23658
                                          • Instruction ID: 891b04f6adcbaf14abdfc14d163fa8d3432032a9a55f10dbb208f368d6cd8e47
                                          • Opcode Fuzzy Hash: 4d7020b643bc9bfa6f5618de7688027c99f71606d48ccfa708291f4e87b23658
                                          • Instruction Fuzzy Hash: 8331CAB4D012589FCF10CFA9D984AEEFBF1BB49320F24942AE815B7210D739A945CF54
                                          Function 015CF548 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 015CF5EC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2365469685.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_15c0000_ParamName.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 42f24f39cb59e5b0d77a22c138f3325aa74e8b1961881194841f2fe9d753dc14
                                          • Instruction ID: 91a552a75973d4ab1697010fbfef4b08425e2e8f8515d447b8f7cdeee135ff7e
                                          • Opcode Fuzzy Hash: 42f24f39cb59e5b0d77a22c138f3325aa74e8b1961881194841f2fe9d753dc14
                                          • Instruction Fuzzy Hash: D931A8B4D002489FCF14CFA9D980A9EFBF1BB49310F20942AE819BB210D735A945CF54
                                          Function 05A10CB1 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05A10D67
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 0ffd997b809439fdc34bddf5e422be10ffc66e3cea745ad756a77fa8405559f0
                                          • Instruction ID: 20d8934bb9e1975c0c28fa89b604142dca53ff26a756558b9c56061181a6c717
                                          • Opcode Fuzzy Hash: 0ffd997b809439fdc34bddf5e422be10ffc66e3cea745ad756a77fa8405559f0
                                          • Instruction Fuzzy Hash: C541BDB5D012589FCB10CFA9D985AEEBBF1BF48310F24842AE419B7240C738A985CF64
                                          Function 05A10CB8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05A10D67
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377891395.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5a10000_ParamName.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 3d904a03977a64376fb3d5759e066ff0d74905955a0b549da0f3db05b8e8e423
                                          • Instruction ID: 4e6bc00f46969e912aee2288c973453ec824616c098a9d3900a071d4af570ef2
                                          • Opcode Fuzzy Hash: 3d904a03977a64376fb3d5759e066ff0d74905955a0b549da0f3db05b8e8e423
                                          • Instruction Fuzzy Hash: DE31ACB4D002589FCB10CFA9D985ADEBBF5BB49310F24802AE419B7240C7786985CF64
                                          Function 0594BD8A Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377465820.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5940000_ParamName.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: a03cd76415b4cfe60a737f3c38688b69affdaddd374e3f2f00b332e4e6df4f6f
                                          • Instruction ID: a00854af56430b06e4a5782bb30be2ea5b338738f3531795dd47bbac59cb524d
                                          • Opcode Fuzzy Hash: a03cd76415b4cfe60a737f3c38688b69affdaddd374e3f2f00b332e4e6df4f6f
                                          • Instruction Fuzzy Hash: DE31DBB5D012189FCF10CFAAD980A9EFBF5AB48310F14942AE805B7240C739A945CF94
                                          Function 0594BD90 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2377465820.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5940000_ParamName.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: e313416b45c69fa5b78b88df9d130098b92537aee3191c9a24f972278ed0d3bd
                                          • Instruction ID: f7aa1108a62f92c3e910b8c26c0eee04fbac9692dcbb385be713b682e7fc89e0
                                          • Opcode Fuzzy Hash: e313416b45c69fa5b78b88df9d130098b92537aee3191c9a24f972278ed0d3bd
                                          • Instruction Fuzzy Hash: CF31CAB4D012589FCF10CFAAD980AAEFBF5BB49310F24942AE815B7240C739A945CF94
                                          Function 0591C130 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,wq
                                          • API String ID: 0-2764286452
                                          • Opcode ID: b82b4fbbcae5482f03ae6f55bb11ba034963baa92c87d76009cb8a64f6266fbc
                                          • Instruction ID: b4b0e4a028a6db8cac18917310950fe3be630c6e54e6f4d36bd238e7c5788f67
                                          • Opcode Fuzzy Hash: b82b4fbbcae5482f03ae6f55bb11ba034963baa92c87d76009cb8a64f6266fbc
                                          • Instruction Fuzzy Hash: BFC14575A1022C8FDB54DBA8C945BEDBBF6BF88700F158095EA0997351CA30DD85CF61
                                          Function 0591B258 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 0ee7ab58e50263a18cf9b0b09ea04d1f817ec68b9629a67f91d336f9c8cc5197
                                          • Instruction ID: a4490d165c7e37a94010d72c84d5280f70b95f345057f0e2cbeaebf839ec7bea
                                          • Opcode Fuzzy Hash: 0ee7ab58e50263a18cf9b0b09ea04d1f817ec68b9629a67f91d336f9c8cc5197
                                          • Instruction Fuzzy Hash: 91A1DA34A10218DFCB04DFA4D998A9DBBB7FF89300F558559E806AB365DB30BC46CB94
                                          Function 0591EA50 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 2107a7cfe8a6aa2ebe3771ea283cffc01d3bf10fdbfe88ec246fdd37c9632e0e
                                          • Instruction ID: 6eb82e8f611a724e0c7adfb90a970eed0a4f2cadd1cfb6667aabc04684cc112c
                                          • Opcode Fuzzy Hash: 2107a7cfe8a6aa2ebe3771ea283cffc01d3bf10fdbfe88ec246fdd37c9632e0e
                                          • Instruction Fuzzy Hash: F3712130B10218DFDB15DB64C894BAEBBB6BFC8700F144459E906AB395CF75AC41CB94
                                          Function 05910ED8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: pwq
                                          • API String ID: 0-3750715768
                                          • Opcode ID: b72c3775884031bdb1b2c7488680128fdc6bc3b19ac4bbae8505311d0b1ccb65
                                          • Instruction ID: 3e9a5222b3bc492011a825c8de01e5bdcbf25fe26349b6937d1ef80922e68cd1
                                          • Opcode Fuzzy Hash: b72c3775884031bdb1b2c7488680128fdc6bc3b19ac4bbae8505311d0b1ccb65
                                          • Instruction Fuzzy Hash: 5D514C76600104AFCB469FA8C855D69BFF7FF8D31071A80D8E6099B272DA32DC21EB55
                                          Function 05911E90 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq
                                          • API String ID: 0-1062398946
                                          • Opcode ID: e6dfa8dd2d8e692097731b0cee5e2dfb157efd6329b468d52aa0427cb4a71d5b
                                          • Instruction ID: 69f966571299650d140deb17994ae7a7def67dc5bdfbc14e7cf3962f64b43d49
                                          • Opcode Fuzzy Hash: e6dfa8dd2d8e692097731b0cee5e2dfb157efd6329b468d52aa0427cb4a71d5b
                                          • Instruction Fuzzy Hash: 5851E435A0061A9FCB10DF59C48096AFBB5FF85320B558655EE259B341D730FC55CB88
                                          Function 0591D630 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (wq
                                          • API String ID: 0-1062398946
                                          • Opcode ID: 4be33f71cb9907d4214040dcf096c6b4ef4d4002db3f009f0e8a74d5dee19e27
                                          • Instruction ID: 9a0980f11a30ebca833ebe0d51e448242990869a4ff0e9244aa2418105a405b0
                                          • Opcode Fuzzy Hash: 4be33f71cb9907d4214040dcf096c6b4ef4d4002db3f009f0e8a74d5dee19e27
                                          • Instruction Fuzzy Hash: 5541C6303042648FCB48DF39C854A7E7BEABFC9650B154069E946CB3A1CE34DD02CB95
                                          Function 0591EEF8 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: e28c0c0de1785adf308a2bc02981ad8d6ca42c1d8e631a04f8e8ec175b38b730
                                          • Instruction ID: 21bb7f05be59b2dabeee46eac13f1232ccb7255c8662250e942b3c7a206f233d
                                          • Opcode Fuzzy Hash: e28c0c0de1785adf308a2bc02981ad8d6ca42c1d8e631a04f8e8ec175b38b730
                                          • Instruction Fuzzy Hash: 38416734B1062C8FCB15EB64C498A6EB7BBAFC9700F504519E806AB394DF74AC46CB95
                                          Function 0591E900 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 54859915676daebc4832faf3d55184f9ab40486fbead2841fb99edd85039edc0
                                          • Instruction ID: 4a440e6195a5f35c6297b63ad421cded11cbf60d39a6107da0bcc2f4d8ddcbfb
                                          • Opcode Fuzzy Hash: 54859915676daebc4832faf3d55184f9ab40486fbead2841fb99edd85039edc0
                                          • Instruction Fuzzy Hash: 81314F717006149FD358DB68C899F2B7BAABFC8714F104468EA0A8B3A1CE71EC42C795
                                          Function 0591E910 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 25c4cfc50e6017db300937f363cb0146f406f49f0238a2e49c18a3d99de5e03c
                                          • Instruction ID: 7445822ab9825f64e659c65ba9237f5bb32783490591c849caa43ab63bf3a978
                                          • Opcode Fuzzy Hash: 25c4cfc50e6017db300937f363cb0146f406f49f0238a2e49c18a3d99de5e03c
                                          • Instruction Fuzzy Hash: 3D314C717006149FD318DB68C899F2B7BEAAFCC710F104468EA0A8B3A1CE71EC428795
                                          Function 0591A2D0 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 1be3d3c7d6bae65d8f551137d467b1ed10df1409cb4fcbdb6cd4891cbad3611a
                                          • Instruction ID: 6b1c8123a7a531d7092845c6b7234acb0ef36e5614c8a1768b6c5262a2944a64
                                          • Opcode Fuzzy Hash: 1be3d3c7d6bae65d8f551137d467b1ed10df1409cb4fcbdb6cd4891cbad3611a
                                          • Instruction Fuzzy Hash: 7F31A4717001149FCB55DF94D89496EBFB6FF8C210B054469FE159B3A5CA31EC46CB90
                                          Function 056C06D9 Relevance: 1.3, APIs: 1, Instructions: 95memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 056C077F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375579928.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56c0000_ParamName.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: c7e31a759a59241d63974a46a9fa23d31206b8ed7690dae22d7171376dcb4198
                                          • Instruction ID: 84273902e37ccb7e774aa57e64a49e080d395b3bb9dba62024fcbe7b7754f103
                                          • Opcode Fuzzy Hash: c7e31a759a59241d63974a46a9fa23d31206b8ed7690dae22d7171376dcb4198
                                          • Instruction Fuzzy Hash: DA31AAB8D002489FCF14CFA9D984A9EFBB1EF59320F24942AE819B7210C735A945CF94
                                          Function 056C06E0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 056C077F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375579928.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56c0000_ParamName.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: b5589e95d8098e7ab95aa068103e54323b502f9db2fc812ae6aae905f5a95553
                                          • Instruction ID: 44dcff431126d12aac6813c16f782f70920911b2752410849c07f1b30c6ade70
                                          • Opcode Fuzzy Hash: b5589e95d8098e7ab95aa068103e54323b502f9db2fc812ae6aae905f5a95553
                                          • Instruction Fuzzy Hash: C931A9B8D00248DFCF14CFA9D984AAEFBB5EB59320F20941AE815B7210C735A945CF94
                                          Function 056E1E8D Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2375630865.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_56e0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 58218a27631530597a16d6858c27eaa1cfd2f4504ed87b58357d66da81358113
                                          • Instruction ID: a7f5b9bebfc676dc4ed587c52b6e72ae42a7e6fbad11adb0ce194907c76a6154
                                          • Opcode Fuzzy Hash: 58218a27631530597a16d6858c27eaa1cfd2f4504ed87b58357d66da81358113
                                          • Instruction Fuzzy Hash: AF316774D0A209CFCB15CFA4D4146FDBBB2FB46312F10816AD511A7392D7345A86CF90
                                          Function 059159E0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<sq
                                          • API String ID: 0-1142556907
                                          • Opcode ID: 301b905a4bfcaf3bfa9eab0d48ba5a3467643487e4443cc3bb571b2a7209c9ed
                                          • Instruction ID: 2cb21a8690749a2f68e4ec61ebb0ff2f2b4b14b51ac38f74cc63778bec6d8e2e
                                          • Opcode Fuzzy Hash: 301b905a4bfcaf3bfa9eab0d48ba5a3467643487e4443cc3bb571b2a7209c9ed
                                          • Instruction Fuzzy Hash: 59214F703441589FCB15CF2AC880AAA7BEABF8D211B0A8055FC46CB361CB75DC51CF60
                                          Function 059159CF Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<sq
                                          • API String ID: 0-1142556907
                                          • Opcode ID: 4f7c7abe7b232fae3d95e1c27d151cc49648f076ab73590434b687607ef30ff0
                                          • Instruction ID: f104640a457aa0d526b960b54d60aaba5482853ba179ca648cc92d58f10c19db
                                          • Opcode Fuzzy Hash: 4f7c7abe7b232fae3d95e1c27d151cc49648f076ab73590434b687607ef30ff0
                                          • Instruction Fuzzy Hash: 4E215E313441589FDB15CF69C894AAA7BEABF8D201F4A8496FD46CB2A1CB35DC51CF20
                                          Function 058B8C07 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8
                                          • API String ID: 0-4194326291
                                          • Opcode ID: 3e50eeed0bf8517aee4775f66a817f061765fcac75b9d2f37bc324ff96b3e524
                                          • Instruction ID: f46167210c25d9e5f4eed816a0a7bb184e05e326342573e0ba5c1755773efcc9
                                          • Opcode Fuzzy Hash: 3e50eeed0bf8517aee4775f66a817f061765fcac75b9d2f37bc324ff96b3e524
                                          • Instruction Fuzzy Hash: 9F11F8B4A10618CFDB60DF24C994699BBF6FB89301F1480E9DA09AB311DA31AE84CF55
                                          Function 058B1D1D Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6
                                          • API String ID: 0-498629140
                                          • Opcode ID: 227cdfcdb0453de0d78b5d80d208d6399a6efcdc452b185fc8a231e336ab9ab0
                                          • Instruction ID: 7c7cae9889e1a688a70c7baf73927099021a5a0b9dd2fbfc9b52c3cf2e58ba60
                                          • Opcode Fuzzy Hash: 227cdfcdb0453de0d78b5d80d208d6399a6efcdc452b185fc8a231e336ab9ab0
                                          • Instruction Fuzzy Hash: 87F07470D12228EFEB19DF94D888A9EBBB5BB08304F4055A9E805F3390D7749981CF40
                                          Function 05CB0A97 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ?
                                          • API String ID: 0-1684325040
                                          • Opcode ID: a2ee2c8445b43a6d7065af50c267e215a43ccba6c9c33e2edf0aa124d146ea8b
                                          • Instruction ID: 4963fa48d3731d3ba5c80adfcc33cbef3772a1a274684768f9ff838b44dd1d0b
                                          • Opcode Fuzzy Hash: a2ee2c8445b43a6d7065af50c267e215a43ccba6c9c33e2edf0aa124d146ea8b
                                          • Instruction Fuzzy Hash: 43E0C271A402268FE366DE14C51CBA7B7BAEB8A701F2004A58915A72C0DEB84D44CBA1
                                          Function 058B03D7 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ?
                                          • API String ID: 0-1684325040
                                          • Opcode ID: 1bb2e09f9aa2677aa1c6e241c02a63960b3e24647f75505b8bb8a7019f561eb0
                                          • Instruction ID: 84cacb959cfdfa1fdebdf1d047fb09d3c9c3ac4c342ddfc380776a1bdd30263a
                                          • Opcode Fuzzy Hash: 1bb2e09f9aa2677aa1c6e241c02a63960b3e24647f75505b8bb8a7019f561eb0
                                          • Instruction Fuzzy Hash: 92D04274D02219DFDB26DF60D544AAEB7BABF45205F101199E805B6351C7715E45CF01
                                          Function 0591F148 Relevance: .4, Instructions: 437COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1d160e20bc22b26f914d1cff1969abd83b752a0268db8a740bda1dfb88a1606
                                          • Instruction ID: ba6ea4e2753b71878815d3d4fcbfd5423694664eca47c9a0f07f1b9130941d8f
                                          • Opcode Fuzzy Hash: a1d160e20bc22b26f914d1cff1969abd83b752a0268db8a740bda1dfb88a1606
                                          • Instruction Fuzzy Hash: B7120B34B002288FCB14EF64C994B9DBBB6BF89300F5085A9D94AAB355DF30ED85CB54
                                          Function 05912208 Relevance: .2, Instructions: 240COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8b55b72172e7e080686c6fdf4efce65bf4a231a6be8154ab79ee41d073ea3d7
                                          • Instruction ID: 887066d0aaf8e1620c385b6d3c74c518faf7e4acdf15e3ecc06db931cb0d7f1f
                                          • Opcode Fuzzy Hash: d8b55b72172e7e080686c6fdf4efce65bf4a231a6be8154ab79ee41d073ea3d7
                                          • Instruction Fuzzy Hash: 23917A39B012189FCB04DFA6D985AADBBF6FB88211F148069ED01DB390CB35ED42CB54
                                          Function 05917B68 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26965049bfb4190461961ae48a74a2177d4fbf736a1f2ddcc378d4157dec09df
                                          • Instruction ID: 4685cd59ff9d3d5d5af3d13bd10a14a88af1b1a36c1dc9c98e366325db58fab4
                                          • Opcode Fuzzy Hash: 26965049bfb4190461961ae48a74a2177d4fbf736a1f2ddcc378d4157dec09df
                                          • Instruction Fuzzy Hash: 69810B79A00219CFCB14DFA8C5849AEBBF6FF48750B1585A9E816DB361DB30ED41CB90
                                          Function 05CC9B78 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f19008a6b50eab2b3f1ad92dd48e58ca41b405b41a1b151207c3f67e0833db28
                                          • Instruction ID: 2f85509522d198f45f8ea7ed6a575e58837e9f57e171856dff3697b1beb75d4a
                                          • Opcode Fuzzy Hash: f19008a6b50eab2b3f1ad92dd48e58ca41b405b41a1b151207c3f67e0833db28
                                          • Instruction Fuzzy Hash: 2361C374E01219DFCB14DFA9D8586EEBBF2FB89300F1089A9D41AA7244DB746A45CF84
                                          Function 0591AE38 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e588e78c43c9dd6ebe4d7dec7267f455ab2a4926678967a59121eb4fbbf52df
                                          • Instruction ID: 774009a082acfcf4b3f685eea29e77de6f4a3271dc4a85c56cb47ad219911ebc
                                          • Opcode Fuzzy Hash: 5e588e78c43c9dd6ebe4d7dec7267f455ab2a4926678967a59121eb4fbbf52df
                                          • Instruction Fuzzy Hash: 47515E34B105199FCB08DF64E498AAEBBBAFF88711F008519F90697364DF34AD46CB81
                                          Function 058B74E3 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cdcc2ed310579a3f943bd5113daca6aaffd6331608d27c95ffcd36444749b639
                                          • Instruction ID: 8a34d2e552ed123dadd430eaf9ebe85361ed9b9c4e5be8054562000af4914f39
                                          • Opcode Fuzzy Hash: cdcc2ed310579a3f943bd5113daca6aaffd6331608d27c95ffcd36444749b639
                                          • Instruction Fuzzy Hash: 9851B0B4E00208DFDB28CFB9D554A9DBBB6FF89310F20816AE815AB365DB719941CF50
                                          Function 058B74F0 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13253293edf0d3e73b1d27ac72c3e28d5ebb7087076f8bb78d52abd937aa037e
                                          • Instruction ID: 5922cdeec100ae0f0ec1e3d4fa29cde5a3fb792fca6b5951b5d93ccddd84d5f2
                                          • Opcode Fuzzy Hash: 13253293edf0d3e73b1d27ac72c3e28d5ebb7087076f8bb78d52abd937aa037e
                                          • Instruction Fuzzy Hash: C451B2B4E01208DFDB18DFA9D554ADDBBB2FF89300F208129E815AB364DB759941CF40
                                          Function 0591DA10 Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7cc85f2e22b18a8ed10cec2a25458478ca8024956ce45c714de8662eb43d693
                                          • Instruction ID: bd056a1fd2e55c69b7f62b40f08282315e70d1f88a1e243f63592b628d007f96
                                          • Opcode Fuzzy Hash: a7cc85f2e22b18a8ed10cec2a25458478ca8024956ce45c714de8662eb43d693
                                          • Instruction Fuzzy Hash: 7F31D536610618DFCB05DF58D898EA9BBB6FF48320F1640A8E9099B372C731ED55DB44
                                          Function 05912AB8 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef25df5eb5f1a181cfb5305c0d5f39cd59c2132e1de909c03e83cfc050dfb3d3
                                          • Instruction ID: 325333e3aa073c943cf217a4e1b7ff76b25cf22cd8daeb345583ad4c265ffc2f
                                          • Opcode Fuzzy Hash: ef25df5eb5f1a181cfb5305c0d5f39cd59c2132e1de909c03e83cfc050dfb3d3
                                          • Instruction Fuzzy Hash: 8E41AE35A002298FDF14DFA6CA45ABFBBB9FF89300F008469D806E72A1D735D945CB95
                                          Function 058BF970 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50b6ec08007df7ad8055c42c50f8a9e553557aea3966c1a0ec86d4008b12e521
                                          • Instruction ID: ebae09ca43b07649a530a3c2b84e67df109c4081740452303a4c8a0aa35b374d
                                          • Opcode Fuzzy Hash: 50b6ec08007df7ad8055c42c50f8a9e553557aea3966c1a0ec86d4008b12e521
                                          • Instruction Fuzzy Hash: 3441D274E142089BDB04CFAAD844AEEBBF6FB88304F10C069D915A7344DB789945CF91
                                          Function 059150C8 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 835c241cd11d383cc3abf0a8864c2a8d69615691d1f77ddf1ac0b07cef32386f
                                          • Instruction ID: 8ccb5f1fc34cacf451d9939b06b68ab5b56d67c77fb8fe05ce149be97eefa5ca
                                          • Opcode Fuzzy Hash: 835c241cd11d383cc3abf0a8864c2a8d69615691d1f77ddf1ac0b07cef32386f
                                          • Instruction Fuzzy Hash: A0317A347007058FC7699F65D88896ABBB6FF85311751886DEC028B3A0DF31EC4ACB90
                                          Function 0591BBD8 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e700e3ef38262174853492b2daacc08603a0576dfdd82c3e119d9a829ef326cb
                                          • Instruction ID: 88ab043ec6ec062204f5992404e7f293ea5d95185116edcd0f9a1e83259eb63d
                                          • Opcode Fuzzy Hash: e700e3ef38262174853492b2daacc08603a0576dfdd82c3e119d9a829ef326cb
                                          • Instruction Fuzzy Hash: E821F2323096144FD7258B6DE894A26BBEBEBC1321B15857AE98EC7291CF31EC42C754
                                          Function 05914F40 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6df865d14f8d046cc4d000edfcd0d7067d09730ef0ba3915da247abcaeed5344
                                          • Instruction ID: a166e2fcb86b237e3f77611a37da7710a8f85dd3ed87bddabe6a2e2702ab9de8
                                          • Opcode Fuzzy Hash: 6df865d14f8d046cc4d000edfcd0d7067d09730ef0ba3915da247abcaeed5344
                                          • Instruction Fuzzy Hash: 0E215975E00229DFDF10DBB8C904BAEBBF9AB48340F118066E919DB390E734CA50DB95
                                          Function 0591D620 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 375f93ea7463dde3fe7ead2fc94ee46a6a230e9fc0a3f90984b013a989cde498
                                          • Instruction ID: 9e014916a29135ddab71a1925d255fbd9fa384d6a977dc7d4e6b6fdeebc01f3f
                                          • Opcode Fuzzy Hash: 375f93ea7463dde3fe7ead2fc94ee46a6a230e9fc0a3f90984b013a989cde498
                                          • Instruction Fuzzy Hash: 6B2153313082A44FDB158F399854B6A3FEDBF85651B098069FC46CB392CB34DC00C7A4
                                          Function 05912030 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc79058b34c2739aa5433334fe5c56cf479462f0111df0f253d84abde8f353d3
                                          • Instruction ID: 64f7a3a097732099b196d8255dbde213ef3267c90c9f012b218bc21a9836c6eb
                                          • Opcode Fuzzy Hash: dc79058b34c2739aa5433334fe5c56cf479462f0111df0f253d84abde8f353d3
                                          • Instruction Fuzzy Hash: 68219275B002199FCF54AF6998456BEBBB6FB88611F104129FD06D7380EB31D905CBA4
                                          Function 012FD01C Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2364696290.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_12fd000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef0044b9860406711f6965bacdff8a14da25102eaa80f8755afb97a634aa0046
                                          • Instruction ID: d28a72aebf88f4c66d26fe745f03bf9db8e36a878a1317e8dca1e6b8d1381e5d
                                          • Opcode Fuzzy Hash: ef0044b9860406711f6965bacdff8a14da25102eaa80f8755afb97a634aa0046
                                          • Instruction Fuzzy Hash: C92100B6114248EFDB15DF58D9C4B26FF65FB84364F24C57DEA0A0B242C336D40ACAA2
                                          Function 05911280 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 797fa1b90f053883745d0b854d22a81618194a05f825c7af10088077439fa507
                                          • Instruction ID: 1c7a66beeaa23f1e2493242624022a2d5c810f7deb87591719d9869f9deb8f81
                                          • Opcode Fuzzy Hash: 797fa1b90f053883745d0b854d22a81618194a05f825c7af10088077439fa507
                                          • Instruction Fuzzy Hash: 4F218E31A00219EFCB15DFA9C885ADE7FB6EB8C320F149129E911A7390DE719881CB90
                                          Function 05919070 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4281b3a331c40963acc8317d3f5cfdd82aaccd6f31d6f581bc55fc1e69772815
                                          • Instruction ID: 340fd42d483f279eddbcd792a3041e0a2c31bdff55d07cca68a3e0ba9b4165bc
                                          • Opcode Fuzzy Hash: 4281b3a331c40963acc8317d3f5cfdd82aaccd6f31d6f581bc55fc1e69772815
                                          • Instruction Fuzzy Hash: E0212B71A00219CFCB05DFA4C695ADDB7F2FF88300F1045A5E805BB2A1CB75AE85CBA4
                                          Function 05910C09 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cf4764f3f6dd0852c5d08406c99f6eb78a0691d74b8b710cbba37330c0bc263
                                          • Instruction ID: c078c1f1ad98ef6957632eeae0917d802d9567ff4f4d305f8df409df2376bb16
                                          • Opcode Fuzzy Hash: 8cf4764f3f6dd0852c5d08406c99f6eb78a0691d74b8b710cbba37330c0bc263
                                          • Instruction Fuzzy Hash: F121D4706102069FCB84EB69D8897AEBFF6EF84300F40492CE809D7681EFB56D4587E1
                                          Function 058B7B70 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b05dd80878d05de5a0be80546f3d5e574b320b0886943b5b8794dedb5f7a14f
                                          • Instruction ID: 060e59880ad8d8e52c797ce7dd0be24ca87558f8cb960b553391ebc460c7add2
                                          • Opcode Fuzzy Hash: 5b05dd80878d05de5a0be80546f3d5e574b320b0886943b5b8794dedb5f7a14f
                                          • Instruction Fuzzy Hash: 8D2115B4E04209DFEB14DFA9D444AAEBBB6FB88310F1095A9D815E7341D7749E81CF90
                                          Function 05CB6DDE Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0cba9142d27e2cee0c717cfe928cc6959b67cf4abcf4aff852d9a1422d7f048
                                          • Instruction ID: 5e0781c59c925369cd2faa4b2b8906cd82ec2bd2981748b4e00f30e657e5454e
                                          • Opcode Fuzzy Hash: e0cba9142d27e2cee0c717cfe928cc6959b67cf4abcf4aff852d9a1422d7f048
                                          • Instruction Fuzzy Hash: 4D316178A11629CFCB64CF68DD849D9BBF1FB89315F1144E5E81AAB350D634AE80DF40
                                          Function 012FD006 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2364696290.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_12fd000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a575abc8ca4f2de6069e2694cd0a4b0f50869d2c47a4b3026f4c139a5d68590
                                          • Instruction ID: 9350fca4b2ffc2a1bc523ad68ffd546b8486d192536a8e9e7f85c0ba365009cd
                                          • Opcode Fuzzy Hash: 6a575abc8ca4f2de6069e2694cd0a4b0f50869d2c47a4b3026f4c139a5d68590
                                          • Instruction Fuzzy Hash: 2221B0750093848FCB13CF24D994B15BF71EB86314F2885EEDA458B653C33AD80ACB62
                                          Function 05918FC0 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3587aed13791353d13b5dc445ea7fca17b3c582517f0ee263b6c36669b9e4497
                                          • Instruction ID: df10fc3340ac9e3d15dbcec71c7d99d869480a1678b5a9fc289993acaadf2eb1
                                          • Opcode Fuzzy Hash: 3587aed13791353d13b5dc445ea7fca17b3c582517f0ee263b6c36669b9e4497
                                          • Instruction Fuzzy Hash: 6F112A353002188BCB5AAB24D428A7E37AAEB88751715406AFD0ACB791DF39DC06D795
                                          Function 05910804 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e253ab92697334d69d8d73b035ddf247ebe0484907ff411e4f2ac57b6789ef65
                                          • Instruction ID: 14a87269f7b452e4804901b6a35bfb7355415847a8f6330f54e44145259ffec1
                                          • Opcode Fuzzy Hash: e253ab92697334d69d8d73b035ddf247ebe0484907ff411e4f2ac57b6789ef65
                                          • Instruction Fuzzy Hash: B91129B1505294AFD705DF3CDCD47D93FA0DB52204F4894C6E844DF202D931AD4AD795
                                          Function 05911DA9 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef84162c05c199a66404e7322263864fb3e0b8c99d64fec078ecba0983421198
                                          • Instruction ID: 20f63ea8b2d62a2c169893ace3cf311357ad1c06e00311fbcfec8579506963db
                                          • Opcode Fuzzy Hash: ef84162c05c199a66404e7322263864fb3e0b8c99d64fec078ecba0983421198
                                          • Instruction Fuzzy Hash: 95216D78A02619AFDB04DFA8D594EADBBF2FF49700F204058E902EB361CB34AD41DB54
                                          Function 05911CF8 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbc64281ee1536d453d6959d6cbbb37aad28e6b75c7687286b3486a75d6e57aa
                                          • Instruction ID: 6bd5f1e2c8572c83fa835edeba8da4b1a43be95e85483e63c3d8c2dd5179f56c
                                          • Opcode Fuzzy Hash: fbc64281ee1536d453d6959d6cbbb37aad28e6b75c7687286b3486a75d6e57aa
                                          • Instruction Fuzzy Hash: 0C113779A0121DEFCB14CFA8D585AEEBBF2EF48310F10452AE901A7390DB70AE44DB54
                                          Function 05912040 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77053ff08fae7932bc77a2a46c7e61d81c3964e2b09d051ab71f960d0caf78b9
                                          • Instruction ID: e78fdfed1e98aa51dac3fdbdf5db2bf050bb7f78c49aaa46e802cfadb89712df
                                          • Opcode Fuzzy Hash: 77053ff08fae7932bc77a2a46c7e61d81c3964e2b09d051ab71f960d0caf78b9
                                          • Instruction Fuzzy Hash: 4D117335B042289FCF54EB7988457BE7BF6EB88610F104529EE16D7380EB75D941CBA0
                                          Function 058BEB28 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17033b17c436f3fa6d4cb06ac7e74010f2cfcdc3c1b04f24ce528018e9c8fdf1
                                          • Instruction ID: 8acdc4bd52e33e7c66e8da67515bccfaecb6ea9b6ec17b9595ba5415a7ed122e
                                          • Opcode Fuzzy Hash: 17033b17c436f3fa6d4cb06ac7e74010f2cfcdc3c1b04f24ce528018e9c8fdf1
                                          • Instruction Fuzzy Hash: 04110A70904218CFE754DF29D849BE9BBBAFB49314F5091A8D90AA3341DB745D888F54
                                          Function 05911C88 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26335809388c0f42ac2e1a895091840808aadbe3dd54f3efd2b5003e4441fdbf
                                          • Instruction ID: 2c71dddd295de02585ae6905556a1b6112411db0116bab996fdf3372d8f10360
                                          • Opcode Fuzzy Hash: 26335809388c0f42ac2e1a895091840808aadbe3dd54f3efd2b5003e4441fdbf
                                          • Instruction Fuzzy Hash: 73014436340215AFDB108F59EC85FABBBA9FB89721F108066FE15CB390DAB1E8109750
                                          Function 05913413 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2590cbc2a7903bbc1337ee3b7cc6b46dcf390a61b4e7138f0444f5b26644122
                                          • Instruction ID: 78bf4fe668cd43abb9f04c048f5aa0bd72e103af4f689cf719f20de252ec0f4d
                                          • Opcode Fuzzy Hash: f2590cbc2a7903bbc1337ee3b7cc6b46dcf390a61b4e7138f0444f5b26644122
                                          • Instruction Fuzzy Hash: 7D01D4326042199FCB05CA58D444B9D7BB5EB86324F488159E9098F391CF72AD46C7C4
                                          Function 05918FB3 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34001cf8700e6869f93b2586d6e1cf264e534acaac37a4c17502d131c89deb07
                                          • Instruction ID: 383c86c4014a0410b35fdaf012dd744a05a3816dcdda931078295088dba93891
                                          • Opcode Fuzzy Hash: 34001cf8700e6869f93b2586d6e1cf264e534acaac37a4c17502d131c89deb07
                                          • Instruction Fuzzy Hash: 38019E353002148FCB2A9B34D428A3D37EAEB89351B05406AFC0ACB3A1DF39DC06D798
                                          Function 05CCF4C8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9dc43b5a8a048a09fa4140c697dd89805e019134dd7ac27820ff2c666b72420
                                          • Instruction ID: 7f92a9089e4cc5c59616f7776242abd2068daa7179a6915a5c63cf4d36d929ca
                                          • Opcode Fuzzy Hash: f9dc43b5a8a048a09fa4140c697dd89805e019134dd7ac27820ff2c666b72420
                                          • Instruction Fuzzy Hash: 6811A2B4E0020A9FCB44DFE9C9456BEBBF1FF88300F60856E9519A7354EB349A418B91
                                          Function 0591E440 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06b2509e1c7f2542142b486cb9320d0736123e02833545c5e516edb42bd4f680
                                          • Instruction ID: 9d419cfa1ca6f5287ddf2fe0063b5f531f61c2556a81af57aaafc20697243093
                                          • Opcode Fuzzy Hash: 06b2509e1c7f2542142b486cb9320d0736123e02833545c5e516edb42bd4f680
                                          • Instruction Fuzzy Hash: CF017C343006109FC7099B24D455E1ABBA6EBC8711B109669F90687351CF35ED02CBD5
                                          Function 058B7B63 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 078f1429f920489b8b1b76b4923b22616c6ea98d1304735d656fb28ac92e775d
                                          • Instruction ID: 4f8b758eae8d02770bdede108f5f911cdb2909f6f255eab879a8697373b37ab0
                                          • Opcode Fuzzy Hash: 078f1429f920489b8b1b76b4923b22616c6ea98d1304735d656fb28ac92e775d
                                          • Instruction Fuzzy Hash: C70105B0D053099FEB18DFA9D4446AEBFF6EB89310F1481AED809E2341D7745A818B91
                                          Function 0591AE28 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad9c91021f0eb031bed97a2a8026782ade24cbfa1653575f80665b47e45fbca5
                                          • Instruction ID: 91b83b2321210f7e0818c21af791e714ee4a734f0696c4e35e6a315237cce9d3
                                          • Opcode Fuzzy Hash: ad9c91021f0eb031bed97a2a8026782ade24cbfa1653575f80665b47e45fbca5
                                          • Instruction Fuzzy Hash: 8EF02B327111085BCB189619D8549BAFBAEEFC8260F04816AFD15C73A1DE309C16C7D5
                                          Function 059110B0 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 759da1ecab924d8a0201992400d85e27d95ff0d8e6dbca2b0005194f4fc66a21
                                          • Instruction ID: a9736322ec35aef41773b9adfe6daad53a8d999cb5a9f911e168c2b6caaae752
                                          • Opcode Fuzzy Hash: 759da1ecab924d8a0201992400d85e27d95ff0d8e6dbca2b0005194f4fc66a21
                                          • Instruction Fuzzy Hash: F6F08131F09291AFE3118769580071BFFE9EBCD710F04447AE90597341CB75AC40C394
                                          Function 0591E450 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccaa1800773023174d8772038e4543b2c7f09afe7e98cb2d0572a5576f92b6b3
                                          • Instruction ID: 27537badb0cf38fc03b0ecba9b20770e3e2fcf1536c61f910aa35732e73c64e9
                                          • Opcode Fuzzy Hash: ccaa1800773023174d8772038e4543b2c7f09afe7e98cb2d0572a5576f92b6b3
                                          • Instruction Fuzzy Hash: 680119353006149BC709AB25D458E1ABBA6EBC8711B108969F90A8B390CF36EC02CBD5
                                          Function 05911118 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59b99f1dfa58c1a1bbb64a80cbda0ee2ab83af55b12754ccaa878c7191a6f0dd
                                          • Instruction ID: 89c4ce61e3e52ae5d2ba46b70e0fe4fceb4463a879c3eb0d9b3452f9b8b88dee
                                          • Opcode Fuzzy Hash: 59b99f1dfa58c1a1bbb64a80cbda0ee2ab83af55b12754ccaa878c7191a6f0dd
                                          • Instruction Fuzzy Hash: 17F02462F0E2E46FE32247791C613296FA1DB86210F08449BC682CF2A2DA969807D304
                                          Function 0591D5B8 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d11ec5e466ff13e73fb3efd490c661d69ba5db3d5a4506dc160682298a1141e
                                          • Instruction ID: d22d5d2fd15d4f9266f48921f4d0bcc82397a7e7def5d896248cf4d4342d5ce6
                                          • Opcode Fuzzy Hash: 4d11ec5e466ff13e73fb3efd490c661d69ba5db3d5a4506dc160682298a1141e
                                          • Instruction Fuzzy Hash: 4DF068312003459BC724DF19D880F8BBB6AEFC0310F00D92AF9554B651DF70A94587A0
                                          Function 059110C0 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fcd2119aa7287f733dd2b7835b3ed73b7d8c17a906039837a19621fe398435b
                                          • Instruction ID: a1b927673d3b0e6ee3fed4e2bd3a25558b7e5d78ac48db3f7729ec9f97fc1f12
                                          • Opcode Fuzzy Hash: 1fcd2119aa7287f733dd2b7835b3ed73b7d8c17a906039837a19621fe398435b
                                          • Instruction Fuzzy Hash: 50F0E931F092656FE71486599851B6FF7E9EBC8710F14446AEA0A9B340DBB2AC41C3C4
                                          Function 058B7733 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32c43eed4c00f064a48d7be8998e2eaee395b7eb055d9be5d022e592cd4c9b9a
                                          • Instruction ID: fc433ef44bf93a6eea92731cbd5c063dba3671b0d892b207b77d369a56b881b6
                                          • Opcode Fuzzy Hash: 32c43eed4c00f064a48d7be8998e2eaee395b7eb055d9be5d022e592cd4c9b9a
                                          • Instruction Fuzzy Hash: 4F01E474D052099FDB54DFB8D9487AEBBF9FB48300F1045AAE809E2344E7719A40DB91
                                          Function 058B3189 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afa793772868967866fcefe1a78a638aafae335fbd9cca3dfc6cbd66c8f65dfa
                                          • Instruction ID: fa8d0ae988dab7213bcbac3606726617a9d7abe80e4ebe4d9b5d9e04910636a6
                                          • Opcode Fuzzy Hash: afa793772868967866fcefe1a78a638aafae335fbd9cca3dfc6cbd66c8f65dfa
                                          • Instruction Fuzzy Hash: 9DF08C74909648AFDB51DFA8D8449ADBBBCBB09211F04C5AABC64D7341E6758A02CB10
                                          Function 058B719D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d26b80b2f9dda20d08a5aa0ecc512b4438f40a4141f0df5fb029a6e740fa671
                                          • Instruction ID: d4bdd4fe2a5dfea05540d02ef708404ca3ed32191dfc1807f1ad7a05e25e8187
                                          • Opcode Fuzzy Hash: 4d26b80b2f9dda20d08a5aa0ecc512b4438f40a4141f0df5fb029a6e740fa671
                                          • Instruction Fuzzy Hash: 4B116D74D04218DFEB14CFAAD484BADBBB2FB49304F5480A9D849E7250EB78AD85CF15
                                          Function 05911C78 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3d1102903adfda48520ee15a04c4b59ffe12af2c1ef8e8462e980d77dff19de
                                          • Instruction ID: 5d6b29e66bdd4c65acdde1d78bcc093adc92e4e6462ad61505742c5c51e52d50
                                          • Opcode Fuzzy Hash: e3d1102903adfda48520ee15a04c4b59ffe12af2c1ef8e8462e980d77dff19de
                                          • Instruction Fuzzy Hash: F7F06D363002149FC7048E6AD888E5BBBE9EF8962071540A9FA05CB361DA71EC10CA50
                                          Function 0591E1D8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 047212585a5b31263bb9e92655596beb01262e5e856f8d380383cf5fbb5f1c74
                                          • Instruction ID: 189b90db49d849c9daf3449041603ab8dd21bd3853639978e3caa0b9f180b2a3
                                          • Opcode Fuzzy Hash: 047212585a5b31263bb9e92655596beb01262e5e856f8d380383cf5fbb5f1c74
                                          • Instruction Fuzzy Hash: B1F05E353102009FC304DB19D454D2BBBAAEFC8721B118469FD0A8B360CA31EC02CB90
                                          Function 0591E1C8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0af0a14b73322eaf2075349a870daf1c5046c58a8f8228ced3d88e5927817141
                                          • Instruction ID: 3dcd9758cba1736e2f4fb8b89f8c04787cbd892a221ebfa9dbd4cbd23f0f6bc0
                                          • Opcode Fuzzy Hash: 0af0a14b73322eaf2075349a870daf1c5046c58a8f8228ced3d88e5927817141
                                          • Instruction Fuzzy Hash: 86F0627A3042008FC305DB24D455A3BBBB6AF88311B1584AEED568B7B1CA35EC02CB44
                                          Function 05CB2823 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5be33ae83e17f60c8679c19195c9d550ef6d2ec919f9ab98cb94a63392131207
                                          • Instruction ID: a98416328d43821aa18bf6e32bb025eb55f15c381f15bb849eed38c531e7a65a
                                          • Opcode Fuzzy Hash: 5be33ae83e17f60c8679c19195c9d550ef6d2ec919f9ab98cb94a63392131207
                                          • Instruction Fuzzy Hash: CE011A78B15118CFC714DF64D8985DAB7B2FB49300F1084A9980AA7784CB346E808F91
                                          Function 05CB28BC Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44ddf83834fed156a405835df6d865335b2abf9c1f0f503a677e879402c877c2
                                          • Instruction ID: 3d25346e60a713652c9e492e9588c37879a42c002633c61c865eeb4604a4e834
                                          • Opcode Fuzzy Hash: 44ddf83834fed156a405835df6d865335b2abf9c1f0f503a677e879402c877c2
                                          • Instruction Fuzzy Hash: D001DA74A01629CFDB68DF59D948ADABBB1FB48302F0044E8D90AAB350DB749E80CF15
                                          Function 05911E81 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c6ef411c7e526fc93f3c8e421a2b967e1f1dfe516904cb4d20bd769d0ba9201
                                          • Instruction ID: 16c9110dbc87b725b3500eaeaf7d036855e98b0c8fb0a371761938105846618a
                                          • Opcode Fuzzy Hash: 2c6ef411c7e526fc93f3c8e421a2b967e1f1dfe516904cb4d20bd769d0ba9201
                                          • Instruction Fuzzy Hash: B3F0E5362001655BC711DB4DE500A953FA6EBC1350B46806AEE0487312CF21B951C3D9
                                          Function 05913373 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fcb79d674c340d58fc1a6397aab10ec2b79dd02eba3d29d77d97538beb76040
                                          • Instruction ID: 6882a08ccffe5d8511dd734c6a6eebc5ccfdc5943a6e06ee8b78832abde8c3e1
                                          • Opcode Fuzzy Hash: 1fcb79d674c340d58fc1a6397aab10ec2b79dd02eba3d29d77d97538beb76040
                                          • Instruction Fuzzy Hash: D2F0A732908318EFDB49CB58D4897CDBFB6EB44311F088499E806D7380DF746A85CB95
                                          Function 058B8905 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e30bd3856f958091dc7cdfbc45e4fd788bdf3a11f6b2fd9f9f55a00007ce29a
                                          • Instruction ID: 28833ecc6bd17d8cf390908a23df2938070248eef210773964775dffe44dbcd7
                                          • Opcode Fuzzy Hash: 0e30bd3856f958091dc7cdfbc45e4fd788bdf3a11f6b2fd9f9f55a00007ce29a
                                          • Instruction Fuzzy Hash: 5D017B7494162ACFEBA4DF14ED88BAABBB4FB49312F0450E9D819E2344DB345EC08F00
                                          Function 058B3CF8 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9d2352d9cb930cf739d5e65769d2ffda0470d9bdfcb5ae7e145069e848b120a
                                          • Instruction ID: b510286ee8b354efabb5ee2c3ff4af6efcce5d4c6c46593164f856e0f8781037
                                          • Opcode Fuzzy Hash: b9d2352d9cb930cf739d5e65769d2ffda0470d9bdfcb5ae7e145069e848b120a
                                          • Instruction Fuzzy Hash: F3E0E5725096448ED702DBF499285AD7FB8FB52200B1549EAC800CB231FEB04D409351
                                          Function 0591A23B Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 273960555ea8702beed89653269c2bd10fb888cf509b9fc0b004e29a25a42835
                                          • Instruction ID: f569f9c097719473f8f72bacff420051896cc6f8719887aea5c33146da31507c
                                          • Opcode Fuzzy Hash: 273960555ea8702beed89653269c2bd10fb888cf509b9fc0b004e29a25a42835
                                          • Instruction Fuzzy Hash: C5E02622307031438A6000CD6C84A6ACA99FBC69607800A3DFD05CB348C851DC8A42D4
                                          Function 058B3198 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a95b4b6d3ae13e2892a5686b180f4ffa8184a627d949236f0653dc193d96bc01
                                          • Instruction ID: 6d8a1d2cb19d817f02b25ef32d804d3839d4e9181e058b180b8d74436744e6c4
                                          • Opcode Fuzzy Hash: a95b4b6d3ae13e2892a5686b180f4ffa8184a627d949236f0653dc193d96bc01
                                          • Instruction Fuzzy Hash: 3CF0F278908208AFCB80DFA8D844AADBBF9BB48320F14C5AAAC58D3341D6359A51DF50
                                          Function 05913380 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14af4c091a55746fc863b862f0ad78087f675b6ebb7d2f61450d5005d5e7a288
                                          • Instruction ID: 74090b97ea686aa890bd15afcd2b20275c81a6877f2eee087944db0aecae3fe9
                                          • Opcode Fuzzy Hash: 14af4c091a55746fc863b862f0ad78087f675b6ebb7d2f61450d5005d5e7a288
                                          • Instruction Fuzzy Hash: BBF06531A14218AFCB09CB98D0487DDBFBAEB84311F048599E806D3250DF702A85CB88
                                          Function 0591A283 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e60f02592bb4063973dafdbda66252b134b2bc14f5b898959cbb450067de656
                                          • Instruction ID: 1da9ad55c39e49cd64806765c6129e38899a2b1ad270cdc8c9442700c55370e5
                                          • Opcode Fuzzy Hash: 6e60f02592bb4063973dafdbda66252b134b2bc14f5b898959cbb450067de656
                                          • Instruction Fuzzy Hash: FDE09BB13003018FC714DA19E885A5BFB5AEFC0315B04DD3AB11A9B665DE709D458790
                                          Function 0591A290 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60393b419152925f097a7cecd782ca4913d7ff25433e4c9486dcf37f26a1f8fc
                                          • Instruction ID: 001b57dc025855b438dc8408783648dac452341a86de8ebe40fa32fe0908abba
                                          • Opcode Fuzzy Hash: 60393b419152925f097a7cecd782ca4913d7ff25433e4c9486dcf37f26a1f8fc
                                          • Instruction Fuzzy Hash: 21E092313002055BC714AA1AE88484BFB9EEFC0221300AD39B00A8B115CE70AC4586D0
                                          Function 058BA786 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: deebff23354cdb313374208fd547d8d8f3977ca8c79a04751dc399604a92efe6
                                          • Instruction ID: 692d987b6b4a0c845253c9c0741156a9122391078774a3c21fa0855a046de82a
                                          • Opcode Fuzzy Hash: deebff23354cdb313374208fd547d8d8f3977ca8c79a04751dc399604a92efe6
                                          • Instruction Fuzzy Hash: D8F0EC74905729DFEBA0DF28C8883AABBB1FB05312F1041E9D858E6244DB715A849F45
                                          Function 05CCA1D8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91696acf182687c458a54b2c36bcea20ca46e221366d6185a5c30b7475e2f141
                                          • Instruction ID: 1774da91845cfe283db928c13356ae6568bb7d84f0e2aaf191b0a22a55e38ce4
                                          • Opcode Fuzzy Hash: 91696acf182687c458a54b2c36bcea20ca46e221366d6185a5c30b7475e2f141
                                          • Instruction Fuzzy Hash: F5E0A574D04208EFCB44DFA8D944A9CBBF5FB48310F10C5AAD80993341D7359A91DB40
                                          Function 05CC5D18 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5d60cde205efc845047589f1004e76f9adaa47a8fbea52394aa9a7922f8a0fc
                                          • Instruction ID: a8d788ea5a0adb717ca8275a87f3cf809420ba97d87211e3e407d6b9d7d368d6
                                          • Opcode Fuzzy Hash: c5d60cde205efc845047589f1004e76f9adaa47a8fbea52394aa9a7922f8a0fc
                                          • Instruction Fuzzy Hash: 19E0A574E04208AFCB44DFA8D544A9CBBB5FB48310F10C5A9D80993341D735AA51DF40
                                          Function 05CCBE60 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5d60cde205efc845047589f1004e76f9adaa47a8fbea52394aa9a7922f8a0fc
                                          • Instruction ID: 57d52c113453ddc7be0a8f0ed7f19d8cbb85e04efc93d6ade633bae4fa64eb70
                                          • Opcode Fuzzy Hash: c5d60cde205efc845047589f1004e76f9adaa47a8fbea52394aa9a7922f8a0fc
                                          • Instruction Fuzzy Hash: 9CE0AE74E04208EFCB84DFA8D945AADBBB5EB49314F50C5AEE818A3341D7329A51DB80
                                          Function 0591BCE0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 214c4cf300976ec226b84fd41ee1aa4502be53fe8f7c1b0449b63002561c3e1b
                                          • Instruction ID: 366f1bf9913408f3826c7891dc5f22bb0a9f4ee19b7033ecbf2c2a031fb45d7d
                                          • Opcode Fuzzy Hash: 214c4cf300976ec226b84fd41ee1aa4502be53fe8f7c1b0449b63002561c3e1b
                                          • Instruction Fuzzy Hash: FFE0D8761086418FCF46971CE80AAD07FB4EF46300F4965D7D4CD87967D62095079711
                                          Function 059152D8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98a2af364a6c85bc17371cd0fa4ddeaece07a29e8c9f354dbaeaa387ec6ea5d6
                                          • Instruction ID: ec55d205cdf14197daa99258b504ca7d6d7f4d6e757f5028bc6df49443878c53
                                          • Opcode Fuzzy Hash: 98a2af364a6c85bc17371cd0fa4ddeaece07a29e8c9f354dbaeaa387ec6ea5d6
                                          • Instruction Fuzzy Hash: 16E0263131032CDBCA1462B05842B2632E9AB84600F120824EF06CF3C0D9A1EC038759
                                          Function 058B91D6 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e57e05f04e13b7a9bc0ee5738ded4e80e93c964d368c38bad54833bb90a60fe
                                          • Instruction ID: c96781f5837403b521358220b68143a1a474b63b1aedaee915009dcba099f742
                                          • Opcode Fuzzy Hash: 7e57e05f04e13b7a9bc0ee5738ded4e80e93c964d368c38bad54833bb90a60fe
                                          • Instruction Fuzzy Hash: 12F0F9B0900319DFEB60DF24D8887AAB7B1FB45350F1494E4D959A3345CB745EC48F41
                                          Function 05CC9B28 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5feee1489f6b8fee5395c4324c083d83b93caca302d428ab4d6661312b1e65a
                                          • Instruction ID: 37aef2195d975c02fc4c19b47d6ee465991d5d6c0d415e87e5ca882a01de5a58
                                          • Opcode Fuzzy Hash: a5feee1489f6b8fee5395c4324c083d83b93caca302d428ab4d6661312b1e65a
                                          • Instruction Fuzzy Hash: 80E0C274E04208AFCB54DFA8D5556ACFBF4EB48310F10C5A9D808A3341D771AA42DF40
                                          Function 05910799 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2728d8695ed1ef937d5ef6e3364cc6397b3d4d41466cab5c4d58c5ba9a1c327
                                          • Instruction ID: 96bd96e2cc0b9d143dbe791862cdc1a8f4fbab2ab704c9b6a8ba2c742327d998
                                          • Opcode Fuzzy Hash: e2728d8695ed1ef937d5ef6e3364cc6397b3d4d41466cab5c4d58c5ba9a1c327
                                          • Instruction Fuzzy Hash: 15E0D870908288AFDB00CF78EC547ADBFF5DB45300F5180DDE504D7282DA752E049781
                                          Function 0591074F Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd4f08d594691ec5d2bb0de2155472aa11ef7484cb586611eec334338599e19a
                                          • Instruction ID: 0e8c438db9877afa81cf451fa8fabc92d4eb033657fec53a650bc64af68cfaa0
                                          • Opcode Fuzzy Hash: cd4f08d594691ec5d2bb0de2155472aa11ef7484cb586611eec334338599e19a
                                          • Instruction Fuzzy Hash: DBE0D870501248EFD740CFA8E9403DD7FB4D745200F5051A9DC04D3302E9352E0597A1
                                          Function 058BFED0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36e84d326cd6bdab14178729cab4791cec032f5bc88eedd14a0e7649d51e2606
                                          • Instruction ID: 07edc1e59c6288e8c747513c9d781a9e933b5f4bc3a5e680126997a22ee15611
                                          • Opcode Fuzzy Hash: 36e84d326cd6bdab14178729cab4791cec032f5bc88eedd14a0e7649d51e2606
                                          • Instruction Fuzzy Hash: B3E0C274E04208AFCB84DFA8D9446ACBBF8FB48314F1081A9985897341D7729A41CF40
                                          Function 058BDE58 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be3d88d8d4ac5bc689cf12e2cd950d3a67ac622c94f6382d357322916970a48e
                                          • Instruction ID: 2e5d1d86652a8205a140806152fa2ee67ee1bec57eaa931ecfdcf4f1dfa746d7
                                          • Opcode Fuzzy Hash: be3d88d8d4ac5bc689cf12e2cd950d3a67ac622c94f6382d357322916970a48e
                                          • Instruction Fuzzy Hash: 85E01A70D05208EFCB94EFA8D4046DCBFB9FB44310F1081A9D848A7340D7755A40CF80
                                          Function 05CC8A50 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0af1f62f89e4f9c6a3f1f0f583b6e448cc8de3e3081dd282830be4f85858c0e0
                                          • Instruction ID: d7806ac3108da8350015e6f284e277232e8c6ce96662c474e7bd8ae2e782310a
                                          • Opcode Fuzzy Hash: 0af1f62f89e4f9c6a3f1f0f583b6e448cc8de3e3081dd282830be4f85858c0e0
                                          • Instruction Fuzzy Hash: 13E01234D08208EFCB04DBA8D5456ACBFB4EB88310F1081EED8185334AC732AB42DB80
                                          Function 058B712D Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e57daff10bd9c1a5aa77cbad32d9706ff2ffcdb1fba695c4df3df24b6e09441e
                                          • Instruction ID: 7d19b77fb6d842c12e90ce2c7ad200af537f95a2aec2ce281e13926a72b3768e
                                          • Opcode Fuzzy Hash: e57daff10bd9c1a5aa77cbad32d9706ff2ffcdb1fba695c4df3df24b6e09441e
                                          • Instruction Fuzzy Hash: E3F06C74904248DFEB10CF99E485B99BBB2FB09304F6040A5E809E3350EB79AD45CF45
                                          Function 058BF858 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db75208b4e8370419c3f5de3db02b0e6f3643bf77e1a640e5704d97b8f5107a9
                                          • Instruction ID: 056f2233e2672929682f0acc12dc6ec016c139a2049ab74b7064f61deacd1c26
                                          • Opcode Fuzzy Hash: db75208b4e8370419c3f5de3db02b0e6f3643bf77e1a640e5704d97b8f5107a9
                                          • Instruction Fuzzy Hash: 0BE0B674D05208EFC784DFA8D945BACBFF8EB48214F2081A99D09D3351EB729E81CB41
                                          Function 05CC99B8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 579cd565a813d40f1fd464da02f30da8b67cbba1765dda2955f50c342c49cd0e
                                          • Instruction ID: ecadb9486a3141f6204dd3be8e5f006e0e15cf80d2595574dfb9f39289cb3889
                                          • Opcode Fuzzy Hash: 579cd565a813d40f1fd464da02f30da8b67cbba1765dda2955f50c342c49cd0e
                                          • Instruction Fuzzy Hash: 1AE0C270806208DBC700EFF8D80469E7BF8EB44310F0045EDD40587110EF314A009791
                                          Function 05CCE458 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cde337368707ce226806ca7c30351e70928f7ee9ad324edbcfbea0ade605791
                                          • Instruction ID: 3f83d1d3449949c543f50a84996fedaec12d863097c1ecc1947d2c89c7ee8a56
                                          • Opcode Fuzzy Hash: 2cde337368707ce226806ca7c30351e70928f7ee9ad324edbcfbea0ade605791
                                          • Instruction Fuzzy Hash: 52E01274909208EBC704DFD5E9459ACBFB9FB46314F1085EDD84917351CB329E42DB85
                                          Function 058B3D08 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d0e8b5874fcff3fbb77c20f358a8e7aa38d35a38c5750fd1b35fce354cfe94f
                                          • Instruction ID: a6e438e5504af09b92b5ad3dba77af7727eba64dbb5e664ba417863d11d0272a
                                          • Opcode Fuzzy Hash: 0d0e8b5874fcff3fbb77c20f358a8e7aa38d35a38c5750fd1b35fce354cfe94f
                                          • Instruction Fuzzy Hash: D7E0C270405108DBCB00EFF4C4445AE7BFCEB45210F0046A9D90187120EF714E40D792
                                          Function 058BDF00 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0c74c2d6f7607665e64ab49c6bde3c3abe564e2def53a0035dde31a8f8d3dae
                                          • Instruction ID: 55c018e199462b647405c606d94ea70d25e559523b97cc849596d2a1e037c9bf
                                          • Opcode Fuzzy Hash: e0c74c2d6f7607665e64ab49c6bde3c3abe564e2def53a0035dde31a8f8d3dae
                                          • Instruction Fuzzy Hash: 96E0B67491A208EFCB44DBA8D94969DBBB8AB04311F5051A9EC0993340E7705A40CB41
                                          Function 05919C30 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cdc5c6f6ca4ea05d5348015738c1ad3c32fca2b8acaa3aca1628f5517e0a2e7
                                          • Instruction ID: d5e3f6557aff619f6dc4caeb51decfa18e679a4927baf89fbef1d65732615edd
                                          • Opcode Fuzzy Hash: 2cdc5c6f6ca4ea05d5348015738c1ad3c32fca2b8acaa3aca1628f5517e0a2e7
                                          • Instruction Fuzzy Hash: D4D02B303046524FC751C72CB4806522FD297C4200B05D61AF889C7305DF10EC438390
                                          Function 059107A8 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58a9a11aa9cf1b76625a9f872ef2197480e8e84637af0816c4e07cf3b0825670
                                          • Instruction ID: 57cfc4e05d5217fe649d507407e5b48a1a2dcd771acaad260e144b238c4efa8f
                                          • Opcode Fuzzy Hash: 58a9a11aa9cf1b76625a9f872ef2197480e8e84637af0816c4e07cf3b0825670
                                          • Instruction Fuzzy Hash: B5E0EC70A10249ABCB44DFB8E9516ADBBFAEB45204F9095A9E904E7240D9716E04A781
                                          Function 05910760 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de74af584c320dd097afd359be16e19f59564811e5d8e69587181f38d2575028
                                          • Instruction ID: 776673cafdeb590eb6490e22e80a1e3ed3e7062cb5a86a4f601f55b543aaf2d8
                                          • Opcode Fuzzy Hash: de74af584c320dd097afd359be16e19f59564811e5d8e69587181f38d2575028
                                          • Instruction Fuzzy Hash: D2E01270A01208EFCB40DFA4D9456AEBBF5EB44314F5055A8D808E3340E9756E459791
                                          Function 0591E1A1 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 078a1efabb900ac4853e92da4012035d3d66745781b72e76bad7239a52db746a
                                          • Instruction ID: d44d94b0aae6bd91ec3c8ab156dfa7cec8b51d33e2248a523c169a81c430b3a7
                                          • Opcode Fuzzy Hash: 078a1efabb900ac4853e92da4012035d3d66745781b72e76bad7239a52db746a
                                          • Instruction Fuzzy Hash: 5FD01235145284DFC301DF68F414E917FB4AB2A621F149295F9444B333C721A914DB51
                                          Function 05914F10 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88fc657a296ce9959d224d0cb55caf26f97f4c0287ac5230ed2f967520319138
                                          • Instruction ID: 25a4f439dc6faf4738944f5fd458dfcc1908fc632b8bfed45faede670a2ff559
                                          • Opcode Fuzzy Hash: 88fc657a296ce9959d224d0cb55caf26f97f4c0287ac5230ed2f967520319138
                                          • Instruction Fuzzy Hash: 70C08C326152B19EE7439B1A9C0660ABF709360A10F20C07EA045872A3EF317828CB66
                                          Function 058B7E1D Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7337313b32cfc8cbc810ab0988d58e88f317fa7bda668a6950d31e703d056d89
                                          • Instruction ID: 7adf5274b038be5d080bdf2e3e26be0cd63bc92f67a5676af7d42c603f5371b5
                                          • Opcode Fuzzy Hash: 7337313b32cfc8cbc810ab0988d58e88f317fa7bda668a6950d31e703d056d89
                                          • Instruction Fuzzy Hash: 3CD09E7050031DCBEBA0CF24E8546D97BB6EB45304F1456D5D809A7214DBB45EC4CF45
                                          Function 058B76E0 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c352d2f355f0ca45bd9c528eef6cf8c80a07d7d9d9b4cda58ed2d10f9cb1f17
                                          • Instruction ID: b5c15887a11ec446fbb4c473b9025cfb6d817581c93fcf737e9dc99e0283d28f
                                          • Opcode Fuzzy Hash: 2c352d2f355f0ca45bd9c528eef6cf8c80a07d7d9d9b4cda58ed2d10f9cb1f17
                                          • Instruction Fuzzy Hash: DAC04C76E1011E9BCF40DBD9E4409DCF774EF95361F004036D214BB104D6345926CF50
                                          Function 0591E1B0 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Function 05912011 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c19062668aac3212c71bd434888467e0c05217a1f3f43ec68a11d4c555925efe
                                          • Instruction ID: db2fe0f1a311c4368d9252412fcc1eaeddcd7203bac03a9fb5118b751cf6ef20
                                          • Opcode Fuzzy Hash: c19062668aac3212c71bd434888467e0c05217a1f3f43ec68a11d4c555925efe
                                          • Instruction Fuzzy Hash: FBC09B0500CBC504D35353755E587015D11B743724FDC53CE45F0423D6D3541469F705
                                          Function 058B6E88 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376505989.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_58b0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a83bf27122817e44126e329d93d911a109d4c4e698ee60493f816aadffcdf68
                                          • Instruction ID: f84db2a81a80298f4004378d9f39d3b6da2d2dd2a8976f216880886008fba42d
                                          • Opcode Fuzzy Hash: 1a83bf27122817e44126e329d93d911a109d4c4e698ee60493f816aadffcdf68
                                          • Instruction Fuzzy Hash: A5D0E974D05219CFEB64CF15E954B99B7F1BB15304F0051E99549A3390D6741D80CF05
                                          Function 0591A1FB Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b9664a2c2f2e93045d77cccec0c83fdbcc273a9f4881c3a78f14be17918ee52
                                          • Instruction ID: 4c4a01e9ff609a8b1dfd1792f708fb4b4de6426a646de3f0a4deaa105e8823cd
                                          • Opcode Fuzzy Hash: 1b9664a2c2f2e93045d77cccec0c83fdbcc273a9f4881c3a78f14be17918ee52
                                          • Instruction Fuzzy Hash: 92B012710002089FC184A6C8EC5667577ACD744616784C055BD0DD2245CF12FC068784
                                          Function 0591A200 Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2376750999.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5910000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2659059a9f91e2752d5aaf40b759542974284f497dc9d56511687e918d60a797
                                          • Instruction ID: 1509e45ed43601ccc31d9201e01859ef2f2c9ca8c0c25ff3b77fcab707b7ce72
                                          • Opcode Fuzzy Hash: 2659059a9f91e2752d5aaf40b759542974284f497dc9d56511687e918d60a797
                                          • Instruction Fuzzy Hash: D9A0123000020887C10496C4E415451779C97446167008055A40D021014F12B8018780

                                          Non-executed Functions

                                          Function 05CCA9B8 Relevance: 5.1, Strings: 4, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.2378298592.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5cb0000_ParamName.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "$&$+$\ssq
                                          • API String ID: 0-3733090263
                                          • Opcode ID: 23bc5e119b7604322980765904cac46a84d6b0c1ca34a1df1cda8cbd991926dc
                                          • Instruction ID: ddb610dcce2be6311c61082c18cc9b634cfef1586469c11c1f1f9e41d5588c9e
                                          • Opcode Fuzzy Hash: 23bc5e119b7604322980765904cac46a84d6b0c1ca34a1df1cda8cbd991926dc
                                          • Instruction Fuzzy Hash: 9C61B070905228DBDB24DFA5DD48BEDBBB2BB49300F1089EAD54AA7250DB741A84DF84

                                          Executed Functions

                                          Function 031011D1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: dLyq
                                          • API String ID: 0-897534201
                                          • Opcode ID: ec0c1c8764b0339db7345c8c49319587ff42eeea95b78fc6b47bbd15339ce056
                                          • Instruction ID: d0cb580083df50f6486b785821af929b4a778ccc8fa468fbb789238ff7c0847c
                                          • Opcode Fuzzy Hash: ec0c1c8764b0339db7345c8c49319587ff42eeea95b78fc6b47bbd15339ce056
                                          • Instruction Fuzzy Hash: FA316C74A042049FCB18DF69D498A9EBBF2FF8D304F244469E502EB3A1CB75AD45CB90
                                          Function 031012DF Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tesq
                                          • API String ID: 0-136783293
                                          • Opcode ID: bbba22a800a33c19169eb679d04771cef2c1688740bef1a58b42911cb39a86bc
                                          • Instruction ID: b3327d8fe1ee7ac30966d1743c839216c7fe148ee652f6a499f1fee257dcf74b
                                          • Opcode Fuzzy Hash: bbba22a800a33c19169eb679d04771cef2c1688740bef1a58b42911cb39a86bc
                                          • Instruction Fuzzy Hash: 4B116A347200109FC748DB28C058A5D7BF6BF8DB10B6280AAE002DF3B5CBB5ED428B84
                                          Function 03100B51 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: 5c2de04c3134a61fb2e6088ef0da500920919556f8ff8903d12058c9c5dd95fd
                                          • Instruction ID: 055d94a5a16d1f453f190bdf269835e8d63b0168a3ff327a58488f635667f881
                                          • Opcode Fuzzy Hash: 5c2de04c3134a61fb2e6088ef0da500920919556f8ff8903d12058c9c5dd95fd
                                          • Instruction Fuzzy Hash: E3F0377090A2899FC70BDB70C9A2858BFB8AB4720871514EAD049DF1A2DA359A00DB52
                                          Function 03100B80 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'sq
                                          • API String ID: 0-1075809040
                                          • Opcode ID: c33920114401b38d7e6961c5d103a8327ef4ee23f92ff03b89ef4e5c8524b659
                                          • Instruction ID: 376d544b062e6bb96597dfe0d21480d28abece9cb1041d7cf085cb9964f150a8
                                          • Opcode Fuzzy Hash: c33920114401b38d7e6961c5d103a8327ef4ee23f92ff03b89ef4e5c8524b659
                                          • Instruction Fuzzy Hash: 34E08C70A0510DEBCB08EFB4D98255DB7B5FB45208B104899940A97240DF716E50AB81
                                          Function 03100E65 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61098211f3124422bb74a76f7a449fed2a3d77d7d28de21654d3e0a36c6718bc
                                          • Instruction ID: cda0601cf1f7fc8f6645e57407f0e963dba0ec149bcd4cb287bfab7e3b471c15
                                          • Opcode Fuzzy Hash: 61098211f3124422bb74a76f7a449fed2a3d77d7d28de21654d3e0a36c6718bc
                                          • Instruction Fuzzy Hash: 78515F70E002058FCB8DDF29E88465D77B2FB89310B654859E412DB355DB78ACD5CF40
                                          Function 03100D4B Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8314b3e0182e5e4e0c23cc9496219d3e93df3f47fa858d439c3dc941b1f36231
                                          • Instruction ID: f8afd3b1ccf05aa47e0d180b84827677e8bff11527bbecd54b4d6b0ad167957e
                                          • Opcode Fuzzy Hash: 8314b3e0182e5e4e0c23cc9496219d3e93df3f47fa858d439c3dc941b1f36231
                                          • Instruction Fuzzy Hash: CC515E74E012498FCB89DF29E48465D77F2FB89210B614859E412EB355EB78ACD68F40
                                          Function 0310137E Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb031f22a66a8189da0f7c8e7083710a1a7253e086552dd44a7f5dd4d26c2823
                                          • Instruction ID: 11b8176c616823107b5ffac4c83abab741e4473ae62b5e3d22d88123ae41e77f
                                          • Opcode Fuzzy Hash: cb031f22a66a8189da0f7c8e7083710a1a7253e086552dd44a7f5dd4d26c2823
                                          • Instruction Fuzzy Hash: E241EB387001049FD714DB68D958BADBBF2BF8D715F258069E406EB3A5CBB49C41CB91
                                          Function 03100CF8 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cfb38fd2b30202f07a0d5e4afec673de6cf4af79433e1634be46f8faa98a4ce
                                          • Instruction ID: 6ff39e92ab42a9b36bd1cfb0ba44524e97f6eee3eeaccf313080e25143ee37ea
                                          • Opcode Fuzzy Hash: 3cfb38fd2b30202f07a0d5e4afec673de6cf4af79433e1634be46f8faa98a4ce
                                          • Instruction Fuzzy Hash: 6A316170A002059FCB49EF39D484A5E7BF2FF893107514459E816DB365EF34ACD69B81
                                          Function 03100D08 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 851dfd3328eb43793e21452a2566e1396bf952a0bfd74be389237051c5918915
                                          • Instruction ID: 09e9d29472f074fa80feae7a290ea08e85a1bf05e969b8997671ed316da8239a
                                          • Opcode Fuzzy Hash: 851dfd3328eb43793e21452a2566e1396bf952a0bfd74be389237051c5918915
                                          • Instruction Fuzzy Hash: 9F317070A001499FCB89EF39D484A5E77F2FF893107514859E812DB355EF34ACD69B81
                                          Function 03100BC1 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a21ec2ab88f3b85f3e952a704ef0cfaa254fcc2b93d2193c915bed5e0d537944
                                          • Instruction ID: f9b95266f6b81d3ee23579a28589b5bae7da5b1452cfcb97b9c9cbfbf1485ead
                                          • Opcode Fuzzy Hash: a21ec2ab88f3b85f3e952a704ef0cfaa254fcc2b93d2193c915bed5e0d537944
                                          • Instruction Fuzzy Hash: 20318D30909346CFCB2EDB35DA993697BB4AB4E304F0544DAD407CA1E1DBB889C1CB12
                                          Function 031015E1 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c831729b3cdfbdbcfbbcc3346644b1517fec4cc004d84826de19eac6fec4f05
                                          • Instruction ID: c04314a1c26b82da5e144b6d32f8412367451af742d74d2f0dbfc3be677624ad
                                          • Opcode Fuzzy Hash: 3c831729b3cdfbdbcfbbcc3346644b1517fec4cc004d84826de19eac6fec4f05
                                          • Instruction Fuzzy Hash: B2215E71B042069FCB48EBB98C9466EBBEAFFC9210B14442DD14ADB341DE7498018BA1
                                          Function 031015F0 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcf4bb8389135e72a165a9d14a65ca7f109f9e4b532c8b2563e0d91083a44c89
                                          • Instruction ID: 4f901ce2abfbeb74c84d68004ec223c51621b14dd10f745bcc570ab4297db6ca
                                          • Opcode Fuzzy Hash: dcf4bb8389135e72a165a9d14a65ca7f109f9e4b532c8b2563e0d91083a44c89
                                          • Instruction Fuzzy Hash: A31190B1B042065FCB48ABF94C5832EBAEAFFC8660B50443DD60AD7781EE749C0187E1
                                          Function 03101838 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6648215dfb5e15cc1193d59113a2bd34efe1a45afb8dfc30569172ac66f48573
                                          • Instruction ID: b9e5bc3c2c7524e865886a98c16ed25ba2ca3892571304e45e1a14080ec728c6
                                          • Opcode Fuzzy Hash: 6648215dfb5e15cc1193d59113a2bd34efe1a45afb8dfc30569172ac66f48573
                                          • Instruction Fuzzy Hash: 2711E334E01315AFCB58EBBAE48465ABBF6FF8925471400BAD809DB351DB39CD56CB80
                                          Function 03101848 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78069d6b469bdaca1aa308819cd1778e6c16fb3b74621483def4a1750973017a
                                          • Instruction ID: 8801c8012dc0b42601030a2812747e47d3d60e49b2b62ad8af75cbafeff7b4be
                                          • Opcode Fuzzy Hash: 78069d6b469bdaca1aa308819cd1778e6c16fb3b74621483def4a1750973017a
                                          • Instruction Fuzzy Hash: 1E117C74F00205AFCB58EBBA988466ABBE6FF892547140479D80AD7350DB398D52CB90
                                          Function 031007EC Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b993bb79401638d69885192246a78340fcc90b57ee0cb7b16de91b4d1da179fe
                                          • Instruction ID: 099e9e771b7fd36be93fbb7695e18eb51556c41884cdaebec2362ec883dde905
                                          • Opcode Fuzzy Hash: b993bb79401638d69885192246a78340fcc90b57ee0cb7b16de91b4d1da179fe
                                          • Instruction Fuzzy Hash: 5DD0127145C7C14FCB535F605C940913FF8AD5313030500EBE48ACE067D16E4851CB21
                                          Function 03100DC1 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b50886312235361d690eb832b6fcec22f742c8be13f306d47b934bc82311e3f
                                          • Instruction ID: bbd4d49cb7f8877a1d3a1b9d7dddd8219764fed53ff255d65fd2d610b00bc809
                                          • Opcode Fuzzy Hash: 5b50886312235361d690eb832b6fcec22f742c8be13f306d47b934bc82311e3f
                                          • Instruction Fuzzy Hash: 35015B70A013018FCB59EB38C48475DB7E2EF88600F508928E412AB395DF74AC96CB41
                                          Function 03100981 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12a6ae1e6911c254a0829e8262de4c31537fce3cd09285efdd17c85161804c35
                                          • Instruction ID: 6156e251ecf7e7b0d2b6c14f518acb12c9d9200e433bf1ebdf40b16e59a432a8
                                          • Opcode Fuzzy Hash: 12a6ae1e6911c254a0829e8262de4c31537fce3cd09285efdd17c85161804c35
                                          • Instruction Fuzzy Hash: 3701ADB0805209CFD309DF69DAC16853BB4FB0E304B04956994169B296E7B49DD69B42
                                          Function 03100C5C Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 097ff7c78d9bbd6396de35a26b8af6163f0ab53e2912553dd0723b0bd21e2bff
                                          • Instruction ID: fe484255571ab12823b733b6e1bf739de542b5b7381829df797de4be47b3a458
                                          • Opcode Fuzzy Hash: 097ff7c78d9bbd6396de35a26b8af6163f0ab53e2912553dd0723b0bd21e2bff
                                          • Instruction Fuzzy Hash: D7F0F830908219CBDB2DDB69D7887797262A74D308F0948D6D4178A1E1CBF989D5CE12
                                          Function 03100CBC Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37c6f521dd0c04e11e1bb073ef846f6ef8779367945612d026a6400f8815149f
                                          • Instruction ID: ca47e40545287ea3cae6621d2db9292ad5a9fad0fb52eeb43dd926bb607b6e7a
                                          • Opcode Fuzzy Hash: 37c6f521dd0c04e11e1bb073ef846f6ef8779367945612d026a6400f8815149f
                                          • Instruction Fuzzy Hash: E3F0F830908219CBDB2DDB6DD7887797262B74D308F0A48D6D4178A1E1CBF989D5CE12
                                          Function 03100D5A Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c970d4dd1693def43f1343fd2188fd6402f15ae7575cab181376640fd608c1a
                                          • Instruction ID: 7598d77c59141b1c65c2eabf4ea25886a6ebcbf4cb1bcb0540a6fe688214aa96
                                          • Opcode Fuzzy Hash: 9c970d4dd1693def43f1343fd2188fd6402f15ae7575cab181376640fd608c1a
                                          • Instruction Fuzzy Hash: 55B0927BB05024AB4B2445A8BC440D8B324E6882B6B0151B2EA1BD7604E2720A758790
                                          Function 03100961 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2aa8e43afb7295fd7f8bcf677f94b18c8c7d42d4516bb2bc40dac1e2ab5c464b
                                          • Instruction ID: fe67a931519608f9f519322973b5842436b93c8f11b4c7d3ea55112313c64f5e
                                          • Opcode Fuzzy Hash: 2aa8e43afb7295fd7f8bcf677f94b18c8c7d42d4516bb2bc40dac1e2ab5c464b
                                          • Instruction Fuzzy Hash: D5C04C3144DB848BC302F7B4DD852957F28AB46216B0410EBD15D9E496DB5785518752
                                          Function 03100990 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 187bd59523626b180f0c7d9b09e7322c2fb37adce79716bdf1718db4e52d982a
                                          • Instruction ID: 29b47bbd95ce436fb703507f3950f3bf8518f30a8013b7f82acee8434dca60c5
                                          • Opcode Fuzzy Hash: 187bd59523626b180f0c7d9b09e7322c2fb37adce79716bdf1718db4e52d982a
                                          • Instruction Fuzzy Hash: F3C08C70824208EF4344EBB8894824C7AF4660C202F509020840BD2240F7B046844762
                                          Function 03100970 Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21c430231ced4898eb67efc57b59f4733af8e3101b74d702a879723315013185
                                          • Instruction ID: 0466355dcf964c96684366d38d06057713d71f7763cd73433eac7d08079d3465
                                          • Opcode Fuzzy Hash: 21c430231ced4898eb67efc57b59f4733af8e3101b74d702a879723315013185
                                          • Instruction Fuzzy Hash: E4A0223008830CCB0200B3E03C88388330CB80C003B8000A2E00E0C0880FE3E0300AE2
                                          Function 03100850 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.2407697381.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Offset: 03100000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_6_2_3100000_aspnet_compiler.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06dc5c3264ce450c5bb15ac279fad258f25c447cfbbbcea7dc8fcc08ccbbcf6c
                                          • Instruction ID: 7d10e1b24b429d4eff168ff68f42d03a289b973eab6ceb048864e75c4b527dc8
                                          • Opcode Fuzzy Hash: 06dc5c3264ce450c5bb15ac279fad258f25c447cfbbbcea7dc8fcc08ccbbcf6c
                                          • Instruction Fuzzy Hash: 1D90023104461C8F4A5027957D495657B5CDD455157901061F50E455065E56A4608695